xref: /freebsd/usr.sbin/tcpdrop/tcpdrop.8 (revision 2e3f49888ec8851bafb22011533217487764fdb0) 
1.\"	$OpenBSD: tcpdrop.8,v 1.5 2004/05/24 13:57:31 jmc Exp $
2.\"
3.\" Copyright (c) 2009 Juli Mallett <jmallett@FreeBSD.org>
4.\" Copyright (c) 2004 Markus Friedl <markus@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd December 4, 2021
19.Dt TCPDROP 8
20.Os
21.Sh NAME
22.Nm tcpdrop
23.Nd drop TCP connections
24.Sh SYNOPSIS
25.Nm tcpdrop
26.Ar local-address
27.Ar local-port
28.Ar foreign-address
29.Ar foreign-port
30.Nm tcpdrop
31.Op Fl l
32.Fl a
33.Nm tcpdrop
34.Op Fl l
35.Fl C Ar cc-algo
36.Op Fl S Ar stack
37.Op Fl s Ar state
38.Nm tcpdrop
39.Op Fl l
40.Op Fl C Ar cc-algo
41.Fl S Ar stack
42.Op Fl s Ar state
43.Nm tcpdrop
44.Op Fl l
45.Op Fl C Ar cc-algo
46.Op Fl S Ar stack
47.Fl s Ar state
48.Sh DESCRIPTION
49The
50.Nm
51command may be used to drop TCP connections from the command line.
52.Pp
53If
54.Fl a
55is specified then
56.Nm
57will attempt to drop all TCP connections.
58.Pp
59If
60.Fl C Ar cc-algo
61is specified then
62.Nm
63will attempt to drop all connections using the TCP congestion control algorithm
64.Ar cc-algo .
65.Pp
66If
67.Fl S Ar stack
68is specified then
69.Nm
70will attempt to drop all connections using the TCP stack
71.Ar stack .
72.Pp
73If
74.Fl s Ar state
75is specified then
76.Nm
77will attempt to drop all TCP connections being in the state
78.Ar state .
79.Ar state
80is one of
81.Dv SYN_SENT ,
82.Dv SYN_RCVD ,
83.Dv ESTABLISHED ,
84.Dv CLOSE_WAIT ,
85.Dv FIN_WAIT_1 ,
86.Dv CLOSING ,
87.Dv LAST_ACK ,
88.Dv FIN_WAIT_2 , or
89.Dv TIME_WAIT .
90.Pp
91If multiple of
92.Fl C Ar cc-algo ,
93.Fl S Ar stack ,
94and
95.Fl s Ar state
96are specified,
97.Nm
98will attempt to drop all TCP connections using the congestion control algorithm
99.Ar cc-algo ,
100being in the state
101.Ar state ,
102and using the TCP stack
103.Ar stack ,
104if specified.
105Since TCP connections in the
106.Dv TIME_WAIT
107state are not tied to any TCP stack, using the option
108.Fl s Dv TIME_WAIT
109in combination with the
110.Fl S Ar stack
111option results in
112.Nm
113not dropping any TCP connection.
114.Pp
115The
116.Fl l
117flag may be given in addition to the
118.Fl a ,
119.Fl C ,
120.Fl S ,
121or
122.Fl s
123options to list the tcpdrop invocation to drop all corresponding TCP
124connections one at a time.
125.Pp
126If none of the
127.Fl a ,
128.Fl C ,
129.Fl S ,
130or
131.Fl s
132options are specified then only the connection between the given local
133address
134.Ar local-address ,
135port
136.Ar local-port ,
137and the foreign address
138.Ar foreign-address ,
139port
140.Ar foreign-port ,
141will be dropped.
142.Pp
143Addresses and ports may be specified by name or numeric value.
144Both IPv4 and IPv6 address formats are supported.
145.Pp
146The addresses and ports may be separated by periods or colons
147instead of spaces.
148.Sh EXIT STATUS
149.Ex -std
150.Sh EXAMPLES
151If a connection to
152.Xr httpd 8
153is causing congestion on a network link, one can drop the TCP session
154in charge:
155.Bd -literal -offset indent
156# sockstat -c | grep httpd
157www      httpd      16525 3  tcp4 \e
158	192.168.5.41:80      192.168.5.1:26747
159.Ed
160.Pp
161The following command will drop the connection:
162.Bd -literal -offset indent
163# tcpdrop 192.168.5.41 80 192.168.5.1 26747
164.Ed
165.Pp
166The following command will drop all connections but those to or from
167port 22, the port used by
168.Xr sshd 8 :
169.Bd -literal -offset indent
170# tcpdrop -l -a | grep -vw 22 | sh
171.Ed
172.Pp
173To drop all TCP connections using the new-reno congestion control algorithm use:
174.Bd -literal -offset indent
175# tcpdrop -C new-reno
176.Ed
177.Pp
178The following command will drop all connections using the TCP stack
179rack:
180.Bd -literal -offset indent
181# tcpdrop -S rack
182.Ed
183.Pp
184To drop all TCP connections in the LAST_ACK state use:
185.Bd -literal -offset indent
186# tcpdrop -s LAST_ACK
187.Ed
188.Pp
189To drop all TCP connections using the congestion control algorithm new-reno and
190the TCP stack rack and being in the LAST_ACK state use:
191.Bd -literal -offset indent
192# tcpdrop -C new-reno -S rack -s LAST_ACK
193.Ed
194.Sh SEE ALSO
195.Xr netstat 1 ,
196.Xr sockstat 1 ,
197.Xr tcp 4 ,
198.Xr tcp_functions 9
199.Sh AUTHORS
200.An Markus Friedl Aq Mt markus@openbsd.org
201.An Juli Mallett Aq Mt jmallett@FreeBSD.org
202