struct in6_addr nd_na_target = nd_na->nd_na_target;
// do not manage packets relative to exception target addresses
- for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++)
- if (IN6_ARE_ADDR_EQUAL(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target)) {
-#ifdef DEBUG_NDPROXY
- printf("NDPROXY INFO: rejecting target\n");
-#endif
- m_freem(mreply);
- return 0;
+ int addr_allowed = 0;
+ for (i = 0; i < ndproxy_conf_exception_ipv6_naddresses; i++) {
+ if (IN6_IS_ADDR_LINKLOCAL(&nd_na_target) && IN6_IS_ADDR_LINKLOCAL(ndproxy_conf_exception_ipv6_addresses + i)) {
+ unsigned char *addr1 = (unsigned char *)(ndproxy_conf_exception_ipv6_addresses + i);
+ unsigned char *addr2 = (unsigned char *)(&nd_na_target);
+ if (memcmp(addr1+8, addr2+8, 64/8) == 0) {
+ addr_allowed = 1;
+ break;
+ }
} else {
-#ifdef DEBUG_NDPROXY
- printf("NDPROXY INFO: accepting target: ");
- printf_ip6addr(ndproxy_conf_exception_ipv6_addresses + i, false);
- printf(" - ");
- printf_ip6addr(&nd_na_target, false);
- printf("\n");
-#endif
+ if (memcmp(ndproxy_conf_exception_ipv6_addresses + i, &nd_na_target, 48/8) == 0) {
+ addr_allowed = 1;
+ break;
+ }
}
+ }
+ // printf("ndproxy: ");
+ // printf_ip6addr(&nd_na_target, false);
+ // printf("\n");
+ if (addr_allowed != 1) {
+ m_freem(mreply);
+ return 0;
+ }
// proxy to the downlink router: fill in the target link-layer address option with the MAC downlink router address
int optlen = sizeof(struct nd_opt_hdr) + ETHER_ADDR_LEN;