In r343631 error code for a packet blocked by a firewall was

changed from EACCES to EPERM. This change was not intentional, so fix that. Return EACCESS if a firewall forbids sending. Noticed by: ae
2020-01-01 17:31:43 +00:00 · 2020-01-01 17:31:43 +00:00 · ef9a657efe
commit ef9a657efe
parent 322a329b20
2 changed files with 3 additions and 3 deletions
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@ -3191,7 +3191,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	    dir == PFIL_OUT && ifp != NULL) {
 		switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) {
 		case PFIL_DROPPED:
-			return (EPERM);
+			return (EACCES);
 		case PFIL_CONSUMED:
 			return (0);
 		}
@ -3312,7 +3312,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	case PFIL_CONSUMED:
 		return (0);
 	case PFIL_DROPPED:
-		return (EPERM);
+		return (EACCES);
 	default:
 		break;
 	}
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -130,7 +130,7 @@ ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, int flags,
 	odst.s_addr = ip->ip_dst.s_addr;
 	switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) {
 	case PFIL_DROPPED:
-		*error = EPERM;
+		*error = EACCES;
 		/* FALLTHROUGH */
 	case PFIL_CONSUMED:
 		return 1; /* Finished */