On Tue, May 07, 2013 at 04:48:41PM +0200, Janne Johansson wrote:
> this patch (stupidly) fixes my problem. I don't like my broken setup,
> but this works.
We've determined the RFC doesn't require source addresses in
neighbour solicitations to be sent from a matching prefix.
I don't see any reason why responding to such solicitations is bad.
I agree with removing this check.
> Index: nd6_nbr.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 nd6_nbr.c
> --- nd6_nbr.c 7 Mar 2013 09:03:16 -0000 1.66
> +++ nd6_nbr.c 7 May 2013 11:44:56 -0000
> @@ -132,17 +132,7 @@ nd6_ns_input(struct mbuf *m, int off, in
> "(wrong ip6 dst)\n"));
> goto bad;
> }
> - } else {
> - /*
> - * Make sure the source address is from a neighbor's address.
> - */
> - if (!in6_ifpprefix(ifp, &saddr6)) {
> - nd6log((LOG_INFO, "nd6_ns_input: "
> - "NS packet from non-neighbor\n"));
> - goto bad;
> - }
> }
> -
>
> if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
> nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
