From 596707cf8374dba73535bc77bae76fe8770c0028 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Wed, 13 Feb 2002 16:35:39 +0000
Subject: first attempt in trying to make debug code work with mangle2hooks and
 mangle5hooks

---
 libiptc/libip4tc.c | 43 ++++++++++++++++++++++++++-----------------
 libiptc/libip6tc.c | 44 ++++++++++++++++++++++++++------------------
 2 files changed, 52 insertions(+), 35 deletions(-)

(limited to 'libiptc')

diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 9a3468c3..3fecc43f 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -382,35 +382,44 @@ do_check(TC_HANDLE_T h, unsigned int line)
 
 		user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
 	} else if (strcmp(h->info.name, "mangle") == 0) {
-		/* This code assumes mangle5hooks enabled iptable_mangle,
-		 * either by patch-o-matic patch or linux >= 2.4.18-pre6 */
-		assert(h->info.valid_hooks
+		/* This code is getting ugly because linux < 2.4.18-pre6 had
+		 * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks
+		 * */
+		assert((h->info.valid_hooks &
+			~(1 << NF_IP_LOCAL_IN)
+			  | 1 << NF_IP_FORWARD
+			  | 1 << NF_IP_POST_ROUTING)
 		       == (1 << NF_IP_PRE_ROUTING
-			   | 1 << NF_IP_LOCAL_IN
-			   | 1 << NF_IP_FORWARD
-			   | 1 << NF_IP_LOCAL_OUT
-			   | 1 << NF_IP_POST_ROUTING));
+			   | 1 << NF_IP_LOCAL_OUT));
 
 		/* Hooks should be first five */
 		assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
 
 		n = get_chain_end(h, 0);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n);
 
-		n = get_chain_end(h, n);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP_FORWARD] == n);
+		if (h->info.valid_hooks & NF_IP_LOCAL_IN) {
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n);
+			n = get_chain_end(h, n);
+		}
+
+		if (h->info.valid_hooks & NF_IP_FORWARD) {
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP_FORWARD] == n);
+			n = get_chain_end(h, n);
+		}
 
-		n = get_chain_end(h, n);
 		n += get_entry(h, n)->next_offset;
 		assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
+		user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
 
-		n = get_chain_end(h, n);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
+		if (h->info.valid_hooks & NF_IP_POST_ROUTING) {
+			n = get_chain_end(h, n);
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
+			user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
+		}
 
-		user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
 #ifdef NF_IP_DROPPING
 	} else if (strcmp(h->info.name, "drop") == 0) {
 		assert(h->info.valid_hooks == (1 << NF_IP_DROPPING));
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 105fdfa4..cd35bbe9 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -328,35 +328,43 @@ do_check(TC_HANDLE_T h, unsigned int line)
 
 		user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT];
 	} else if (strcmp(h->info.name, "mangle") == 0) {
-		 /* This code assumes mangle5hooks enabled iptable_mangle,
-		  * either by patch-o-matic patch or linux >= 2.4.18-pre6 */
-		assert(h->info.valid_hooks
+		/* This code is getting ugly because linux < 2.4.18-pre6 had
+		 * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks
+		 * */
+		assert((h->info.valid_hooks &
+			~(1 << NF_IP6_LOCAL_IN
+			  | 1 << NF_IP6_FORWARD
+			  | 1 << NF_IP6_POST_ROUTING))
 		       == (1 << NF_IP6_PRE_ROUTING
-			   | 1 << NF_IP6_LOCAL_IN
-			   | 1 << NF_IP6_FORWARD
-			   | 1 << NF_IP6_LOCAL_OUT
-			   | 1 << NF_IP6_POST_ROUTING));
+			   | 1 << NF_IP6_LOCAL_OUT));
 
 		/* Hooks should be first five */
 		assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0);
 
 		n = get_chain_end(h, 0);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n);
 
-		n = get_chain_end(h, n);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP6_FORWARD] == n);
+		if (h->info.valid_hooks & NF_IP6_LOCAL_IN) {
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n);
+			n = get_chain_end(h, n);
+		}
 
-		n = get_chain_end(h, n);
-		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n);
+		if (h->info.valid_hooks & NF_IP6_FORWARD) {
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP6_FORWARD] == n);
+			n = get_chain_end(h, n);
+		}
 
-		n = get_chain_end(h, n);
 		n += get_entry(h, n)->next_offset;
-		assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n);
+		assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n);
+		user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT];
 
-		user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING];
+		if (h->info.valid_hooks & NF_IP6_POST_ROUTING) {
+			n = get_chain_end(h, n);
+			n += get_entry(h, n)->next_offset;
+			assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n);
+			user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING];
+		}
 	} else
 		abort();
 
-- 
cgit v1.2.3