Re: (usagi-users 00284) Re: USAGI IPv6 patches
> yes, I believe IPv4 mapped address (RFC2553 section 3.7) behavior is
> poorly documented, complicates both kernel and user code, leads to
> insecure user code, and should be deprecated. yes, I dislike it.
> I have been vocal about this in IETF because I believe the issue is
> serious.
I should also refer you to BIND9 doc/misc/ipv6. also I should point
out the fact that BIND9 (and possibly other major software)
has a bug in acl code, on kernels with IPv4 mapped address support
(like normal linux, freebsd and bsdi) which could lead to security
bleach - in BIND9 case, it fails to filter out IPv4 traffic that
comes up from AF_INET6 wildcard socket.
itojun
Reply to: