Finished c++ stuff (I hope)

.gitignore

@@ -12,7 +12,7 @@
 
 /backend/db/firegex.db
 /backend/db/firegex.db-journal
-/backend/nfqueue/main
+/backend/nfqueue/nfqueue
 docker-compose.yml
 
 # misc

Dockerfile

@@ -1,5 +1,5 @@
 #Building main conteiner
-FROM python:slim-buster
+FROM python:slim-bullseye
 
 RUN apt-get update && apt-get -y install \    
         build-essential git iptables libpcre2-dev\
@@ -15,7 +15,8 @@ RUN mkdir /execute/
 WORKDIR /execute
 
 COPY ./backend/nfqueue /execute/nfqueue
-RUN gcc nfqueue/nfqueue.cpp -o nfqueue/nfqueue -lnetfilter_queue -pthread -lpcre2-8 -ltins -lmnl -lnfnetlink
+
+RUN g++ nfqueue/nfqueue.cpp -o nfqueue/nfqueue -O3 -march=native -lnetfilter_queue -pthread -lpcre2-8 -ltins -lmnl -lnfnetlink
 
 ADD ./backend/requirements.txt /execute/requirements.txt
 RUN pip install --no-cache-dir -r /execute/requirements.txt

backend/nfqueue/nfqueue.cpp

@@ -149,8 +149,7 @@ class NetfilterQueue {
 	struct mnl_socket* nl = NULL;
 
 	NetfilterQueue(u_int16_t queue_num): queue_num(queue_num) {
-		
+
-		struct nlmsghdr *nlh;
 		nl = mnl_socket_open(NETLINK_NETFILTER);
 		
 		if (nl == NULL) { throw runtime_error( "mnl_socket_open" );}
@@ -162,6 +161,7 @@ class NetfilterQueue {
 		portid = mnl_socket_get_portid(nl);
 
 		buf = (char*) malloc(BUF_SIZE);
+
 		if (!buf) {
 			mnl_socket_close(nl);
 			throw runtime_error( "allocate receive buffer" );
@@ -171,27 +171,34 @@ class NetfilterQueue {
 			_clear();
 			throw runtime_error( "mnl_socket_send" );
 		}
-
+		//TEST if BIND was successful
-//TESTING QUEUE: TODO find a legal system to test if the queue was binded successfully
+		if (send_config_cmd(NFQNL_CFG_CMD_NONE) < 0) { // SEND A NONE cmmand to generate an error meessage
-		if (send_config_cmd(NFQNL_CFG_CMD_NONE) < 0) {
 			_clear();
 			throw runtime_error( "mnl_socket_send" );
 		}
-		if (recv_packet() == -1) {
+		if (recv_packet() == -1) { //RECV the error message
 			_clear();
 			throw std::runtime_error( "mnl_socket_recvfrom" );
 		}
-		/*
+
-		I checked that if this byte (that is the only one that changes) is set to 1,
+		struct nlmsghdr *nlh = (struct nlmsghdr *) buf;
-		this message is the NFQNL_CFG_CMD_BIND error, instead
+		
-		if it is set to 0, this message is the error generated by NFQNL_CFG_CMD_NONE
+		if (nlh->nlmsg_type != NLMSG_ERROR) {
-		So NFQNL_CFG_CMD_BIND doesn't sended any error and it's all ok.
+			_clear();
-		*/
+			throw runtime_error( "unexpected packet from kernel (expected NLMSG_ERROR packet)" );
-		if (buf[44] == 1){
+		}		
+		//nfqnl_msg_config_cmd
+		nlmsgerr* error_msg = (nlmsgerr *)mnl_nlmsg_get_payload(nlh);	
+
+		// error code taken from the linux kernel:
+		// https://elixir.bootlin.com/linux/v5.18.12/source/include/linux/errno.h#L27
+		#define ENOTSUPP	524	/* Operation is not supported */
+
+		if (error_msg->error != -ENOTSUPP) {
 			_clear();
 			throw std::invalid_argument( "queueid is already busy" );
 		}
-//END TESTING QUEUE
+		//END TESTING BIND
 		nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 		nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
 		
@@ -271,8 +278,7 @@ class NetfilterQueue {
 		//Get Payload
 		uint16_t plen = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]);
 		void *payload = mnl_attr_get_payload(attr[NFQA_PAYLOAD]);
-
+		
-
 		//Return result to the kernel
 		struct nfqnl_msg_packet_hdr *ph = (nfqnl_msg_packet_hdr*) mnl_attr_get_payload(attr[NFQA_PACKET_HDR]);
 		struct nfgenmsg *nfg = (nfgenmsg *)mnl_nlmsg_get_payload(nlh);
@@ -466,6 +472,4 @@ WORKDIR /tmp/jpcre2
 RUN ./configure; make; make install
 WORKDIR /
 
-//NFQNL_CFG_CMD_UNBIND ???
-
 */