[pve-devel] [PATCH firewall 2/7] ipv6: fix ip_compress_address_call

[Wolfgang Bumiller]

This only takes an address and not a CIDR notation. It does
preserve the suffix but ended up compressing
fc00:0000::0000/64 to fc00::0000/64 instead of fc00::/64 and
thus caused the firewall to always show there are pending
changes when ipv6 addresses were available.
---
 src/PVE/Firewall.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 88247de..ae47197 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2990,7 +2990,10 @@ sub generate_ipset_chains {
 		}
 		#http://backreference.org/2013/03/01/ipv6-address-normalization/
 		if ($ver == 6) {
-		    $cidr = lc(Net::IP::ip_compress_address($cidr, 6));
+		    # ip_compress_address takes an address only, no CIDR
+		    my ($addr, $range) = ($cidr =~ m@^([^/]*)(/.*)?$@);
+		    $range = '' if !defined($range);
+		    $cidr = lc(Net::IP::ip_compress_address($addr, 6)) . $range;
 		    $cidr =~ s|/128$||;
 		} else {
 		    $cidr =~ s|/32$||;
-- 
2.1.4