When the IP address of an interface changes, TCP connections with the
old source address are useless. Applications are not notified of this
and time out ordinarily, just as if nothing had happened. This is
behaviour isn't very helpful when you have a dynamic IP and know
you're probably not going to get the old one back. In that case, you
want processes to get errors when they try to use one of the dead
connections, so they can handle the disconnect more cleanly. Otherwise
fetchmail, etc. can just hang waiting for ages. Andi Kleen implemented
this functionality with a per interface flag in 2.2. See
ftp.suse.com:/pub/people/ak/v2.2/iff-dynamic*.

The following patch against 2.4.0 does it a different way. It
introduces a new ioctl, called SIOCKILLADDR. When this ioctl is
called, it makes all IPv4 sockets with the specified source address
return -ENETRESET when they are used.

Is this the right error number? I wasn't quite sure where the ioctl
should go to be in keeping with convention - I bunged it in
devinet_ioctl.

I patched userspace ppp-2.4.0 to use this functionality. It would be
better if SIOCKILLADDR were not used until we are sure that the new IP
is in fact different from the old one, but pppd in demand mode would
not notice that there were extant connections and so would not bring
up the link - so the problem would not be alleviated. Therefore
SIOCKILLADDR is used on disconnect. The functionality is activated
with the killoldaddr option. I would be happy to document it in the
manpage if it were accepted. Further the build process is cleaned up
slightly, as in the patch I sent on or around 8 October 2000.

diff -u --exclude *~ --recursive linux-2.4.0-orig/include/linux/sockios.h linux-hacked-dynip/include/linux/sockios.h
--- linux-2.4.0-orig/include/linux/sockios.h	Sat Dec 30 00:20:32 2000
+++ linux-hacked-dynip/include/linux/sockios.h	Sat Jan 27 17:04:34 2001
@@ -65,6 +65,7 @@
 #define SIOCDIFADDR	0x8936		/* delete PA address		*/
 #define	SIOCSIFHWBROADCAST	0x8937	/* set hardware broadcast addr	*/
 #define SIOCGIFCOUNT	0x8938		/* get number of devices */
+#define SIOCKILLADDR	0x8939		/* kill all connections with this local address */
 
 #define SIOCGIFBR	0x8940		/* Bridging support		*/
 #define SIOCSIFBR	0x8941		/* Set bridging options 	*/
diff -u --exclude *~ --recursive linux-2.4.0-orig/include/net/tcp.h linux-hacked-dynip/include/net/tcp.h
--- linux-2.4.0-orig/include/net/tcp.h	Fri Jan  5 21:41:37 2001
+++ linux-hacked-dynip/include/net/tcp.h	Sat Jan 27 18:02:21 2001
@@ -787,9 +787,8 @@
 extern int			tcp_disconnect(struct sock *sk, int flags);
 
 extern void			tcp_unhash(struct sock *sk);
-
 extern int			tcp_v4_hash_connecting(struct sock *sk);
-
+extern void		tcp_v4_zap_saddr(u32 saddr);
 
 /* From syncookies.c */
 extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/af_inet.c linux-hacked-dynip/net/ipv4/af_inet.c
--- linux-2.4.0-orig/net/ipv4/af_inet.c	Tue Jan  2 09:26:19 2001
+++ linux-hacked-dynip/net/ipv4/af_inet.c	Sat Jan 27 18:27:38 2001
@@ -854,6 +854,7 @@
 		case SIOCSIFPFLAGS:	
 		case SIOCGIFPFLAGS:	
 		case SIOCSIFFLAGS:
+		case SIOCKILLADDR:
 			return(devinet_ioctl(cmd,(void *) arg));
 		case SIOCGIFBR:
 		case SIOCSIFBR:
diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/devinet.c linux-hacked-dynip/net/ipv4/devinet.c
--- linux-2.4.0-orig/net/ipv4/devinet.c	Sat Dec 30 00:22:05 2000
+++ linux-hacked-dynip/net/ipv4/devinet.c	Sat Jan 27 21:09:48 2001
@@ -510,6 +510,7 @@
 	case SIOCSIFBRDADDR:	/* Set the broadcast address */
 	case SIOCSIFDSTADDR:	/* Set the destination address */
 	case SIOCSIFNETMASK: 	/* Set the netmask for the interface */
+	case SIOCKILLADDR:	/* Kill all connections with this local address */
 		if (!capable(CAP_NET_ADMIN))
 			return -EACCES;
 		if (sin->sin_family != AF_INET)
@@ -536,7 +537,10 @@
 				break;
 	}
 
-	if (ifa == NULL && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) {
+	if (ifa == NULL
+	    && cmd != SIOCSIFADDR
+	    && cmd != SIOCSIFFLAGS
+	    && cmd != SIOCKILLADDR) {
 		ret = -EADDRNOTAVAIL;
 		goto done;
 	}
@@ -646,6 +650,9 @@
 				ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
 				inet_insert_ifa(ifa);
 			}
+			break;
+		case SIOCKILLADDR:	/* Kill all connections with this local address */
+			tcp_v4_zap_saddr(sin->sin_addr.s_addr);
 			break;
 	}
 done:
diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/tcp_ipv4.c linux-hacked-dynip/net/ipv4/tcp_ipv4.c
--- linux-2.4.0-orig/net/ipv4/tcp_ipv4.c	Fri Jan  5 21:17:42 2001
+++ linux-hacked-dynip/net/ipv4/tcp_ipv4.c	Sat Jan 27 18:07:25 2001
@@ -390,6 +390,38 @@
 		wake_up(&tcp_lhash_wait);
 }
 
+/* Terminate all active connections with a local address equal to
+ * SADDR.  If sysctl_ip_dynaddr is set, connections in the SYN_SENT
+ * state are not closed, because their source address will presumably
+ * be rewritten.
+ */
+void tcp_v4_zap_saddr(u32 saddr) 
+{
+	int i;
+	rwlock_t *lock;
+	struct sock *sk;
+	
+	for (i = 0; i < (tcp_ehash_size<<1); i++) {
+		lock = &tcp_ehash[i].lock;
+		
+		read_lock(lock);
+
+		for(sk = tcp_ehash[i].chain; sk; sk = sk->next) 
+			if(sk->rcv_saddr == saddr)
+			{
+				if(sysctl_ip_dynaddr && sk->state == TCP_SYN_SENT)
+					continue;
+				
+				sk->err = ENETRESET;
+				sk->error_report(sk);
+
+				tcp_done(sk);
+			}
+		
+		read_unlock(lock);
+	}
+}
+
 /* Don't inline this cruft.  Here are some nice properties to
  * exploit here.  The BSD API does not allow a listening TCP
  * to specify the remote port nor the remote address for the
diff -u --recursive ppp-2.4.0-orig/chat/Makefile.linux ppp-2.4.0-hacked/chat/Makefile.linux
--- ppp-2.4.0-orig/chat/Makefile.linux	Fri Aug 13 02:54:32 1999
+++ ppp-2.4.0-hacked/chat/Makefile.linux	Sat Jan 27 18:34:47 2001
@@ -6,14 +6,14 @@
 CDEF4=	-DFNDELAY=O_NDELAY		# Old name value
 CDEFS=	$(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
 
-CFLAGS=	-O2 -g -pipe $(CDEFS)
+CFLAGS=	$(COPTS) $(CDEFS)
 
 INSTALL= install
 
 all:	chat
 
 chat:	chat.o
-	$(CC) -o chat chat.o
+	$(CC) $(LDFLAGS) -o chat chat.o
 
 chat.o:	chat.c
 	$(CC) -c $(CFLAGS) -o chat.o chat.c
diff -u --recursive ppp-2.4.0-orig/pppd/options.c ppp-2.4.0-hacked/pppd/options.c
--- ppp-2.4.0-orig/pppd/options.c	Tue Aug  1 02:38:30 2000
+++ ppp-2.4.0-hacked/pppd/options.c	Sat Jan 27 18:51:30 2001
@@ -77,6 +77,9 @@
 char	user[MAXNAMELEN];	/* Username for PAP */
 char	passwd[MAXSECRETLEN];	/* Password for PAP */
 bool	persist = 0;		/* Reopen link after it goes down */
+bool	killoldaddr = 0;		/* If our IP is reassigned on
+				    reconnect, kill active TCP
+				     connections using the old IP. */
 char	our_name[MAXNAMELEN];	/* Our name for authentication purposes */
 bool	demand = 0;		/* do dial-on-demand */
 char	*ipparam = NULL;	/* Extra parameter for ip up/down scripts */
@@ -194,6 +197,10 @@
       "Turn off persist option" },
     { "demand", o_bool, &demand,
       "Dial on demand", OPT_INITONLY | 1, &persist },
+    { "killoldaddr", o_bool, &killoldaddr,
+      "Kill connections from an old source address", 1},
+    { "nokilloldaddr", o_bool,&killoldaddr,
+      "Don't kill connections from an old source address" },
     { "--version", o_special_noarg, (void *)showversion,
       "Show version number" },
     { "--help", o_special_noarg, (void *)showhelp,
diff -u --recursive ppp-2.4.0-orig/pppd/pppd.h ppp-2.4.0-hacked/pppd/pppd.h
--- ppp-2.4.0-orig/pppd/pppd.h	Thu Jul  6 12:17:03 2000
+++ ppp-2.4.0-hacked/pppd/pppd.h	Sat Jan 27 20:13:17 2001
@@ -235,6 +235,9 @@
 extern char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
 extern bool	explicit_remote;/* remote_name specified with remotename opt */
 extern bool	demand;		/* Do dial-on-demand */
+extern bool	killoldaddr;	/* If our IP is reassigned on
+				    reconnect, kill active TCP
+				     connections using the old IP. */
 extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
 extern bool	cryptpap;	/* Others' PAP passwords are encrypted */
 extern int	idle_time_limit;/* Shut down link if idle for this long */
diff -u --recursive ppp-2.4.0-orig/pppd/sys-linux.c ppp-2.4.0-hacked/pppd/sys-linux.c
--- ppp-2.4.0-orig/pppd/sys-linux.c	Wed Jul 26 05:17:12 2000
+++ ppp-2.4.0-hacked/pppd/sys-linux.c	Sat Jan 27 21:55:03 2001
@@ -115,6 +115,10 @@
 
 #endif /* INET6 */
 
+#ifndef SIOCKILLADDR
+#define SIOCKILLADDR	0x8939
+#endif
+
 /* We can get an EIO error on an ioctl if the modem has hung up */
 #define ok_error(num) ((num)==EIO)
 
@@ -152,6 +156,7 @@
 static u_int32_t proxy_arp_addr;	/* Addr for proxy arp entry added */
 static char proxy_arp_dev[16];		/* Device for proxy arp entry */
 static u_int32_t our_old_addr;		/* for detecting address changes */
+static u_int32_t our_current_addr;
 static int	dynaddr_set;		/* 1 if ip_dynaddr set */
 static int	looped;			/* 1 if using loop */
 static int	link_mtu;		/* mtu for the link (not bundle) */
@@ -491,6 +496,27 @@
     return -1;
 }
 
+static void do_killaddr(u_int32_t oldaddr)
+{
+    struct ifreq   ifr; 
+
+    memset(&ifr,0,sizeof ifr);
+
+    SET_SA_FAMILY (ifr.ifr_addr,    AF_INET); 
+    SET_SA_FAMILY (ifr.ifr_dstaddr, AF_INET); 
+    SET_SA_FAMILY (ifr.ifr_netmask, AF_INET); 
+    
+    SIN_ADDR(ifr.ifr_addr) = oldaddr;
+
+    strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+    
+    if(ioctl(sock_fd,SIOCKILLADDR,&ifr) < 0) {
+      if (!ok_error (errno))
+	error("ioctl(SIOCKILLADDR): %m(%d)", errno);
+      return;
+    }
+}
+
 /********************************************************************
  *
  * disestablish_ppp - Restore the serial port to normal operation.
@@ -534,6 +560,9 @@
 	if (!multilink)
 	    remove_fd(ppp_dev_fd);
     }
+
+    if(killoldaddr)
+      do_killaddr(our_current_addr);
 }
 
 /*
@@ -2177,10 +2206,10 @@
 {
     struct ifreq   ifr; 
     struct rtentry rt;
-    
+
     memset (&ifr, '\0', sizeof (ifr));
     memset (&rt,  '\0', sizeof (rt));
-    
+
     SET_SA_FAMILY (ifr.ifr_addr,    AF_INET); 
     SET_SA_FAMILY (ifr.ifr_dstaddr, AF_INET); 
     SET_SA_FAMILY (ifr.ifr_netmask, AF_INET); 
@@ -2247,21 +2276,29 @@
 	}
     }
 
-    /* set ip_dynaddr in demand mode if address changes */
-    if (demand && tune_kernel && !dynaddr_set
-	&& our_old_addr && our_old_addr != our_adr) {
+    if(persist && our_old_addr && our_old_addr != our_adr) {
+      /*
+      if(killoldaddr)
+	do_killaddr(our_old_addr);
+      */
+	
+      /* set ip_dynaddr in persist mode if address changes */
+      if (tune_kernel && !dynaddr_set) {
 	/* set ip_dynaddr if possible */
 	char *path;
 	int fd;
 
 	path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
 	if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
-	    if (write(fd, "1", 1) != 1)
-		error("Couldn't enable dynamic IP addressing: %m");
-	    close(fd);
+	  if (write(fd, "1", 1) != 1)
+	    error("Couldn't enable dynamic IP addressing: %m");
+	  close(fd);
 	}
 	dynaddr_set = 1;	/* only 1 attempt */
+      }
     }
+
+    our_current_addr = our_adr;
     our_old_addr = 0;
 
     return 1;
@@ -2317,7 +2354,8 @@
     }
 
     our_old_addr = our_adr;
-
+    our_current_addr = 0;
+    
     return 1;
 }
 
diff -u --recursive ppp-2.4.0-orig/pppdump/Makefile.linux ppp-2.4.0-hacked/pppdump/Makefile.linux
--- ppp-2.4.0-orig/pppdump/Makefile.linux	Mon Jul 26 12:09:29 1999
+++ ppp-2.4.0-hacked/pppdump/Makefile.linux	Sat Jan 27 18:34:47 2001
@@ -1,4 +1,4 @@
-CFLAGS= -O -I../include/net
+CFLAGS= $(COPTS) -I../include/net
 OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
 
 INSTALL= install
@@ -6,7 +6,7 @@
 all:	pppdump
 
 pppdump: $(OBJS)
-	$(CC) -o pppdump $(OBJS)
+	$(CC) $(LDFLAGS) -o pppdump $(OBJS)
 
 clean:
 	rm -f pppdump $(OBJS) *~
diff -u --recursive ppp-2.4.0-orig/pppstats/Makefile.linux ppp-2.4.0-hacked/pppstats/Makefile.linux
--- ppp-2.4.0-orig/pppstats/Makefile.linux	Wed Mar 25 02:21:19 1998
+++ ppp-2.4.0-hacked/pppstats/Makefile.linux	Sat Jan 27 18:34:48 2001
@@ -22,7 +22,7 @@
 	$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)/man8/pppstats.8
 
 pppstats: $(PPPSTATSRCS)
-	$(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
 
 clean:
 	rm -f pppstats *~ #* core

-- 

        http://www.penguinpowered.com/~vii

Reply via email to