ndpacket.c | 35 +++++++++++++++++++++--------------

diff --git a/ndpacket.c b/ndpacket.c
index 004c0062e3ce2dc93007791e54cb1761ff9d4fec..9bc362f243b3a092292bdec797bdb13a08132d02 100644
--- a/ndpacket.c
+++ b/ndpacket.c
@@ -343,22 +343,29 @@   nd_na->nd_na_target = nd_ns->nd_ns_target;
   struct in6_addr nd_na_target = nd_na->nd_na_target;
 
   // do not manage packets relative to exception target addresses
-  for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++)
-    if (IN6_ARE_ADDR_EQUAL(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target)) {
-#ifdef DEBUG_NDPROXY
-      printf("NDPROXY INFO: rejecting target\n");
-#endif
-      m_freem(mreply);
-      return 0;
+  int addr_allowed = 0;
+  for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++) {
+    if (IN6_IS_ADDR_LINKLOCAL(&nd_na_target) && IN6_IS_ADDR_LINKLOCAL(ndproxy_conf_exception_ipv6_addresses + i)) {
+      unsigned char *addr1 = (unsigned char *)(ndproxy_conf_exception_ipv6_addresses + i);
+      unsigned char *addr2 = (unsigned char *)(&nd_na_target);
+      if (memcmp(addr1+8, addr2+8, 64/8) == 0) {
+        addr_allowed = 1;
+        break;
+      }
     } else {
-#ifdef DEBUG_NDPROXY
-      printf("NDPROXY INFO: accepting target: ");
-      printf_ip6addr(ndproxy_conf_exception_ipv6_addresses + i, false);
-      printf(" - ");
-      printf_ip6addr(&nd_na_target, false);
-      printf("\n");
-#endif
+      if (memcmp(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target, 48/8) == 0) {
+        addr_allowed = 1;
+        break;
+      }
     }
+  }
+  // printf("ndproxy: ");
+  // printf_ip6addr(&nd_na_target, false);
+  // printf("\n");
+  if (addr_allowed != 1) {
+    m_freem(mreply);
+    return 0;
+  }
 
   // proxy to the downlink router: fill in the target link-layer address option with the MAC downlink router address
   int optlen = sizeof(struct nd_opt_hdr) + ETHER_ADDR_LEN;