Re: Best way to kill a live TCP connection?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/Jan/11 23:31, Jan Engelhardt wrote:
> On Tuesday 2011-01-11 22:10, Grant Taylor wrote:
>> On 01/11/11 11:39, Pascal Hambourg wrote:
>>> However this sends only one RST to one side of the connection,
>>> leaving the connection half-open - until the other side sends a
>>> packet and gets a RST too. IMO it would be more elegant to send RSTs
>>> to boths sides of the connection.
>>
>> Wouldn't it be possible to send packet to user space and have something else
>> send the reset packets to both ends?  I.e. use IPTables to match the packets
>> and have a user space daemon act on what IPTables matched.
> 
> Well, you could augment ipt_REJECT to send two packets. It does not have 
> to just send one.

Besides practical issues about augmenting modules, RST will never be
as clean as FIN.  I mean, aborting will still be different from
cleanly shutting down.  This particular difference, the minimal-cost
tarpit that results from sending RST to the local end only, may even
have its merits.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux