network: tcp_connect should return certain errors up the stack
The current tcp_connect code completely ignores errors from sending an skb. This makes sense in many situations (like -ENOBUFFS) but I want to be able to immediately fail connections if they are denied by the SELinux netfilter hook. Netfilter does not normally return ECONNREFUSED when it drops a packet so we respect that error code as a final and fatal error that can not be recovered. Based-on-patch-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Paris
committed by
David S. Miller
David S. Miller
parent
da68365004
commit
ee58681195
@@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk)
|
|||||||
{
|
{
|
||||||
struct tcp_sock *tp = tcp_sk(sk);
|
struct tcp_sock *tp = tcp_sk(sk);
|
||||||
struct sk_buff *buff;
|
struct sk_buff *buff;
|
||||||
|
int err;
|
||||||
|
|
||||||
tcp_connect_init(sk);
|
tcp_connect_init(sk);
|
||||||
|
|
||||||
@@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk)
|
|||||||
sk->sk_wmem_queued += buff->truesize;
|
sk->sk_wmem_queued += buff->truesize;
|
||||||
sk_mem_charge(sk, buff->truesize);
|
sk_mem_charge(sk, buff->truesize);
|
||||||
tp->packets_out += tcp_skb_pcount(buff);
|
tp->packets_out += tcp_skb_pcount(buff);
|
||||||
tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
|
err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
|
||||||
|
if (err == -ECONNREFUSED)
|
||||||
|
return err;
|
||||||
|
|
||||||
/* We change tp->snd_nxt after the tcp_transmit_skb() call
|
/* We change tp->snd_nxt after the tcp_transmit_skb() call
|
||||||
* in order to make this packet get counted in tcpOutSegs.
|
* in order to make this packet get counted in tcpOutSegs.
|
||||||
|
|||||||
Reference in New Issue
Block a user