On Fri, 8 Dec 2006 11:18:35 +0100
Martin Husemann <martin@duskware.de> wrote:

> Hi folks,
> 
> PR kern/35196 discusses an issue with connected TCP sockets where the
> local address becomes "permantently" invalid - i.e. a ppp interface
> that disconnects and on reconnect gets a new address.
> 
> Should we
> 
>  (a) add a timeout to drop such connections after a reasonable time if
>      the local address they are bound to does not become valid again?
>  (b) add a manual way to kill such sockets, for example by an
> extension of the route(8) command?
> 
> Is there some easy way to stop the kernel automatically from sending
> packets with a "currently" not valid local address? Either by just
> dropping the packets or leaving them queueed?
> 

I have a similar need.  In particular, I have an EVDO wireless card
which is less happy -- i.e., it often drops the call -- if it sees an
outbound packet with an invalid source address.  

What I'd really like is an ifconfig or sysctl option preventing a
packet from leaving an interface if the source address doesn't match.
Since that doesn't exist, my ppp-up and ppp-down scripts manipulate my
pf or ipf filters to do the same thing.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb