Subject: Re: Kill socket for certain routes
To: Christos Zoulas <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 12/08/2006 18:06:08
On Fri, 8 Dec 2006 22:17:48 +0000 (UTC)
firstname.lastname@example.org (Christos Zoulas) wrote:
> In article <email@example.com>,
> Perry E. Metzger <firstname.lastname@example.org> wrote:
> >email@example.com (Christos Zoulas) writes:
> >> We should not add a timeout to drop connections. Instead we should
> >> provide a way for the user to drop them, like tcpdrop on OpenBSD
> >> and the patch in
> >> http://users.ece.gatech.edu/~dheeraj/netbsd.html
> >> I don't particularly like the sysctl interface, but I don't have a
> >> better suggestion. In my opinion we should add it.
> >This would be a very nice general capability, though
> >"socketdrop" (one might want to drop UDP sockets bound to the
> >vanished address etc.) might be a more general capability.
> The UDP bound problem probably needs fixing in the daemons because
> some of them might not be prepared to deal with this kind of failure.
How about returning the same error that an ICMP ICMP_UNREACH_PORT
returns? (It's a particular case of Destination Unreachable).
--Steve Bellovin, http://www.cs.columbia.edu/~smb