@@ -251,9 +251,12 @@
 		++j;}}
 
 		if (found) {
 			/* compare and update IPs if necessary */
-			bool goodIPs [ips -> sz]; _zero(goodIPs);
+
+			size_t wgIPc = 0;
+			{ wg_allowedip* a; wg_for_each_allowedip(found, a) ++wgIPc; };
+			bool goodIPs [wgIPc]; _zero(goodIPs);
 			/* extant IPs that are not marked good by the
 			 * end of the following loop must be deleted
 			 * from memory */
 			size_t goodIPc = 0;
@@ -272,21 +275,20 @@
 						foundIP = true;
 					}
 				++l;}
 				
-				if(!foundIP) {
+				if(foundIP == false) {
 					/* this IP hasn't been loaded into the
 					 * kernel yet; upload it now */
 					_infof("inserting IP PG%zu %s", j, inetstr);
-					// is this necessary? FIXME
-					/* found -> flags |= WGPEER_REPLACE_ALLOWEDIPS; */
+					found -> flags |= WGPEER_REPLACE_ALLOWEDIPS;
 					wg_allowedip* nip = wgd_peer_new_allowedip(found);
 					memcpy(nip, &aip, sizeof aip);
 					dirty = true;
 				}
 			}
 
-			if(goodIPc < ips -> sz) {
+			if(goodIPc < wgIPc) {
 				size_t l = 0;
 				wg_allowedip* wgip;
 				wg_for_each_allowedip(found, wgip) {
 					char inetstr[256];
@@ -445,9 +447,11 @@
 		if(suid) seteuid(atoi(suid));
 		if(susr) setenv("USER",getenv("SUDO_USER"), 1);
 	}
 
-	PGconn* db = PQconnectdb("dbname=domain");
+	char* connstr = getenv("wgsync_conn");
+	if(connstr == null) _fatal("no connection string supplied");
+	PGconn* db = PQconnectdb(connstr);
 	if(PQstatus(db) != CONNECTION_OK) 
 		_fatal(PQerrorMessage(db));
 
 	PGresult* q_get_hosts = PQprepare(db, "get_hosts",