Subject: tcpdrop for NetBSD
To: None <tech-net@NetBSD.org>
From: Dheeraj S <dheeraj@ece.gatech.edu>
List: tech-net
Date: 05/11/2005 00:35:00
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello all,
The attached patches are a port of tcpdrop functionality/program
originally from openbsd.
It can be used to kill tcp connections graciously. comments ?
tcpdrop <local-ip> <local-port> <remote-ip> <remote-ip>
truly
dheeraj
PS: netstat and fstat can provide the required info
--
"Nature wants us to react, return blow for blow, cheating for cheating, lie for
lie, and then it requires a Divine power not to hit-back, keep control and
remain unattached, and act with prudence."
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-tcp_var
Index: sys/netinet/tcp_var.h
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_var.h,v
retrieving revision 1.125
diff -u -r1.125 tcp_var.h
--- sys/netinet/tcp_var.h 5 Apr 2005 01:07:17 -0000 1.125
+++ sys/netinet/tcp_var.h 11 May 2005 04:12:35 -0000
@@ -664,7 +664,8 @@
#define TCPCTL_IDENT 27 /* rfc 931 identd */
#define TCPCTL_ACKDROPRATELIMIT 28 /* SYN/RST -> ACK rate limit */
#define TCPCTL_LOOPBACKCKSUM 29 /* do TCP checksum on loopback */
-#define TCPCTL_MAXID 30
+#define TCPCTL_DROP 30 /* drop a tcp connection */
+#define TCPCTL_MAXID 31
#define TCPCTL_NAMES { \
{ 0, 0 }, \
@@ -697,6 +698,7 @@
{ "ident", CTLTYPE_STRUCT }, \
{ "ackdropppslimit", CTLTYPE_INT }, \
{ "do_loopback_cksum", CTLTYPE_INT }, \
+ { "drop", CTLTYPE_STRUCT }, \
}
#ifdef _KERNEL
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-tcp_usrreq
Index: sys/netinet/tcp_usrreq.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_usrreq.c,v
retrieving revision 1.103
diff -u -r1.103 tcp_usrreq.c
--- sys/netinet/tcp_usrreq.c 7 May 2005 17:42:09 -0000 1.103
+++ sys/netinet/tcp_usrreq.c 11 May 2005 04:12:09 -0000
@@ -1180,6 +1180,126 @@
}
/*
+ * sysctl helper routine for the net.inet.tcp.drop and
+ * net.inet6.tcp6.drop nodes.
+ */
+static int
+sysctl_net_inet_tcp_drop(SYSCTLFN_ARGS)
+{
+#ifdef INET
+ struct sockaddr_in *srcin, *dstin;
+ struct inpcb *inp;
+#endif /* INET */
+#ifdef INET6
+ struct sockaddr_in6 *srcin6, *dstin6;
+ struct in6_addr src6, dst6;
+ struct in6pcb *in6p;
+#endif /* INET6 */
+ struct tcpcb *tp;
+ struct sockaddr_storage sa[2];
+ int pf, error = 0;
+
+ srcin = dstin = NULL;
+ srcin6 = dstin6 = NULL;
+
+ if (namelen != 4 && namelen != 0)
+ return (EINVAL);
+ if (name[-2] != IPPROTO_TCP)
+ return (EINVAL);
+ pf = name[-3];
+
+ if (newp == NULL || newlen != sizeof(sa))
+ return (EINVAL);
+ error = copyin(newp, &sa, newlen);
+ if (error)
+ return (error);
+ /*
+ * requested families must match
+ */
+ if (pf != sa[0].ss_family || sa[0].ss_family != sa[1].ss_family)
+ return (EINVAL);
+
+
+ switch (pf) {
+#ifdef INET
+ case PF_INET:
+ srcin = (struct sockaddr_in*)&sa[0];
+ dstin = (struct sockaddr_in*)&sa[1];
+ if (srcin->sin_len != sizeof(*srcin) ||
+ dstin->sin_len != dstin->sin_len)
+ return (EINVAL);
+ break;
+#endif /* INET */
+#ifdef INET6
+ case PF_INET6:
+ srcin6 = (struct sockaddr_in6*)&sa[0];
+ dstin6 = (struct sockaddr_in6*)&sa[1];
+ if (srcin6->sin6_len != sizeof(*srcin6) ||
+ dstin6->sin6_len != dstin6->sin6_len)
+ return (EINVAL);
+ /* if it is v6 in v4
+ if (IN6_IS_ADDR_V4MAPPED(&dstin6->sin6_addr)) {
+ if (!IN6_IS_ADDR_V4MAPPED(&dstin6->sin6_addr))
+ return (EINVAL);
+ in6_sin6_2_sin_in_sock((struct sockaddr *)&sa[0]);
+ in6_sin6_2_sin_in_sock((struct sockaddr *)&sa[1]);
+
+ dstin = (struct sockaddr_in *)&sa[0];
+ srcin = (struct sockaddr_in *)&sa[1];
+ break;
+ } */
+ error = in6_embedscope(&dst6, dstin6, NULL, NULL);
+ if (error)
+ return (EINVAL);
+ error = in6_embedscope(&src6, srcin6, NULL, NULL);
+ if (error)
+ return (EINVAL);
+ break;
+#endif /* INET6 */
+ default:
+ return (EPROTONOSUPPORT);
+ }
+
+
+ switch (pf) {
+#ifdef INET
+ case PF_INET:
+ inp = in_pcblookup_connect(&tcbtable,
+ dstin->sin_addr, dstin->sin_port,
+ srcin->sin_addr, srcin->sin_port);
+ if (inp == NULL)
+ error = ESRCH;
+ else {
+ if ((tp = intotcpcb(inp)) &&
+ ((inp->inp_socket->so_options & SO_ACCEPTCONN) == 0))
+ tp = tcp_drop(tp, ECONNABORTED);
+ }
+ break;
+#endif /*INET */
+#ifdef INET6
+ case PF_INET6:
+ in6p = in6_pcblookup_connect(&tcbtable,
+ &dst6, dstin6->sin6_port,
+ &src6, srcin6->sin6_port, 0);
+
+ if (in6p == NULL)
+ error = ESRCH;
+ else {
+ if ((tp = in6totcpcb(in6p)) &&
+ ((in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0))
+ tp = tcp_drop(tp, ECONNABORTED);
+ }
+
+
+ break;
+#endif /* INET6 */
+ }
+ return (error);
+}
+
+
+
+/*
* sysctl helper for the inet and inet6 pcblists. handles tcp/udp and
* inet/inet6, as well as raw pcbs for each. specifically not
* declared static so that raw sockets and udp/udp6 can use it as
@@ -1563,6 +1683,12 @@
CTL_NET, pf, IPPROTO_TCP, TCPCTL_IDENT, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_STRUCT, "drop",
+ SYSCTL_DESCR("Drop a TCP Connection"),
+ sysctl_net_inet_tcp_drop, 0, NULL, sizeof(uid_t),
+ CTL_NET, pf, IPPROTO_TCP, TCPCTL_DROP, CTL_EOL);
+ sysctl_createv(clog, 0, NULL, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "do_loopback_cksum",
SYSCTL_DESCR("Perform TCP checksum on loopback"),
NULL, 0, &tcp_do_loopback_cksum, 0,
--sdtB3X0nJg68CQEu
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="tcpdrop.tar.gz"
Content-Transfer-Encoding: base64
H4sICHuKgUIAA3RjcGRyb3AudGFyAO1Ze3ObSBLPv+JT9Dq7WcklY0BW5HM2qSUStqmTQAc4
m1SSUmEYJM4IKEB+3K6/+3UPoIedda42dqruTlM2zPT049c908O0XXipnyXps6dsknQg9Xo9
fPN29837sqQcSErv4EDuIl2WO0jrPimqqi3yws0AnmVJUjzEdzVjLPoegL5vK8r136/eovcE
NiRZemj9uy87veX6S4pC699RpM4z6Qmw3Gv/5+u/vws/Gqx4aw9+hN19QaCxmbIYCUew3BTt
S5DFA1Awk/el7r6igNI56naPsOOzzHX9ArTrFGoVAuxCP0lvsnA6K6DptbgkjNzsYpHDcRYy
P4Jf5nz4a4LWznNfTLLpGxQk2THL5mGeh0kMRQKLnLXBQ3VtmCd+GODbjX3ww7zIwvNFwaCY
hTnkSVBcuRmDIMmQ4YYUpYssTXIGV2ExAyTTO1kUEDAGKDJjGTu/gWnmxgXz25BmyWXoMx8V
ugU+GLjnySUjTd7SnTgpQo9xCNxuugJbT6Upwz0VxuBGEUmGLBcr15xTDWzz2PlNtTTQbRhb
5jt9oA1gR7VxvAOqMeBM6plzalow0O3+UNVHNqjDIaCUpRqOrtmk6zfdOQVLO1EtFDFRCvWt
dBv94dlAN064oD4aD3W0slIA5jHpGGlW/xQp6lt9qDsfuPlj3TE02xZRBxgmaO80wwH7lPSs
IXurwVBX3w41ODYtUqUaH8Aea31dHbYRt6X1nTaqqHso0jcNW/vHGapDHhioI/WEgFhctBpy
x05VxzbRroXu2WdDh9w4tswRDE2bkMOZraEN1VFJGmOIkO02ymkI0CLcqsEh9R3dNEgATTuW
SjgM7WSon2hGXyNZkws4poWMZ3Yl0AbV0m0yap45VaBMrhbVGFqplEef4oFYOArNwkCMVK74
eHM1aPUxM56HsRctfAa/5Df5fupm7lycvblDzhPvghVfoN/kXhERfW0iZkWIv/thvClQ0zGD
vzwRppNLN/tToUkRztkD05Xs2izL7rDnhR8md0lZGE/vsUXh+T1LPicJ7LpgWQzeDPNpdzLB
BJ3G7py9qk+ZAR5P4NJBhXkWx8wrMA/LaIdxIczdMG5iB9xs6rUrNbs4uGwJvwsNmpmH5x8/
w2v4HfrOcGJouEPGxxOdd/Qxbi3HnDj9cRvwQRwDyxzD7Suhgc4sPNTs++hUkMAMteVt2HXD
iD8DfEY0i++A3ijDAQSz80Xw0dAnI/X9qWk7n9sQ5CuSrVnvPte80X3e6Au8FRbaOmRpkhdJ
5k4ZB5d/VIiFfJ26IS5TG7JLN0KXJQxjIwygSdGBH15DtyU0Gshx3VTasLPIUcUR/JQDdwOi
NMnw6OT9gPqf4p02CgC11dq0SOuczXNWNF9UQZHakIf/YknQ5IQW8jR4T3TDSeDOw+gG8ajH
kzODTpD1WfKpuEkZzttm/+8T27E0dVQjb5Yu4eSUFfVSkD+XH2WMFe8o2KmBvOCutFrkrbT0
VkZv0U3u3085ubxTya4rqVydEqgiQ8Ekq8y3Wv8Bnk6t6mAdT7COB3BPNoKMsaVkCffV14Gu
a38YaOMWsdI3sok7FYFyE68AB/yBFHzuvUHhGLOvwlSyBzgZ1OwBf3D24A57uakqLdXy/rBi
LCkU/UYDsxZPlQUjF2nXeOlN80W5bSVyqVJS5tH6KGJx6wtCfMEqO7VQcEeoRohLRBu2XKKH
ZCiiPKQ8dZd7mY9aq8l8YzLfmMR8Nc7wY6v3KY3hjzUCJXELXr+GPbmMCS4UX+k1fDulr/dR
PxCepe1oA3W0iTraQB09Ouoadvn5auJxWxsDGrRgfznElGjh9/lsOFwBoAGUa7sEyUet2ni5
4xrVmSbzODXwIhg3KVXqH8yTKgyVw9VSlsvEhW6BRTnj4ilmXxFsKDgCugqnzK9OvY3Qflkn
ct1Suv1JSm9Qg5rKrsOiSc7g4FZ48vv/3frv8AlsfKX+6yi9bln/yV1Z6km8/pMVeVv/fYcm
ftpp3C/4DnnB110VfAcgY8HXO+rI8M+5VxZ7AsrS718s9Wrpxyn2SNMjVXuk6tvLvdq9Ryv4
SNk3V3yk5LFKPtL1SDUf9+1Rij4O6pGqPtL1jWUf3wUDn/LBm4GC30dKDyQVVE/wWuJQEM1c
EO0ZGOpIE0RjXqch9n3+1cEKB7nXKhzObn8wzLGt25sialbe6Moe3RR5L1jSgpKGCgaa3bf0
MbklODNGegQvmc95wqGynCfFpmXIU+aFAaY1YC7RfJR4+OUl9SzPV/ahLSyNlzDKFOIpy8Jp
vCES3BXhKEEU1JKJ5TwDiZiD58ZwzjaR0JWDcj5eYN0aeoAf0AUTuZvaexVzAXeZHmAg11wp
EkF8n8GsKFIflyEkzYscK1RimrKcM+GPC1iQXiXZBURhfNFGEuMY+NLUIUKIdChg2cnLTKyc
BPGtD3tRiBUsBmgvCQIsifCY8BlWps/xllDgsfMHsGnGUviZoxB38d6BBS/W/7ufdpvDYm/v
Z+Hq6oqXWBVQ3hS5I/Wo09mFWgTosu/yrQCf8B4jXfv04fXcQ5D/pojyy0OxKx7IR4cSVLrX
6PKR8rJ30BNEzRfEcUr7ARcqipKrMh7lrrgK8YRbur0K5dd8rXbnBg5AHGv2Yc0+bW4NT52h
bfIVKkMl4/6gEbpajp/+dvS/3+r738i9YEEYsaew8ZX7nyQrveX9T5Fkfv+TJGV7//sO7Xl5
niz/CSAI+GE9eY2U+ouCnzYaru6GAn7aDBtpHUEQl3+zo3sd/QlInF+8EbaZ+d/S6vwXp/55
GIcPpsBfbV/L/+X/fyn/ZZ7/WBJu83/btm3btm3btm3btu0p2r8ByYRJJgAoAAA=
--sdtB3X0nJg68CQEu--