Re: New "IP Version 6 Addressing Architecture" draft

itojun Mon, 24 Jul 2000 05:05:24 -0700

        I think most of the items are replied in reply to Brian.

>>      there's no way for the current API to recognize IPv4 traffic on top
>>      of AF_INET6 socket (appears as IPv4 mapped address), and native
>>      IPv6 traffic with IPv4 mapped address in the header).  at least
>>      we need to provide the functionality.
>Why does there need to be a distinction?  In either case the communication
>is with an IPv4 host.  I don't understand why, from a policy point of view,
>it matters to the target host whether the packet was routed directly
>using IPv4 or translated into IPv6 from IPv4 by a SIIT box.  The initiating
>host is an IPv4 host by virtue of the fact that the address is a IPv4 mapped
>IPv6 address.

        What i'm worrying about is,
        - when we are outside of SIIT cloud and
        - when we got an IPv6 packet with IPv4 mapped address as src/dst.
        This is the third case in the following chart.  Sorry if I was not
        clear enough.

        For the case, I can do nothing but consider the packet as malicious,
        as no specification gives me any interpretation, and the packet
        is indeed usable to inpersonate some IPv4 peer.

        Just to be clear, documents are like below.
        - RFC2373 is silent about this case, RFC2373 only says that
          the IPv4 mapped address indicates IPv4 peer.  in the third case,
          however, this does not really indicate IPv4 peer.
        - RFC2553 is also silent about this case, it talks about how
          real IPv4 peer is presented on AF_INET6 API.
        - SIIT is not the document to look at.

in/out of       IP version/src/dst      what does the           getpeername sees
SIIT cloud      of packet               src represents?
---             ---                     ---                     ---
inside          IPv6, IPv4 mapped       SIIT-translated         IPv4 mapped
                                        IPv4 peer               on AF_INET6

inside          IPv4                    shouldn't happen        can't accept
                                                                it (IPv6 only)

outside         IPv6, IPv4 mapped       inpersonater            IPv4 mapped on
                                        (IMHO)                  AF_INET6

outside         IPv4                    real IPv4 peer          IPv4 mapped
                                                                on AF_INET6
                                                                (2553 behavior)
                                                                or IPv4 on
                                                                AF_INET

itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
Re: New "IP Version 6 Addressing Architecture" draft

Reply via email to
