[Gllug] Killing network connections

[Robert McKay]

On 10/12/07, Alain Williams <addw at phcomp.co.uk> wrote:
> On Fri, Oct 12, 2007 at 06:45:23PM +0100, Robert McKay wrote:
> > On 10/12/07, Tom Weissmann <trmsw at yahoo.co.uk> wrote:
> > > This is more out of curiosity than necessity...
> > >
> > > Is it possible to close a network connection that "lsof -i" shows me
> > > without sending a message to either of the processes involved? Can I
> > > tell the kernel to kill it somehow?
> >
> > I'm not really sure what you're trying to achieve exactly.
> >
> > You could try something like this:
> >
> > gdb -p <pid>
> > call close(<fd>)
> > detach
> >
> > It won't receive any "message", but things that use network
> > connections tend to check them now and again to see if they're still
> > there.
>
> Trouble with that is that if the process then opens another file/socket
> it will probably get <fd>, so the select() loop that it is probably
> sitting in will then return and the program will read/write to
> the wrong place ... all hell will break loose.

True. You could get around that particular issue by re-opening
something else. perhaps

gdb -p <pid>
call open("/dev/null", 66, 0666)
dup2($1, <fd>)
detach

obviously /dev/null is not a socket, so any networky ioctls are likely to fail.

You could contrive to create a new socket and connect it to somewhere
else (yes, I was bored)..

call malloc(16)
call memset($1, 0, 16)
call memcpy($1, "\002", 1)
call memcpy($1+2, "\037\220", 2)
call inet_aton("127.0.0.1", $1+4)
call socket(2, 1, 0)
call connect($6, $1, 16)
call dup2($6, 0)
call dup2($6, 1)
call dup2($6, 2)
detach

(That connects to localhost port 8080 and then dup2's
stdin/stdout/stderr to the new socket. Try running it on "cat" for
example (start an nc listening on port 8080 and then gdb -p <pidofcat>
and paste those lines into gdb)

Rob.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug