diff options
Diffstat (limited to 'libiptc/libip4tc.c')
-rw-r--r-- | libiptc/libip4tc.c | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c index 1dc414d..d221e74 100644 --- a/libiptc/libip4tc.c +++ b/libiptc/libip4tc.c @@ -365,32 +365,48 @@ do_check(TC_HANDLE_T h, unsigned int line) user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; } else if (strcmp(h->info.name, "nat") == 0) { - assert(h->info.valid_hooks - == (1 << NF_IP_PRE_ROUTING - | 1 << NF_IP_POST_ROUTING - | 1 << NF_IP_LOCAL_OUT)); + assert((h->info.valid_hooks + == (1 << NF_IP_PRE_ROUTING + | 1 << NF_IP_POST_ROUTING + | 1 << NF_IP_LOCAL_OUT)) || + (h->info.valid_hooks + == (1 << NF_IP_PRE_ROUTING + | 1 << NF_IP_LOCAL_IN + | 1 << NF_IP_POST_ROUTING + | 1 << NF_IP_LOCAL_OUT))); assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); n = get_chain_end(h, 0); + n += get_entry(h, n)->next_offset; assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n); - n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); - user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; + + if (h->info.valid_hooks & (1 << NF_IP_LOCAL_IN)) { + n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n); + user_offset = h->info.hook_entry[NF_IP_LOCAL_IN]; + } + } else if (strcmp(h->info.name, "mangle") == 0) { /* This code is getting ugly because linux < 2.4.18-pre6 had * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks * */ - assert((h->info.valid_hooks & - ~(1 << NF_IP_LOCAL_IN - | 1 << NF_IP_FORWARD - | 1 << NF_IP_POST_ROUTING)) - == (1 << NF_IP_PRE_ROUTING - | 1 << NF_IP_LOCAL_OUT)); + assert((h->info.valid_hooks + == (1 << NF_IP_PRE_ROUTING + | 1 << NF_IP_LOCAL_OUT)) || + (h->info.valid_hooks + == (1 << NF_IP_PRE_ROUTING + | 1 << NF_IP_LOCAL_IN + | 1 << NF_IP_FORWARD + | 1 << NF_IP_LOCAL_OUT + | 1 << NF_IP_POST_ROUTING))); /* Hooks should be first five */ assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); |