'n' is a subtotal from the inner loop; 'count' is the total number of addrs/masks. This problem wasn't merely cosmetic -- rules where the address has not been zeroed in accordance with the mask are silently ignored by netfilter. Signed-off-by: Wes Campaigne <westacular@xxxxxxxxx> --- xtables.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xtables.c b/xtables.c index c96efa0..f872754 100644 --- a/xtables.c +++ b/xtables.c @@ -1272,7 +1272,7 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, free(addrp); } *naddrs = count; - for (i = 0; i < n; ++i) + for (i = 0; i < count; ++i) (*addrpp+i)->s_addr &= (*maskpp+i)->s_addr; } @@ -1581,7 +1581,7 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, free(addrp); } *naddrs = count; - for (i = 0; i < n; ++i) + for (i = 0; i < count; ++i) for (j = 0; j < 4; ++j) (*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j]; } -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
