from=$(( $from + $bit ))
done
to=$(( ($netclassindex << $BIT_TO) ))
- tomask=$(( $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) ))
+ tomask=$(( $MASK_TO | $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) ))
trace "from $name --> set $(printf %08x/%08x $from $frommask)"
- trace " to $name --> and $(printf %08x/%08x $to $tomask)"
+ trace " to $name --> set $(printf %08x/%08x $to $tomask)"
## Now establish the mark-from-NAME and mark-to-NAME chains.
clearchain mangle:mark-from-$name mangle:mark-to-$name
done
}
+## matchnets OPT WIN FLAGS PREPARE BASE SUFFIX NEXT NET [NET ...]
+##
## Build rules which match a particular collection of networks.
+##
## Specifically, use the address-comparison operator OPT (typically `-s' or
-## `-d') to match the addresses of NOT, writing the rules to the chain
-## BASESUFFIX. If we find a match, dispatch to WIN-CLASS, where CLASS is
-## the class of the matching network. In order to deal with networks
-## containing negative address ranges, more chains may need to be
-## constructed; they will be named BASE#Q for sequence numbers Q starting
-## with NEXT. All of this happens on the `mangle' table, and there isn't
-## (currently) a way to tweak this.
+## `-d') to match the addresses of each NET, writing the rules to the chain
+## BASESUFFIX. If we find a match, dispatch to WIN-CLASS, where CLASS is the
+## class of the matching network. In order to deal with networks containing
+## negative address ranges, more chains may need to be constructed; they will
+## be named BASE#Q for sequence numbers Q starting with NEXT. All of this
+## happens on the `mangle' table, and there isn't (currently) a way to tweak
+## this.
##
## The FLAGS gather additional interesting information about the job,
## separated by colons. The only flag currently is :default: which means