From ce539f49751033b1904735e45c097119e88f2444 Mon Sep 17 00:00:00 2001
From: mlaier <mlaier@FreeBSD.org>
Date: Mon, 7 Aug 2006 19:32:57 +0000
Subject: [PATCH] Belatedly MFC ipfw2.c, 1.88:   For src/dest parsing take off
 the netmask before checking for AF with   inet_pton.  This fixes cases like
 "fe02::/16".

  PR:		bin/91245
  Reported by:	Fredrik Lindberge

Reminded by:	oleg
---
 sbin/ipfw/ipfw2.c | 46 +++++++++++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 15 deletions(-)

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index cd6faaee1e3b..20cf3141598f 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -3781,36 +3781,52 @@ static ipfw_insn *
 add_src(ipfw_insn *cmd, char *av, u_char proto)
 {
 	struct in6_addr a;
+	char *host, *ch;
+	ipfw_insn *ret = NULL;
+
+	if ((host = strdup(av)) == NULL)
+		return NULL;
+	if ((ch = strrchr(host, '/')) != NULL)
+		*ch = '\0';
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
-		return add_srcip6(cmd, av);
+	    inet_pton(AF_INET6, host, &a))
+		ret = add_srcip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
-	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
-	    !inet_pton(AF_INET6, av, &a))
-		return add_srcip(cmd, av);
-	if (strcmp(av, "any") != 0)
-		return cmd;
+	if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
+	    !inet_pton(AF_INET6, host, &a))
+		ret = add_srcip(cmd, av);
+	if ((ret == NULL) && strcmp(av, "any") != 0)
+		ret = cmd;
 
-	return NULL;
+	free(host);
+	return ret;
 }
 
 static ipfw_insn *
 add_dst(ipfw_insn *cmd, char *av, u_char proto)
 {
 	struct in6_addr a;
+	char *host, *ch;
+	ipfw_insn *ret = NULL;
+
+	if ((host = strdup(av)) == NULL)
+		return NULL;
+	if ((ch = strrchr(host, '/')) != NULL)
+		*ch = '\0';
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
-		return add_dstip6(cmd, av);
+	    inet_pton(AF_INET6, host, &a))
+		ret = add_dstip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
-	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
+	if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    !inet_pton(AF_INET6, av, &a))
-		return add_dstip(cmd, av);
-	if (strcmp(av, "any") != 0)
-		return cmd;
+		ret = add_dstip(cmd, av);
+	if ((ret == NULL) && strcmp(av, "any") != 0)
+		ret = cmd;
 
-	return NULL;
+	free(host);
+	return ret;
 }
 
 /*