From f7a8c7ebcd7d55f679d26f5e3ce4fd06692fbff2 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 17 Oct 2012 05:42:09 +0100
Subject: [PATCH] policy.c: Implement IPv6 matching in match_addrpat.

Missing piece.  Whoops.
---
 policy.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/policy.c b/policy.c
index 83db0a8..398cd23 100644
--- a/policy.c
+++ b/policy.c
@@ -116,8 +116,16 @@ static int match_addrpat(int af, const struct addrpat *ap,
       unsigned mask = htonl((MASK32 << (32 - ap->len)) & MASK32);
       return (((ap->addr.ipv4.s_addr ^ a->ipv4.s_addr) & mask) == 0);
     }
-    case AF_INET6:
-      abort();
+    case AF_INET6: {
+      unsigned i, m, n = ap->len;
+      for (i = 0; n >= 8; i++, n -= 8) {
+	if (ap->addr.ipv6.s6_addr[i] != a->ipv6.s6_addr[i])
+	  return (0);
+      }
+      if (!n) return (1);
+      m = (MASK8 << (8 - n)) & MASK8;
+      return (((ap->addr.ipv6.s6_addr[i] ^ a->ipv6.s6_addr[i]) & m) == 0);
+    }
   }
   return (0);
 }
-- 
2.11.0