Minor changes

backend/nfqueue/nfqueue.cpp

@@ -15,9 +15,11 @@
 #include <cerrno>
 #include <sstream>
 #include <thread>
+#include <mutex>
 #include <jpcre2.hpp>
 
 typedef jpcre2::select<char> jp;
+mutex stdout_mutex;
 using namespace std;
 using namespace Tins;
 
@@ -89,6 +91,33 @@ struct regex_rules{
 		return 0;
 	}
 
+	bool check(unsigned char* data, const size_t& bytes_transferred, const bool in_input){
+		string str_data((char *) data, bytes_transferred);
+		for (regex_rule_pair ele:in_input?regex_c_s_b:regex_s_c_b){
+			try{
+				if(ele.second.match(str_data)){
+					unique_lock<mutex> lck(stdout_mutex);
+					cout << "BLOCKED " << ele.first << endl;
+					return false;
+				}
+			} catch(...){
+				cerr << "[info] [regex_rules.check] Error while matching blacklist regex: " << ele.first << endl;
+			}
+		}
+		for (regex_rule_pair ele:in_input?regex_c_s_w:regex_s_c_w){
+			try{
+				if(!ele.second.match(str_data)){
+					unique_lock<mutex> lck(stdout_mutex);
+					cout << "BLOCKED " << ele.first << endl;
+					return false;
+				}
+			} catch(...){
+				cerr << "[info] [regex_rules.check] Error while matching whitelist regex: " << ele.first << endl;
+			}      
+		}
+		return true;
+	}
+
 };
 
 shared_ptr<regex_rules> regex_config;
@@ -147,11 +176,16 @@ class NetfilterQueue {
 			_clear();
 			throw std::runtime_error( "mnl_socket_recvfrom" );
 		}
-		if (buf[44] == 1){
+		/*
+		I checked that if this byte (that is the only one that changes) is set to 1,
+		this message is the NFQNL_CFG_CMD_BIND error, instead
+		if it is set to 0, this message is the error generated by NFQNL_CFG_CMD_NONE
+		So NFQNL_CFG_CMD_BIND doesn't sended any error and it's all ok.
+		*/
+		if (nlh->nlmsg_len < 45 && buf[44] == 1){
 			_clear();
 			throw std::invalid_argument( "queueid is already busy" );
 		}
-
 //END TESTING QUEUE
 		nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 		nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);