summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-11-16 11:52:49 +0000
committerDavid S. Miller <davem@davemloft.net>2010-11-17 10:54:35 -0800
commitee58681195bf243bafc44ca53f3c24429d096cce (patch)
tree938c3f2f2b6db4d43429c28f2ca67650e12829f1 /net
parentda6836500414ae734cd9873c2d553db594f831e9 (diff)
downloadlinux-ee58681195bf243bafc44ca53f3c24429d096cce.tar.gz
linux-ee58681195bf243bafc44ca53f3c24429d096cce.tar.bz2
linux-ee58681195bf243bafc44ca53f3c24429d096cce.zip
network: tcp_connect should return certain errors up the stack
The current tcp_connect code completely ignores errors from sending an skb. This makes sense in many situations (like -ENOBUFFS) but I want to be able to immediately fail connections if they are denied by the SELinux netfilter hook. Netfilter does not normally return ECONNREFUSED when it drops a packet so we respect that error code as a final and fatal error that can not be recovered. Based-on-patch-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/tcp_output.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 05b1ecf36763..bb8f547fc7d2 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk)
{
struct tcp_sock *tp = tcp_sk(sk);
struct sk_buff *buff;
+ int err;
tcp_connect_init(sk);
@@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk)
sk->sk_wmem_queued += buff->truesize;
sk_mem_charge(sk, buff->truesize);
tp->packets_out += tcp_skb_pcount(buff);
- tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
+ err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
+ if (err == -ECONNREFUSED)
+ return err;
/* We change tp->snd_nxt after the tcp_transmit_skb() call
* in order to make this packet get counted in tcpOutSegs.