git: 609fa228bae6 - main - pft_ping: improve IPv6 address comparison
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Nov 2024 18:03:00 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=609fa228bae6d864558f5167d4a964aab2a5fc88 commit 609fa228bae6d864558f5167d4a964aab2a5fc88 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-10-28 13:54:50 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-11-06 18:02:04 +0000 pft_ping: improve IPv6 address comparison Don't use string comparisons, use socket.inet_pton() instead. This avoids confusion when there are different ways to spell the same IP addres. e.g. 64:ff9b::c000:202 and 64:ff9b::192.0.2.2 are two representations of the same address. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/common/pft_ping.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py index 0d1134a22dda..a2a1d9c7f4ec 100644 --- a/tests/sys/netpfil/common/pft_ping.py +++ b/tests/sys/netpfil/common/pft_ping.py @@ -33,6 +33,7 @@ logging.getLogger("scapy").setLevel(logging.CRITICAL) import math import scapy.all as sp import sys +import socket from copy import copy from sniffer import Sniffer @@ -227,10 +228,12 @@ def check_ipv6(expect_params, packet): if not ip6: LOGGER.debug('Packet is not IPv6!') return False - if src_address and ip6.src != src_address: + if src_address and socket.inet_pton(socket.AF_INET6, ip6.src) != \ + socket.inet_pton(socket.AF_INET6, src_address): LOGGER.debug(f'Wrong IPv6 source {ip6.src}, expected {src_address}') return False - if dst_address and ip6.dst != dst_address: + if dst_address and socket.inet_pton(socket.AF_INET6, ip6.dst) != \ + socket.inet_pton(socket.AF_INET6, dst_address): LOGGER.debug(f'Wrong IPv6 destination {ip6.dst}, expected {dst_address}') return False # IPv6 has no IP-level checksum.