How to kill one TCP connection in Linux?

Question

How to kill one TCP connection in Linux?

I have a process that opens multiple tcp connections to multiple browsers on separate ports.

Using netsat, the output looks something like this:

tcp 0 0 server1.something:myprog client1.something:49987 ESTABLISHED tcp 0 0 server1.something:myprog client1.something:65987 ESTABLISHED tcp 0 0 server1.something:myprog client1.something:89987 ESTABLISHED

Now I would like to kill exactly one of the compounds? How can I do it? (Since killing the process will destroy all connections)

+6

linux tcp

outflanker Sep 17 '13 at 7:04

source share

3 answers

You cannot kill one process connection.

But you can block it with iptables. Thus, the connection cannot provide or receive data, and the client will time out.

+4

Okieoth Sep 17 '13 at 7:10

source share

In the Linux kernel> = 4.9 you can use the ss command from iproute2 with the -K switch

 ss -K dst client1.something dport = 49987

the kernel must be compiled with the CONFIG_INET_DIAG_DESTROY option CONFIG_INET_DIAG_DESTROY .

0

Pavel Apr 10 '19 at 15:12

source share

cdleonard · Accepted Answer · 2013-09-17T08:18:44+0000

Here are a few options:

Join gdb and call the close () function on fd. You can map from addr / port to the inode number via / proc / net / tcp and from the inode number to FD inside the process using ls -la / proc / $ pid / fd.
Trick the RST package. You will need to generate it locally and guess the SEQ number in some way.
Perhaps configure the iptables rule to generate RST for the next package.
Write the kernel module.

It seems that this is not supported well. Processes are likely to crash if their FDs are unexpectedly closed anyway.

How to kill one TCP connection in Linux?

More articles: