1.\" $OpenBSD: tcpdrop.8,v 1.5 2004/05/24 13:57:31 jmc Exp $ 2.\" 3.\" Copyright (c) 2009 Juli Mallett <jmallett@FreeBSD.org> 4.\" Copyright (c) 2004 Markus Friedl <markus@openbsd.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.\" $FreeBSD$ 19.\" 20.Dd December 4, 2021 21.Dt TCPDROP 8 22.Os 23.Sh NAME 24.Nm tcpdrop 25.Nd drop TCP connections 26.Sh SYNOPSIS 27.Nm tcpdrop 28.Ar local-address 29.Ar local-port 30.Ar foreign-address 31.Ar foreign-port 32.Nm tcpdrop 33.Op Fl l 34.Fl a 35.Nm tcpdrop 36.Op Fl l 37.Fl C Ar cc-algo 38.Op Fl S Ar stack 39.Op Fl s Ar state 40.Nm tcpdrop 41.Op Fl l 42.Op Fl C Ar cc-algo 43.Fl S Ar stack 44.Op Fl s Ar state 45.Nm tcpdrop 46.Op Fl l 47.Op Fl C Ar cc-algo 48.Op Fl S Ar stack 49.Fl s Ar state 50.Sh DESCRIPTION 51The 52.Nm 53command may be used to drop TCP connections from the command line. 54.Pp 55If 56.Fl a 57is specified then 58.Nm 59will attempt to drop all TCP connections. 60.Pp 61If 62.Fl C Ar cc-algo 63is specified then 64.Nm 65will attempt to drop all connections using the TCP congestion control algorithm 66.Ar cc-algo . 67.Pp 68If 69.Fl S Ar stack 70is specified then 71.Nm 72will attempt to drop all connections using the TCP stack 73.Ar stack . 74.Pp 75If 76.Fl s Ar state 77is specified then 78.Nm 79will attempt to drop all TCP connections being in the state 80.Ar state . 81.Ar state 82is one of 83.Dv SYN_SENT , 84.Dv SYN_RCVD , 85.Dv ESTABLISHED , 86.Dv CLOSE_WAIT , 87.Dv FIN_WAIT_1 , 88.Dv CLOSING , 89.Dv LAST_ACK , 90.Dv FIN_WAIT_2 , or 91.Dv TIME_WAIT . 92.Pp 93If multiple of 94.Fl C Ar cc-algo , 95.Fl S Ar stack , 96and 97.Fl s Ar state 98are specified, 99.Nm 100will attempt to drop all TCP connections using the congestion control algorithm 101.Ar cc-algo , 102being in the state 103.Ar state , 104and using the TCP stack 105.Ar stack , 106if specified. 107Since TCP connections in the 108.Dv TIME_WAIT 109state are not tied to any TCP stack, using the option 110.Fl s Dv TIME_WAIT 111in combination with the 112.Fl S Ar stack 113option results in 114.Nm 115not dropping any TCP connection. 116.Pp 117The 118.Fl l 119flag may be given in addition to the 120.Fl a , 121.Fl C , 122.Fl S , 123or 124.Fl s 125options to list the tcpdrop invocation to drop all corresponding TCP 126connections one at a time. 127.Pp 128If none of the 129.Fl a , 130.Fl C , 131.Fl S , 132or 133.Fl s 134options are specified then only the connection between the given local 135address 136.Ar local-address , 137port 138.Ar local-port , 139and the foreign address 140.Ar foreign-address , 141port 142.Ar foreign-port , 143will be dropped. 144.Pp 145Addresses and ports may be specified by name or numeric value. 146Both IPv4 and IPv6 address formats are supported. 147.Pp 148The addresses and ports may be separated by periods or colons 149instead of spaces. 150.Sh EXIT STATUS 151.Ex -std 152.Sh EXAMPLES 153If a connection to 154.Xr httpd 8 155is causing congestion on a network link, one can drop the TCP session 156in charge: 157.Bd -literal -offset indent 158# sockstat -c | grep httpd 159www httpd 16525 3 tcp4 \e 160 192.168.5.41:80 192.168.5.1:26747 161.Ed 162.Pp 163The following command will drop the connection: 164.Bd -literal -offset indent 165# tcpdrop 192.168.5.41 80 192.168.5.1 26747 166.Ed 167.Pp 168The following command will drop all connections but those to or from 169port 22, the port used by 170.Xr sshd 8 : 171.Bd -literal -offset indent 172# tcpdrop -l -a | grep -vw 22 | sh 173.Ed 174.Pp 175To drop all TCP connections using the new-reno congestion control algorithm use: 176.Bd -literal -offset indent 177# tcpdrop -C new-reno 178.Ed 179.Pp 180The following command will drop all connections using the TCP stack 181rack: 182.Bd -literal -offset indent 183# tcpdrop -S rack 184.Ed 185.Pp 186To drop all TCP connections in the LAST_ACK state use: 187.Bd -literal -offset indent 188# tcpdrop -s LAST_ACK 189.Ed 190.Pp 191To drop all TCP connections using the congestion control algorithm new-reno and 192the TCP stack rack and being in the LAST_ACK state use: 193.Bd -literal -offset indent 194# tcpdrop -C new-reno -S rack -s LAST_ACK 195.Ed 196.Sh SEE ALSO 197.Xr netstat 1 , 198.Xr sockstat 1 , 199.Xr tcp 4 , 200.Xr tcp_functions 9 201.Sh AUTHORS 202.An Markus Friedl Aq Mt markus@openbsd.org 203.An Juli Mallett Aq Mt jmallett@FreeBSD.org 204