From: Victor Julien <victor@inliniac.net>
Date: Fri, 18 Oct 2019 08:49:56 +0000 (+0200)
Subject: nfq: don't warn on 'handle_packet' error
X-Git-Tag: suricata-5.0.1~111
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d6087f7d6e8f102aee6f6e1e3803b0cc3d194a4;p=thirdparty%2Fsuricata.git

nfq: don't warn on 'handle_packet' error

NFQ can generate warnings/errors with a delay. After Suricata has
succesfully passed a verdict to the kernel, there are still things
that can go wrong for that verdict. This is then passed to the
queue through a netlink error message, which leads to nfq_handle_packet
returning an error code.

Suppress the warning. Also remove the errno/strerror use as
nfq_handle_packet does not set the errno.

Thanks to Florian Westphal.

Bug 3120.
---

diff --git a/src/source-nfq.c b/src/source-nfq.c
index 93b6dd50e2..44dbf7a6df 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -1003,10 +1003,8 @@ static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv)
             ret = -1;
         }
         NFQMutexUnlock(t);
-
         if (ret != 0) {
-            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %"PRId32" %s",
-                    ret, strerror(errno));
+            SCLogDebug("nfq_handle_packet error %"PRId32, ret);
         }
     }
 }