rpf feature added

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@273 e88ac4ed-0b26-0410-9574-a7f39faa03bf

2 files changed, 8 insertions, 0 deletions

diff --git a/radsecproxy.c b/radsecproxy.c
index a503439..37a4ff6 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1931,6 +1931,12 @@ void radsrv(struct request *rq) {
 	goto exit;
     }
     
+    if (options.rpf && !strcmp(rq->from->conf->name, to->conf->name)) {
+	debug(DBG_INFO, "radsrv: RPF failed, not forwarding request from client %s to server %s, discarding",
+	      rq->from->conf->name, to->conf->name);
+	goto exit;
+    }
+
     if (rqinqueue(to, rq->from, id, code)) {
 	debug(DBG_INFO, "radsrv: already got %s from host %s with id %d, ignoring",
 	      radmsgtype2string(code), rq->from->conf->host, id);
@@ -3480,6 +3486,7 @@ void getmainconfig(const char *configfile) {
 			  "SourceTCP", CONF_STR, &options.sourcetcp,
 			  "LogLevel", CONF_STR, &loglevel,
 			  "LogDestination", CONF_STR, &options.logdestination,
+			  "RPFCheck", CONF_BLN, &options.rpf,
 			  "Client", CONF_CBK, confclient_cb, NULL,
 			  "Server", CONF_CBK, confserver_cb, NULL,
 			  "Realm", CONF_CBK, confrealm_cb, NULL,
diff --git a/radsecproxy.h b/radsecproxy.h
index ca114c8..d835125 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -46,6 +46,7 @@ struct options {
     char *sourcetcp;
     char *logdestination;
     uint8_t loglevel;
+    uint8_t rpf;
 };
 
 /* requests that our client will send */