Skip to content

Commit c1e64e2

Browse files
lcolittidavem330
authored andcommitted
net: diag: Support destroying TCP sockets.
This implements SOCK_DESTROY for TCP sockets. It causes all blocking calls on the socket to fail fast with ECONNABORTED and causes a protocol close of the socket. It informs the other end of the connection by sending a RST, i.e., initiating a TCP ABORT as per RFC 793. ECONNABORTED was chosen for consistency with FreeBSD. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 6eb5d2e commit c1e64e2

File tree

6 files changed

+68
-0
lines changed

6 files changed

+68
-0
lines changed

include/net/tcp.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1170,6 +1170,8 @@ void tcp_set_state(struct sock *sk, int state);
11701170

11711171
void tcp_done(struct sock *sk);
11721172

1173+
int tcp_abort(struct sock *sk, int err);
1174+
11731175
static inline void tcp_sack_reset(struct tcp_options_received *rx_opt)
11741176
{
11751177
rx_opt->dsack = 0;

net/ipv4/Kconfig

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -436,6 +436,19 @@ config INET_UDP_DIAG
436436
Support for UDP socket monitoring interface used by the ss tool.
437437
If unsure, say Y.
438438

439+
config INET_DIAG_DESTROY
440+
bool "INET: allow privileged process to administratively close sockets"
441+
depends on INET_DIAG
442+
default n
443+
---help---
444+
Provides a SOCK_DESTROY operation that allows privileged processes
445+
(e.g., a connection manager or a network administration tool such as
446+
ss) to close sockets opened by other processes. Closing a socket in
447+
this way interrupts any blocking read/write/connect operations on
448+
the socket and causes future socket calls to behave as if the socket
449+
had been disconnected.
450+
If unsure, say N.
451+
439452
menuconfig TCP_CONG_ADVANCED
440453
bool "TCP: advanced congestion control"
441454
---help---

net/ipv4/tcp.c

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3080,6 +3080,38 @@ void tcp_done(struct sock *sk)
30803080
}
30813081
EXPORT_SYMBOL_GPL(tcp_done);
30823082

3083+
int tcp_abort(struct sock *sk, int err)
3084+
{
3085+
if (!sk_fullsock(sk)) {
3086+
sock_gen_put(sk);
3087+
return -EOPNOTSUPP;
3088+
}
3089+
3090+
/* Don't race with userspace socket closes such as tcp_close. */
3091+
lock_sock(sk);
3092+
3093+
/* Don't race with BH socket closes such as inet_csk_listen_stop. */
3094+
local_bh_disable();
3095+
bh_lock_sock(sk);
3096+
3097+
if (!sock_flag(sk, SOCK_DEAD)) {
3098+
sk->sk_err = err;
3099+
/* This barrier is coupled with smp_rmb() in tcp_poll() */
3100+
smp_wmb();
3101+
sk->sk_error_report(sk);
3102+
if (tcp_need_reset(sk->sk_state))
3103+
tcp_send_active_reset(sk, GFP_ATOMIC);
3104+
tcp_done(sk);
3105+
}
3106+
3107+
bh_unlock_sock(sk);
3108+
local_bh_enable();
3109+
release_sock(sk);
3110+
sock_put(sk);
3111+
return 0;
3112+
}
3113+
EXPORT_SYMBOL_GPL(tcp_abort);
3114+
30833115
extern struct tcp_congestion_ops tcp_reno;
30843116

30853117
static __initdata unsigned long thash_entries;

net/ipv4/tcp_diag.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@
1010
*/
1111

1212
#include <linux/module.h>
13+
#include <linux/net.h>
14+
#include <linux/sock_diag.h>
1315
#include <linux/inet_diag.h>
1416

1517
#include <linux/tcp.h>
@@ -46,12 +48,29 @@ static int tcp_diag_dump_one(struct sk_buff *in_skb, const struct nlmsghdr *nlh,
4648
return inet_diag_dump_one_icsk(&tcp_hashinfo, in_skb, nlh, req);
4749
}
4850

51+
#ifdef CONFIG_INET_DIAG_DESTROY
52+
static int tcp_diag_destroy(struct sk_buff *in_skb,
53+
const struct inet_diag_req_v2 *req)
54+
{
55+
struct net *net = sock_net(in_skb->sk);
56+
struct sock *sk = inet_diag_find_one_icsk(net, &tcp_hashinfo, req);
57+
58+
if (IS_ERR(sk))
59+
return PTR_ERR(sk);
60+
61+
return sock_diag_destroy(sk, ECONNABORTED);
62+
}
63+
#endif
64+
4965
static const struct inet_diag_handler tcp_diag_handler = {
5066
.dump = tcp_diag_dump,
5167
.dump_one = tcp_diag_dump_one,
5268
.idiag_get_info = tcp_diag_get_info,
5369
.idiag_type = IPPROTO_TCP,
5470
.idiag_info_size = sizeof(struct tcp_info),
71+
#ifdef CONFIG_INET_DIAG_DESTROY
72+
.destroy = tcp_diag_destroy,
73+
#endif
5574
};
5675

5776
static int __init tcp_diag_init(void)

net/ipv4/tcp_ipv4.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2342,6 +2342,7 @@ struct proto tcp_prot = {
23422342
.destroy_cgroup = tcp_destroy_cgroup,
23432343
.proto_cgroup = tcp_proto_cgroup,
23442344
#endif
2345+
.diag_destroy = tcp_abort,
23452346
};
23462347
EXPORT_SYMBOL(tcp_prot);
23472348

net/ipv6/tcp_ipv6.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1890,6 +1890,7 @@ struct proto tcpv6_prot = {
18901890
.proto_cgroup = tcp_proto_cgroup,
18911891
#endif
18921892
.clear_sk = tcp_v6_clear_sk,
1893+
.diag_destroy = tcp_abort,
18931894
};
18941895

18951896
static const struct inet6_protocol tcpv6_protocol = {

0 commit comments

Comments
 (0)