In FreeBSD V11 the commit r315514 introduced a new handling of the error
code EACCES from ip_output() in tcp_output.c:
case EACCES:
tp->t_softerror = error;
return (0);
If I use pf and block output with a rule like
block out quick on em0 inet proto tcp from any to any port 23
and try
date; telnet 192.168.0.122 23; date
then I see in V10 immediately reply
Di 17 Apr 2018 10:46:37 CEST
Trying 192.168.0.122...
telnet: connect to address 192.168.0.122: Permission denied
telnet: Unable to connect to remote host
Di 17 Apr 2018 10:46:37 CEST
and in V11 with commit r315514 the same reply after 90 seconds, in the
meantime telnet is waiting on WCHAN "connec":
Di. 17 Apr. 2018 10:46:28 CEST
Trying 192.168.0.122...
telnet: connect to address 192.168.0.122: Permission denied
telnet: Unable to connect to remote host
Di. 17 Apr. 2018 10:47:43 CEST
I like to know if this is intended behaviour.
Andreas Longwitz
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
