30000cc226c: tcpb_bound_source_v6
30000cc226c: 0 0 0 0
30000cc227c: tcpb_ip_src_v6
30000cc227c: 0 0 ffff c0a80582
30000cc228c: tcpu_fport tcpu_lport ipsec_out
1205 17 0
30000cc2298: ipsec_req_in tcpb_tcp tcpb_ipversion
0 30000bb6fd0 4
30000cc22ac: bound_if ownerid
0 0
$q
#
于是我们可以写这样一个脚本kill_timewait.sh
--------------------------------------------------------------------------
#! /sbin/sh
#
#
# @(#)kill_timewait.sh 2002-07-07 NSFocus Copyleft 2002-2012
#
# Notice here is copyleft but not copyright, enjoy it by yourself.
#
# ------------------------------------------------------------------------
# File : kill_timewait.sh
# Platform : SPARC/Solaris 8 64-bit kernel mode
# Author : NSFocus Security Team
# : http://www.nsfocus.com
# Date : 2002-07-07 12:27
# Modify :
# Thanks : cdjohns@nswc-g.arpafor SunOS 4.x implementation
#
netstat -na -P tcp -f inet | grep TIME_WAIT
echo
echo "TCPB dest [lport,fport] state"
echo
ndd /dev/tcp tcp_status | nawk "{print $1 " " $2 " " $16 $17 " " $18}" | egrep "TIME_WAIT"
echo
/usr/bin/echo "TCPB address to terminate: c"
read tcpb_addr
echo
adb -k /dev/ksyms /dev/mem << NSFOCUS_EOF
$tcpb_addr$$q
NSFOCUS_EOF
#
# Check to see if this was the correct address and TCPB. state should be 6
#
echo
echo "tcp_state = 6 = TCPS_TIME_WAIT"
/usr/bin/echo "Is this the correct TCPB (y/n)? c"
read answer
echo
case $answer in
[Yy]*)
*)
echo "No Changes."
exit
esac
#
# Kernel Hacking, please. These value are expressed in hexadecimal.
#
TIME_WAIT_EXPIRE_OFFSET=0x30
STATE_OFFSET=0x40
#
# This value is expressed in decimal and must be greater than zero.
#
TIME_WAIT_EXPIRE=0t06
#
# Use adb on kernel to set the tcpb_time_wait_expire=6 and
# tcpb_state=TCPS_CLOSED (-6)
#
adb -kw /dev/ksyms /dev/mem << NSFOCUS_EOF
$tcpb_addr $TIME_WAIT_EXPIRE_OFFSET/Z $TIME_WAIT_EXPIRE
$tcpb_addr $STATE_OFFSET/W -6
$q
NSFOCUS_EOF
echo
echo "TIME_WAIT state will disappear."
echo
netstat -na -P tcp -f inet | grep TIME_WAIT
--------------------------------------------------------------------------
不要设置tcpb_time_wait_expire成零,只要是一个很小的值就可以了 。这里必须同
时设置tcpb_time_wait_expire和tcpb_state,只设置其中一个达不到效果 。
利用adb从TCPS_ESTABLISHED变为TCPS_CLOSE_WAIT,可以使一条TCP连接不再工作,
但这条连接并未销毁,tcpb_t结构也未删除 。
利用adb从TCPS_ESTABLISHED变为TCPS_CLOSED,会导致整个操作系统崩溃 。可能是下
层tcpb_t结构被删除,而上层socket并不了解,出现非法指针 。
简化一下kill_timewait.sh
--------------------------------------------------------------------------
#! /sbin/sh
ndd /dev/tcp tcp_status | nawk "{print $1 " " $2 " " $16 $17 " " $18}" | egrep "TIME_WAIT"
echo
/usr/bin/echo "TCPB address to terminate: c"
read tcpb_addr
echo
adb -kw /dev/ksyms /dev/mem << NSFOCUS_EOF
$tcpb_addr 0x30/Z 0t6
$tcpb_addr 0x40/W -6
$q
NSFOCUS_EOF
--------------------------------------------------------------------------
还可以写一个脚本自动清除所有TIME_WAIT状态TCP连接
--------------------------------------------------------------------------
#! /sbin/sh
ndd /dev/tcp tcp_status | nawk "{print $1 " " $2 " " $16 $17 " " $18}" |
egrep "TIME_WAIT" | cut -d" " -f1 | while read tcpb_addr
do
adb -kw /dev/ksyms /dev/mem << NSFOCUS_EOF
$tcpb_addr 0x30/Z 0t6
$tcpb_addr 0x40/W -6
$q
NSFOCUS_EOF
done
----------------------------------------------------------------------
推荐阅读
- Solaris上的域名系统配置
- SUN Solaris 7重新安装手记
- SOLARIS+QMAIL+VPOPMAIL+IGENUS+QMAILAMDIN
- Solaris中的磁盘设备
- Solaris 的引导与初始化
- Solaris8 公用桌面环境管理--配置会话管理器
- 安装 Solaris 8 之后的几个常用步骤
- Sun Solaris 用户手册 -- 四.Unix 命令
- Solaris常见问题解答
- SUN SOLARIS 2.6 系统常用管理命令