diff --git a/backend/nfqueue/nfqueue.cpp b/backend/nfqueue/nfqueue.cpp index 7e15f32..6378a24 100644 --- a/backend/nfqueue/nfqueue.cpp +++ b/backend/nfqueue/nfqueue.cpp @@ -15,9 +15,11 @@ #include #include #include +#include #include typedef jpcre2::select jp; +mutex stdout_mutex; using namespace std; using namespace Tins; @@ -89,6 +91,33 @@ struct regex_rules{ return 0; } + bool check(unsigned char* data, const size_t& bytes_transferred, const bool in_input){ + string str_data((char *) data, bytes_transferred); + for (regex_rule_pair ele:in_input?regex_c_s_b:regex_s_c_b){ + try{ + if(ele.second.match(str_data)){ + unique_lock lck(stdout_mutex); + cout << "BLOCKED " << ele.first << endl; + return false; + } + } catch(...){ + cerr << "[info] [regex_rules.check] Error while matching blacklist regex: " << ele.first << endl; + } + } + for (regex_rule_pair ele:in_input?regex_c_s_w:regex_s_c_w){ + try{ + if(!ele.second.match(str_data)){ + unique_lock lck(stdout_mutex); + cout << "BLOCKED " << ele.first << endl; + return false; + } + } catch(...){ + cerr << "[info] [regex_rules.check] Error while matching whitelist regex: " << ele.first << endl; + } + } + return true; + } + }; shared_ptr regex_config; @@ -147,11 +176,16 @@ class NetfilterQueue { _clear(); throw std::runtime_error( "mnl_socket_recvfrom" ); } - if (buf[44] == 1){ + /* + I checked that if this byte (that is the only one that changes) is set to 1, + this message is the NFQNL_CFG_CMD_BIND error, instead + if it is set to 0, this message is the error generated by NFQNL_CFG_CMD_NONE + So NFQNL_CFG_CMD_BIND doesn't sended any error and it's all ok. + */ + if (nlh->nlmsg_len < 45 && buf[44] == 1){ _clear(); throw std::invalid_argument( "queueid is already busy" ); } - //END TESTING QUEUE nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num); nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);