c++ filter done (need testing)

backend/nfqueue/nfqueue.cpp

@@ -45,18 +45,18 @@ bool unhexlify(string const &hex, string &newString) {
 typedef pair<string,jp::Regex> regex_rule_pair;
 typedef vector<regex_rule_pair> regex_rule_vector;
 struct regex_rules{
-   regex_rule_vector regex_s_c_w, regex_c_s_w, regex_s_c_b, regex_c_s_b;
+   regex_rule_vector output_whitelist, input_whitelist, output_blacklist, input_blacklist;
 
    regex_rule_vector* getByCode(char code){
       switch(code){
          case 'C': // Client to server Blacklist
-            return &regex_c_s_b;  break;
+            return &output_blacklist;  break;
          case 'c': // Client to server Whitelist
-            return &regex_c_s_w;  break;
+            return &output_whitelist;  break;
          case 'S': // Server to client Blacklist
-            return &regex_s_c_b;  break;
+            return &input_blacklist;  break;
          case 's': // Server to client Whitelist
-            return &regex_s_c_w;  break;
+            return &input_whitelist;  break;
       }
       throw invalid_argument( "Expected 'C' 'c' 'S' or 's'" );
    }
@@ -93,34 +93,36 @@ struct regex_rules{
 		return 0;
 	}
 
+	bool check(unsigned char* data, const size_t& bytes_transferred, const bool in_input){
+		string str_data((char *) data, bytes_transferred);
+		for (regex_rule_pair ele:(in_input?input_blacklist:output_blacklist)){
+			try{
+				if(ele.second.match(str_data)){
+					unique_lock<mutex> lck(stdout_mutex);
+					cout << "BLOCKED " << ele.first << endl;
+					return false;
+				}
+			} catch(...){
+				cerr << "[info] [regex_rules.check] Error while matching blacklist regex: " << ele.first << endl;
+			}
+		}
+		for (regex_rule_pair ele:(in_input?input_whitelist:output_whitelist)){
+			try{
+				if(!ele.second.match(str_data)){
+					unique_lock<mutex> lck(stdout_mutex);
+					cout << "BLOCKED " << ele.first << endl;
+					return false;
+				}
+			} catch(...){
+				cerr << "[info] [regex_rules.check] Error while matching whitelist regex: " << ele.first << endl;
+			}      
+		}
+		return true;
+	}
+
 };
 
-bool check(unsigned char* data, const size_t& bytes_transferred, const bool in_input, regex_rules* rules){
+
-	string str_data((char *) data, bytes_transferred);
-	for (regex_rule_pair ele:in_input?rules->regex_c_s_b:rules->regex_s_c_b){
-		try{
-			if(ele.second.match(str_data)){
-				unique_lock<mutex> lck(stdout_mutex);
-				cout << "BLOCKED " << ele.first << endl;
-				return false;
-			}
-		} catch(...){
-			cerr << "[info] [regex_rules.check] Error while matching blacklist regex: " << ele.first << endl;
-		}
-	}
-	for (regex_rule_pair ele:in_input?rules->regex_c_s_w:rules->regex_s_c_w){
-		try{
-			if(!ele.second.match(str_data)){
-				unique_lock<mutex> lck(stdout_mutex);
-				cout << "BLOCKED " << ele.first << endl;
-				return false;
-			}
-		} catch(...){
-			cerr << "[info] [regex_rules.check] Error while matching whitelist regex: " << ele.first << endl;
-		}      
-	}
-	return true;
-}
 
 shared_ptr<regex_rules> regex_config;
 
@@ -184,7 +186,7 @@ class NetfilterQueue {
 		if it is set to 0, this message is the error generated by NFQNL_CFG_CMD_NONE
 		So NFQNL_CFG_CMD_BIND doesn't sended any error and it's all ok.
 		*/
-		if (nlh->nlmsg_len < 45 && buf[44] == 1){
+		if (buf[44] == 1){
 			_clear();
 			throw std::invalid_argument( "queueid is already busy" );
 		}
@@ -426,7 +428,7 @@ class NFQueueSequence{
 template <bool is_input>
 bool filter_callback(const uint8_t *data, uint32_t len){
 	shared_ptr<regex_rules> current_config = regex_config;
-	return check((unsigned char *)data, len, is_input, current_config.get());
+	return current_config->check((unsigned char *)data, len, is_input);
 }
 
 int main(int argc, char *argv[])