summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2002-02-13 16:19:55 +0000
committerHarald Welte <laforge@gnumonks.org>2002-02-13 16:19:55 +0000
commit380ba5f3074a16fbaa8869d9594962d58b5f8608 (patch)
tree7926ece3e04f0a80c9e165581e304e1549339c81
parent72c6b79b9944e4784ca21779413db71d773d7f10 (diff)
- don't need -DNDEBUG anymore. Instead, use -DIPTC_DEBUG to enable
libiptc debugging. This is to make people at RedHat and Mandrake happy. - add debugging code for mangle5hooks table (will break debugging of iptables >= 1.2.6 on old kernels <= 2.4.18-pre6. *sigh*
-rw-r--r--Makefile10
-rw-r--r--libiptc/libip4tc.c26
-rw-r--r--libiptc/libip6tc.c26
-rw-r--r--libiptc/libiptc.c4
4 files changed, 46 insertions, 20 deletions
diff --git a/Makefile b/Makefile
index 762c13e3..a4dc2b68 100644
--- a/Makefile
+++ b/Makefile
@@ -29,8 +29,8 @@ ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES)
DO_IPV6=1
endif
-COPT_FLAGS:=-O2 -DNDEBUG
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg
+COPT_FLAGS:=-O2
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg # -DIPTC_DEBUG
ifdef NO_SHARED_LIBS
CFLAGS += -DNO_SHARED_LIBS=1
@@ -187,12 +187,10 @@ most-of-pom:
distrib: check distclean delrelease $(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2 diff md5sums # nowhitespace
# Makefile must not define:
-# -g -pg
-# And must define -NDEBUG
+# -g -pg -DIPTC_DEBUG
.PHONY: check
check:
- @if echo $(CFLAGS) | egrep -e '-g|-pg' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi
- @if echo $(CFLAGS) | egrep -e NDEBUG >/dev/null; then exit 0; else echo Define -DNDEBUG; exit 1; fi
+ @if echo $(CFLAGS) | egrep -e '-g|-pg|IPTC_DEBUG' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi
.PHONY: nowhitespace
nowhitespace:
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 0d9e439b..9a3468c3 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -336,7 +336,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
return 0;
}
-#ifndef NDEBUG
+#ifdef IPTC_DEBUG
/* Do every conceivable sanity check on the handle */
static void
do_check(TC_HANDLE_T h, unsigned int line)
@@ -382,21 +382,35 @@ do_check(TC_HANDLE_T h, unsigned int line)
user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
} else if (strcmp(h->info.name, "mangle") == 0) {
+ /* This code assumes mangle5hooks enabled iptable_mangle,
+ * either by patch-o-matic patch or linux >= 2.4.18-pre6 */
assert(h->info.valid_hooks
== (1 << NF_IP_PRE_ROUTING
- | 1 << NF_IP_POST_ROUTING
| 1 << NF_IP_LOCAL_IN
+ | 1 << NF_IP_FORWARD
| 1 << NF_IP_LOCAL_OUT
- | 1 << NF_IP_FORWARD));
+ | 1 << NF_IP_POST_ROUTING));
- /* Hooks should be first two */
+ /* Hooks should be first five */
assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
n = get_chain_end(h, 0);
n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n);
+
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_FORWARD] == n);
+
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
- user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
+
+ user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
#ifdef NF_IP_DROPPING
} else if (strcmp(h->info.name, "drop") == 0) {
assert(h->info.valid_hooks == (1 << NF_IP_DROPPING));
@@ -464,4 +478,4 @@ do_check(TC_HANDLE_T h, unsigned int line)
->u.user.name,
IPT_ERROR_TARGET) == 0);
}
-#endif /*NDEBUG*/
+#endif /*IPTC_DEBUG*/
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 91cd01c7..105fdfa4 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -282,7 +282,7 @@ unconditional(const struct ip6t_ip6 *ipv6)
return (i == sizeof(*ipv6));
}
-#ifndef NDEBUG
+#ifdef IPTC_DEBUG
/* Do every conceivable sanity check on the handle */
static void
do_check(TC_HANDLE_T h, unsigned int line)
@@ -328,21 +328,35 @@ do_check(TC_HANDLE_T h, unsigned int line)
user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT];
} else if (strcmp(h->info.name, "mangle") == 0) {
+ /* This code assumes mangle5hooks enabled iptable_mangle,
+ * either by patch-o-matic patch or linux >= 2.4.18-pre6 */
assert(h->info.valid_hooks
== (1 << NF_IP6_PRE_ROUTING
- | 1 << NF_IP6_POST_ROUTING
| 1 << NF_IP6_LOCAL_IN
+ | 1 << NF_IP6_FORWARD
| 1 << NF_IP6_LOCAL_OUT
- | 1 << NF_IP6_FORWARD));
+ | 1 << NF_IP6_POST_ROUTING));
- /* Hooks should be first three */
+ /* Hooks should be first five */
assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0);
n = get_chain_end(h, 0);
n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP6_LOCAL_IN] == n);
+
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP6_FORWARD] == n);
+
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n);
- user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT];
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n);
+
+ user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING];
} else
abort();
@@ -403,4 +417,4 @@ do_check(TC_HANDLE_T h, unsigned int line)
ERROR_TARGET) == 0);
#endif
}
-#endif /*NDEBUG*/
+#endif /*IPTC_DEBUG*/
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 3574ac8d..395b8c74 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules. Version $Revision: 1.32 $ */
+/* Library which manipulates firewall rules. Version $Revision: 1.33 $ */
/* Architecture of firewall rules is as follows:
*
@@ -104,7 +104,7 @@ set_changed(TC_HANDLE_T h)
h->changed = 1;
}
-#ifndef NDEBUG
+#ifdef IPTC_DEBUG
static void do_check(TC_HANDLE_T h, unsigned int line);
#define CHECK(h) do { if (!getenv("IPTC_NO_CHECK")) do_check((h), __LINE__); } while(0)
#else