Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Jan 2020 17:31:43 +0000 (UTC)
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r356252 - in head/sys: net netinet
Message-ID:  <202001011731.001HVhP3060777@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: glebius
Date: Wed Jan  1 17:31:43 2020
New Revision: 356252
URL: https://svnweb.freebsd.org/changeset/base/356252

Log:
  In r343631 error code for a packet blocked by a firewall was
  changed from EACCES to EPERM.  This change was not intentional,
  so fix that.  Return EACCESS if a firewall forbids sending.
  
  Noticed by:	ae

Modified:
  head/sys/net/if_bridge.c
  head/sys/netinet/ip_output.c

Modified: head/sys/net/if_bridge.c
==============================================================================
--- head/sys/net/if_bridge.c	Wed Jan  1 12:06:37 2020	(r356251)
+++ head/sys/net/if_bridge.c	Wed Jan  1 17:31:43 2020	(r356252)
@@ -3191,7 +3191,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, stru
 	    dir == PFIL_OUT && ifp != NULL) {
 		switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) {
 		case PFIL_DROPPED:
-			return (EPERM);
+			return (EACCES);
 		case PFIL_CONSUMED:
 			return (0);
 		}
@@ -3312,7 +3312,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, stru
 	case PFIL_CONSUMED:
 		return (0);
 	case PFIL_DROPPED:
-		return (EPERM);
+		return (EACCES);
 	default:
 		break;
 	}

Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c	Wed Jan  1 12:06:37 2020	(r356251)
+++ head/sys/netinet/ip_output.c	Wed Jan  1 17:31:43 2020	(r356252)
@@ -130,7 +130,7 @@ ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, in
 	odst.s_addr = ip->ip_dst.s_addr;
 	switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) {
 	case PFIL_DROPPED:
-		*error = EPERM;
+		*error = EACCES;
 		/* FALLTHROUGH */
 	case PFIL_CONSUMED:
 		return 1; /* Finished */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001011731.001HVhP3060777>