diff options
author | laforge <laforge> | 2002-02-13 16:35:39 +0000 |
---|---|---|
committer | laforge <laforge> | 2002-02-13 16:35:39 +0000 |
commit | 22a0fccbadc7bb8f35cdb114e65c9699b0fe73de (patch) | |
tree | e8799f483ae658d2023361fcc458e5f4f3d2b036 /libiptc | |
parent | 7bb1d7f3999c92cb90ea3788d865dbb21d7963e7 (diff) |
first attempt in trying to make debug code work with mangle2hooks and mangle5hooks
Diffstat (limited to 'libiptc')
-rw-r--r-- | libiptc/libip4tc.c | 43 | ||||
-rw-r--r-- | libiptc/libip6tc.c | 44 |
2 files changed, 52 insertions, 35 deletions
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c index 9a3468c..3fecc43 100644 --- a/libiptc/libip4tc.c +++ b/libiptc/libip4tc.c @@ -382,35 +382,44 @@ do_check(TC_HANDLE_T h, unsigned int line) user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; } else if (strcmp(h->info.name, "mangle") == 0) { - /* This code assumes mangle5hooks enabled iptable_mangle, - * either by patch-o-matic patch or linux >= 2.4.18-pre6 */ - assert(h->info.valid_hooks + /* This code is getting ugly because linux < 2.4.18-pre6 had + * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks + * */ + assert((h->info.valid_hooks & + ~(1 << NF_IP_LOCAL_IN) + | 1 << NF_IP_FORWARD + | 1 << NF_IP_POST_ROUTING) == (1 << NF_IP_PRE_ROUTING - | 1 << NF_IP_LOCAL_IN - | 1 << NF_IP_FORWARD - | 1 << NF_IP_LOCAL_OUT - | 1 << NF_IP_POST_ROUTING)); + | 1 << NF_IP_LOCAL_OUT)); /* Hooks should be first five */ assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); n = get_chain_end(h, 0); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n); - n = get_chain_end(h, n); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP_FORWARD] == n); + if (h->info.valid_hooks & NF_IP_LOCAL_IN) { + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n); + n = get_chain_end(h, n); + } + + if (h->info.valid_hooks & NF_IP_FORWARD) { + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP_FORWARD] == n); + n = get_chain_end(h, n); + } - n = get_chain_end(h, n); n += get_entry(h, n)->next_offset; assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); + user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; - n = get_chain_end(h, n); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n); + if (h->info.valid_hooks & NF_IP_POST_ROUTING) { + n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n); + user_offset = h->info.hook_entry[NF_IP_POST_ROUTING]; + } - user_offset = h->info.hook_entry[NF_IP_POST_ROUTING]; #ifdef NF_IP_DROPPING } else if (strcmp(h->info.name, "drop") == 0) { assert(h->info.valid_hooks == (1 << NF_IP_DROPPING)); diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c index 105fdfa..cd35bbe 100644 --- a/libiptc/libip6tc.c +++ b/libiptc/libip6tc.c @@ -328,35 +328,43 @@ do_check(TC_HANDLE_T h, unsigned int line) user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT]; } else if (strcmp(h->info.name, "mangle") == 0) { - /* This code assumes mangle5hooks enabled iptable_mangle, - * either by patch-o-matic patch or linux >= 2.4.18-pre6 */ - assert(h->info.valid_hooks + /* This code is getting ugly because linux < 2.4.18-pre6 had + * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks + * */ + assert((h->info.valid_hooks & + ~(1 << NF_IP6_LOCAL_IN + | 1 << NF_IP6_FORWARD + | 1 << NF_IP6_POST_ROUTING)) == (1 << NF_IP6_PRE_ROUTING - | 1 << NF_IP6_LOCAL_IN - | 1 << NF_IP6_FORWARD - | 1 << NF_IP6_LOCAL_OUT - | 1 << NF_IP6_POST_ROUTING)); + | 1 << NF_IP6_LOCAL_OUT)); /* Hooks should be first five */ assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0); n = get_chain_end(h, 0); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n); - n = get_chain_end(h, n); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP6_FORWARD] == n); + if (h->info.valid_hooks & NF_IP6_LOCAL_IN) { + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n); + n = get_chain_end(h, n); + } - n = get_chain_end(h, n); - n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n); + if (h->info.valid_hooks & NF_IP6_FORWARD) { + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP6_FORWARD] == n); + n = get_chain_end(h, n); + } - n = get_chain_end(h, n); n += get_entry(h, n)->next_offset; - assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n); + assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n); + user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT]; - user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING]; + if (h->info.valid_hooks & NF_IP6_POST_ROUTING) { + n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n); + user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING]; + } } else abort(); |