rpf feature added

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@273 e88ac4ed-0b26-0410-9574-a7f39faa03bf

diff --git a/radsecproxy.c b/radsecproxy.c
index a503439..37a4ff6 100644 (file)
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1931,6 +1931,12 @@ void radsrv(struct request *rq) {
        goto exit;
     }
     
+    if (options.rpf && !strcmp(rq->from->conf->name, to->conf->name)) {
+       debug(DBG_INFO, "radsrv: RPF failed, not forwarding request from client %s to server %s, discarding",
+             rq->from->conf->name, to->conf->name);
+       goto exit;
+    }
+
     if (rqinqueue(to, rq->from, id, code)) {
        debug(DBG_INFO, "radsrv: already got %s from host %s with id %d, ignoring",
              radmsgtype2string(code), rq->from->conf->host, id);
@@ -3480,6 +3486,7 @@ void getmainconfig(const char *configfile) {
                          "SourceTCP", CONF_STR, &options.sourcetcp,
                          "LogLevel", CONF_STR, &loglevel,
                          "LogDestination", CONF_STR, &options.logdestination,
+                         "RPFCheck", CONF_BLN, &options.rpf,
                          "Client", CONF_CBK, confclient_cb, NULL,
                          "Server", CONF_CBK, confserver_cb, NULL,
                          "Realm", CONF_CBK, confrealm_cb, NULL,

diff --git a/radsecproxy.h b/radsecproxy.h
index ca114c8..d835125 100644 (file)
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -46,6 +46,7 @@ struct options {
     char *sourcetcp;
     char *logdestination;
     uint8_t loglevel;
+    uint8_t rpf;
 };
 
 /* requests that our client will send */