On Wednesday, April 24, 2013 06:27:19 PM Simon Perreault wrote: > Le 2013-04-24 18:09, Philipp Kern a écrit : > > Simon, > > > > am Wed, Apr 24, 2013 at 05:15:37PM +0200 hast du folgendes geschrieben: > >> I guess I just don't understand where those IPv4-mapped IPv6 > >> addresses that the SPF process needs to check are coming from. An > >> example would be very helpful. > > > > on Linux, if you set bindv6only to 0 and set up a socket listening on > > AF_INET6 you are able to receive IPv4 connections to that IPv6 socket. The > > source IPs will be mapped into IPv4-mapped IPv6 space. This means that you > > only need to setup one socket instead of one for v4 and one for v6. > > I know what an IPv4-mapped IPv6 address is. > > In that case, you should convert IPv4-mapped IPv6 addresses to IPv4 > addresses before feeding them to the SPF checker. Just like with any > other protocol. > > >> Yeah, this is bad. Variants arise in many situations. Usually it is > >> solved by treating IPv6 addresses as opaque and not giving any > >> special meaning to the IPv4-mapped prefix. > > > > As above that does not help. If your SPF process is operating in the > > setup above, IPv4-mapped IPv6 space needs to be treated with the IPv4 > > ruleset. > > The SPF process should never see IPv4-mapped IPv6 addresses since the > underlying layer needs to convert them to IPv4 addresses. There is > nothing specific to the SPF protocol here.
So from your perspective, we could remove that guidance and replace it with something along the lines of: Check_host() [that's our generic SPF validation function name we use in the document] should never see IPv4-mapped IPv6 addresses. The underlying layer needs to convert them to IPv4 addresses. Is that about right? Phil? Scott K -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
