svn commit: r356252 - in head/sys: net netinet
Gleb Smirnoff
glebius at FreeBSD.org
Wed Jan 1 17:31:44 UTC 2020
Author: glebius
Date: Wed Jan 1 17:31:43 2020
New Revision: 356252
URL: https://svnweb.freebsd.org/changeset/base/356252
Log:
In r343631 error code for a packet blocked by a firewall was
changed from EACCES to EPERM. This change was not intentional,
so fix that. Return EACCESS if a firewall forbids sending.
Noticed by: ae
Modified:
head/sys/net/if_bridge.c
head/sys/netinet/ip_output.c
Modified: head/sys/net/if_bridge.c
==============================================================================
--- head/sys/net/if_bridge.c Wed Jan 1 12:06:37 2020 (r356251)
+++ head/sys/net/if_bridge.c Wed Jan 1 17:31:43 2020 (r356252)
@@ -3191,7 +3191,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, stru
dir == PFIL_OUT && ifp != NULL) {
switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) {
case PFIL_DROPPED:
- return (EPERM);
+ return (EACCES);
case PFIL_CONSUMED:
return (0);
}
@@ -3312,7 +3312,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, stru
case PFIL_CONSUMED:
return (0);
case PFIL_DROPPED:
- return (EPERM);
+ return (EACCES);
default:
break;
}
Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c Wed Jan 1 12:06:37 2020 (r356251)
+++ head/sys/netinet/ip_output.c Wed Jan 1 17:31:43 2020 (r356252)
@@ -130,7 +130,7 @@ ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, in
odst.s_addr = ip->ip_dst.s_addr;
switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) {
case PFIL_DROPPED:
- *error = EPERM;
+ *error = EACCES;
/* FALLTHROUGH */
case PFIL_CONSUMED:
return 1; /* Finished */
More information about the svn-src-head
mailing list