tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blacklistd and IPv6 mapped IPv4 addresses



On Fri, Jan 22, 2016 at 06:59:19PM -0500, Mouse wrote:
> > I noticed that some servers (proftpd) report their IPv4 connections
> > as IPv6 mapped addresses: ::ffff:x.y.z.w.  Adding these addresses to
> > npf, works just fine (after I fixed the parser), but the packet
> > filter does not block connections from them because the rule does not
> > match.
> 
> Does proftpd actually use an AF_INET6 socket with the v4mapped address,
> or is it using AF_INET sockets and just printing them that way?
> 
> My own take on the POLS here is that a v4 filter entry should stop any
> matching v4 packets; a v4mapped v6 filter entry should stop any attempt
> to receive matching traffic on a v4mapped v6 socket but should not
> interfere with a native v4 socket.  (I think v4mapped v6 is supposed to
> never appear on the wire, right?  If it does appear on the wire, IMO
> the v6 filter should block it completely but the v4 filter should block
> it only for v4 sockets.)

A host on a v6 only network might put v4mapped addresses on the
wire when talking to remote v4 systems via some kinds of gateways.

It might be interesting to let a v4 sockets process a v6 socket address
buffer provided that it contains a v4mappped address.

	David

-- 
David Laight: david%l8s.co.uk@localhost


Home | Main Index | Thread Index | Old Index