Date: Tue, 17 Apr 2018 16:02:33 +0200 From: Andreas Longwitz <longwitz@incore.de> To: freebsd-net@freebsd.org Subject: Changed behaviour of pf after new handling of EACCES in tcp_output() in r315514 Message-ID: <5AD5FE79.7050309@incore.de>
next in thread | raw e-mail | index | archive | help
In FreeBSD V11 the commit r315514 introduced a new handling of the error
code EACCES from ip_output() in tcp_output.c:
case EACCES:
tp->t_softerror = error;
return (0);
If I use pf and block output with a rule like
block out quick on em0 inet proto tcp from any to any port 23
and try
date; telnet 192.168.0.122 23; date
then I see in V10 immediately reply
Di 17 Apr 2018 10:46:37 CEST
Trying 192.168.0.122...
telnet: connect to address 192.168.0.122: Permission denied
telnet: Unable to connect to remote host
Di 17 Apr 2018 10:46:37 CEST
and in V11 with commit r315514 the same reply after 90 seconds, in the
meantime telnet is waiting on WCHAN "connec":
Di. 17 Apr. 2018 10:46:28 CEST
Trying 192.168.0.122...
telnet: connect to address 192.168.0.122: Permission denied
telnet: Unable to connect to remote host
Di. 17 Apr. 2018 10:47:43 CEST
I like to know if this is intended behaviour.
Andreas Longwitz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5AD5FE79.7050309>