From owner-freebsd-bugs@FreeBSD.ORG  Sat Nov  6 21:50:08 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 25245106564A
	for <freebsd-bugs@hub.freebsd.org>;
	Sat,  6 Nov 2010 21:50:08 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D24118FC0A
	for <freebsd-bugs@hub.freebsd.org>;
	Sat,  6 Nov 2010 21:50:07 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oA6Lo7u9048611
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 6 Nov 2010 21:50:07 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oA6Lo7qP048601;
	Sat, 6 Nov 2010 21:50:07 GMT (envelope-from gnats)
Resent-Date: Sat, 6 Nov 2010 21:50:07 GMT
Resent-Message-Id: <201011062150.oA6Lo7qP048601@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Nikos Vassiliadis <nvass9573@gmx.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 414EA106564A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat,  6 Nov 2010 21:44:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2EA758FC0C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat,  6 Nov 2010 21:44:26 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id oA6LiPXM012930
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 6 Nov 2010 21:44:25 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id oA6LiP6H012929;
	Sat, 6 Nov 2010 21:44:25 GMT (envelope-from nobody)
Message-Id: <201011062144.oA6LiP6H012929@www.freebsd.org>
Date: Sat, 6 Nov 2010 21:44:25 GMT
From: Nikos Vassiliadis <nvass9573@gmx.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: bin/151996: [patch] new tcpdrop option to select interactively
	connections to drop
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Nov 2010 21:50:08 -0000


>Number:         151996
>Category:       bin
>Synopsis:       [patch] new tcpdrop option to select interactively connections to drop
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 06 21:50:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Nikos Vassiliadis
>Release:        9.0-CURRENT
>Organization:
>Environment:
FreeBSD lab.local 9.0-CURRENT FreeBSD 9.0-CURRENT #1 r214617: Mon Nov  1 09:47:10 EET 2010     root@lab.local:/usr/obj/usr/src/sys/LAB  i386

>Description:
A flag(-i) to ask for confirmation before dropping a connection. It meant to be used mainly in conjunction with -a.

Example:
lab# tcpdrop -ia
drop 192.168.73.195 16456 195.167.100.39 80?
drop 192.168.73.195 37746 195.167.100.39 80? y
192.168.73.195 37746 195.167.100.39 80: dropped
drop 192.168.73.195 41749 195.167.100.39 80? yes
192.168.73.195 41749 195.167.100.39 80: dropped
drop 192.168.73.60 22 192.168.73.192 60763?
drop 192.168.73.60 22 192.168.73.192 60585?
lab#

>How-To-Repeat:
n/a
>Fix:


Patch attached with submission follows:

Index: src/usr.sbin/tcpdrop/tcpdrop.8
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.8	(revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.8	(working copy)
@@ -25,12 +25,13 @@
 .Nd drop TCP connections
 .Sh SYNOPSIS
 .Nm tcpdrop
+.Op Fl i
 .Ar local-address
 .Ar local-port
 .Ar foreign-address
 .Ar foreign-port
 .Nm tcpdrop
-.Op Fl l
+.Op Fl i | l
 .Fl a
 .Sh DESCRIPTION
 The
@@ -42,7 +43,15 @@
 is specified then
 .Nm
 will attempt to drop all active connections.
+.Nm
+will ask for confirmation before dropping a connection when
+.Fl i
+is specified.
 The
+.Fl i
+flag can be combined with
+.Fl a .
+The
 .Fl l
 flag may be given to list the tcpdrop invocation to drop all active
 connections one at a time.
@@ -88,6 +97,12 @@
 .Bd -literal -offset indent
 # tcpdrop -l -a | grep -vw 22 | sh
 .Ed
+.Pp
+The following command will list each connection and ask for confirmation
+before dropping it:
+.Bd -literal -offset indent
+# tcpdrop -a -i
+.Ed
 .Sh SEE ALSO
 .Xr netstat 1 ,
 .Xr sockstat 1
Index: src/usr.sbin/tcpdrop/tcpdrop.c
===================================================================
--- src/usr.sbin/tcpdrop/tcpdrop.c	(revision 214630)
+++ src/usr.sbin/tcpdrop/tcpdrop.c	(working copy)
@@ -48,6 +48,7 @@
 };
 
 static bool tcpdrop_list_commands = false;
+static bool iflag = false;
 
 static struct xinpgen *getxpcblist(const char *);
 static void sockinfo(const struct sockaddr *, struct host_service *);
@@ -69,7 +70,7 @@
 
 	dropall = false;
 
-	while ((ch = getopt(argc, argv, "al")) != -1) {
+	while ((ch = getopt(argc, argv, "ali")) != -1) {
 		switch (ch) {
 		case 'a':
 			dropall = true;
@@ -77,6 +78,9 @@
 		case 'l':
 			tcpdrop_list_commands = true;
 			break;
+		case 'i':
+			iflag = true;
+			break;
 		default:
 			usage();
 		}
@@ -144,7 +148,7 @@
 {
 	struct host_service local, foreign;
 	struct sockaddr_storage addrs[2];
-	int rv;
+	int rv, ch;
 
 	memcpy(&addrs[TCPDROP_FOREIGN], fsa, fsa->sa_len);
 	memcpy(&addrs[TCPDROP_LOCAL], lsa, lsa->sa_len);
@@ -158,6 +162,24 @@
 		return (true);
 	}
 
+	if (iflag) {
+		(void)fprintf(stderr, "drop %s %s %s %s? ", local.hs_host,
+			local.hs_service, foreign.hs_host,foreign.hs_service);
+		ch = getchar();
+		switch (ch) {
+		case 'y':
+		case 'Y':
+			do {
+				ch = getchar();
+			} while (ch != '\n' && ch != EOF);
+			break;
+		default:
+			while (ch != '\n' && ch != EOF)
+				ch = getchar();
+			return (true);
+		}
+	}
+
 	rv = sysctlbyname("net.inet.tcp.drop", NULL, NULL, &addrs,
 	    sizeof addrs);
 	if (rv == -1) {
@@ -316,7 +338,7 @@
 usage(void)
 {
 	fprintf(stderr,
-"usage: tcpdrop local-address local-port foreign-address foreign-port\n"
-"       tcpdrop [-l] -a\n");
+"usage: tcpdrop [-i] local-address local-port foreign-address foreign-port\n"
+"       tcpdrop [-i | -l] -a\n");
 	exit(1);
 }


>Release-Note:
>Audit-Trail:
>Unformatted: