>> No, SIIT doesn't require user-level programs to receive IPv4 packets on
>> AF_INET6 socekts. It only requires that IPv6 packets (with v4-mapped
>> addresses) are received on AF_INET6 sockets. Machines living on the v6 side
>> of the translator only need to speak v6!
>Yes, SIIT is for IPv6 node that is not IPv4 capable.
>And you can drop packet that have encapsulated ipv4 source
>address belongs to local subnet (a.b.c.d/n) from outside:
> subnet +----------+ outside (IPv6, IPv4)
>---------------| SIIT Box |----------------------
> (a.b.c.d/n) +----------+
>And, leaf nodes should drops packets from ::ffff:127.0.0.0/104 from subnet
>as we want to drop 127.0.0.0/8 on ipv4 nodes:
>+-----------+ subnet
>| ipv6 node |---------------------------------
>+-----------+ (IPv6 capable, don't care IPv4)
though this is not the original issue I raised...
do you require all the nodes in SIIT cloud to be IPv6-only?
(meaning that no IPv4 support in the kernel, not just "no IPv4
configuration") I think that SIIT RFC is vague about what "IPv6-only"
means.
if SIIT asks all the nodes in the SIIT cloud to remove IPv4 support
from the kernel, that is way far from reality. For most of
the operating systems I look into, we cannot remove IPv4 support in
the kernel.
>Itojun, issues/examples you raised are not problems
>(at RFC2553 or addressing-architecture level).
>You should raise new examples again to convince us.
okay guys, i still believe this is very serious issue, but you still
do not agree with me. I drop comment about the address architecture,
for now.
i need to convince you with real example. i'll need to come up with
test program that transmits malicious packet, and talk with CERT/
bugtraq guys if necessary...
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------