Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Sep 2006 21:29:41 +0300
From:      "Taras Danko" <gortaur@gmail.com>
To:        "Robert Watson" <rwatson@freebsd.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: How to find a certain socket?
Message-ID:  <89b086450609211129n4c74c4feycdbbe53faccf9568@mail.gmail.com>
In-Reply-To: <20060921180348.S56349@fledge.watson.org>
References:  <89b086450609200829t2ef4dd9ft13c2051644101ba8@mail.gmail.com> <20060921180348.S56349@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
2006/9/21, Robert Watson <rwatson@freebsd.org>:
>
>
> What are you trying to do, exactly?
>

The idea is the following: I have a module which replaces the "socket"
system call with my own "extended" socket syscall which adds some
restrictions for "socket" callers. After my module is kldloaded - some
processes/users/domains become restricted in creation of some type of
TCP/UDP sockets. This part is quite obvious. But I also want to handle
the situation when a restricted process has created a sockets _before_
my module was loaded. So I want to close its sockets so the process
will have to recreate them passing through my restriction policy this
time.

> > And the second question: whats the correct way to close the socket which was
> > found?
>
> I'm not sure there's really a "correct" way to go about ripping a socket out
> from under an application.  tcpkill does the next closest thing, which is to
> simulate a RST on the TCP connection and force it to close, which is
> propagated up the stack in a way the application will understand.

As I understand,  RST will take effect only for the client side
sockets but the server side "listening" socket still will be alive
awaiting for another connections. And I want to be able to close
sockets of both server and client types (sure if they were created by
my restricted process mentioned above).



Taras Danko
-- 
contact me:
email: gortaur@gmail.com
icq:     166956956

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89b086450609211129n4c74c4feycdbbe53faccf9568>