1.\" $OpenBSD: tcpdrop.8,v 1.5 2004/05/24 13:57:31 jmc Exp $ 2.\" 3.\" Copyright (c) 2009 Juli Mallett <jmallett@FreeBSD.org> 4.\" Copyright (c) 2004 Markus Friedl <markus@openbsd.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd December 4, 2021 19.Dt TCPDROP 8 20.Os 21.Sh NAME 22.Nm tcpdrop 23.Nd drop TCP connections 24.Sh SYNOPSIS 25.Nm tcpdrop 26.Ar local-address 27.Ar local-port 28.Ar foreign-address 29.Ar foreign-port 30.Nm tcpdrop 31.Op Fl l 32.Fl a 33.Nm tcpdrop 34.Op Fl l 35.Fl C Ar cc-algo 36.Op Fl S Ar stack 37.Op Fl s Ar state 38.Nm tcpdrop 39.Op Fl l 40.Op Fl C Ar cc-algo 41.Fl S Ar stack 42.Op Fl s Ar state 43.Nm tcpdrop 44.Op Fl l 45.Op Fl C Ar cc-algo 46.Op Fl S Ar stack 47.Fl s Ar state 48.Sh DESCRIPTION 49The 50.Nm 51command may be used to drop TCP connections from the command line. 52.Pp 53If 54.Fl a 55is specified then 56.Nm 57will attempt to drop all TCP connections. 58.Pp 59If 60.Fl C Ar cc-algo 61is specified then 62.Nm 63will attempt to drop all connections using the TCP congestion control algorithm 64.Ar cc-algo . 65.Pp 66If 67.Fl S Ar stack 68is specified then 69.Nm 70will attempt to drop all connections using the TCP stack 71.Ar stack . 72.Pp 73If 74.Fl s Ar state 75is specified then 76.Nm 77will attempt to drop all TCP connections being in the state 78.Ar state . 79.Ar state 80is one of 81.Dv SYN_SENT , 82.Dv SYN_RCVD , 83.Dv ESTABLISHED , 84.Dv CLOSE_WAIT , 85.Dv FIN_WAIT_1 , 86.Dv CLOSING , 87.Dv LAST_ACK , 88.Dv FIN_WAIT_2 , or 89.Dv TIME_WAIT . 90.Pp 91If multiple of 92.Fl C Ar cc-algo , 93.Fl S Ar stack , 94and 95.Fl s Ar state 96are specified, 97.Nm 98will attempt to drop all TCP connections using the congestion control algorithm 99.Ar cc-algo , 100being in the state 101.Ar state , 102and using the TCP stack 103.Ar stack , 104if specified. 105Since TCP connections in the 106.Dv TIME_WAIT 107state are not tied to any TCP stack, using the option 108.Fl s Dv TIME_WAIT 109in combination with the 110.Fl S Ar stack 111option results in 112.Nm 113not dropping any TCP connection. 114.Pp 115The 116.Fl l 117flag may be given in addition to the 118.Fl a , 119.Fl C , 120.Fl S , 121or 122.Fl s 123options to list the tcpdrop invocation to drop all corresponding TCP 124connections one at a time. 125.Pp 126If none of the 127.Fl a , 128.Fl C , 129.Fl S , 130or 131.Fl s 132options are specified then only the connection between the given local 133address 134.Ar local-address , 135port 136.Ar local-port , 137and the foreign address 138.Ar foreign-address , 139port 140.Ar foreign-port , 141will be dropped. 142.Pp 143Addresses and ports may be specified by name or numeric value. 144Both IPv4 and IPv6 address formats are supported. 145.Pp 146The addresses and ports may be separated by periods or colons 147instead of spaces. 148.Sh EXIT STATUS 149.Ex -std 150.Sh EXAMPLES 151If a connection to 152.Xr httpd 8 153is causing congestion on a network link, one can drop the TCP session 154in charge: 155.Bd -literal -offset indent 156# sockstat -c | grep httpd 157www httpd 16525 3 tcp4 \e 158 192.168.5.41:80 192.168.5.1:26747 159.Ed 160.Pp 161The following command will drop the connection: 162.Bd -literal -offset indent 163# tcpdrop 192.168.5.41 80 192.168.5.1 26747 164.Ed 165.Pp 166The following command will drop all connections but those to or from 167port 22, the port used by 168.Xr sshd 8 : 169.Bd -literal -offset indent 170# tcpdrop -l -a | grep -vw 22 | sh 171.Ed 172.Pp 173To drop all TCP connections using the new-reno congestion control algorithm use: 174.Bd -literal -offset indent 175# tcpdrop -C new-reno 176.Ed 177.Pp 178The following command will drop all connections using the TCP stack 179rack: 180.Bd -literal -offset indent 181# tcpdrop -S rack 182.Ed 183.Pp 184To drop all TCP connections in the LAST_ACK state use: 185.Bd -literal -offset indent 186# tcpdrop -s LAST_ACK 187.Ed 188.Pp 189To drop all TCP connections using the congestion control algorithm new-reno and 190the TCP stack rack and being in the LAST_ACK state use: 191.Bd -literal -offset indent 192# tcpdrop -C new-reno -S rack -s LAST_ACK 193.Ed 194.Sh SEE ALSO 195.Xr netstat 1 , 196.Xr sockstat 1 , 197.Xr tcp 4 , 198.Xr tcp_functions 9 199.Sh AUTHORS 200.An Markus Friedl Aq Mt markus@openbsd.org 201.An Juli Mallett Aq Mt jmallett@FreeBSD.org 202