在不发送RST的情况下断开打开的TCP连接 [英] Drop an open TCP connection without sending RST
问题描述
查看 nginx:忽略某些没有适当主机头的请求让我想到实际上 close(2)
没有操作系统的TCP连接实际上是不可能的通过向另一端发送RST
(和/或FIN
)正确终止基础TCP连接.
如果我自己通过C建立连接,是否有一种方法可以随后在不确认对方的情况下将其丢弃,例如不启动 如果我自己通过C建立连接,是否有一种方法可以随后在不确认对方的情况下,例如在不启动RST的情况下将其丢弃? 不.即使存在,如果对等方随后发送了任何内容,它也会由RST答复. NB正常的TCP终止使用FIN,而不是RST. Looking into nginx: ignore some requests without proper Host header got me thinking that it's not actually possible to If I'm establishing the connection myself through C, is there a way to subsequently drop it without an acknowledgement to the other side, e.g., without initiating If I'm establishing the connection myself through C, is there a way to subsequently drop it without an acknowledgement to the other side, e.g., without initiating RST? No. Even if there was, if the peer subseqently sent anything it would be answered by an RST. NB Normal TCP termination uses a FIN, not an RST. 这篇关于在不发送RST的情况下断开打开的TCP连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!一种解决方法是使用类似 事实证明,OpenBSD的tcpdrop(8)
之类的东西,但是,从 usr.sbin/tcpdrop/tcpdrop.c
和 FreeBSD ,它是通过基于sysctl的界面实现的,可能在外部具有可移植性问题BSD. (实际上,看起来即使基于sysctl的实现在OpenBSD和FreeBSD之间可能也足够不同,因此需要移植层- tcp_ident_mapping
结构(随后包含两个sockaddr_storage
元素以及一些其他信息),而 DragonFly 和 NetBSD 使用数组tcpdrop
确实按照tcpdump(8)
,可以通过查看 /sys/netinet/tcp_subr.c :: tcp_drop()
,最后调用tcp_close()
(和RST
发送到SO上的其他地方),因此,它似乎也无法正常工作./p>
RST
?
close(2)
a TCP connection without the OS properly terminating the underlying TCP connection by sending an RST
(and/or FIN
) to the other end.One workaround would be to use something like It turns out, that OpenBSD's tcpdrop(8)
, however, as can be seen from usr.sbin/tcpdrop/tcpdrop.c
on OpenBSD and FreeBSD, it's implemented through a sysctl-based interface, and may have portability issues outside of BSDs. (In fact, it looks like even the sysctl-based implementation may be different enough between OpenBSD and FreeBSD to require a porting layer -- OpenBSD uses the tcp_ident_mapping
structure (which, subsequently, contains two sockaddr_storage
elements, plus some other info), whereas FreeBSD, DragonFly and NetBSD use an array of two sockaddr_storage
elements directly.)tcpdrop
does appear to send the R
packet as per tcpdump(8)
, and can be confirmed by looking at /sys/netinet/tcp_subr.c :: tcp_drop()
, which calls tcp_close()
in the end (and tcp_close()
is confirmed to send RST
elsewhere on SO), so, it appears that it wouldn't even work, either.RST
?