Improve packet parsing

firewall/interception/nfq/nfq.go

@@ -179,11 +179,13 @@ func (q *Queue) packetHandler(ctx context.Context) func(nfqueue.Attribute) int {
 			verdictPending: abool.New(),
 		}
 
-		if attrs.Payload != nil {
-			pkt.Payload = *attrs.Payload
+		if attrs.Payload == nil {
+			// There is not payload.
+			log.Warningf("nfqueue: packet #%s has no payload", pkt.pktID)
+			return 0
 		}
 
-		if err := pmpacket.Parse(pkt.Payload, pkt.Info()); err != nil {
+		if err := pmpacket.Parse(*attrs.Payload, &pkt.Base); err != nil {
 			log.Warningf("nfqueue: failed to parse payload: %s", err)
 			_ = pkt.Drop()
 			return 0

firewall/interception/nfq/packet.go

@@ -65,6 +65,11 @@ func (pkt *packet) ID() string {
 	return fmt.Sprintf("pkt:%d qid:%d", pkt.pktID, pkt.queue.id)
 }
 
+// LoadPacketData does nothing on Linux, as data is always fully parsed.
+func (pkt *packet) LoadPacketData() error {
+	return nil
+}
+
 // TODO(ppacher): revisit the following behavior:
 // 		The legacy implementation of nfqueue (and the interception) module
 // 		always accept a packet but may mark it so that a subsequent rule in