From: Eric Leblond <eric@regit.org>
Date: Sun, 7 Jan 2018 12:15:37 +0000 (+0100)
Subject: af-packet: fix error handling in bypass case
X-Git-Tag: suricata-4.1.0-beta1~192
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3379311e661d9eb2ab9ba520f230734d45d95156;p=thirdparty%2Fsuricata.git

af-packet: fix error handling in bypass case

If the key is already in the hash table then the bypass is
succesful.
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 6ad15e5ff1..79d0d8cedd 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2279,9 +2279,13 @@ static int AFPInsertHalfFlow(int mapd, void *key, uint64_t inittime)
     SCLogDebug("Inserting element in eBPF mapping: %lu", inittime);
     if (bpf_map_update_elem(mapd, key, value, BPF_NOEXIST) != 0) {
         switch (errno) {
+            /* no more place in the hash */
             case E2BIG:
-            case EEXIST:
                 return 0;
+            /* if we already have the key then bypass is a success */
+            case EEXIST:
+                return 1;
+            /* Not supposed to be there so issue a error */
             default:
                 SCLogError(SC_ERR_BPF, "Can't update eBPF map: %s (%d)",
                         strerror(errno),