Subject: Re: Kill socket for certain routes
To: Christos Zoulas <christos@astron.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-net
Date: 12/08/2006 18:06:08
On Fri, 8 Dec 2006 22:17:48 +0000 (UTC)
christos@astron.com (Christos Zoulas) wrote:
> In article <874ps6ozeg.fsf@snark.piermont.com>,
> Perry E. Metzger <perry@piermont.com> wrote:
> >
> >christos@astron.com (Christos Zoulas) writes:
> >> We should not add a timeout to drop connections. Instead we should
> >> provide a way for the user to drop them, like tcpdrop on OpenBSD
> >> and the patch in
> >>
> >> http://users.ece.gatech.edu/~dheeraj/netbsd.html
> >>
> >> I don't particularly like the sysctl interface, but I don't have a
> >> better suggestion. In my opinion we should add it.
> >
> >This would be a very nice general capability, though
> >"socketdrop" (one might want to drop UDP sockets bound to the
> >vanished address etc.) might be a more general capability.
>
> The UDP bound problem probably needs fixing in the daemons because
> some of them might not be prepared to deal with this kind of failure.
>
How about returning the same error that an ICMP ICMP_UNREACH_PORT
returns? (It's a particular case of Destination Unreachable).
--Steve Bellovin, http://www.cs.columbia.edu/~smb