From 703e5848e4c716fd2a14023820a46318ef8ef73e Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Thu, 24 Jan 2013 22:37:39 +0100 Subject: [PATCH] nfq: add errno display when verdict fail In case of error, errno is set by sendmsg which is called by nfnetlink and which is called by libnetfilter_queue. This patch displays the string expression of errno if verdict has failed. --- src/source-nfq.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/source-nfq.c b/src/source-nfq.c index 6fdc3e391c..fe4f0f5412 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -316,7 +316,8 @@ static void NFQVerdictCacheFlush(NFQQueueVars *t) } while ((ret < 0) && (iter++ < NFQ_VERDICT_RETRY_TIME)); if (ret < 0) { - SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict_batch failed"); + SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict_batch failed: %s", + strerror(errno)); } else { t->verdict_cache.len = 0; t->verdict_cache.mark_valid = 0; @@ -419,8 +420,8 @@ int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) } while ((ret < 0) && (iter++ < NFQ_VERDICT_RETRY_TIME)); if (ret < 0) { SCLogWarning(SC_ERR_NFQ_SET_VERDICT, - "nfq_set_verdict of %p failed %" PRId32 "", - p, ret); + "nfq_set_verdict of %p failed %" PRId32 ": %s", + p, ret, strerror(errno)); } return -1 ; } @@ -1107,7 +1108,9 @@ TmEcode NFQSetVerdict(Packet *p) { NFQMutexUnlock(t); if (ret < 0) { - SCLogWarning(SC_ERR_NFQ_SET_VERDICT, "nfq_set_verdict of %p failed %" PRId32 "", p, ret); + SCLogWarning(SC_ERR_NFQ_SET_VERDICT, + "nfq_set_verdict of %p failed %" PRId32 ": %s", + p, ret, strerror(errno)); return TM_ECODE_FAILED; } return TM_ECODE_OK;