From 609fa228bae6d864558f5167d4a964aab2a5fc88 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Mon, 28 Oct 2024 14:54:50 +0100
Subject: [PATCH] pft_ping: improve IPv6 address comparison

Don't use string comparisons, use socket.inet_pton() instead. This avoids
confusion when there are different ways to spell the same IP addres.
e.g. 64:ff9b::c000:202 and 64:ff9b::192.0.2.2 are two representations of the same
address.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/common/pft_ping.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index 0d1134a22dd..a2a1d9c7f4e 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -33,6 +33,7 @@ logging.getLogger("scapy").setLevel(logging.CRITICAL)
 import math
 import scapy.all as sp
 import sys
+import socket
 
 from copy import copy
 from sniffer import Sniffer
@@ -227,10 +228,12 @@ def check_ipv6(expect_params, packet):
     if not ip6:
         LOGGER.debug('Packet is not IPv6!')
         return False
-    if src_address and ip6.src != src_address:
+    if src_address and socket.inet_pton(socket.AF_INET6, ip6.src) != \
+      socket.inet_pton(socket.AF_INET6, src_address):
         LOGGER.debug(f'Wrong IPv6 source {ip6.src}, expected {src_address}')
         return False
-    if dst_address and ip6.dst != dst_address:
+    if dst_address and socket.inet_pton(socket.AF_INET6, ip6.dst) != \
+      socket.inet_pton(socket.AF_INET6, dst_address):
         LOGGER.debug(f'Wrong IPv6 destination {ip6.dst}, expected {dst_address}')
         return False
     # IPv6 has no IP-level checksum.