network: tcp_connect should return certain errors up the stack
The current tcp_connect code completely ignores errors from sending an skb. This makes sense in many situations (like -ENOBUFFS) but I want to be able to immediately fail connections if they are denied by the SELinux netfilter hook. Netfilter does not normally return ECONNREFUSED when it drops a packet so we respect that error code as a final and fatal error that can not be recovered. Based-on-patch-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
da68365004
commit
ee58681195
@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk)
|
||||
{
|
||||
struct tcp_sock *tp = tcp_sk(sk);
|
||||
struct sk_buff *buff;
|
||||
int err;
|
||||
|
||||
tcp_connect_init(sk);
|
||||
|
||||
@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk)
|
||||
sk->sk_wmem_queued += buff->truesize;
|
||||
sk_mem_charge(sk, buff->truesize);
|
||||
tp->packets_out += tcp_skb_pcount(buff);
|
||||
tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
|
||||
err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
|
||||
if (err == -ECONNREFUSED)
|
||||
return err;
|
||||
|
||||
/* We change tp->snd_nxt after the tcp_transmit_skb() call
|
||||
* in order to make this packet get counted in tcpOutSegs.
|
||||
|
Loading…
Reference in New Issue
Block a user