From patchwork Tue Nov 16 21:52:49 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Paris X-Patchwork-Id: 71462 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CBE43B7152 for ; Wed, 17 Nov 2010 08:57:02 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758870Ab0KPVzl (ORCPT ); Tue, 16 Nov 2010 16:55:41 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42164 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756276Ab0KPVzk (ORCPT ); Tue, 16 Nov 2010 16:55:40 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oAGLqpXP022912 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 16 Nov 2010 16:52:52 -0500 Received: from paris.rdu.redhat.com (paris.rdu.redhat.com [10.11.231.241]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id oAGLqnYU019628; Tue, 16 Nov 2010 16:52:50 -0500 From: Eric Paris Subject: [PATCH 2/3] network: tcp_connect should return certain errors up the stack To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, netfilter-devel@vger.kernel.org Cc: eparis@redhat.com, equinox@diac24.net, eric.dumazet@gmail.com, davem@davemloft.net, hzhong@gmail.com, jmorris@namei.org, kaber@trash.net, kuznet@ms2.inr.ac.ru, paul.moore@hp.com, pekkas@netcore.fi, sds@tycho.nsa.gov, yoshfuji@linux-ipv6.org Date: Tue, 16 Nov 2010 16:52:49 -0500 Message-ID: <20101116215249.6727.89763.stgit@paris.rdu.redhat.com> In-Reply-To: <20101116215238.6727.39248.stgit@paris.rdu.redhat.com> References: <20101116215238.6727.39248.stgit@paris.rdu.redhat.com> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The current tcp_connect code completely ignores errors from sending an skb. This makes sense in many situations (like -ENOBUFFS) but I want to be able to immediately fail connections if they are denied by the SELinux netfilter hook. Netfilter does not normally return ECONNREFUSED when it drops a packet so we respect that error code as a final and fatal error that can not be recovered. Based-on-patch-by: Patrick McHardy Signed-off-by: Eric Paris --- net/ipv4/tcp_output.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index e961522..15dcd7b 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk); struct sk_buff *buff; + int err; tcp_connect_init(sk); @@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk) sk->sk_wmem_queued += buff->truesize; sk_mem_charge(sk, buff->truesize); tp->packets_out += tcp_skb_pcount(buff); - tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); + err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); + if (err == -ECONNREFUSED) + return err; /* We change tp->snd_nxt after the tcp_transmit_skb() call * in order to make this packet get counted in tcpOutSegs.