Shin'ichiro TAYA wrote: > mozilla converts IPv4 address to IPv4 mapped IPv6 address internally > and connects to it on AF_INET6 socket. > > itojun (member of KAME project(http://www.kame.net/), and core member > of NetBSD) suggested me not to use mapped address because of security > issues. > > http://www.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-01.txt > > Does mozilla use mapped address forever? > Or are there any plans to stop using mapped address?
There are no plans to stop using IPv4-mapped IPv6 addresses in Mozilla. > BTW, WinXP supports IPv6, but does not support IPv4 mapped IPv6 address. > (http://www.microsoft.com/windowsxp/pro/techinfo/administration/ipv6/default.asp) > Does this mean IPv6 enabled mozilla (and NS6 )doesn't work on WindowsXP? This is correct. On the other hand, the current version of NSPR doesn't support IPv6 on Windows XP yet. In any case, this problem can be fixed entirely in NSPR and Mozilla can continue to use IPv4-mapped IPv6 addresses. One possible solution for a client-side socket is as follows. PR_OpenTCPSocket(PR_AF_INET6) creates two OS sockets, one AF_INET and one AF_INET6. When PR_Bind() or PR_Connect() is called on the NSPR socket, we - use the AF_INET OS socket and close the AF_INET6 OS socket if the given PRNetAddr is PR_AF_INET. - use the AF_INET OS socket and close the AF_INET6 OS socket if the given PRNetAddr is PR_AF_INET6 but contains an IPv4-mapped address. NSPR translates it to a PRNetAddr of the PR_AF_INET family. - use the AF_INET6 OS socket and close the AF_INET OS socket if the given PRNetAddr is PR_AF_INET6 and is not an IPv4-mapped address. This will avoid using an IPv4-mapped address on an AF_INET6 OS socket, which as you pointed out has a security issue and is not supported on Windows XP. The only drawback is that we need to create two OS sockets until we know what kind of address we are bound to or connecting to. It will be more complicated to solve this problem for a server-side socket (that does PR_Listen() and PR_Accept()) if we want to support the feature of a PR_AF_INET6 listening socket being able to accept both IPv4 and IPv6 connections on a dual-stack machine. Wan-Teh
