If it has an IP address in the range that is defined with its subnet mask and that address also exist in that range, then it considers it local.
And the software would here be the network stack, because the software higher up do not consider anything at all.
Maybe a semantic issue? āLocalā should really be āprivateā, I guess, but less non-tech friendly.
Well, yes it does, as we can see in this specific HA case.
The ānetwork stackā will only bother on whether some addresses are to be routed or not.
Yes, it would be much better described as āis privateā. However your analogy to IPv4 isnāt really appropriate for IPv6. They are different protocols with wildly different addressing themes and some concepts cannot be directly transferred from IPv4 to IPv6.
Having said that, if OI were to use a public IPv4 subnet in my home LAN (say 81.82.83.0/24) and I assigned Ha the address 81.82.83.10/24 and my client which talks to HA has an address of 81.82.83/121/24 then yes, I would expect HA to consider that the client is ālocalā (i.e. in the same subnet).
The ultimate point is that it seems that the āis localā option for webhooks is intended to restrict access to only clients that are ālocalā (i.e. in the same subnet as HA) but it doesnāt currently do that correctly for IPv6 (as I have described in detail above).
We can agree that the documentation is wrong.
Factually, āwebhook triggers can only be accessed from devices on the same network as Home Assistantā is not true. It only checks whether the originating IP is private or not.
Iām with Chris J on this one.
Whats going on is the dev who wrote that code misunderstand local context.
Id call it a bug.
It would likely break in my setup too if I tried to go ipv6 native My dhcp issues ULA. Granted MOST people donāt setup valid Ip6 addressing but if you do you should not be penalized.
I see what they say in the code. How they handle it is fundamentally wrong.
+1 on this bug. The principle of address assignment and selection of IPv6 is completely different from IPv4 and the same logic canāt be simply applied to both protocols.
Let me share with you my example:
2001:xxx:xxx:xxx::/60) - consider this as if the ISP assigned me a number of entire public IPv4 subnets (e.g. 1.2.0.0/24 ~ 1.2.15.0/24)2001:xxxx:xxxx:xxx0::/60) - often that would be just 1, but power users could have separate subnets, e.g. for guest network (e.g. 2001:xxxx:xxxx:xxx1::/60, IoT network (2001:xxxx:xxxx:xxx2::/60, etc.Now moving on to how Home Assistant fits into this:
2001:xxxx:xxxx:xxx0::123/128)hass.local) attached too and the home gateway keeps the association betweem the hostname and its IP addresseshass.local it gets a response with both the private IPv4 address (because IPv4 networks canāt afford to assign a public address to every host in the world) and the global (but locally managed and from the subnet owned by the local network) IPv6 address (2001:xxxx:xxxx:xxx0::123/128)2001:xxxx:xxxx:xxx0::34/128))Also note that typically for IPv6 environments, the security aspect is not implied by the addressing system (i.e. public vs private). IPv6 systems (as does my home gateway) typically have firewalls set to deny any incoming connections from uplink ports, regardless of what addresses they come from.