From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Jonathan T. Leighton" <jtleight@udel.edu>,
netdev@vger.kernel.org, edumazet@google.com,
Yuchung Cheng <ycheng@google.com>,
Neal Cardwell <ncardwell@google.com>
Subject: Re: TCP using IPv4-mapped IPv6 address as source
Date: Wed, 11 Jan 2017 15:58:29 -0500 [thread overview]
Message-ID: <20170111205829.GN24086@oracle.com> (raw)
In-Reply-To: <1484167422.15816.1.camel@edumazet-glaptop3.roam.corp.google.com>
On (01/11/17 12:43), Eric Dumazet wrote:
>
> On Wed, 2017-01-11 at 14:59 -0500, Sowmini Varadhan wrote:
>
> > I think the RFC states somewhere that you should never ever
> > send out a v4 mapped address on the wire.
>
> Can you point the exact RFC ?
>
> https://tools.ietf.org/html/rfc2765 seems to allow just that.
I have not read the details of 2765, but from a cursory look,
it talks about "IPv4-translatable addresses", not v4-mapped
addrs, and says,
"The address translation mechanisms for the stateless and the stateful
translations are defined in [RFC6052]"
It's also not clear to me that 2765 warrants the use of these
as ip6 src, or ip6 dst, or the target(s) of NS/NA.
https://www.rfc-editor.org/rfc/rfc4038.txt refers to security
considerations about sending v4-mapped addrs on the wire
Looks like these security considerations are discussed in
https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
In general, I think BSD and Solaris (and probably most
router implementations, esp the BSD-based ones) will not allow
v4 mapped addresses as src or dst of ip6 packets.
> Jonathan issue is about terminating such flows in TCP stack, which is
> likely not needed/useful.
sure. but if you configure the v4 mapped address as
a src addr "everything should be fine!"
--Sowmini
next prev parent reply other threads:[~2017-01-11 20:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 21:25 TCP using IPv4-mapped IPv6 address as source Jonathan T. Leighton
2017-01-11 16:20 ` Eric Dumazet
2017-01-11 17:34 ` Jonathan T. Leighton
2017-01-11 18:31 ` Eric Dumazet
2017-01-11 19:48 ` Jonathan T. Leighton
2017-01-11 19:59 ` Sowmini Varadhan
2017-01-11 20:43 ` Eric Dumazet
2017-01-11 20:58 ` Sowmini Varadhan [this message]
2017-01-11 21:26 ` Jonathan T. Leighton
2017-01-11 21:47 ` Eric Dumazet
2017-01-11 23:54 ` Jonathan T. Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170111205829.GN24086@oracle.com \
--to=sowmini.varadhan@oracle.com \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=jtleight@udel.edu \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).