gotip++; // seen address
if (o[1] != 10) return;
- ident[0] = htonl(session[s].ip);
- ident[1] = 0;
+ if (session[s].ipv6address.s6_addr[0])
+ {
+ // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+ memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+ }
+ else
+ {
+ ident[0] = htonl(session[s].ip);
+ ident[1] = 0;
+ }
if (memcmp(o + 2, ident, sizeof(ident)))
{
return;
// no spoof
- if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
+ if (session[s].ipv6address.s6_addr[0])
+ {
+ if ((sessionbyipv6new(ip) != s) &&
+ (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+ {
+ char str[INET6_ADDRSTRLEN];
+ LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+ inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+ return;
+ }
+ }
+ else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
{
char str[INET6_ADDRSTRLEN];
LOG(5, s, t, "Dropping packet with spoofed IP %s\n",