From ab03c1a7537dcd14013a59ec86cdef6cfc696b23 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 28 Jul 2015 08:46:04 +0200
Subject: [PATCH] fix ipv6 address normalization

inet_ntop only takes an addres, not a CIDR notation. Since
the normalized address should just be a compressed
lower-case address, Net::IP::ip_compress_address should be
sufficient.

inet_ntop didn't succeed before, the result of which was
that ipsets weren't generated at all for ipv6 address ranges.
---
 src/PVE/Firewall.pm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 2f876ce..97450c6 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2952,8 +2952,7 @@ sub generate_ipset_chains {
 		}
 		#http://backreference.org/2013/03/01/ipv6-address-normalization/
 		if ($ver == 6) {
-		    my $ipv6 = inet_pton(AF_INET6, lc($cidr));
-		    $cidr = inet_ntop(AF_INET6, $ipv6);
+		    $cidr = lc(Net::IP::ip_compress_address($cidr, 6));
 		    $cidr =~ s|/128$||;
 		} else {
 		    $cidr =~ s|/32$||;