diff options
Diffstat (limited to 'libiptc/libip6tc.c')
-rw-r--r-- | libiptc/libip6tc.c | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c index 6f6fa6c..7a88efd 100644 --- a/libiptc/libip6tc.c +++ b/libiptc/libip6tc.c @@ -311,32 +311,48 @@ do_check(TC_HANDLE_T h, unsigned int line) user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT]; } else if (strcmp(h->info.name, "nat") == 0) { - assert(h->info.valid_hooks - == (1 << NF_IP6_PRE_ROUTING - | 1 << NF_IP6_POST_ROUTING - | 1 << NF_IP6_LOCAL_OUT)); + assert((h->info.valid_hooks + == (1 << NF_IP6_PRE_ROUTING + | 1 << NF_IP6_LOCAL_OUT + | 1 << NF_IP6_POST_ROUTING)) || + (h->info.valid_hooks + == (1 << NF_IP6_PRE_ROUTING + | 1 << NF_IP6_LOCAL_IN + | 1 << NF_IP6_LOCAL_OUT + | 1 << NF_IP6_POST_ROUTING))); assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0); n = get_chain_end(h, 0); + n += get_entry(h, n)->next_offset; assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n); - n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n); - user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT]; + + if (h->info.valid_hooks & (1 << NF_IP6_LOCAL_IN)) { + n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n); + user_offset = h->info.hook_entry[NF_IP6_LOCAL_IN]; + } + } else if (strcmp(h->info.name, "mangle") == 0) { /* This code is getting ugly because linux < 2.4.18-pre6 had * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks * */ - assert((h->info.valid_hooks & - ~(1 << NF_IP6_LOCAL_IN - | 1 << NF_IP6_FORWARD - | 1 << NF_IP6_POST_ROUTING)) - == (1 << NF_IP6_PRE_ROUTING - | 1 << NF_IP6_LOCAL_OUT)); + assert((h->info.valid_hooks + == (1 << NF_IP6_PRE_ROUTING + | 1 << NF_IP6_LOCAL_OUT)) || + (h->info.valid_hooks + == (1 << NF_IP6_PRE_ROUTING + | 1 << NF_IP6_LOCAL_IN + | 1 << NF_IP6_FORWARD + | 1 << NF_IP6_LOCAL_OUT + | 1 << NF_IP6_POST_ROUTING))); /* Hooks should be first five */ assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0); |