netbsd-bugs: kern/35196: sockets should die if addresses vanish

Subject: kern/35196: sockets should die if addresses vanish
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <perry@piermont.com>
List: netbsd-bugs
Date: 12/07/2006 02:25:01

>Number:         35196
>Category:       kern
>Synopsis:       sockets should die if addresses vanish
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 07 02:25:00 +0000 2006
>Originator:     Perry E. Metzger
>Release:        NetBSD 4.99.3
>Organization:
Perry E. Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."
>Environment:
	
	
System: NetBSD hackworth 4.99.3 NetBSD 4.99.3 (HACKWORTH) #0: Fri Oct 27 14:05:48 EDT 2006 perry@hackworth:/usr/obj/sys/arch/i386/compile/HACKWORTH i386
Architecture: i386
Machine: i386
>Description:

Lets say that you have an interface that has fairly dynamic addresses
-- a ppp dialup connection or an 802.11 adapter on a machine that
moves around a lot.

The addresses bound to said interface will often go away, to be
replaced by new ones (or none at all). However, even after they go
away, TCP connections will continue to live for quite some time,
eventually timing out, going into time wait, etc.

This is quite clearly silly. If you no longer have the address from
which the packets for the socket putatively originate, you will
*never* get any reply packets. Your counterparty is *never* going to
be able to reply to you. The careful timeout machinery is useless.

Thus, my claim is that if you delete an address from an interface, you
should immediately tear down all connections associated with it and
revoke all the file descriptors for sockets bound to the address that
has gone away for good.

By the way, for certain services, such as some EVDO providers, sending
out packets from an address you do not control causes the connections
to drop. The reason I noticed this problem in the first place is
because if I lose my EVDO connection and restart it (which implies a
new address), dying sockets that I cannot get rid of send out packets
that cause the connection to die again. This can be worked around with
packet filters, but in general, we should not be keeping around TCP
state for connections that we know are permanently dead by virtue of
the fact that the origination address is no longer one we are assigned.

>How-To-Repeat:

Delete an address that has a bunch of connections bound to it. Note
that the connections don't go away -- netstat still shows them.

>Fix:
	

>Unformatted: