diff options
| author |   claudio <claudio@openbsd.org> | 2010-09-08 08:34:42 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2010-09-08 08:34:42 +0000 |
| commit | d9dceccbc8a8ba78ba1b8bc20bf1503cf542c644 (patch) | |
| tree | cf1655c3d0867861fe8d415cf711dc9a8a8fa2b3 /sys/netinet/tcp_output.c | |
| parent | Switch the MPLS blocks for RTM_CHANGE. Do not always remove the MPLS (diff) | |
| download | wireguard-openbsd-d9dceccbc8a8ba78ba1b8bc20bf1503cf542c644.tar.xz wireguard-openbsd-d9dceccbc8a8ba78ba1b8bc20bf1503cf542c644.zip | |
Return EACCES when pf_test() blocks a packet in ip_output(). This allows
ip_forward() to know the difference between blocked packets and those that
can't be forwarded (EHOSTUNREACH). Only in the latter case an ICMP should
be sent. In the other callers of ip_output() change the error back to
EHOSTUNREACH since userland may not expect EACCES on a sendto().
OK henning@, markus@
Diffstat (limited to 'sys/netinet/tcp_output.c')
| -rw-r--r-- | sys/netinet/tcp_output.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 58de7ef9557..d58421cf3a5 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.90 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.91 2010/09/08 08:34:42 claudio Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1138,6 +1138,8 @@ out: tcp_mtudisc(tp->t_inpcb, -1); return (0); } + if (error == EACCES) /* translate pf(4) error for userland */ + error = EHOSTUNREACH; if ((error == EHOSTUNREACH || error == ENETDOWN) && TCPS_HAVERCVDSYN(tp->t_state)) { tp->t_softerror = error; |