From: Lorenzo Colitti <lorenzo@google.com>
To: netdev@vger.kernel.org
Cc: edumazet@google.com, ek@google.com, maze@google.com, dtor@google.com
Subject: Add a SOCK_DESTROY operation to close sockets from userspace
Date: Wed, 18 Nov 2015 10:43:40 +0900 [thread overview]
Message-ID: <1447811024-8553-1-git-send-email-lorenzo@google.com> (raw)
This patch series adds the ability for a privileged process to
destroy sockets belonging to other userspace processes via the
sock_diag interface, and implements that for TCP sockets.
This functionality is needed on laptops and mobile hosts to
ensure that network switches / disconnects do not result in
applications being blocked for long periods of time (minutes) in
read or connect calls on TCP sockets that will never succeed
because the IP address they are bound to is gone. Closing the
sockets in the protocol layer causes these calls to fail fast and
allows applications to reconnect on another network.
For many years Android kernels have done this via an out-of-tree
SIOCKILLADDR ioctl that is called when networks disconnect, but
this solution is cleaner, more robust and more flexible. The
system can iterate over all connections on the deleted IP address
and close all of them. But it can also close all sockets opened
by a given process on a given network, for example if the user
has restricted that process from using that network, or if a
secure network such as a VPN is now being applied to the
application and thus previously-established connections are
blackholed.
The patch series only implements SOCK_DESTROY for TCP sockets,
but the mechanism can be extended to any protocol family that
supports the sock_diag interface.
next reply other threads:[~2015-11-18 1:43 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 1:43 Lorenzo Colitti [this message]
2015-11-18 1:43 ` [PATCH 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 2/4] net: diag: Add the ability to destroy a socket from userspace Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-11-18 3:43 ` kbuild test robot
2015-11-18 4:46 ` Lorenzo Colitti
2015-11-18 4:25 ` kbuild test robot
2015-11-18 3:27 ` Add a SOCK_DESTROY operation to close sockets from userspace Stephen Hemminger
[not found] ` <CAAedzxqiXnKzCyevNipNnXEc_+TEjnVphLfseTo4ykZ8SAVt_w@mail.gmail.com>
2015-11-18 3:36 ` Erik Kline
2015-11-18 3:57 ` Maciej Żenczykowski
2015-11-18 11:56 ` David Laight
2015-11-18 4:04 ` Eric Dumazet
2015-11-18 10:19 ` Hannes Frederic Sowa
2015-11-18 10:47 ` Lorenzo Colitti
2015-11-18 11:19 ` Hannes Frederic Sowa
2015-11-18 12:54 ` Eric Dumazet
2015-11-18 13:04 ` Lorenzo Colitti
2015-11-18 13:31 ` Hannes Frederic Sowa
2015-11-18 14:45 ` Lorenzo Colitti
2015-11-18 14:56 ` Hannes Frederic Sowa
2015-11-18 15:16 ` Eric Dumazet
2015-11-18 15:32 ` Hannes Frederic Sowa
2015-11-18 15:33 ` Hannes Frederic Sowa
2015-11-18 20:35 ` David Miller
2015-11-18 20:43 ` Hannes Frederic Sowa
2015-11-19 3:49 ` David Miller
2015-11-19 5:12 ` Tom Herbert
2015-11-19 15:54 ` Hannes Frederic Sowa
2015-11-19 23:54 ` Maciej Żenczykowski
2015-11-19 5:13 ` Lorenzo Colitti
2015-11-19 5:53 ` David Miller
2015-11-19 7:19 ` Maciej Żenczykowski
2015-11-19 15:48 ` David Miller
2015-11-19 16:19 ` Eric Dumazet
2015-11-19 16:33 ` David Miller
2015-11-19 16:43 ` Eric Dumazet
2015-11-19 16:50 ` David Miller
2015-11-19 16:47 ` Eric Dumazet
2015-11-19 17:02 ` David Miller
2015-11-19 17:44 ` Eric Dumazet
2015-11-19 22:55 ` Lorenzo Colitti
2015-11-19 17:08 ` Hannes Frederic Sowa
2015-11-19 17:38 ` Tom Herbert
2015-11-19 18:09 ` David Miller
2015-11-19 18:27 ` Hannes Frederic Sowa
2015-11-19 23:02 ` Hannes Frederic Sowa
2015-11-19 23:47 ` Lorenzo Colitti
2015-11-19 22:33 ` Lorenzo Colitti
2015-11-19 22:38 ` Hannes Frederic Sowa
2015-11-19 23:24 ` Tom Herbert
2015-11-19 21:29 ` Tom Herbert
2015-11-19 21:41 ` Eric Dumazet
2015-11-19 21:53 ` Hannes Frederic Sowa
2015-11-19 22:04 ` Eric Dumazet
2015-11-19 22:09 ` Hannes Frederic Sowa
2015-11-19 22:15 ` Eric Dumazet
2015-11-19 22:31 ` Hannes Frederic Sowa
2015-11-19 22:36 ` Eric Dumazet
2015-11-19 21:53 ` Tom Herbert
2015-11-19 22:07 ` Eric Dumazet
2015-11-19 22:14 ` Tom Herbert
2015-11-19 22:33 ` Eric Dumazet
2015-11-20 0:04 ` Tom Herbert
2015-11-20 0:09 ` Lorenzo Colitti
2015-11-20 0:15 ` Tom Herbert
2015-11-20 2:25 ` Maciej Żenczykowski
2015-12-01 2:32 ` Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 2/4] net: diag: Add the ability to destroy a socket from userspace Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-12-01 6:23 ` kbuild test robot
2015-12-01 7:12 ` Lorenzo Colitti
2015-12-01 2:53 ` Add a SOCK_DESTROY operation to close sockets from userspace Tom Herbert
2015-12-02 15:18 ` Lorenzo Colitti
2015-12-02 16:12 ` Tom Herbert
2015-12-02 16:30 ` Lorenzo Colitti
2015-12-02 17:09 ` Tom Herbert
2015-12-14 17:29 ` Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 1/4] net: diag: Add the ability to destroy a socket Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 2/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-12-14 17:51 ` kbuild test robot
2015-12-14 17:52 ` Tom Herbert
2015-12-14 18:03 ` Eric Dumazet
2015-12-14 19:37 ` David Miller
2015-12-15 17:17 ` [PATCH v5 4/4] net: diag: Support destroying TCP socketsr Lorenzo Colitti
2015-12-15 17:17 ` [PATCH v6 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-15 17:44 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 2/4] net: diag: Add the ability to destroy a socket Lorenzo Colitti
2015-12-15 17:44 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-15 17:45 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-12-15 17:46 ` Eric Dumazet
2015-12-15 18:36 ` [PATCH v5 4/4] net: diag: Support destroying TCP socketsr Maciej Żenczykowski
2015-12-15 18:46 ` Rustad, Mark D
2015-12-15 18:38 ` David Miller
2015-11-20 0:12 ` Add a SOCK_DESTROY operation to close sockets from userspace Maciej Żenczykowski
2015-11-20 0:19 ` Lorenzo Colitti
2015-11-20 0:55 ` David Miller
2015-11-20 1:00 ` Maciej Żenczykowski
2015-11-20 1:55 ` Lorenzo Colitti
2015-11-20 16:51 ` David Ahern
2015-11-18 3:56 ` Tom Herbert
2015-11-18 4:23 ` Lorenzo Colitti
2015-11-18 4:31 ` Tom Herbert
2015-11-18 10:12 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447811024-8553-1-git-send-email-lorenzo@google.com \
--to=lorenzo@google.com \
--cc=dtor@google.com \
--cc=edumazet@google.com \
--cc=ek@google.com \
--cc=maze@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).