On Tue, Nov 17, 2015 at 5:43 PM, Lorenzo Colitti <lore...@google.com> wrote: > This patch series adds the ability for a privileged process to > destroy sockets belonging to other userspace processes via the > sock_diag interface, and implements that for TCP sockets. > > This functionality is needed on laptops and mobile hosts to > ensure that network switches / disconnects do not result in > applications being blocked for long periods of time (minutes) in > read or connect calls on TCP sockets that will never succeed > because the IP address they are bound to is gone. Closing the > sockets in the protocol layer causes these calls to fail fast and > allows applications to reconnect on another network. > > For many years Android kernels have done this via an out-of-tree > SIOCKILLADDR ioctl that is called when networks disconnect, but > this solution is cleaner, more robust and more flexible. The > system can iterate over all connections on the deleted IP address > and close all of them. But it can also close all sockets opened > by a given process on a given network, for example if the user > has restricted that process from using that network, or if a > secure network such as a VPN is now being applied to the > application and thus previously-established connections are > blackholed. > > The patch series only implements SOCK_DESTROY for TCP sockets, > but the mechanism can be extended to any protocol family that > supports the sock_diag interface. > I assume that SIOCKILLADDR was restricted to only closing connections related to add addresses going away, but SOCK_DESTROY seems to allow arbitrarily killing connections without publicized cause. This interface, even though it is for a privileged user, should be no more powerful than it needs to be. Minimally, the application should get at least get a clear error that the local host administratively killed the connection, ETIMEDOUT does not provide that.
Tom > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
