All:

The attached patch fixes a few minor issues in libiptc. These changes 
are as follows:

   - Sets the 'iptc_fn' global variable to the pointer to the current 
functions in all major TC_* functions. This is necessary because in 
certain cases, an error return from a function that doesn't set 
'iptc_fn' will conflict with a function-specific error return from one 
that does, causing TC_STRERROR() to return the wrong error string. This 
ensures that the right one will be returned.
   - Implements a simple reference counter for the netlink socket global 
variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple 
tables (filter, nat, mangle, untracked) may be opened at one time. The 
way libiptc does it in the official version causes previously-opened 
tables to break such that attempts to commit changes will fail.
   - Adds a couple of memset() invocations in TC_COMMIT, based on past 
analysis with valgrind. It claimed that allocated structure were not 
being fully initialized, and adding the memset()s corrected this warning.

It is against the current version in the Subversion repository. It only 
changes libiptc/libiptc.c.

-- 
Derrik Pates
demon@devrandom.net