diff options
| -rw-r--r-- | radsecproxy.c | 7 | ||||
| -rw-r--r-- | radsecproxy.h | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index a503439..37a4ff6 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1931,6 +1931,12 @@ void radsrv(struct request *rq) { goto exit; } + if (options.rpf && !strcmp(rq->from->conf->name, to->conf->name)) { + debug(DBG_INFO, "radsrv: RPF failed, not forwarding request from client %s to server %s, discarding", + rq->from->conf->name, to->conf->name); + goto exit; + } + if (rqinqueue(to, rq->from, id, code)) { debug(DBG_INFO, "radsrv: already got %s from host %s with id %d, ignoring", radmsgtype2string(code), rq->from->conf->host, id); @@ -3480,6 +3486,7 @@ void getmainconfig(const char *configfile) { "SourceTCP", CONF_STR, &options.sourcetcp, "LogLevel", CONF_STR, &loglevel, "LogDestination", CONF_STR, &options.logdestination, + "RPFCheck", CONF_BLN, &options.rpf, "Client", CONF_CBK, confclient_cb, NULL, "Server", CONF_CBK, confserver_cb, NULL, "Realm", CONF_CBK, confrealm_cb, NULL, diff --git a/radsecproxy.h b/radsecproxy.h index ca114c8..d835125 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -46,6 +46,7 @@ struct options { char *sourcetcp; char *logdestination; uint8_t loglevel; + uint8_t rpf; }; /* requests that our client will send */ |