From 8c58a61f52da2e9c6c3ae925c9b3cd8a1299bd6c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 17 Mar 2008 15:36:59 +0100 Subject: [PATCH] geoip: address comparison is inclusive subnet is somewhat a wrong term, geoip actually uses ipranges. Either way, the comparison needs to be >= and <= instead of > <. --- extensions/xt_geoip.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 5989276..0b15b83 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -137,7 +137,8 @@ static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in, } for (j = 0; j < node->count; j++) - if ((ip > node->subnets[j].begin) && (ip < node->subnets[j].end)) { + if (ip >= node->subnets[j].begin && + ip <= node->subnets[j].end) { spin_unlock_bh(&geoip_lock); return (info->flags & XT_GEOIP_INV) ? 0 : 1; }