Re: New "IP Version 6 Addressing Architecture" draft

Mauro Tortonesi Tue, 25 Jul 2000 09:11:32 -0700
On Mon, 24 Jul 2000, Jim Bound wrote:

> >you are absolutely right. my concern was about api issues. a modification
> >in the behaviour of af_inet6 passive socket, so that they are not allowed
> >to accept connections from af_inet sockets, would have imho nightmarish
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

sorry, my english is poor - let me explain better. suppose we have an ipv6
passive socket waiting for an incoming connection. it must be able to
recognise requests from ipv4 nodes and present them to the "accept" 
syscall as af_inet6 socket with an ipv4-mapped address.
imho this behaviour, which is specified in rfc2553, should not be modified.

> An af_inet6 socket should not accept a connection for an af_inet socket.  

you are right. they should open another af_inet socket and fall back to
an ipv4 connection. however, rfc2553 does not even suggest this behaviour.
quoting from draft-ietf-ipngwg-rfc2553bis-00.txt, section 3.7:

- Applications may use PF_INET6 sockets to open TCP connections to IPv4
- nodes, or send UDP packets to IPv4 nodes, by simply encoding the
- destination's IPv4 address as an IPv4-mapped IPv6 address, and passing
- that address, within a sockaddr_in6 structure, in the connect() or
- sendto() call.  When applications use PF_INET6 sockets to accept TCP
- connections from IPv4 nodes, or receive UDP packets from IPv4 nodes, the
- system returns the peer's address to the application in the accept(),
- recvfrom(), or getpeername() call using a sockaddr_in6 structure encoded
- this way. 
-
- Few applications will likely need to know which type of node they are
- interoperating with.  However, for those applications that do need to
- know, the IN6_IS_ADDR_V4MAPPED() macro, defined in Section 6.7, is
- provided.

let me understand, when an af_inet6 socket opens a connection with 
another af_inet6 socket with ipv4-mapped address, the communication
established is in ipv4, isn't it? so ipv4-mapped addresses are not only
used for node representation (as they are returned from getaddrinfo and
getipnodebyname), but also to establish a connection to an ipv4 host.

so the only protocol that requires ipv4-mapped addresses "on the wire"
is SIIT. if SIIT is not used, then the kernel can reject all connection
from outside with an ipv4-mapped address, for security issues - like
itojun has explained us very well.

by the way, can you point me to a rfc which explains the difference
between a hybrid stack and a dual stack? i have not read them all - maybe
i have missed an important one.

-- 
Aequam memento rebus in arduis servare mentem...

Mauro Tortonesi                 [EMAIL PROTECTED]
Ferrara Linux User Group        http://www.ferrara.linux.it
Project6 - IPv6 for Linux       http://project6.ferrara.linux.it



--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
Re: New "IP Version 6 Addressing Architecture" draft

Reply via email to
