Graceful connection closing using iptables

pablochacin

7/14/24, 12:13 PM

I'm developing a transparent HTTP proxy for fault injection testing. The proxy needs to capture all traffic to a HTTP server in order to selectively inject faults.

The transparent proxy sets an iptables rule that redirects all traffic to a given port to the port it is listening. This part works.

However, it must also force all existing clients to reconnect or the transparent proxy will not have effect on existing connections.

I'm doing this using an iptables rule that resets established connection with "-j REJECT --reject-with tcp-reset.

This works well in general, but in some cases the clients are not able to handle the tcp-reset and terminate.

I'm looking for a way to do the same but with a graceful termination.

My understanding is that a package with the FIN flag should accomplish this, but I haven't found a way to generate such package.

0 + 1

iptables

AlexD

7/14/24, 8:09 PM

I don't think that iptables is the right tool for that.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Graceful connection closing using iptables

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.