From 6d5544665547f474125921ee2e266bcd4ce705fb Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Fri, 7 Sep 2012 13:18:35 +0200
Subject: [PATCH] ipfw: avoid critical error for broadcast

In some setup, suricata may receive broadcast packets and the call
to sendto may fail if the wrong interface is choosen by kernel.
This patch change the error treatment to avoid to leave when
this problem occurs.
---
 src/source-ipfw.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 36e7d68225..573ef5d7e7 100644
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -626,9 +626,16 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p)
 
         IPFWMutexLock(nq);
         if (sendto(nq->fd, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&nq->ipfw_sin, nq->ipfw_sinlen) == -1) {
-            SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(errno));
-            IPFWMutexUnlock(nq);
-            SCReturnInt(TM_ECODE_FAILED);
+            int r = errno;
+            switch (r) {
+                default:
+                    SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(r));
+                    IPFWMutexUnlock(nq);
+                    SCReturnInt(TM_ECODE_FAILED);
+                case EHOSTDOWN:
+                case ENETDOWN:
+                    break;
+            }
         }
 
         IPFWMutexUnlock(nq);