On Fri, Nov 09, 2018 at 09:03:20PM +0100, Jan Klemkow wrote: > On Fri, Nov 09, 2018 at 12:36:20PM -0700, Alexander Bluhm wrote: > > On Fri, Nov 09, 2018 at 08:24:47PM +0100, Jan Klemkow wrote: > > > Perfect, I also think its more intuitive to get a "permission denied" > > > in case of a pf(4) block then a "Host is unreachable". The diff below > > > corrects kernel and extents the manpage for pf(4) blocks. > > > > Don't forget divert_output() and rip_output(). > > You are right, I missed that. Fix below.
code is OK bluhm@ > --- lib/libc/sys/send.2 5 Oct 2017 12:30:16 -0000 1.32 > +++ lib/libc/sys/send.2 9 Nov 2018 19:06:47 -0000 > @@ -162,7 +162,9 @@ The output queue for a network interface > This generally indicates that the interface has stopped sending, > but may be caused by transient congestion. > .It Bq Er EACCES > -The > +The connection was blocked by > +.Xr pf 4 , > +or > .Dv SO_BROADCAST > option is not set on the socket, and a broadcast address > was given as the destination. I have seen man pages that have multiple entries of the errno, instead of the "or" for different reasons in the text. +.It Bq Er EACCES +The connection was blocked by +.Xr pf 4 . .It Bq Er EACCES The .Dv SO_BROADCAST option is not set on the socket, and a broadcast address was given as the destination. What is our style here? bluhm
