Re: blacklistd and IPv6 mapped IPv4 addresses

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: blacklistd and IPv6 mapped IPv4 addresses
From: David Laight <david%l8s.co.uk@localhost>
Date: Wed, 17 Feb 2016 19:46:00 +0000

On Fri, Jan 22, 2016 at 06:59:19PM -0500, Mouse wrote:
> > I noticed that some servers (proftpd) report their IPv4 connections
> > as IPv6 mapped addresses: ::ffff:x.y.z.w.  Adding these addresses to
> > npf, works just fine (after I fixed the parser), but the packet
> > filter does not block connections from them because the rule does not
> > match.
> 
> Does proftpd actually use an AF_INET6 socket with the v4mapped address,
> or is it using AF_INET sockets and just printing them that way?
> 
> My own take on the POLS here is that a v4 filter entry should stop any
> matching v4 packets; a v4mapped v6 filter entry should stop any attempt
> to receive matching traffic on a v4mapped v6 socket but should not
> interfere with a native v4 socket.  (I think v4mapped v6 is supposed to
> never appear on the wire, right?  If it does appear on the wire, IMO
> the v6 filter should block it completely but the v4 filter should block
> it only for v4 sockets.)

A host on a v6 only network might put v4mapped addresses on the
wire when talking to remote v4 systems via some kinds of gateways.

It might be interesting to let a v4 sockets process a v6 socket address
buffer provided that it contains a v4mappped address.

	David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: blacklistd and IPv6 mapped IPv4 addresses
  - From: Gert Doering

References:
- blacklistd and IPv6 mapped IPv4 addresses
  - From: Christos Zoulas
- Re: blacklistd and IPv6 mapped IPv4 addresses
  - From: Mouse

Prev by Date: Re: npf and ephemeral interfaces (tun0)
Next by Date: Re: npf and ephemeral interfaces (tun0)
Previous by Thread: Re: blacklistd and IPv6 mapped IPv4 addresses
Next by Thread: Re: blacklistd and IPv6 mapped IPv4 addresses
Indexes:

Home | Main Index | Thread Index | Old Index