Right. This is not a clean solution, but the only one that came to my mind, as
it does not disable the check completely.
If desired, an option for disabling the check completely could be an addition.
> Not that I have a better suggestion than yours, but I don't like
> "whitelisting" at the ip le
> Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl
> flag mentioned at
> http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc
> could be used for the odd cases where it's needed?
This is an all-or-nothing approach. What about the option to provide the
"known-goo
Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago?
E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
Am 07.05.2013 um 18:26 schrieb Stefan Sperling :
> On Tue, May 07, 2013 at 04:48:41PM +0200, Janne Johansson wrote:
>> this patch (stupidly) fixes
3 matches
Mail list logo