From: Eric Leblond Date: Thu, 24 Jan 2013 21:37:39 +0000 (+0100) Subject: nfq: add errno display when verdict fail X-Git-Tag: suricata-2.0beta1~152 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=703e5848e4c716fd2a14023820a46318ef8ef73e;p=thirdparty%2Fsuricata.git nfq: add errno display when verdict fail In case of error, errno is set by sendmsg which is called by nfnetlink and which is called by libnetfilter_queue. This patch displays the string expression of errno if verdict has failed. --- diff --git a/src/source-nfq.c b/src/source-nfq.c index 6fdc3e391c..fe4f0f5412 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -316,7 +316,8 @@ static void NFQVerdictCacheFlush(NFQQueueVars *t) } while ((ret < 0) && (iter++ < NFQ_VERDICT_RETRY_TIME)); if (ret < 0) { - SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict_batch failed"); + SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict_batch failed: %s", + strerror(errno)); } else { t->verdict_cache.len = 0; t->verdict_cache.mark_valid = 0; @@ -419,8 +420,8 @@ int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) } while ((ret < 0) && (iter++ < NFQ_VERDICT_RETRY_TIME)); if (ret < 0) { SCLogWarning(SC_ERR_NFQ_SET_VERDICT, - "nfq_set_verdict of %p failed %" PRId32 "", - p, ret); + "nfq_set_verdict of %p failed %" PRId32 ": %s", + p, ret, strerror(errno)); } return -1 ; } @@ -1107,7 +1108,9 @@ TmEcode NFQSetVerdict(Packet *p) { NFQMutexUnlock(t); if (ret < 0) { - SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict of %p failed %" PRId32 "", p, ret); + SCLogWarning(SC_ERR_NFQ_SET_VERDICT, + "nfq_set_verdict of %p failed %" PRId32 ": %s", + p, ret, strerror(errno)); return TM_ECODE_FAILED; } return TM_ECODE_OK;