diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2010-09-08 08:34:43 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2010-09-08 08:34:43 +0000 |
| commit | 276c0f482291e1afa9f8f322e04c20fe05a1a40e (patch) | |
| tree | b9322561495b26b42a75281bccaafae22b3ee97a /sys/netinet/udp_usrreq.c | |
| parent | 4c55da9abcff6f1fb774f6cafd4fd75e6eba73f0 (diff) | |
Return EACCES when pf_test() blocks a packet in ip_output(). This allows
ip_forward() to know the difference between blocked packets and those that
can't be forwarded (EHOSTUNREACH). Only in the latter case an ICMP should
be sent. In the other callers of ip_output() change the error back to
EHOSTUNREACH since userland may not expect EACCES on a sendto().
OK henning@, markus@
Diffstat (limited to 'sys/netinet/udp_usrreq.c')
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 707ec2d32b0..978a6122013 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.136 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.137 2010/09/08 08:34:42 claudio Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -1019,6 +1019,8 @@ udp_output(struct mbuf *m, ...) inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST | SO_JUMBO), inp->inp_moptions, inp); + if (error == EACCES) /* translate pf(4) error for userland */ + error = EHOSTUNREACH; bail: if (addr) { |