On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote: > Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? > E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch >
Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl flag mentioned at http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc could be used for the odd cases where it's needed? Regards, Patrik Lundin
