From: Eric Leblond <eric@regit.org>
Date: Fri, 7 Sep 2012 11:18:35 +0000 (+0200)
Subject: ipfw: avoid critical error for broadcast
X-Git-Tag: suricata-1.3.2~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F62%2Fhead;p=thirdparty%2Fsuricata.git

ipfw: avoid critical error for broadcast

In some setup, suricata may receive broadcast packets and the call
to sendto may fail if the wrong interface is choosen by kernel.
This patch change the error treatment to avoid to leave when
this problem occurs.
---

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 83d440327e..174f0bb999 100644
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -634,9 +634,16 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p)
 
         IPFWMutexLock(nq);
         if (sendto(nq->fd, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&nq->ipfw_sin, nq->ipfw_sinlen) == -1) {
-            SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(errno));
-            IPFWMutexUnlock(nq);
-            SCReturnInt(TM_ECODE_FAILED);
+            int r = errno;
+            switch (r) {
+                default:
+                    SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(r));
+                    IPFWMutexUnlock(nq);
+                    SCReturnInt(TM_ECODE_FAILED);
+                case EHOSTDOWN:
+                case ENETDOWN:
+                    break;
+            }
         }
 
         IPFWMutexUnlock(nq);