Sending IPv6_ra more often.
[l2tpns.git] / ppp.c
diff --git a/ppp.c b/ppp.c
index 3a045ce..87ec0e8 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1103,6 +1103,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                if (config->debug > 3) dumplcp(q, l);
 
                tunnelsend(b, l + (q - b), t); // send it
+
+               if (session[s].ppp.phase == Network && session[s].ppp.ipv6cp == Opened)
+                       send_ipv6_ra(s, t, NULL); // send a RA
        }
        else if (*p == EchoReply)
        {
@@ -1479,11 +1482,14 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 static void ipv6cp_open(sessionidt s, tunnelidt t)
 {
+       int i;
        LOG(3, s, t, "IPV6CP: Opened\n");
 
        change_state(s, ipv6cp, Opened);
-       if (session[s].ipv6prefixlen)
-               route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+       for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
+       {
+               route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
+       }
 
        if (session[s].ipv6address.s6_addr[0])
        {
@@ -1577,8 +1583,16 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                                gotip++; // seen address
                                if (o[1] != 10) return;
 
-                               ident[0] = htonl(session[s].ip);
-                               ident[1] = 0;
+                               if (session[s].ipv6address.s6_addr[0])
+                               {
+                                       // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+                                       memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+                               }
+                               else
+                               {
+                                       ident[0] = htonl(session[s].ip);
+                                       ident[1] = 0;
+                               }
 
                                if (memcmp(o + 2, ident, sizeof(ident)))
                                {
@@ -2251,7 +2265,18 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                return;
 
        // no spoof
-       if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
+       if (session[s].ipv6address.s6_addr[0])
+       {
+               if ((sessionbyipv6new(ip) != s) &&
+                       (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+               {
+                       char str[INET6_ADDRSTRLEN];
+                       LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+                                       inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+                       return;
+               }
+       }
+       else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
        {
                char str[INET6_ADDRSTRLEN];
                LOG(5, s, t, "Dropping packet with spoofed IP %s\n",