From owner-svn-src-stable-11@freebsd.org Tue May 15 11:43:06 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E95C7EB0185; Tue, 15 May 2018 11:43:05 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A2BA73F69; Tue, 15 May 2018 11:43:05 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7AE7D2B6F; Tue, 15 May 2018 11:43:05 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w4FBh5EH010372; Tue, 15 May 2018 11:43:05 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w4FBh5eU010371; Tue, 15 May 2018 11:43:05 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201805151143.w4FBh5eU010371@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Tue, 15 May 2018 11:43:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r333627 - stable/11/sys/netinet X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sys/netinet X-SVN-Commit-Revision: 333627 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2018 11:43:06 -0000 Author: ae Date: Tue May 15 11:43:05 2018 New Revision: 333627 URL: https://svnweb.freebsd.org/changeset/base/333627 Log: MFC r333244: Immediately propagate EACCES error code to application from tcp_output. In r309610 and r315514 the behavior of handling EACCES was changed, and tcp_output() now returns zero when EACCES happens. The reason of this change was a hesitation that applications that use TCP-MD5 will be affected by changes in project/ipsec. TCP-MD5 code returns EACCES when security assocition for given connection is not configured. But the same error code can return pfil(9), and this change has affected connections blocked by pfil(9). E.g. application doesn't return immediately when SYN segment is blocked, instead it waits when several tries will be failed. Actually, for TCP-MD5 application it doesn't matter will it get EACCES after first SYN, or after several tries. Security associtions must be configured before initiating TCP connection. I left the EACCES in the switch() to show that it has special handling. Reported by: Andreas Longwitz Approved by: re (marius) Modified: stable/11/sys/netinet/tcp_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/tcp_output.c ============================================================================== --- stable/11/sys/netinet/tcp_output.c Tue May 15 11:25:10 2018 (r333626) +++ stable/11/sys/netinet/tcp_output.c Tue May 15 11:43:05 2018 (r333627) @@ -1579,8 +1579,6 @@ timer: SOCKBUF_UNLOCK_ASSERT(&so->so_snd); /* Check gotos. */ switch (error) { case EACCES: - tp->t_softerror = error; - return (0); case EPERM: tp->t_softerror = error; return (error);