Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 May 2018 11:43:05 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r333627 - stable/11/sys/netinet
Message-ID:  <201805151143.w4FBh5eU010371@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Tue May 15 11:43:05 2018
New Revision: 333627
URL: https://svnweb.freebsd.org/changeset/base/333627

Log:
  MFC r333244:
    Immediately propagate EACCES error code to application from tcp_output.
  
    In r309610 and r315514 the behavior of handling EACCES was changed, and
    tcp_output() now returns zero when EACCES happens. The reason of this
    change was a hesitation that applications that use TCP-MD5 will be
    affected by changes in project/ipsec.
  
    TCP-MD5 code returns EACCES when security assocition for given connection
    is not configured. But the same error code can return pfil(9), and this
    change has affected connections blocked by pfil(9). E.g. application
    doesn't return immediately when SYN segment is blocked, instead it waits
    when several tries will be failed.
  
    Actually, for TCP-MD5 application it doesn't matter will it get EACCES
    after first SYN, or after several tries. Security associtions must be
    configured before initiating TCP connection.
  
    I left the EACCES in the switch() to show that it has special handling.
  
    Reported by:	Andreas Longwitz <longwitz at incore dot de>
  Approved by:	re (marius)

Modified:
  stable/11/sys/netinet/tcp_output.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/tcp_output.c
==============================================================================
--- stable/11/sys/netinet/tcp_output.c	Tue May 15 11:25:10 2018	(r333626)
+++ stable/11/sys/netinet/tcp_output.c	Tue May 15 11:43:05 2018	(r333627)
@@ -1579,8 +1579,6 @@ timer:
 		SOCKBUF_UNLOCK_ASSERT(&so->so_snd);	/* Check gotos. */
 		switch (error) {
 		case EACCES:
-			tp->t_softerror = error;
-			return (0);
 		case EPERM:
 			tp->t_softerror = error;
 			return (error);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805151143.w4FBh5eU010371>