== Linux tcpdrop kernel module ==

(c) 2012 Roman Arutyunyan [email protected]

Module:

This module lets you drop TCP connections from working Linux system. It also supports unscheduling TIME_WAIT sockets.

The module creates pseudo-file /proc/net/tcp_drop which expects input of the following format:

saddr:sport daddr:dport

Note: Spaces between the two can be of any type & size.

Requirements:

Linux kernel 3.0.0

Build & install:

Untar/ungzip & cd to module directory & just run make.

Load module:

sudo insmod ./tcp_drop.ko

Unload module:

sudo rmmod tcp_drop

Note: remember you need root privileges to write to /proc/net/tcp_drop.

Example1:

We have 4 connected sockets by IMAP client (port 143). Let's drop the last one:

netstat -n|grep ESTABLISHED|grep 143

tcp 0 0 10.31.1.141:51292 192.168.0.1:143 ESTABLISHED tcp 0 0 10.31.1.141:51293 192.168.0.1:143 ESTABLISHED tcp 0 0 10.31.1.141:51436 192.168.0.1:143 ESTABLISHED ^.............copy this...............^

Just copy the middle part of string (incl. tabs/spaces) to /proc/net/tcp_drop:

echo "10.31.1.141:51436 192.168.0.1:143" > /proc/net/tcp_drop

Now it'dead:

netstat -n|grep ESTABLISHED|grep 143 tcp 0 0 10.31.1.141:51292 192.168.0.1:143 ESTABLISHED tcp 0 0 10.31.1.141:51293 192.168.0.1:143 ESTABLISHED

IMAP client has received a socket error & will reconnect when needed.

Example2:

Let's kill a TIME_WAIT socket. I've just created a TIME_WAIT socket with a netcat connection to localhost:8080:

netstat -n|grep TIME_WAIT tcp 0 0 127.0.0.1:34790 127.0.0.1:8080 TIME_WAIT ^....................................^

Here's how to kill it (it's better to say 'unschedule'):

echo "127.0.0.1:34790 127.0.0.1:8080" > /proc/net/tcp_drop

Let's see:

netstat -n|grep TIME_WAIT