af-packet: fix error handling in bypass case

If the key is already in the hash table then the bypass is
succesful.

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 6ad15e5ff18f8992927fe12c9460cb6a178ef102..79d0d8cedd5546e06c34b43aaad4337ed036bda6 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2279,9 +2279,13 @@ static int AFPInsertHalfFlow(int mapd, void *key, uint64_t inittime)
     SCLogDebug("Inserting element in eBPF mapping: %lu", inittime);
     if (bpf_map_update_elem(mapd, key, value, BPF_NOEXIST) != 0) {
         switch (errno) {
+            /* no more place in the hash */
             case E2BIG:
-            case EEXIST:
                 return 0;
+            /* if we already have the key then bypass is a success */
+            case EEXIST:
+                return 1;
+            /* Not supposed to be there so issue a error */
             default:
                 SCLogError(SC_ERR_BPF, "Can't update eBPF map: %s (%d)",
                         strerror(errno),