Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Nov 2010 21:44:25 GMT
From:      Nikos Vassiliadis <nvass9573@gmx.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/151996: [patch] new tcpdrop option to select interactively connections to drop
Message-ID:  <201011062144.oA6LiP6H012929@www.freebsd.org>
Resent-Message-ID: <201011062150.oA6Lo7qP048601@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         151996
>Category:       bin
>Synopsis:       [patch] new tcpdrop option to select interactively connections to drop
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 06 21:50:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Nikos Vassiliadis
>Release:        9.0-CURRENT
>Organization:
>Environment:
FreeBSD lab.local 9.0-CURRENT FreeBSD 9.0-CURRENT #1 r214617: Mon Nov  1 09:47:10 EET 2010     root@lab.local:/usr/obj/usr/src/sys/LAB  i386

>Description:
A flag(-i) to ask for confirmation before dropping a connection. It meant to be used mainly in conjunction with -a.

Example:
lab# tcpdrop -ia
drop 192.168.73.195 16456 195.167.100.39 80?
drop 192.168.73.195 37746 195.167.100.39 80? y
192.168.73.195 37746 195.167.100.39 80: dropped
drop 192.168.73.195 41749 195.167.100.39 80? yes
192.168.73.195 41749 195.167.100.39 80: dropped
drop 192.168.73.60 22 192.168.73.192 60763?
drop 192.168.73.60 22 192.168.73.192 60585?
lab#

>How-To-Repeat:
n/a
>Fix:


Patch attached with submission follows:

Index: src/usr.sbin/tcpdrop/tcpdrop.8
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.8	(revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.8	(working copy)
@@ -25,12 +25,13 @@
 .Nd drop TCP connections
 .Sh SYNOPSIS
 .Nm tcpdrop
+.Op Fl i
 .Ar local-address
 .Ar local-port
 .Ar foreign-address
 .Ar foreign-port
 .Nm tcpdrop
-.Op Fl l
+.Op Fl i | l
 .Fl a
 .Sh DESCRIPTION
 The
@@ -42,7 +43,15 @@
 is specified then
 .Nm
 will attempt to drop all active connections.
+.Nm
+will ask for confirmation before dropping a connection when
+.Fl i
+is specified.
 The
+.Fl i
+flag can be combined with
+.Fl a .
+The
 .Fl l
 flag may be given to list the tcpdrop invocation to drop all active
 connections one at a time.
@@ -88,6 +97,12 @@
 .Bd -literal -offset indent
 # tcpdrop -l -a | grep -vw 22 | sh
 .Ed
+.Pp
+The following command will list each connection and ask for confirmation
+before dropping it:
+.Bd -literal -offset indent
+# tcpdrop -a -i
+.Ed
 .Sh SEE ALSO
 .Xr netstat 1 ,
 .Xr sockstat 1
Index: src/usr.sbin/tcpdrop/tcpdrop.c
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.c	(revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.c	(working copy)
@@ -48,6 +48,7 @@
 };
 
 static bool tcpdrop_list_commands = false;
+static bool iflag = false;
 
 static struct xinpgen *getxpcblist(const char *);
 static void sockinfo(const struct sockaddr *, struct host_service *);
@@ -69,7 +70,7 @@
 
 	dropall = false;
 
-	while ((ch = getopt(argc, argv, "al")) != -1) {
+	while ((ch = getopt(argc, argv, "ali")) != -1) {
 		switch (ch) {
 		case 'a':
 			dropall = true;
@@ -77,6 +78,9 @@
 		case 'l':
 			tcpdrop_list_commands = true;
 			break;
+		case 'i':
+			iflag = true;
+			break;
 		default:
 			usage();
 		}
@@ -144,7 +148,7 @@
 {
 	struct host_service local, foreign;
 	struct sockaddr_storage addrs[2];
-	int rv;
+	int rv, ch;
 
 	memcpy(&addrs[TCPDROP_FOREIGN], fsa, fsa->sa_len);
 	memcpy(&addrs[TCPDROP_LOCAL], lsa, lsa->sa_len);
@@ -158,6 +162,24 @@
 		return (true);
 	}
 
+	if (iflag) {
+		(void)fprintf(stderr, "drop %s %s %s %s? ", local.hs_host,
+			local.hs_service, foreign.hs_host,foreign.hs_service);
+		ch = getchar();
+		switch (ch) {
+		case 'y':
+		case 'Y':
+			do {
+				ch = getchar();
+			} while (ch != '\n' && ch != EOF);
+			break;
+		default:
+			while (ch != '\n' && ch != EOF)
+				ch = getchar();
+			return (true);
+		}
+	}
+
 	rv = sysctlbyname("net.inet.tcp.drop", NULL, NULL, &addrs,
 	    sizeof addrs);
 	if (rv == -1) {
@@ -316,7 +338,7 @@
 usage(void)
 {
 	fprintf(stderr,
-"usage: tcpdrop local-address local-port foreign-address foreign-port\n"
-"       tcpdrop [-l] -a\n");
+"usage: tcpdrop [-i] local-address local-port foreign-address foreign-port\n"
+"       tcpdrop [-i | -l] -a\n");
 	exit(1);
 }


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011062144.oA6LiP6H012929>