| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <be7c1d34-038b-a82d-8d0f-ab442f45e104@udel.edu>
Date: Wed, 11 Jan 2017 18:54:43 -0500
From: "Jonathan T. Leighton" <jtleight@...l.edu>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Sowmini Varadhan <sowmini.varadhan@...cle.com>,
netdev@...r.kernel.org, edumazet@...gle.com,
Yuchung Cheng <ycheng@...gle.com>,
Neal Cardwell <ncardwell@...gle.com>
Subject: Re: TCP using IPv4-mapped IPv6 address as source
On 1/11/17 4:47 PM, Eric Dumazet wrote:
> On Wed, 2017-01-11 at 16:26 -0500, Jonathan T. Leighton wrote:
>
>> I'm sure I understand what you're saying here. There should be no flow
>> to terminate.
I think you figured out that I meant "I'm not sure I understand...".
>> rfc2765 describes a way to use IPv4-mapped IPv6 packets on the wire.
I don't agree - I didn't read rfc2765 because it's obsolete, but the
current version does not allow the use of IPv4-mapped IPv6 addresses.
rfc2765 is obsoleted by rfc6145, and that in turn by rfc7915. rfc7915
refers to both rfc6052 and rfc6219 for descriptions of the allowable
mechanisms for translating from IPv4 to IPv6, and the mechanisms in each
of those documents preclude the use of IPv4-mapped IPv6 addresses
(::ffff:0:0/96). There's no conflict with rfc6890 (BCP153), which
explicitly precludes the use of IPv4-mapped IPv6 addresses as a source
(or destination) address.
> What I meant by 'terminating' was that it does not tell if an end system
> (a host) is allowed to natively generate these packets.
>
> Anyway,
> https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-00
>
> (which does not appear to be an RFC), tells us this would be
> dangerous ;)
>
>
>
Powered by blists - more mailing lists