From 4e03beee73c2a2e99095180d79c3a3e931153838 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Wed, 22 Nov 2023 19:02:09 +0300 Subject: [PATCH] Different behaviour of ndproxyconf_exception_ipv6_addresses NA are sent only to addresses listed there. If address if link-local, then only last 64 bits are checked. First 48 bits are checked otherwise. --- ndpacket.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/ndpacket.c b/ndpacket.c index 004c006..9bc362f 100644 --- a/ndpacket.c +++ b/ndpacket.c @@ -343,22 +343,29 @@ int packet(void *packet_arg, struct mbuf **packet_mp, struct ifnet *packet_ifnet struct in6_addr nd_na_target = nd_na->nd_na_target; // do not manage packets relative to exception target addresses - for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++) - if (IN6_ARE_ADDR_EQUAL(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target)) { -#ifdef DEBUG_NDPROXY - printf("NDPROXY INFO: rejecting target\n"); -#endif - m_freem(mreply); - return 0; + int addr_allowed = 0; + for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++) { + if (IN6_IS_ADDR_LINKLOCAL(&nd_na_target) && IN6_IS_ADDR_LINKLOCAL(ndproxy_conf_exception_ipv6_addresses + i)) { + unsigned char *addr1 = (unsigned char *)(ndproxy_conf_exception_ipv6_addresses + i); + unsigned char *addr2 = (unsigned char *)(&nd_na_target); + if (memcmp(addr1+8, addr2+8, 64/8) == 0) { + addr_allowed = 1; + break; + } } else { -#ifdef DEBUG_NDPROXY - printf("NDPROXY INFO: accepting target: "); - printf_ip6addr(ndproxy_conf_exception_ipv6_addresses + i, false); - printf(" - "); - printf_ip6addr(&nd_na_target, false); - printf("\n"); -#endif + if (memcmp(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target, 48/8) == 0) { + addr_allowed = 1; + break; + } } + } + // printf("ndproxy: "); + // printf_ip6addr(&nd_na_target, false); + // printf("\n"); + if (addr_allowed != 1) { + m_freem(mreply); + return 0; + } // proxy to the downlink router: fill in the target link-layer address option with the MAC downlink router address int optlen = sizeof(struct nd_opt_hdr) + ETHER_ADDR_LEN; -- 2.44.0