From bf209a800911656d819d7e06b338c3ef3dc93ad6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 24 Jul 2025 16:20:12 -0400 Subject: [PATCH] Explicitly recognize fe80::/64 as 'local' For various reasons, it is likely/expected for fe80:: to fail the 'local' check. This is fine in most contexts, except for credserver and ssdp. ssdp already special cased fe80::, so special case fe80:: in credserver as well. --- confluent_server/confluent/credserver.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py index 390179f8..89fe4ff2 100644 --- a/confluent_server/confluent/credserver.py +++ b/confluent_server/confluent/credserver.py @@ -43,6 +43,8 @@ libc = ctypes.CDLL(ctypes.util.find_library('c')) def address_is_somewhat_trusted(address, nodename, cfm): + if netutil.ip_on_same_subnet(address.split('%')[0], 'fe80::', 64): + return True if netutil.address_is_local(address): return True authnets = cfm.get_node_attributes(nodename, 'trusted.subnets')