From owner-freebsd-doc@FreeBSD.ORG Sat Feb 28 09:50:01 2009 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB28B10656BA for ; Sat, 28 Feb 2009 09:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AAB3D8FC16 for ; Sat, 28 Feb 2009 09:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1S9o1vI028705 for ; Sat, 28 Feb 2009 09:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1S9o1vE028704; Sat, 28 Feb 2009 09:50:01 GMT (envelope-from gnats) Resent-Date: Sat, 28 Feb 2009 09:50:01 GMT Resent-Message-Id: <200902280950.n1S9o1vE028704@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Karl Lehenbauer Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B16F1065674 for ; Sat, 28 Feb 2009 09:45:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 4947E8FC16 for ; Sat, 28 Feb 2009 09:45:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n1S9jeJG098140 for ; Sat, 28 Feb 2009 09:45:40 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n1S9jeZY098139; Sat, 28 Feb 2009 09:45:40 GMT (envelope-from nobody) Message-Id: <200902280945.n1S9jeZY098139@www.freebsd.org> Date: Sat, 28 Feb 2009 09:45:40 GMT From: Karl Lehenbauer To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: docs/132190: EPERM explanation for send(2), sendto(2), and sendmsg(2) system calls is incomplete X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 09:50:03 -0000 >Number: 132190 >Category: docs >Synopsis: EPERM explanation for send(2), sendto(2), and sendmsg(2) system calls is incomplete >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 28 09:50:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Karl Lehenbauer >Release: 7.1-STABLE >Organization: FlightAware >Environment: FreeBSD xxx.flightaware.com 7.1-STABLE FreeBSD 7.1-STABLE #1: Wed Jan 28 12:20:44 CST 2009 xxx@ixxx.flightaware.com:/usr/obj/usr/src/sys/YANKEE amd64 >Description: In the send, sendto and sendmsg system calls, the description for an EPERM result is: The process using a SOCK_RAW socket was jailed and thesource address specified in the IP header did not match the IP address bound to the prison. While this is probably true (I haven't checked), a far more common reason for getting EPERM is that the firewall denied the packet. If you attempt to use send, sendto or sendmsg and the firewall denies the packet, you'll get EPERM. You can test this by firewalling some IP address and then trying to ping it from the same machine. You'll get "sendto: permission denied" out of ping. I propose the wording be changed to something like: The packet was rejected for sending due to firewall rules on the local machine, or the process using a SOCK_RAW socket was jailed and the source address specified in the IP header did not match the IP address bound to the prison. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: