Minor fixes

backend/nfqueue/nfqueue.cpp

@@ -138,34 +138,40 @@ class NetfilterQueue {
 
 		nlh_verdict = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, ntohs(nfg->res_id));
 
-		#define PKT_OPS \
+		/*
-		PDU *transport_layer = find_transport_layer(&packet); \
+			This define allow to avoid to allocate new heap memory for each packet.
-		if(transport_layer->inner_pdu() == nullptr){ \
+			The code under this comment is replicated for ipv6 and ip
-			nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );\
+			Better solutions are welcome. :)
-		}else{\
+		*/
-			int size = transport_layer->inner_pdu()->size();\
+		#define PKT_HANDLE 																						\
-			if(callback_func((const uint8_t*)payload+plen - size, size)){\
+		PDU *transport_layer = find_transport_layer(&packet); 													\
-				nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );\
+		if(transport_layer->inner_pdu() == nullptr || transport_layer == nullptr){ 								\
-			} else{\
+			nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );								\
-				if (transport_layer->pdu_type() == PDU::TCP){\
+		}else{																									\
-					((TCP *)transport_layer)->release_inner_pdu();\
+			int size = transport_layer->inner_pdu()->size();													\
-					((TCP *)transport_layer)->set_flag(TCP::FIN,1);\
+			if(callback_func((const uint8_t*)payload+plen - size, size)){										\
-					((TCP *)transport_layer)->set_flag(TCP::ACK,1);\
+				nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );							\
-					((TCP *)transport_layer)->set_flag(TCP::SYN,0);\
+			} else{																								\
-					nfq_nlmsg_verdict_put_pkt(nlh_verdict, packet.serialize().data(), packet.size());\
+				if (transport_layer->pdu_type() == PDU::TCP){													\
-					nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );		\
+					((TCP *)transport_layer)->release_inner_pdu();												\
-				}else{\
+					((TCP *)transport_layer)->set_flag(TCP::FIN,1);												\
-					nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_DROP );\
+					((TCP *)transport_layer)->set_flag(TCP::ACK,1);												\
-				}\
+					((TCP *)transport_layer)->set_flag(TCP::SYN,0);												\
-			}\
+					nfq_nlmsg_verdict_put_pkt(nlh_verdict, packet.serialize().data(), packet.size());			\
-		}\
+					nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_ACCEPT );						\
+				}else{																							\
+					nfq_nlmsg_verdict_put(nlh_verdict, ntohl(ph->packet_id), NF_DROP );							\
+				}																								\
+			}																									\
+		}
 
+		// Check IP protocol version
 		if ( (((uint8_t*)payload)[0] & 0xf0) == 0x40 ){
 			IP packet = IP((uint8_t*)payload,plen);
-			PKT_OPS
+			PKT_HANDLE
 		}else{
 			IPv6 packet = IPv6((uint8_t*)payload,plen);
-			PKT_OPS
+			PKT_HANDLE
 		}	
 
 		/* example to set the connmark. First, start NFQA_CT section: */