Commit ee586811 authored Nov 16, 2010 by Eric Paris Committed by David S. Miller Nov 17, 2010

network: tcp_connect should return certain errors up the stack

The current tcp_connect code completely ignores errors from sending an skb.
This makes sense in many situations (like -ENOBUFFS) but I want to be able to
immediately fail connections if they are denied by the SELinux netfilter hook.
Netfilter does not normally return ECONNREFUSED when it drops a packet so we
respect that error code as a final and fatal error that can not be recovered.

Based-on-patch-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent da683650

net/ipv4/tcp_output.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk)
		{
		struct tcp_sock *tp = tcp_sk(sk);
		struct sk_buff *buff;
		int err;

		tcp_connect_init(sk);

		@@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk)
		sk->sk_wmem_queued += buff->truesize;
		sk_mem_charge(sk, buff->truesize);
		tp->packets_out += tcp_skb_pcount(buff);
		tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
		err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
		if (err == -ECONNREFUSED)
		return err;

		/* We change tp->snd_nxt after the tcp_transmit_skb() call
		* in order to make this packet get counted in tcpOutSegs.