How to forcibly close a socket in TIME_WAIT?

linux networking unix tcp socket
291,901

Solution 1

Actually there is a way to kill a connection - killcx. They claim it works in any state of the connection (which I have not verified). You need to know the interface where communication happens though, it seems to assume eth0 by default.

UPDATE: another solution is cutter which comes in some linux distros' repositories.

Solution 2

/etc/init.d/networking restart

Let me elaborate. Transmission Control Protocol (TCP) is designed to be a bidirectional, ordered, and reliable data transmission protocol between two end points (programs). In this context, the term reliable means that it will retransmit the packets if it gets lost in the middle. TCP guarantees the reliability by sending back Acknowledgment (ACK) packets back for a single or a range of packets received from the peer.

This goes same for the control signals such as termination request/response. RFC 793 defines the TIME-WAIT state to be as follows:

TIME-WAIT - represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.

See the following TCP state diagram: alt text

TCP is a bidirectional communication protocol, so when the connection is established, there is not a difference between the client and the server. Also, either one can call quits, and both peers needs to agree on closing to fully close an established TCP connection.

Let's call the first one to call the quits as the active closer, and the other peer the passive closer. When the active closer sends FIN, the state goes to FIN-WAIT-1. Then it receives an ACK for the sent FIN and the state goes to FIN-WAIT-2. Once it receives FIN also from the passive closer, the active closer sends the ACK to the FIN and the state goes to TIME-WAIT. In case the passive closer did not received the ACK to the second FIN, it will retransmit the FIN packet.

RFC 793 sets the TIME-OUT to be twice the Maximum Segment Lifetime, or 2MSL. Since MSL, the maximum time a packet can wander around Internet, is set to 2 minutes, 2MSL is 4 minutes. Since there is no ACK to an ACK, the active closer can't do anything but to wait 4 minutes if it adheres to the TCP/IP protocol correctly, just in case the passive sender has not received the ACK to its FIN (theoretically).

In reality, missing packets are probably rare, and very rare if it's all happening within the LAN or within a single machine.

To answer the question verbatim, How to forcibly close a socket in TIME_WAIT?, I will still stick to my original answer:

/etc/init.d/networking restart

Practically speaking, I would program it so it ignores TIME-WAIT state using SO_REUSEADDR option as WMR mentioned. What exactly does SO_REUSEADDR do?

This socket option tells the kernel that even if this port is busy (in
the TIME_WAIT state), go ahead and reuse it anyway. If it is busy, but with another state, you will still get an address already in use error. It is useful if your server has been shut down, and then restarted right away while sockets are still active on its port. You should be aware that if any unexpected data comes in, it may confuse your server, but while this is possible, it is not likely.

Solution 3

I don't know if you have the source code of that particular program you're running, but if so you could just set SO_REUSEADDR via setsockopt(2) which allows you to bind on the same local address even if the socket is in TIME_WAIT state (unless that socket is actively listening, see socket(7)).

For more information on the TIME_WAIT state see the Unix socket FAQ.

Solution 4

As far as I know there is no way to forcibly close the socket outside of writing a better signal handler into your program, but there is a /proc file which controls how long the timeout takes. The file is

/proc/sys/net/ipv4/tcp_tw_recycle

and you can set the timeout to 1 second by doing this:

echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle

However, this page contains a warning about possible reliability issues when setting this variable.

There is also a related file

/proc/sys/net/ipv4/tcp_tw_reuse

which controls whether TIME_WAIT sockets can be reused (presumably without any timeout).

Incidentally, the kernel documentation warns you not to change either of these values without 'advice/requests of technical experts'. Which I am not.

The program must have been written to attempt a binding to port 49200 and then increment by 1 if the port is already in use. Therefore, if you have control of the source code, you could change this behaviour to wait a few seconds and try again on the same port, instead of incrementing.

Solution 5

Another option is to use the SO_LINGER option with a timeout of 0. This way, when you close the socket is forcibly closed, sending a RST instead of going into the FIN/ACK closing behavior. This will avoid the TIME_WAIT state, and may be more appropriate for some uses.

Share:
291,901

Related videos on Youtube

Rehan
Author by

Rehan

Updated on September 17, 2022

Comments

  • Rehan
    Rehan over 1 year

    I run a particular program on linux which sometimes crashes. If you open it quickly after that, it listens on socket 49201 instead of 49200 as it did the first time. netstat reveals that 49200 is in a TIME_WAIT state.

    Is there a program you can run to immediately force that socket move out of the TIME_WAIT state?

    • Pacerier
      Pacerier over 8 years
      If you are here due to "too many TIME_WAIT on server", just skip through the first three answers which avoid the question instead of answering it.
    • Rehan
      Rehan almost 4 years
      I accepted what was the 4th answer so it should be at the top now
  • Chris Huang-Leaver
    Chris Huang-Leaver almost 15 years
    Great answer, but not the correct answer to his question. Restarting the networking would work, but then so would rebooting, so this can't be right.
  • Admin
    Admin over 14 years
    think the second two examples should be s/rw/tw/ I'd edit, but lack enough rep.
  • Admin
    Admin about 14 years
    Taken from kernel documentation: Caution. Both tcp_tw_recycle and tcp_tw_reuse can cause problems. You should not enable either without understanding network topology in between node(s) which are using or used by the node where the parameter is enabled. Connections which go via nodes that are aware of TCP connection states, such as firewall, NAT or load balancer may start dropping frames because of the setting. The problem will become visible when there is large enough number of connections.
  • Longpoke
    Longpoke about 14 years
    oh okay, next time some process hangs on SIGTERM I'll just smash my computer instead of fixing it.
  • Jayapal Chandran
    Jayapal Chandran over 13 years
    but i did not get the already bound error. when i execute the program again it listens in post(123456) also i can see a that the system is showing TIME_WAIT for that port but still i can connect. why?
  • user207421
    user207421 about 13 years
    It also loses any outbound data that is still in transit, and may cause an error at the other end. Not recommended.
  • Jingguo Yao
    Jingguo Yao almost 11 years
    Even with SO_REUSEADDR, it is still possible to get the "Address already in use" error. For details, refer to hea-www.harvard.edu/~fine/Tech/addrinuse.html.
  • user2910702
    user2910702 over 9 years
    @EJP Failing early is almost always the right call. Networking isn't reliable, and fighting that will slow things down. A crashed app can't assume that any data made it out safely.
  • andyn
    andyn almost 9 years
    Actually, I'd recommend this any day when the other endpoint is a buggy, embedded industrial bus gateway that implements its own application-layer reliable transport over TCP, where said transport prevents the connection from ever closing unless it receives RST and thus fills up the connection limit on that gateway. There. I gave you a very specific and very real example that, sadly, requires resorting to hacks like this.
  • Pacerier
    Pacerier over 8 years
    @WMR SO_REUSEADDR does not "close" a socket. It merely enables you to reuse those that are already opened. So the question is still "How to forcibly close a socket in TIME_WAIT?"
  • Pacerier
    Pacerier over 8 years
    Setting it to 1 works for future connections, but what about those current ones that are already opened?
  • user207421
    user207421 about 6 years
    @Tobu Networking isn't reliable, but TCP tries to be, and making that worse doesn't constitute making anything better, and letting TCP do its job doesn't constitute 'fighting' anything.
  • V-Mark
    V-Mark over 5 years
    This is the correct answer, but the question was not totally correct. At least solved my problem nicely (not like restart the whole network breaking all other connections as well).
  • Will
    Will almost 5 years
    SO_REUSEADDR will let bind() proceed; but if you then want to listen to that socket, listen() will return EADDRINUSE all the same. In other words, this answer may help client software using ephemeral ports, but doesn't solve the issue for server software.
  • tripleee
    tripleee almost 5 years
    The generalization of this is "restart network services". The specific location /etc/init.d/networking is platform-specific (Debian?) so the precise command line will be different (sometimes rather radically so) for other systems. I agree with other commenters that this seems like severe overkill and obviously disruptive for any unrelated network services.
  • sylvainulg
    sylvainulg over 2 years
    anybody knows what was beyond the (now broken) bram.creative4vision.nl/debian/timewait.html link ?
  • Owl
    Owl over 2 years
    Killcx just doesn't work for me. Cutter requires a firewall to interact with.
  • nitinr708
    nitinr708 about 2 years
    Any command which is available in the Redhat 7 or above to achive this ?
  • akostadinov
    akostadinov about 2 years
    @nitinr708 nothing out of the box afaik :/ you need to install from the upstream projects.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is the "slash" after the IP?
Sockets found by lsof but not by netstat
Redirecting TCP-traffic to a UNIX domain socket under Linux
what is the command in linux to kill tcp connection or session?
In UNIX, how do I send a message to another UNIX box on the same network by IP address?
Why does perror function return success value?
How to avoid java.net.BindException: Address already in use
Trouble on state FIN_WAIT_1
How to make all outgoing RST drop
ss is replacing netstat, how can I get it to list ports similarly to what I am used to?