in file udp.c, a function named udp_sendmsg has a code like this: /* Lockless fast path for the non-corking case. */ if (!corkreq) { skb = ip_make_skb(sk, fl4, getfrag, msg, ulen, sizeof(struct udphdr), &ipc, &rt, msg->msg_flags); err = PTR_ERR(skb); if (!IS_ERR_OR_NULL(skb)) err = udp_send_skb(skb, fl4); goto out; } but function ip_make_skb may return a null, then err will be set to 0;and out like this: out: ip_rt_put(rt); if (free) kfree(ipc.opt); if (!err) return len; // return a positive value actually, because lock of kernel memory or socket_buffer,the ip_make_skb failed means the send operation failed. but a positive value is returnd here. finnally, users regard the operation was success, but actually it failed in kernel.
what's more, when packet processed by tc module, pfifo_fast_enqueue is likely failed, then NET_XMIT_DROP(0x01) was returned, which is also result to a failed send operation was regard as a success one by sendmsg
do_append_data: up->len += ulen; err = ip_append_data(sk, fl4, getfrag, msg, ulen, sizeof(struct udphdr), &ipc, &rt, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); if (err) udp_flush_pending_frames(sk); else if (!corkreq) err = udp_push_pending_frames(sk); //err may be zero here too else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; release_sock(sk); out: ip_rt_put(rt); out_free: if (free) kfree(ipc.opt); if (!err) return len;