The resetconn Task

Type

Processing

Output

ResetConn

resetconn attempts to interrupt all TCP connections of a process. This is an active task that will change the state of processes and therefore should be used with caution.

resetconn will only work at one point in time, meaning that when it is started, it will lookup all TCP 4 and 6 connections, and attempt to reset them, but it will not watch for new connections. It also automatically stops attempting to reset the connections after 60s and become inactive. In effect, after 60s, the resetconn task will no longer do anything and the corresponding directive should be deleted.

Configuration options

resetconn has the following optional configuration options:

filter

filter accepts a subset of classic BPF syntax to filter which connections to reset. It supports [src|dst] host, [ip|ip6] [src|dst] port and [ip|ip6] [src|dst] portrange.

For example, to get flows with one of the ports on 444:

filter:port 444
mode

mode allows selection of the resetconn behavior, either syscall (default) or tcprst. Options: syscall, xdp, tc or pcap.

For example, to enable tc mode:

mode:tc
xdp mode only support for kernel version >= 4.19. For better portability, use tc mode.
fullContainer

default false Publish the full container metadata, including labels and annotations.

For example:

fullContainer:true

Conditions

resetconn requires one of the following Conditions to be defined:

process.pid

Reset connection for process by Process PID.

process.name

Reset connection for process by Process Name.

container.name

Reset connection for process by Container Name.

container.label

Reset connection for process by Container Label value.

resetconn will not reset connections without a Condition.

Output

resetconn

map Hold the HTTP output.

resetconn.conn

map Holds information about the reset connection.

resetconn.conn.fd

uint32 File descriptor number of the reset socket.

resetconn.conn

map Holds information about the reset connection.

resetconn.conn

map Holds information about the reset connection.

resetconn.process

map Holds the Process information.

resetconn.process.pid

uint32 Process PID.

resetconn.process.ppid

uint32 Process Parent PID.

resetconn.process.name

string Process name.

resetconn.process.cmd

string Command line string.

resetconn.process.exe

string Executable name.

resetconn.process.ns

string Namespace in the format of {device ID}-{inode number}.

resetconn.process.startedAt

string Time the process started.

resetconn.process.endedat

string Time the process ended.

resetconn.process.container

map Container information for process (if it is a container).

resetconn.process.container.ID

string ID of Container.

resetconn.process.container.Name

string Name of Container.

resetconn.process.container.Image

string Name of Container Image.