summaryrefslogtreecommitdiffstats
path: root/libiptc/libip4tc.c
diff options
context:
space:
mode:
Diffstat (limited to 'libiptc/libip4tc.c')
-rw-r--r--libiptc/libip4tc.c43
1 files changed, 26 insertions, 17 deletions
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 9a3468c3..3fecc43f 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -382,35 +382,44 @@ do_check(TC_HANDLE_T h, unsigned int line)
user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
} else if (strcmp(h->info.name, "mangle") == 0) {
- /* This code assumes mangle5hooks enabled iptable_mangle,
- * either by patch-o-matic patch or linux >= 2.4.18-pre6 */
- assert(h->info.valid_hooks
+ /* This code is getting ugly because linux < 2.4.18-pre6 had
+ * two mangle hooks, linux >= 2.4.18-pre6 has five mangle hooks
+ * */
+ assert((h->info.valid_hooks &
+ ~(1 << NF_IP_LOCAL_IN)
+ | 1 << NF_IP_FORWARD
+ | 1 << NF_IP_POST_ROUTING)
== (1 << NF_IP_PRE_ROUTING
- | 1 << NF_IP_LOCAL_IN
- | 1 << NF_IP_FORWARD
- | 1 << NF_IP_LOCAL_OUT
- | 1 << NF_IP_POST_ROUTING));
+ | 1 << NF_IP_LOCAL_OUT));
/* Hooks should be first five */
assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
n = get_chain_end(h, 0);
- n += get_entry(h, n)->next_offset;
- assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n);
- n = get_chain_end(h, n);
- n += get_entry(h, n)->next_offset;
- assert(h->info.hook_entry[NF_IP_FORWARD] == n);
+ if (h->info.valid_hooks & NF_IP_LOCAL_IN) {
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_LOCAL_IN] == n);
+ n = get_chain_end(h, n);
+ }
+
+ if (h->info.valid_hooks & NF_IP_FORWARD) {
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_FORWARD] == n);
+ n = get_chain_end(h, n);
+ }
- n = get_chain_end(h, n);
n += get_entry(h, n)->next_offset;
assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
+ user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
- n = get_chain_end(h, n);
- n += get_entry(h, n)->next_offset;
- assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
+ if (h->info.valid_hooks & NF_IP_POST_ROUTING) {
+ n = get_chain_end(h, n);
+ n += get_entry(h, n)->next_offset;
+ assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
+ user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
+ }
- user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
#ifdef NF_IP_DROPPING
} else if (strcmp(h->info.name, "drop") == 0) {
assert(h->info.valid_hooks == (1 << NF_IP_DROPPING));