--- src/sys/netinet6/nd6_nbr.c	2008/03/07 11:34:21	1.23
+++ src/sys/netinet6/nd6_nbr.c	2008/10/03 07:59:20	1.24
@@ -149,6 +149,15 @@ nd6_ns_input(struct mbuf *m, int off, in
 				"(wrong ip6 dst)\n"));
 			goto bad;
 		}
+	} else {
+		/*
+		 * Make sure the source address is from a neighbor's address.
+		 */
+		if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
+			nd6log((LOG_INFO, "nd6_ns_input: "
+			    "NS packet from non-neighbor\n"));
+			goto bad;
+		}
 	}
 
 	if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
@@ -532,9 +541,7 @@ nd6_na_input(struct mbuf *m, int off, in
 	struct ifnet *ifp = m->m_pkthdr.rcvif;
 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 	struct nd_neighbor_advert *nd_na;
-#if 0
 	struct in6_addr saddr6 = ip6->ip6_src;
-#endif
 	struct in6_addr daddr6 = ip6->ip6_dst;
 	struct in6_addr taddr6;
 	int flags;
@@ -628,6 +635,15 @@ nd6_na_input(struct mbuf *m, int off, in
 		goto freeit;
 	}
 
+	/*
+	 * Make sure the source address is from a neighbor's address.
+	 */
+	if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
+		nd6log((LOG_INFO, "nd6_na_input: "
+		    "NA packet from non-neighbor\n"));
+		goto bad;
+	}
+
 	if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
 		nd6log((LOG_INFO,
 		    "nd6_na_input: lladdrlen mismatch for %s "