IETF Logo Mail Archive

Re: Call for action vs. lost opportunity (Was: Re: Renumbering)

Markku Savela <msa@moth.iki.fi> Thu, 11 October 2007 12:20 UTC

Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ifx24-0001CL-Hs; Thu, 11 Oct 2007 08:20:52 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ifx22-0001Bi-Va for ietf@ietf.org; Thu, 11 Oct 2007 08:20:51 -0400
Received: from burp.tkv.asdf.org ([212.16.99.49]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Ifx22-00089l-AW for ietf@ietf.org; Thu, 11 Oct 2007 08:20:50 -0400
Received: from burp.tkv.asdf.org (localhost [127.0.0.1]) by burp.tkv.asdf.org (8.14.1/8.14.1/Debian-8ubuntu1) with ESMTP id l9BCKmBP024902 for <ietf@ietf.org>; Thu, 11 Oct 2007 15:20:48 +0300
Received: (from msa@localhost) by burp.tkv.asdf.org (8.14.1/8.14.1/Submit) id l9BCKmJX024899; Thu, 11 Oct 2007 15:20:48 +0300
Date: Thu, 11 Oct 2007 15:20:48 +0300
From: Markku Savela <msa@moth.iki.fi>
Message-Id: <200710111220.l9BCKmJX024899@burp.tkv.asdf.org>
To: ietf@ietf.org
In-reply-to: <20071011104653.52D96233D1@coconut.itojun.org>
References: <470D39E5.5060807@gmail.com> <20071011104653.52D96233D1@coconut.itojun.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Subject: Re: Call for action vs. lost opportunity (Was: Re: Renumbering)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

> From: itojun@itojun.org (Jun-ichiro itojun Hagino)
> Cc: ietf@ietf.org
> 
> > Not viewed from the socket programmer's point of view.
> > Look at how an AF_INET6 socket behaves when given
> > an address like ::FFFF:192.0.2.3
> > afaik the behavior is then exactly what you describe.
> > Whether the stacks are independent code modules or
> > alternate paths through the same code is irrelevant
> > to the externally observed behavior.
> 
> 	see draft-ietf-v6ops-security-overview-06.txt section 2.2.

My view is that "::FFFF:192.0.0.2" totally identical with "192.0.0.2"
(internally inside the host stack implementation).  There will be no
functional difference anywhere in API, whichever form is used.

I realize, that the above is not easy to achieve using the legacy
POSIX socket API, which has has different sized address structures for
IPv4 and IPv6.

In Symbian OS, there is no such problem. The generic address structure
allocation (TInetAddr) can hold both IPv4 and IPv6 address. Thus, the
there is only one IP stack, which just happens to do IPv4, when
address is IPv4 (either 192.0.0.2 or ::FFFF:192.0.0.2"). Real IPv6
addresses trigger IPv6 processing. Logically stack implements *one*
"INET family" (PF_INET) with two possible address families "AF_INET"
and "AF_INET6".

Applications can be written totally agnostic on whether connection is
over IPv4 or IPv6. All sockets are just opened as AF_INET, and the
addresses used determine whether IPv4 or IPv6 gets used. On listening
"undefined address family" can be used to accept both IPv4 and IPv6
for the same socket (TCP or UDP).

Receiving "::FFFF:127.0.0.1" from network is not going to work as an
attack, because of "strong model", and 127.0.0.1 is not configured for
the real interface (=> destination 127.0.0.1 does not match configured
address and gets dropped).

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email