>Number: 151996
>Category: bin
>Synopsis: [patch] new tcpdrop option to select interactively connections
>to drop
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 06 21:50:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Nikos Vassiliadis
>Release: 9.0-CURRENT
>Organization:
>Environment:
FreeBSD lab.local 9.0-CURRENT FreeBSD 9.0-CURRENT #1 r214617: Mon Nov 1
09:47:10 EET 2010 r...@lab.local:/usr/obj/usr/src/sys/LAB i386
>Description:
A flag(-i) to ask for confirmation before dropping a connection. It meant to be
used mainly in conjunction with -a.
Example:
lab# tcpdrop -ia
drop 192.168.73.195 16456 195.167.100.39 80?
drop 192.168.73.195 37746 195.167.100.39 80? y
192.168.73.195 37746 195.167.100.39 80: dropped
drop 192.168.73.195 41749 195.167.100.39 80? yes
192.168.73.195 41749 195.167.100.39 80: dropped
drop 192.168.73.60 22 192.168.73.192 60763?
drop 192.168.73.60 22 192.168.73.192 60585?
lab#
>How-To-Repeat:
n/a
>Fix:
Patch attached with submission follows:
Index: src/usr.sbin/tcpdrop/tcpdrop.8
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.8 (revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.8 (working copy)
@@ -25,12 +25,13 @@
.Nd drop TCP connections
.Sh SYNOPSIS
.Nm tcpdrop
+.Op Fl i
.Ar local-address
.Ar local-port
.Ar foreign-address
.Ar foreign-port
.Nm tcpdrop
-.Op Fl l
+.Op Fl i | l
.Fl a
.Sh DESCRIPTION
The
@@ -42,7 +43,15 @@
is specified then
.Nm
will attempt to drop all active connections.
+.Nm
+will ask for confirmation before dropping a connection when
+.Fl i
+is specified.
The
+.Fl i
+flag can be combined with
+.Fl a .
+The
.Fl l
flag may be given to list the tcpdrop invocation to drop all active
connections one at a time.
@@ -88,6 +97,12 @@
.Bd -literal -offset indent
# tcpdrop -l -a | grep -vw 22 | sh
.Ed
+.Pp
+The following command will list each connection and ask for confirmation
+before dropping it:
+.Bd -literal -offset indent
+# tcpdrop -a -i
+.Ed
.Sh SEE ALSO
.Xr netstat 1 ,
.Xr sockstat 1
Index: src/usr.sbin/tcpdrop/tcpdrop.c
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.c (revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.c (working copy)
@@ -48,6 +48,7 @@
};
static bool tcpdrop_list_commands = false;
+static bool iflag = false;
static struct xinpgen *getxpcblist(const char *);
static void sockinfo(const struct sockaddr *, struct host_service *);
@@ -69,7 +70,7 @@
dropall = false;
- while ((ch = getopt(argc, argv, "al")) != -1) {
+ while ((ch = getopt(argc, argv, "ali")) != -1) {
switch (ch) {
case 'a':
dropall = true;
@@ -77,6 +78,9 @@
case 'l':
tcpdrop_list_commands = true;
break;
+ case 'i':
+ iflag = true;
+ break;
default:
usage();
}
@@ -144,7 +148,7 @@
{
struct host_service local, foreign;
struct sockaddr_storage addrs[2];
- int rv;
+ int rv, ch;
memcpy(&addrs[TCPDROP_FOREIGN], fsa, fsa->sa_len);
memcpy(&addrs[TCPDROP_LOCAL], lsa, lsa->sa_len);
@@ -158,6 +162,24 @@
return (true);
}
+ if (iflag) {
+ (void)fprintf(stderr, "drop %s %s %s %s? ", local.hs_host,
+ local.hs_service, foreign.hs_host,foreign.hs_service);
+ ch = getchar();
+ switch (ch) {
+ case 'y':
+ case 'Y':
+ do {
+ ch = getchar();
+ } while (ch != '\n' && ch != EOF);
+ break;
+ default:
+ while (ch != '\n' && ch != EOF)
+ ch = getchar();
+ return (true);
+ }
+ }
+
rv = sysctlbyname("net.inet.tcp.drop", NULL, NULL, &addrs,
sizeof addrs);
if (rv == -1) {
@@ -316,7 +338,7 @@
usage(void)
{
fprintf(stderr,
-"usage: tcpdrop local-address local-port foreign-address foreign-port\n"
-" tcpdrop [-l] -a\n");
+"usage: tcpdrop [-i] local-address local-port foreign-address foreign-port\n"
+" tcpdrop [-i | -l] -a\n");
exit(1);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
