Bugs item #2963040, was opened at 2010-03-04 02:04 Message generated for change (Tracker Item Submitted) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=296304… Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: modules Group: ver devel Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: allow_source_address_group() not matching correctly Initial Comment: IP address subnet matching does not work properly when using the allow_source_address_group() function from the Permissions module. The problem comes from /modules_k/permissions/hash.c:568 in function find_group_in_subnet_table(). subnet = ip_addr << table[i].mask; should be subnet = htonl(ntohl(ip_addr) >> table[i].mask); Here is a git diff to fix it: diff --git a/modules_k/permissions/hash.c b/modules_k/permissions/hash.c index 7358225..7917d5a 100644 --- a/modules_k/permissions/hash.c +++ b/modules_k/permissions/hash.c @@ -565,7 +565,7 @@ int find_group_in_subnet_table(struct subnet* table, i = 0; while (i < count) { - subnet = ip_addr << table[i].mask; + subnet = htonl(ntohl(ip_addr) >> table[i].mask); //ip_addr << table[i].mask; if ((table[i].subnet == subnet) && ((table[i].port == port) || (table[i].port == 0))) return table[i].grp; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=296304…