Re: (usagi-users 00284) Re: USAGI IPv6 patches

To: usagi-users@linux-ipv6.org
Cc: horape@tinuviel.compendium.net.ar, davem@redhat.com, kuznet@ms2.inr.ac.ru, bam@debian.org, pekkas@netcore.fi, debian-ipv6@lists.debian.org
Subject: Re: (usagi-users 00284) Re: USAGI IPv6 patches
From: itojun@iijlab.net
Date: Fri, 16 Mar 2001 18:06:29 +0900
Message-id: <[🔎] 22814.984733589@coconut.itojun.org>
In-reply-to: itojun's message of Fri, 16 Mar 2001 17:56:23 JST. <[🔎] 22654.984732983@coconut.itojun.org>

>	yes, I believe IPv4 mapped address (RFC2553 section 3.7) behavior is
>	poorly documented, complicates both kernel and user code, leads to
>	insecure user code, and should be deprecated.  yes, I dislike it.
>	I have been vocal about this in IETF because I believe the issue is
>	serious.

	I should also refer you to BIND9 doc/misc/ipv6.  also I should point
	out the fact that BIND9 (and possibly other major software)
	has a bug in acl code, on kernels with IPv4 mapped address support
	(like normal linux, freebsd and bsdi) which could lead to security
	bleach - in BIND9 case, it fails to filter out IPv4 traffic that
	comes up from AF_INET6 wildcard socket.

itojun

Reply to:

References:
- Re: (usagi-users 00283) Re: USAGI IPv6 patches
  - From: itojun@iijlab.net

Prev by Date: Re: (usagi-users 00283) Re: USAGI IPv6 patches
Next by Date: Re: USAGI IPv6 patches
Previous by thread: Re: (usagi-users 00283) Re: USAGI IPv6 patches
Next by thread: Re: USAGI IPv6 patches
Index(es):
- Date
- Thread