Welcome to the world of tomorrow! Also, didn't we fix this ages ago?! I distinctly remember this coming up before...
On 18 October 2019 20:35:32 CEST, Sebastian Benoit <be...@openbsd.org> wrote: >CVSROOT: /cvs >Module name: src >Changes by: be...@cvs.openbsd.org 2019/10/18 12:35:32 > >Modified files: > sys/netinet6 : nd6_nbr.c > >Log message: >Don't check that the ipv6 source address of a neighbor advertisment is >from a neighbor's address. Sthen@ dug out RFC 4861 4.4 that says that >the source address is "An address assigned to the interface from which >the advertisement is sent." -- which can be from a network that the >receiver does not know about. Indeed my provider sends such a neighbor >advertisment for my default gateway, which breaks my uplink. > >Claudio@ added this check for symetry with NetBSD code when he added >the same check to nd6_ns_input(), where it is needed to fix >CVE-2008-2476. See also OpenBSD 4.2 errata 15. > >ok claudio@, kn@ -- Sent from a mobile device. Please excuse poor formating.