From 578b05604bf3685677d5a23466716ed90564920e Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 7 Nov 2022 13:50:45 -0500
Subject: [PATCH] Reject fe80:: as always not same

For our purposes, this same-subnet check doesn't
apply to link-local
---
 confluent_server/confluent/netutil.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/confluent_server/confluent/netutil.py b/confluent_server/confluent/netutil.py
index 2b6cfa23..e38d2a00 100644
--- a/confluent_server/confluent/netutil.py
+++ b/confluent_server/confluent/netutil.py
@@ -66,6 +66,8 @@ def ip_on_same_subnet(first, second, prefix):
         second = second.replace('::ffff:', '')
     addrinf = socket.getaddrinfo(first, None, 0, socket.SOCK_STREAM)[0]
     fam = addrinf[0]
+    if '%' in addrinf[-1][0]:
+        return False
     ip = socket.inet_pton(fam, addrinf[-1][0])
     ip = int(codecs.encode(bytes(ip), 'hex'), 16)
     addrinf = socket.getaddrinfo(second, None, 0, socket.SOCK_STREAM)[0]