Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, 29 Jan 2001, Jamie Lokier wrote: > Unfortunately getting the same IP is rare now, so I've been toying with > running a PPP tunnel through a fixed host out on the net. The tunnel > would be dropped and recreated with each new connection. My local link > IP would change, but the tunnel IP would not so connections to other > places, ssh etc. would all be from the tunnel IP. ciped is great for this. I use it to tunnel ssh from my home dialup to work. Very stable, and with cipe's shared keys, there's nothing too taxing about setting it up. I just have a call to /etc/init.d/ciped restart in my ppp up script. freeswan was another way I looked at , but ip/sec was horrible at the time and didn't (maybe still doesn't) deal with dynamic ip assignment nicely. Cheers, Mark -- +-+ Mark Cooke The views expressed above are mine and are not Systems Programmer necessarily representative of university policy University Of BirminghamURL: http://www.sr.bham.ac.uk/~mpc/ +-+ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, 29 Jan 2001, Jamie Lokier wrote: Unfortunately getting the same IP is rare now, so I've been toying with running a PPP tunnel through a fixed host out on the net. The tunnel would be dropped and recreated with each new connection. My local link IP would change, but the tunnel IP would not so connections to other places, ssh etc. would all be from the tunnel IP. ciped is great for this. I use it to tunnel ssh from my home dialup to work. Very stable, and with cipe's shared keys, there's nothing too taxing about setting it up. I just have a call to /etc/init.d/ciped restart in my ppp up script. freeswan was another way I looked at , but ip/sec was horrible at the time and didn't (maybe still doesn't) deal with dynamic ip assignment nicely. Cheers, Mark -- +-+ Mark Cooke The views expressed above are mine and are not Systems Programmer necessarily representative of university policy University Of BirminghamURL: http://www.sr.bham.ac.uk/~mpc/ +-+ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 07:31:36PM +0100, Jamie Lokier wrote: > Unfortunately getting the same IP is rare now, so I've been toying with Pretty much dependant of the type of equipment and the configuration used at the ISP's servers. I use two ISPs when I'm back in Germany of which the one always and the other one never gives me the same IP when I reconnect within some short time. (Guess which one I prefer ...) Ralf - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 07:31:36PM +0100, Jamie Lokier wrote: Unfortunately getting the same IP is rare now, so I've been toying with Pretty much dependant of the type of equipment and the configuration used at the ISP's servers. I use two ISPs when I'm back in Germany of which the one always and the other one never gives me the same IP when I reconnect within some short time. (Guess which one I prefer ...) Ralf - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
"Albert D. Cahalan" <[EMAIL PROTECTED]> writes: [...] > > I patched userspace ppp-2.4.0 to use this functionality. It would be > > better if SIOCKILLADDR were not used until we are sure that the new IP > > is in fact different from the old one, but pppd in demand mode would > > I get the same IP about 2/3 of the time, so it is pretty important > to avoid killing connections until after the new IP is known. I'll try to explain again. If you have an existing (e.g. ssh) connection to a host across the interface, and the interface comes down then pppd _will not bring it up again_ until you try to start a new connection, as far as I have experienced. Therefore you will get the old behaviour and my patch will do nothing. I decided it was better to inform ssh that the link was dead. Like I said, the solution to this is to make pppd cleverer about bringing the link up when there are existing connections. Alternatively, you could have some dubious script parsing netstat checking whether there are connections over the interface. and pinging hosts at intervals to bring the link up again ;-) Here is a patch for pppd-2.4.0 orig that will give you the behaviour you want, provided you can solve the problem in the first paragraph. It almost exactly the same as my last patch. It compiles and everything. Note that there are no changes required to the kernel side patch to enable this functionality. diff -u --recursive ppp-2.4.0-orig/chat/Makefile.linux ppp-2.4.0-hacked/chat/Makefile.linux --- ppp-2.4.0-orig/chat/Makefile.linux Fri Aug 13 02:54:32 1999 +++ ppp-2.4.0-hacked/chat/Makefile.linux Sat Jan 27 18:34:47 2001 @@ -6,14 +6,14 @@ CDEF4= -DFNDELAY=O_NDELAY # Old name value CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) -CFLAGS= -O2 -g -pipe $(CDEFS) +CFLAGS= $(COPTS) $(CDEFS) INSTALL= install all: chat chat: chat.o - $(CC) -o chat chat.o + $(CC) $(LDFLAGS) -o chat chat.o chat.o: chat.c $(CC) -c $(CFLAGS) -o chat.o chat.c diff -u --recursive ppp-2.4.0-orig/pppd/options.c ppp-2.4.0-hacked/pppd/options.c --- ppp-2.4.0-orig/pppd/options.c Tue Aug 1 02:38:30 2000 +++ ppp-2.4.0-hacked/pppd/options.c Sat Jan 27 18:51:30 2001 @@ -77,6 +77,9 @@ char user[MAXNAMELEN]; /* Username for PAP */ char passwd[MAXSECRETLEN]; /* Password for PAP */ bool persist = 0; /* Reopen link after it goes down */ +bool killoldaddr = 0; /* If our IP is reassigned on +reconnect, kill active TCP + connections using the old IP. */ char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ bool demand = 0; /* do dial-on-demand */ char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ @@ -194,6 +197,10 @@ "Turn off persist option" }, { "demand", o_bool, , "Dial on demand", OPT_INITONLY | 1, }, +{ "killoldaddr", o_bool, , + "Kill connections from an old source address", 1}, +{ "nokilloldaddr", o_bool,, + "Don't kill connections from an old source address" }, { "--version", o_special_noarg, (void *)showversion, "Show version number" }, { "--help", o_special_noarg, (void *)showhelp, diff -u --recursive ppp-2.4.0-orig/pppd/pppd.h ppp-2.4.0-hacked/pppd/pppd.h --- ppp-2.4.0-orig/pppd/pppd.h Thu Jul 6 12:17:03 2000 +++ ppp-2.4.0-hacked/pppd/pppd.h Sat Jan 27 20:13:17 2001 @@ -235,6 +235,9 @@ extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ extern bool explicit_remote;/* remote_name specified with remotename opt */ extern bool demand; /* Do dial-on-demand */ +extern bool killoldaddr; /* If our IP is reassigned on +reconnect, kill active TCP + connections using the old IP. */ extern char *ipparam; /* Extra parameter for ip up/down scripts */ extern bool cryptpap; /* Others' PAP passwords are encrypted */ extern int idle_time_limit;/* Shut down link if idle for this long */ diff -u --recursive ppp-2.4.0-orig/pppd/sys-linux.c ppp-2.4.0-hacked/pppd/sys-linux.c --- ppp-2.4.0-orig/pppd/sys-linux.c Wed Jul 26 05:17:12 2000 +++ ppp-2.4.0-hacked/pppd/sys-linux.c Sat Jan 27 21:55:03 2001 @@ -115,6 +115,10 @@ #endif /* INET6 */ +#ifndef SIOCKILLADDR +#define SIOCKILLADDR 0x8939 +#endif + /* We can get an EIO error on an ioctl if the modem has hung up */ #define ok_error(num) ((num)==EIO) @@ -152,6 +156,7 @@ static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ static char proxy_arp_dev[16]; /* Device for proxy arp entry */ static u_int32_t our_old_addr; /* for detecting address changes */ +static u_int32_t our_current_addr; static int dynaddr_set; /* 1 if ip_dynaddr set */ static int looped; /* 1 if using loop */ static int link_mtu; /* mtu for the link (not bundle) */ @@ -491,6 +496,27 @@ return -1; } +static void do_killaddr(u_int32_t oldaddr) +{ +struct ifreq ifr; + +memset(,0,sizeof ifr); + +SET_SA_FAMILY (ifr.ifr_addr,AF_INET); +SET_SA_FAMILY (ifr.ifr_dstaddr, AF_INET); +SET_SA_FAMILY (ifr.ifr_netmask, AF_INET); + +
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
Jamie Lokier <[EMAIL PROTECTED]> writes: [...] > The important thing is that the tunnel is destroyed and recreated > (it has to be, it is over different underlying link addresses). I > do not want that to destroy the connections from the tunnelled > address. No connections at all will be destroyed by my patch unless you enable the new killoldaddr pppd option. -- http://www.penguinpowered.com/~vii - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 07:31:36PM +0100, Jamie Lokier wrote: > The important thing is that the tunnel is destroyed and recreated (it > has to be, it is over different underlying link addresses). I do not > want that to destroy the connections from the tunnelled address. Just do not set IFF_DYNAMIC on the tunnel interface then, that is why it is a flag and not hardcoded. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
Andi Kleen wrote: > > I get the same IP about 2/3 of the time, so it is pretty important > > to avoid killing connections until after the new IP is known. > > I prefer it when the IP is killed as soon as possible so that I can see > when the connection is lost (ssh sessions get killed etc.) I like it when I get the same IP back and can continue an ssh session. My line drops regularly in mid session. Unfortunately getting the same IP is rare now, so I've been toying with running a PPP tunnel through a fixed host out on the net. The tunnel would be dropped and recreated with each new connection. My local link IP would change, but the tunnel IP would not so connections to other places, ssh etc. would all be from the tunnel IP. The important thing is that the tunnel is destroyed and recreated (it has to be, it is over different underlying link addresses). I do not want that to destroy the connections from the tunnelled address. -- Jamie - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 03:46:42AM +0100, Albert D. Cahalan wrote: > John Fremlin writes: > > > When the IP address of an interface changes, TCP connections with the > > old source address are useless. Applications are not notified of this > > and time out ordinarily, just as if nothing had happened. This is > > behaviour isn't very helpful when you have a dynamic IP and know > > you're probably not going to get the old one back. In that case, you > ... > > I patched userspace ppp-2.4.0 to use this functionality. It would be > > better if SIOCKILLADDR were not used until we are sure that the new IP > > is in fact different from the old one, but pppd in demand mode would > > I get the same IP about 2/3 of the time, so it is pretty important > to avoid killing connections until after the new IP is known. I prefer it when the IP is killed as soon as possible so that I can see when the connection is lost (ssh sessions get killed etc.) Another reason for killing as soon as possible is the last-ack problem. When the other end goes away suddenly TCP often gets into last-ack state. This means it'll retransmit a FIN until it times out or the other end answers. Each such retransmitted FIN triggers a new dialin, which can get quite costly when you don't have flat rate (like still most of Europe). With your approach (waiting until the new IP is known) it would cost at least another dialin in this case. When you have flatrate your way may be better of course, so a final user space solution could switch it via a pppd flag. [I agree that the user space way is better than my kernel hacks] -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 03:46:42AM +0100, Albert D. Cahalan wrote: John Fremlin writes: When the IP address of an interface changes, TCP connections with the old source address are useless. Applications are not notified of this and time out ordinarily, just as if nothing had happened. This is behaviour isn't very helpful when you have a dynamic IP and know you're probably not going to get the old one back. In that case, you ... I patched userspace ppp-2.4.0 to use this functionality. It would be better if SIOCKILLADDR were not used until we are sure that the new IP is in fact different from the old one, but pppd in demand mode would I get the same IP about 2/3 of the time, so it is pretty important to avoid killing connections until after the new IP is known. I prefer it when the IP is killed as soon as possible so that I can see when the connection is lost (ssh sessions get killed etc.) Another reason for killing as soon as possible is the last-ack problem. When the other end goes away suddenly TCP often gets into last-ack state. This means it'll retransmit a FIN until it times out or the other end answers. Each such retransmitted FIN triggers a new dialin, which can get quite costly when you don't have flat rate (like still most of Europe). With your approach (waiting until the new IP is known) it would cost at least another dialin in this case. When you have flatrate your way may be better of course, so a final user space solution could switch it via a pppd flag. [I agree that the user space way is better than my kernel hacks] -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
Andi Kleen wrote: I get the same IP about 2/3 of the time, so it is pretty important to avoid killing connections until after the new IP is known. I prefer it when the IP is killed as soon as possible so that I can see when the connection is lost (ssh sessions get killed etc.) I like it when I get the same IP back and can continue an ssh session. My line drops regularly in mid session. Unfortunately getting the same IP is rare now, so I've been toying with running a PPP tunnel through a fixed host out on the net. The tunnel would be dropped and recreated with each new connection. My local link IP would change, but the tunnel IP would not so connections to other places, ssh etc. would all be from the tunnel IP. The important thing is that the tunnel is destroyed and recreated (it has to be, it is over different underlying link addresses). I do not want that to destroy the connections from the tunnelled address. -- Jamie - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
On Mon, Jan 29, 2001 at 07:31:36PM +0100, Jamie Lokier wrote: The important thing is that the tunnel is destroyed and recreated (it has to be, it is over different underlying link addresses). I do not want that to destroy the connections from the tunnelled address. Just do not set IFF_DYNAMIC on the tunnel interface then, that is why it is a flag and not hardcoded. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
"Albert D. Cahalan" [EMAIL PROTECTED] writes: [...] I patched userspace ppp-2.4.0 to use this functionality. It would be better if SIOCKILLADDR were not used until we are sure that the new IP is in fact different from the old one, but pppd in demand mode would I get the same IP about 2/3 of the time, so it is pretty important to avoid killing connections until after the new IP is known. I'll try to explain again. If you have an existing (e.g. ssh) connection to a host across the interface, and the interface comes down then pppd _will not bring it up again_ until you try to start a new connection, as far as I have experienced. Therefore you will get the old behaviour and my patch will do nothing. I decided it was better to inform ssh that the link was dead. Like I said, the solution to this is to make pppd cleverer about bringing the link up when there are existing connections. Alternatively, you could have some dubious script parsing netstat checking whether there are connections over the interface. and pinging hosts at intervals to bring the link up again ;-) Here is a patch for pppd-2.4.0 orig that will give you the behaviour you want, provided you can solve the problem in the first paragraph. It almost exactly the same as my last patch. It compiles and everything. Note that there are no changes required to the kernel side patch to enable this functionality. diff -u --recursive ppp-2.4.0-orig/chat/Makefile.linux ppp-2.4.0-hacked/chat/Makefile.linux --- ppp-2.4.0-orig/chat/Makefile.linux Fri Aug 13 02:54:32 1999 +++ ppp-2.4.0-hacked/chat/Makefile.linux Sat Jan 27 18:34:47 2001 @@ -6,14 +6,14 @@ CDEF4= -DFNDELAY=O_NDELAY # Old name value CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) -CFLAGS= -O2 -g -pipe $(CDEFS) +CFLAGS= $(COPTS) $(CDEFS) INSTALL= install all: chat chat: chat.o - $(CC) -o chat chat.o + $(CC) $(LDFLAGS) -o chat chat.o chat.o: chat.c $(CC) -c $(CFLAGS) -o chat.o chat.c diff -u --recursive ppp-2.4.0-orig/pppd/options.c ppp-2.4.0-hacked/pppd/options.c --- ppp-2.4.0-orig/pppd/options.c Tue Aug 1 02:38:30 2000 +++ ppp-2.4.0-hacked/pppd/options.c Sat Jan 27 18:51:30 2001 @@ -77,6 +77,9 @@ char user[MAXNAMELEN]; /* Username for PAP */ char passwd[MAXSECRETLEN]; /* Password for PAP */ bool persist = 0; /* Reopen link after it goes down */ +bool killoldaddr = 0; /* If our IP is reassigned on +reconnect, kill active TCP + connections using the old IP. */ char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ bool demand = 0; /* do dial-on-demand */ char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ @@ -194,6 +197,10 @@ "Turn off persist option" }, { "demand", o_bool, demand, "Dial on demand", OPT_INITONLY | 1, persist }, +{ "killoldaddr", o_bool, killoldaddr, + "Kill connections from an old source address", 1}, +{ "nokilloldaddr", o_bool,killoldaddr, + "Don't kill connections from an old source address" }, { "--version", o_special_noarg, (void *)showversion, "Show version number" }, { "--help", o_special_noarg, (void *)showhelp, diff -u --recursive ppp-2.4.0-orig/pppd/pppd.h ppp-2.4.0-hacked/pppd/pppd.h --- ppp-2.4.0-orig/pppd/pppd.h Thu Jul 6 12:17:03 2000 +++ ppp-2.4.0-hacked/pppd/pppd.h Sat Jan 27 20:13:17 2001 @@ -235,6 +235,9 @@ extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ extern bool explicit_remote;/* remote_name specified with remotename opt */ extern bool demand; /* Do dial-on-demand */ +extern bool killoldaddr; /* If our IP is reassigned on +reconnect, kill active TCP + connections using the old IP. */ extern char *ipparam; /* Extra parameter for ip up/down scripts */ extern bool cryptpap; /* Others' PAP passwords are encrypted */ extern int idle_time_limit;/* Shut down link if idle for this long */ diff -u --recursive ppp-2.4.0-orig/pppd/sys-linux.c ppp-2.4.0-hacked/pppd/sys-linux.c --- ppp-2.4.0-orig/pppd/sys-linux.c Wed Jul 26 05:17:12 2000 +++ ppp-2.4.0-hacked/pppd/sys-linux.c Sat Jan 27 21:55:03 2001 @@ -115,6 +115,10 @@ #endif /* INET6 */ +#ifndef SIOCKILLADDR +#define SIOCKILLADDR 0x8939 +#endif + /* We can get an EIO error on an ioctl if the modem has hung up */ #define ok_error(num) ((num)==EIO) @@ -152,6 +156,7 @@ static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ static char proxy_arp_dev[16]; /* Device for proxy arp entry */ static u_int32_t our_old_addr; /* for detecting address changes */ +static u_int32_t our_current_addr; static int dynaddr_set; /* 1 if ip_dynaddr set */ static int looped; /* 1 if using loop */ static int link_mtu; /* mtu for the link (not bundle) */ @@ -491,6 +496,27 @@ return -1; } +static void do_killaddr(u_int32_t oldaddr) +{ +struct ifreq ifr; + +memset(ifr,0,sizeof ifr); + +SET_SA_FAMILY (ifr.ifr_addr,AF_INET); +SET_SA_FAMILY (ifr.ifr_dstaddr, AF_INET); +SET_SA_FAMILY
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
John Fremlin writes: > When the IP address of an interface changes, TCP connections with the > old source address are useless. Applications are not notified of this > and time out ordinarily, just as if nothing had happened. This is > behaviour isn't very helpful when you have a dynamic IP and know > you're probably not going to get the old one back. In that case, you ... > I patched userspace ppp-2.4.0 to use this functionality. It would be > better if SIOCKILLADDR were not used until we are sure that the new IP > is in fact different from the old one, but pppd in demand mode would I get the same IP about 2/3 of the time, so it is pretty important to avoid killing connections until after the new IP is known. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
John Fremlin writes: When the IP address of an interface changes, TCP connections with the old source address are useless. Applications are not notified of this and time out ordinarily, just as if nothing had happened. This is behaviour isn't very helpful when you have a dynamic IP and know you're probably not going to get the old one back. In that case, you ... I patched userspace ppp-2.4.0 to use this functionality. It would be better if SIOCKILLADDR were not used until we are sure that the new IP is in fact different from the old one, but pppd in demand mode would I get the same IP about 2/3 of the time, so it is pretty important to avoid killing connections until after the new IP is known. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
[PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
When the IP address of an interface changes, TCP connections with the old source address are useless. Applications are not notified of this and time out ordinarily, just as if nothing had happened. This is behaviour isn't very helpful when you have a dynamic IP and know you're probably not going to get the old one back. In that case, you want processes to get errors when they try to use one of the dead connections, so they can handle the disconnect more cleanly. Otherwise fetchmail, etc. can just hang waiting for ages. Andi Kleen implemented this functionality with a per interface flag in 2.2. See ftp.suse.com:/pub/people/ak/v2.2/iff-dynamic*. The following patch against 2.4.0 does it a different way. It introduces a new ioctl, called SIOCKILLADDR. When this ioctl is called, it makes all IPv4 sockets with the specified source address return -ENETRESET when they are used. Is this the right error number? I wasn't quite sure where the ioctl should go to be in keeping with convention - I bunged it in devinet_ioctl. I patched userspace ppp-2.4.0 to use this functionality. It would be better if SIOCKILLADDR were not used until we are sure that the new IP is in fact different from the old one, but pppd in demand mode would not notice that there were extant connections and so would not bring up the link - so the problem would not be alleviated. Therefore SIOCKILLADDR is used on disconnect. The functionality is activated with the killoldaddr option. I would be happy to document it in the manpage if it were accepted. Further the build process is cleaned up slightly, as in the patch I sent on or around 8 October 2000. diff -u --exclude *~ --recursive linux-2.4.0-orig/include/linux/sockios.h linux-hacked-dynip/include/linux/sockios.h --- linux-2.4.0-orig/include/linux/sockios.h Sat Dec 30 00:20:32 2000 +++ linux-hacked-dynip/include/linux/sockios.h Sat Jan 27 17:04:34 2001 @@ -65,6 +65,7 @@ #define SIOCDIFADDR 0x8936 /* delete PA address */ #define SIOCSIFHWBROADCAST 0x8937 /* set hardware broadcast addr */ #define SIOCGIFCOUNT 0x8938 /* get number of devices */ +#define SIOCKILLADDR 0x8939 /* kill all connections with this local address */ #define SIOCGIFBR 0x8940 /* Bridging support */ #define SIOCSIFBR 0x8941 /* Set bridging options */ diff -u --exclude *~ --recursive linux-2.4.0-orig/include/net/tcp.h linux-hacked-dynip/include/net/tcp.h --- linux-2.4.0-orig/include/net/tcp.h Fri Jan 5 21:41:37 2001 +++ linux-hacked-dynip/include/net/tcp.h Sat Jan 27 18:02:21 2001 @@ -787,9 +787,8 @@ extern int tcp_disconnect(struct sock *sk, int flags); extern void tcp_unhash(struct sock *sk); - extern int tcp_v4_hash_connecting(struct sock *sk); - +extern void tcp_v4_zap_saddr(u32 saddr); /* From syncookies.c */ extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/af_inet.c linux-hacked-dynip/net/ipv4/af_inet.c --- linux-2.4.0-orig/net/ipv4/af_inet.c Tue Jan 2 09:26:19 2001 +++ linux-hacked-dynip/net/ipv4/af_inet.c Sat Jan 27 18:27:38 2001 @@ -854,6 +854,7 @@ case SIOCSIFPFLAGS: case SIOCGIFPFLAGS: case SIOCSIFFLAGS: + case SIOCKILLADDR: return(devinet_ioctl(cmd,(void *) arg)); case SIOCGIFBR: case SIOCSIFBR: diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/devinet.c linux-hacked-dynip/net/ipv4/devinet.c --- linux-2.4.0-orig/net/ipv4/devinet.c Sat Dec 30 00:22:05 2000 +++ linux-hacked-dynip/net/ipv4/devinet.c Sat Jan 27 21:09:48 2001 @@ -510,6 +510,7 @@ case SIOCSIFBRDADDR: /* Set the broadcast address */ case SIOCSIFDSTADDR: /* Set the destination address */ case SIOCSIFNETMASK: /* Set the netmask for the interface */ + case SIOCKILLADDR: /* Kill all connections with this local address */ if (!capable(CAP_NET_ADMIN)) return -EACCES; if (sin->sin_family != AF_INET) @@ -536,7 +537,10 @@ break; } - if (ifa == NULL && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) { + if (ifa == NULL + && cmd != SIOCSIFADDR + && cmd != SIOCSIFFLAGS + && cmd != SIOCKILLADDR) { ret = -EADDRNOTAVAIL; goto done; } @@ -646,6 +650,9 @@ ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); inet_insert_ifa(ifa); } + break; + case SIOCKILLADDR: /* Kill all connections with this local address */ + tcp_v4_zap_saddr(sin->sin_addr.s_addr); break; } done: diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/tcp_ipv4.c linux-hacked-dynip/net/ipv4/tcp_ipv4.c --- linux-2.4.0-orig/net/ipv4/tcp_ipv4.c Fri Jan 5 21:17:42 2001 +++ linux-hacked-dynip/net/ipv4/tcp_ipv4.c Sat Jan 27 18:07:25 2001 @@ -390,6 +390,38 @@ wake_up(_lhash_wait); } +/* Terminate all active connections with a local address equal to + * SADDR. If sysctl_ip_dynaddr is set, connections in the SYN_SENT + * state are not closed, because their source address will presumably + * be rewritten. + */ +void tcp_v4_zap_saddr(u32 saddr) +{ + int i; + rwlock_t *lock; + struct sock
[PATCH] dynamic IP support for 2.4.0 (SIOCKILLADDR)
When the IP address of an interface changes, TCP connections with the old source address are useless. Applications are not notified of this and time out ordinarily, just as if nothing had happened. This is behaviour isn't very helpful when you have a dynamic IP and know you're probably not going to get the old one back. In that case, you want processes to get errors when they try to use one of the dead connections, so they can handle the disconnect more cleanly. Otherwise fetchmail, etc. can just hang waiting for ages. Andi Kleen implemented this functionality with a per interface flag in 2.2. See ftp.suse.com:/pub/people/ak/v2.2/iff-dynamic*. The following patch against 2.4.0 does it a different way. It introduces a new ioctl, called SIOCKILLADDR. When this ioctl is called, it makes all IPv4 sockets with the specified source address return -ENETRESET when they are used. Is this the right error number? I wasn't quite sure where the ioctl should go to be in keeping with convention - I bunged it in devinet_ioctl. I patched userspace ppp-2.4.0 to use this functionality. It would be better if SIOCKILLADDR were not used until we are sure that the new IP is in fact different from the old one, but pppd in demand mode would not notice that there were extant connections and so would not bring up the link - so the problem would not be alleviated. Therefore SIOCKILLADDR is used on disconnect. The functionality is activated with the killoldaddr option. I would be happy to document it in the manpage if it were accepted. Further the build process is cleaned up slightly, as in the patch I sent on or around 8 October 2000. diff -u --exclude *~ --recursive linux-2.4.0-orig/include/linux/sockios.h linux-hacked-dynip/include/linux/sockios.h --- linux-2.4.0-orig/include/linux/sockios.h Sat Dec 30 00:20:32 2000 +++ linux-hacked-dynip/include/linux/sockios.h Sat Jan 27 17:04:34 2001 @@ -65,6 +65,7 @@ #define SIOCDIFADDR 0x8936 /* delete PA address */ #define SIOCSIFHWBROADCAST 0x8937 /* set hardware broadcast addr */ #define SIOCGIFCOUNT 0x8938 /* get number of devices */ +#define SIOCKILLADDR 0x8939 /* kill all connections with this local address */ #define SIOCGIFBR 0x8940 /* Bridging support */ #define SIOCSIFBR 0x8941 /* Set bridging options */ diff -u --exclude *~ --recursive linux-2.4.0-orig/include/net/tcp.h linux-hacked-dynip/include/net/tcp.h --- linux-2.4.0-orig/include/net/tcp.h Fri Jan 5 21:41:37 2001 +++ linux-hacked-dynip/include/net/tcp.h Sat Jan 27 18:02:21 2001 @@ -787,9 +787,8 @@ extern int tcp_disconnect(struct sock *sk, int flags); extern void tcp_unhash(struct sock *sk); - extern int tcp_v4_hash_connecting(struct sock *sk); - +extern void tcp_v4_zap_saddr(u32 saddr); /* From syncookies.c */ extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/af_inet.c linux-hacked-dynip/net/ipv4/af_inet.c --- linux-2.4.0-orig/net/ipv4/af_inet.c Tue Jan 2 09:26:19 2001 +++ linux-hacked-dynip/net/ipv4/af_inet.c Sat Jan 27 18:27:38 2001 @@ -854,6 +854,7 @@ case SIOCSIFPFLAGS: case SIOCGIFPFLAGS: case SIOCSIFFLAGS: + case SIOCKILLADDR: return(devinet_ioctl(cmd,(void *) arg)); case SIOCGIFBR: case SIOCSIFBR: diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/devinet.c linux-hacked-dynip/net/ipv4/devinet.c --- linux-2.4.0-orig/net/ipv4/devinet.c Sat Dec 30 00:22:05 2000 +++ linux-hacked-dynip/net/ipv4/devinet.c Sat Jan 27 21:09:48 2001 @@ -510,6 +510,7 @@ case SIOCSIFBRDADDR: /* Set the broadcast address */ case SIOCSIFDSTADDR: /* Set the destination address */ case SIOCSIFNETMASK: /* Set the netmask for the interface */ + case SIOCKILLADDR: /* Kill all connections with this local address */ if (!capable(CAP_NET_ADMIN)) return -EACCES; if (sin-sin_family != AF_INET) @@ -536,7 +537,10 @@ break; } - if (ifa == NULL cmd != SIOCSIFADDR cmd != SIOCSIFFLAGS) { + if (ifa == NULL + cmd != SIOCSIFADDR + cmd != SIOCSIFFLAGS + cmd != SIOCKILLADDR) { ret = -EADDRNOTAVAIL; goto done; } @@ -646,6 +650,9 @@ ifa-ifa_prefixlen = inet_mask_len(ifa-ifa_mask); inet_insert_ifa(ifa); } + break; + case SIOCKILLADDR: /* Kill all connections with this local address */ + tcp_v4_zap_saddr(sin-sin_addr.s_addr); break; } done: diff -u --exclude *~ --recursive linux-2.4.0-orig/net/ipv4/tcp_ipv4.c linux-hacked-dynip/net/ipv4/tcp_ipv4.c --- linux-2.4.0-orig/net/ipv4/tcp_ipv4.c Fri Jan 5 21:17:42 2001 +++ linux-hacked-dynip/net/ipv4/tcp_ipv4.c Sat Jan 27 18:07:25 2001 @@ -390,6 +390,38 @@ wake_up(tcp_lhash_wait); } +/* Terminate all active connections with a local address equal to + * SADDR. If sysctl_ip_dynaddr is set, connections in the SYN_SENT + * state are not closed, because their source address will presumably + * be rewritten. + */ +void tcp_v4_zap_saddr(u32 saddr) +{ + int i; + rwlock_t *lock; + struct sock *sk; + +