Kill socket for certain routes

Thread: Kill socket for certain routes

Search this list only Search all lists
Kill socket for certain routes
	2006-12-08 23:06:08
On Fri, 8 Dec 2006 22:17:48 +0000 (UTC) christosastron.com (Christos Zoulas) wrote: > In article <874ps6ozeg.fsfsnark.piermont.com>, > Perry E. Metzger <perrypiermont.com> wrote: > > > >christosastron.com (Christos Zoulas) writes: > >> We should not add a timeout to drop connections. Instead we should > >> provide a way for the user to drop them, like tcpdrop on OpenBSD > >> and the patch in > >> > >> http ://users.ece.gatech.edu/~dheeraj/netbsd.html > >> > >> I don't particularly like the sysctl interface, but I don't have a > >> better suggestion. In my opinion we should add it. > > > >This would be a very nice general capability, though > >"socketdrop" (one might want to drop UDP sockets bound to the > >vanished address etc.) might be a more general capability. > > The UDP bound problem probably needs fixing in the daemons because > some of them might not be prepared to deal with this kind of failure. > How about returning the same error that an ICMP ICMP_UNREACH_PORT returns? (It's a particular case of Destination Unreachable). --Steve Bellovin, http://www.cs.columbi a.edu/~smb

Kill socket for certain routes
	2006-12-11 21:22:05
On Fri, Dec 08, 2006 at 06:06:08PM -0500, Steven M. Bellovin wrote: > On Fri, 8 Dec 2006 22:17:48 +0000 (UTC) > christosastron.com (Christos Zoulas) wrote: > > > In article <874ps6ozeg.fsfsnark.piermont.com>, > > Perry E. Metzger <perrypiermont.com> wrote: > > > > > >This would be a very nice general capability, though > > >"socketdrop" (one might want to drop UDP sockets bound to the > > >vanished address etc.) might be a more general capability. > > > > The UDP bound problem probably needs fixing in the daemons because > > some of them might not be prepared to deal with this kind of failure. > > > How about returning the same error that an ICMP ICMP_UNREACH_PORT > returns? (It's a particular case of Destination Unreachable). If I understand things right, the problem is that we have a server listening on bound sockets. Are servers used to getting ICMP_UNREACH_PORT on the bound socket? On a send, yes, they should understand that! But I didn't think many of them would be expecting an error once bind() succeeded. To be honest, I think TCP daemons still have this problem. If the daemon is configured to bind to specific addresses, it has to know when they change. Then it can redo the binding process. Take care, Bill

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )