On Wednesday, April 24, 2013 06:09:54 PM Philipp Kern wrote:
> Simon,
>
> am Wed, Apr 24, 2013 at 05:15:37PM +0200 hast du folgendes geschrieben:
> > I guess I just don't understand where those IPv4-mapped IPv6
> > addresses that the SPF process needs to check are coming from. An
> > example would be very helpful.
>
> on Linux, if you set bindv6only to 0 and set up a socket listening on
> AF_INET6 you are able to receive IPv4 connections to that IPv6 socket. The
> source IPs will be mapped into IPv4-mapped IPv6 space. This means that you
> only need to setup one socket instead of one for v4 and one for v6.
>
> > Yeah, this is bad. Variants arise in many situations. Usually it is
> > solved by treating IPv6 addresses as opaque and not giving any
> > special meaning to the IPv4-mapped prefix.
>
> As above that does not help. If your SPF process is operating in the
> setup above, IPv4-mapped IPv6 space needs to be treated with the IPv4
> ruleset.
That sounds right. Apparently I fail at describing it though. Going back to
the current text in the document:
Section 5 of draft-ietf-spfbis-4408bis-14:
'When any mechanism fetches host addresses to compare with <ip>, when
<ip> is an IPv4, "A" records are fetched; when <ip> is an IPv6
address, "AAAA" records are fetched. SPF implementations on IPv6
servers need to handle both "AAAA" and "A" secords, for clients on
IPv4 mapped IPv6 addresses [RFC4291]. IPv4 <ip> addresses are only
listed in an SPF record using the "ip4" mechanism.'
I'd appreciate suggestions on making it clearer.
Thanks,
Scott K
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
