Le 2013-04-24 18:09, Philipp Kern a écrit :
Simon,
am Wed, Apr 24, 2013 at 05:15:37PM +0200 hast du folgendes geschrieben:
I guess I just don't understand where those IPv4-mapped IPv6
addresses that the SPF process needs to check are coming from. An
example would be very helpful.
on Linux, if you set bindv6only to 0 and set up a socket listening on
AF_INET6 you are able to receive IPv4 connections to that IPv6 socket. The
source IPs will be mapped into IPv4-mapped IPv6 space. This means that you
only need to setup one socket instead of one for v4 and one for v6.
I know what an IPv4-mapped IPv6 address is.
In that case, you should convert IPv4-mapped IPv6 addresses to IPv4
addresses before feeding them to the SPF checker. Just like with any
other protocol.
Yeah, this is bad. Variants arise in many situations. Usually it is
solved by treating IPv6 addresses as opaque and not giving any
special meaning to the IPv4-mapped prefix.
As above that does not help. If your SPF process is operating in the
setup above, IPv4-mapped IPv6 space needs to be treated with the IPv4
ruleset.
The SPF process should never see IPv4-mapped IPv6 addresses since the
underlying layer needs to convert them to IPv4 addresses. There is
nothing specific to the SPF protocol here.
Simon
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
