git: 609fa228bae6 - main - pft_ping: improve IPv6 address comparison

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 06 Nov 2024 18:03:00 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=609fa228bae6d864558f5167d4a964aab2a5fc88

commit 609fa228bae6d864558f5167d4a964aab2a5fc88
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-10-28 13:54:50 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-11-06 18:02:04 +0000

    pft_ping: improve IPv6 address comparison
    
    Don't use string comparisons, use socket.inet_pton() instead. This avoids
    confusion when there are different ways to spell the same IP addres.
    e.g. 64:ff9b::c000:202 and 64:ff9b::192.0.2.2 are two representations of the same
    address.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/common/pft_ping.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index 0d1134a22dda..a2a1d9c7f4ec 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -33,6 +33,7 @@ logging.getLogger("scapy").setLevel(logging.CRITICAL)
 import math
 import scapy.all as sp
 import sys
+import socket
 
 from copy import copy
 from sniffer import Sniffer
@@ -227,10 +228,12 @@ def check_ipv6(expect_params, packet):
     if not ip6:
         LOGGER.debug('Packet is not IPv6!')
         return False
-    if src_address and ip6.src != src_address:
+    if src_address and socket.inet_pton(socket.AF_INET6, ip6.src) != \
+      socket.inet_pton(socket.AF_INET6, src_address):
         LOGGER.debug(f'Wrong IPv6 source {ip6.src}, expected {src_address}')
         return False
-    if dst_address and ip6.dst != dst_address:
+    if dst_address and socket.inet_pton(socket.AF_INET6, ip6.dst) != \
+      socket.inet_pton(socket.AF_INET6, dst_address):
         LOGGER.debug(f'Wrong IPv6 destination {ip6.dst}, expected {dst_address}')
         return False
     # IPv6 has no IP-level checksum.