From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Jonathan T. Leighton" <jtleight@udel.edu>,
netdev@vger.kernel.org, edumazet@google.com,
Yuchung Cheng <ycheng@google.com>,
Neal Cardwell <ncardwell@google.com>
Subject: Re: TCP using IPv4-mapped IPv6 address as source
Date: Wed, 11 Jan 2017 15:58:29 -0500 [thread overview]
Message-ID: <20170111205829.GN24086@oracle.com> (raw)
In-Reply-To: <1484167422.15816.1.camel@edumazet-glaptop3.roam.corp.google.com>
On (01/11/17 12:43), Eric Dumazet wrote:
>
> On Wed, 2017-01-11 at 14:59 -0500, Sowmini Varadhan wrote:
>
> > I think the RFC states somewhere that you should never ever
> > send out a v4 mapped address on the wire.
>
> Can you point the exact RFC ?
>
> https://tools.ietf.org/html/rfc2765 seems to allow just that.
I have not read the details of 2765, but from a cursory look,
it talks about "IPv4-translatable addresses", not v4-mapped
addrs, and says,
"The address translation mechanisms for the stateless and the stateful
translations are defined in [RFC6052]"
It's also not clear to me that 2765 warrants the use of these
as ip6 src, or ip6 dst, or the target(s) of NS/NA.
https://www.rfc-editor.org/rfc/rfc4038.txt refers to security
considerations about sending v4-mapped addrs on the wire
Looks like these security considerations are discussed in
https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
In general, I think BSD and Solaris (and probably most
router implementations, esp the BSD-based ones) will not allow
v4 mapped addresses as src or dst of ip6 packets.
> Jonathan issue is about terminating such flows in TCP stack, which is
> likely not needed/useful.
sure. but if you configure the v4 mapped address as
a src addr "everything should be fine!"
--Sowmini
next prev parent reply other threads:[~2017-01-11 20:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 21:25 TCP using IPv4-mapped IPv6 address as source Jonathan T. Leighton
2017-01-11 16:20 ` Eric Dumazet
2017-01-11 17:34 ` Jonathan T. Leighton
2017-01-11 18:31 ` Eric Dumazet
2017-01-11 19:48 ` Jonathan T. Leighton
2017-01-11 19:59 ` Sowmini Varadhan
2017-01-11 20:43 ` Eric Dumazet
2017-01-11 20:58 ` Sowmini Varadhan [this message]
2017-01-11 21:26 ` Jonathan T. Leighton
2017-01-11 21:47 ` Eric Dumazet
2017-01-11 23:54 ` Jonathan T. Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170111205829.GN24086@oracle.com \
--to=sowmini.varadhan@oracle.com \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=jtleight@udel.edu \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.