Date: Tue, 17 Apr 2018 17:30:23 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Andreas Longwitz <longwitz@incore.de>, freebsd-net@freebsd.org Cc: =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= <olivier@freebsd.org> Subject: Re: Changed behaviour of pf after new handling of EACCES in tcp_output() in r315514 Message-ID: <1f7edaeb-8a88-a99c-b427-cc19a693172a@yandex.ru> In-Reply-To: <5AD5FE79.7050309@incore.de> References: <5AD5FE79.7050309@incore.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lw808qZzzgeNEq6ML48FjGZTEyXuvRFxd Content-Type: multipart/mixed; boundary="lygZft0n8hf9m9ZpvQCPiCpj7Yopi2XKC"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Andreas Longwitz <longwitz@incore.de>, freebsd-net@freebsd.org Cc: =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= <olivier@freebsd.org> Message-ID: <1f7edaeb-8a88-a99c-b427-cc19a693172a@yandex.ru> Subject: Re: Changed behaviour of pf after new handling of EACCES in tcp_output() in r315514 References: <5AD5FE79.7050309@incore.de> In-Reply-To: <5AD5FE79.7050309@incore.de> --lygZft0n8hf9m9ZpvQCPiCpj7Yopi2XKC Content-Type: multipart/mixed; boundary="------------7915F228C458056179B8E832" Content-Language: en-US This is a multi-part message in MIME format. --------------7915F228C458056179B8E832 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 17.04.2018 17:02, Andreas Longwitz wrote: > and in V11 with commit r315514 the same reply after 90 seconds, in the > meantime telnet is waiting on WCHAN "connec": >=20 > Di. 17 Apr. 2018 10:46:28 CEST > Trying 192.168.0.122... > telnet: connect to address 192.168.0.122: Permission denied > telnet: Unable to connect to remote host > Di. 17 Apr. 2018 10:47:43 CEST >=20 > I like to know if this is intended behaviour. This change was based on https://svnweb.freebsd.org/base?view=3Drevision&revision=3D309610 Now I think it can be removed, because: 1. SAs should be configured by application before initiating of TCP connection; 2. If there are no matching SAs, connection will be dropped after several tries. 3. Even if connection will be dropped after first failed SYN, there is special tcps_sig_err_buildsig error counter, that will be incremented and we can determine the cause. So, can you try this patch? And maybe someone who uses TCP-MD5 can try it too (with and without configured SAs)? --=20 WBR, Andrey V. Elsukov --------------7915F228C458056179B8E832 Content-Type: text/x-patch; name="tcp_output.c.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="tcp_output.c.diff" Index: tcp_output.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- tcp_output.c (revision 332505) +++ tcp_output.c (working copy) @@ -1586,8 +1586,6 @@ timer: SOCKBUF_UNLOCK_ASSERT(&so->so_snd); /* Check gotos. */ switch (error) { case EACCES: - tp->t_softerror =3D error; - return (0); case EPERM: tp->t_softerror =3D error; return (error); --------------7915F228C458056179B8E832-- --lygZft0n8hf9m9ZpvQCPiCpj7Yopi2XKC-- --lw808qZzzgeNEq6ML48FjGZTEyXuvRFxd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlrWBQQACgkQAcXqBBDI oXoKKQf+NA8YJztTL/gfn3W6hzmZYIRiWwAQOXK5hJYY1qTskv+zSlbX0VGZudA6 MnnaEo40jNeUsnoYUHqWLtf4QbsAsrCYIL2/irl4Q00PqzEuYZioxXlCMH5w8Q2b U96BMlpia4s4POuYiWP4++fsM8cJpECVu1VlpDle1m8AgPx+8LB0Q3OJs9sG1dzj gLtdrb8rlJ7p7ocOokevcB9A2ZX1G+GZyg8MUBvgi7vOYRLrSUozMVLPiNGyhML0 od1Cr2ValFl4BOuOb/zlzqrdGhNcJzvGpajXfXKs5KQiYlpsfOo7KLQdEvGzy7dT zz41iaB1Dygam2wQp9ofQvGepmAV1A== =NuV4 -----END PGP SIGNATURE----- --lw808qZzzgeNEq6ML48FjGZTEyXuvRFxd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1f7edaeb-8a88-a99c-b427-cc19a693172a>