Close established TCP connection on Linux
I am not able to find an answer to a simple thing I will try to achive: once a tcp connection is established to my linux server, let’s say ssh / tcp 22 or x11 / tcp 6000 display -> how do I close this connection without killing the process (sshd / x11 display server). I saw also some suggestoin to use iptables, but it does not work for me, the connection is still visible in netstat -an. would be good if someone can point me to the right direction. what I tried so far
tcpkill: kills the process, not good for me iptables: does not close the established connection, but prevent further connections. Attach to the process with a debugger, then call shutdown() followed by close() , or just close() , on the appropriate file descriptor. Then hope the process can handle that.
2 Answers 2
Ok, I found at least one solution (killcx) which is working. Maybe we will be able to find an easier solution. Also, i saw the comment from «zb» — thanks — which might also work, but I was not able to find a working syntax, since this tool seems to be really useful but complex. So here is an example how to work with the 1. solution which is working for me:
netstat -anp | grep 22 output: tcp 0 0 192.168.0.82:22 192.168.0.77:33597 VERBUNDEN 25258/0 iptables -A INPUT -j DROP -s 192.168.0.77 (to prevent reconnect) perl killcx.pl 192.168.0.77:33597 (to kill the tcp connection) killcx can be found here: http://killcx.sourceforge.net/ it «steals» the connection from the foreign host (192.168.0.77) and close it. So that solution is working fine, but to complex to setup quickly if you are under stress. Here are the required packages:
apt-get install libnetpacket-perl libnet-pcap-perl libnet-rawip-perl wget http://killcx.sourceforge.net/killcx.txt -O killcx.pl however, would be good to have an easier solution.
How to completely destroy a socket connection in C
I have made a chat client in linux using socket, and i wish to destroy the connection completely. Following is the relevant portions of the code:
int sock, connected, bytes_recieved , true = 1, pid; char send_data [1024] , recv_data[1024]; struct sockaddr_in server_addr,client_addr; int sin_size; label: if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) < perror("Socket"); exit(1); >if (setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,&true,sizeof(int)) == -1) < perror("Setsockopt"); exit(1); >server_addr.sin_family = AF_INET; server_addr.sin_port = htons(3128); server_addr.sin_addr.s_addr = INADDR_ANY; bzero(&(server_addr.sin_zero),8); if (bind(sock, (struct sockaddr *)&server_addr, sizeof(struct sockaddr))== -1) < perror("Unable to bind"); exit(1); >if (listen(sock, 5) == -1) < perror("Listen"); exit(1); >printf("\nTCPServer Waiting for client on port 3128"); fflush(stdout); connected = accept(sock, (struct sockaddr *)&client_addr,&sin_size); //necessary code close(sock); goto label; but the close(sock) doesnot seem to close the destroy the connection completely, because after going to ‘label’ the code is exiting showing the error message
Unable to bind: Address already in use That is the connection is not happening again. What can the problem be? Thanks in advance. EDIT: What I actually want is, when I run the script from the beginning after destroying the connection, it should run as a fresh program. How can I do it?
Closing all TCP sockets on interface Down
I need to close all ongoing Linux TCP sockets as soon as the Ethernet interface drops (ie cable is disconnected, interface is down’ed and so on). Hacking into /proc seems not to do the trick. Not found any valuable ioctl’s. Doint it by hand at application level is not what I want, I’m really looking for a brutal and global way of doing it. Did anyane experienced this before and willing to share his foundings ?
2 Answers 2
The brutal way which avoids application level coding is hacking your kernel to activate TCP keepalive with a low timeout for all your connections.
Thanks for your suggestion. I tried the following : sysctl -w \ net.ipv4.tcp_keepalive_time=15 \ net.ipv4.tcp_keepalive_intvl=5 \ net.ipv4.tcp_keepalive_probes=2 However, I guess there is something I got wrong since after 15 + 2*15 seconds, the TCP sockets are not closed : Before : tcp 0 0 192.168.10.103:52635 ext.domain.net:1234 ESTABLISHED After 2 minutes : tcp 0 0 192.168.10.103:52635 192.168.0.12:1234 ESTABLISHED Did you meant source hacking ? Before hacking into the code, I’d like to make sure my understanding of the keepalive is correct.
Thanks Pete. I added the following, but this didn’t chang the outcome : if ((sock=socket(PF_INET,SOCK_STREAM,0))==-1) return -1; if (setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE, (char*)&option,sizeof (option))==-1) < close(sock) ; return -1; >
Hmm, I expected this to work. The variable option is of type int and has a value of 1? See e.g. tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO
This is rarely needed and is often wouldn’t work. TCP is a data transfer protocol, unless there is data loss, nothing should be done. Think twice why you ever would need that.
Otherwise, you can try to periodically poll interface(s) and check for the UP flag. If interface looses UP flag, then OS already reacted on cable being unplugged and down’ed the interface. man 7 netdevice , see SIOCGIFFLAGS for more.
Network drivers also generate an event on even when cable is plugged, but I’m not sure whether you can access that or not from a user. You might want to check the udev as its documentation explicitly mentions network interfaces.
Proper way to shutdown() a socket on Linux, differences between Linux and Windows?
I am losing data on my sockets because I am doing a close() . The Linux-specific shutdown() manpage is not helpful:
The shutdown() call causes all or part of a full-duplex connection on the socket associated with sockfd to be shut down. If how is SHUT_RD, further receptions will be disallowed. If how is SHUT_WR, further transmissions will be disallowed. If how is SHUT_RDWR, further receptions and transmissions will be disallowed.
Microsoft’s MSDN is MUCH better, but it being Windows specific, there are differences between it and Linux:
To assure that all data is sent and received on a connected socket before it is closed, an application should use shutdown to close connection before calling closesocket. One method to wait for notification that the remote end has sent all its data and initiated a graceful disconnect uses the WSAEventSelect function as follows :
1. Call WSAEventSelect to register for FD_CLOSE notification. 2. Call shutdown with how=SD_SEND. 3. When FD_CLOSE received, call the recv or WSARecv until the function completes with success and indicates that zero bytes were received. If SOCKET_ERROR is returned, then the graceful disconnect is not possible. 4. Call closesocket. My Question
I am getting answers and comments that think I am asking about the behavior on Windows. I am asking about the behavior on Linux, I am merely referencing the Windows documentation because it is much more clear and complete than Linux manpages.