https://bugzilla.wikimedia.org/show_bug.cgi?id=35542
--- Comment #2 from Marcin Cieślak <[email protected]> 2012-04-15 21:52:40 UTC --- We deal with RFC 1918 addresses alredy (see $wgUsePrivateIPs) - if the users are not expected to come from behind trusted proxies with private IP addresses this should be set to off. A proxy address will be then used. In case of tunnels it should be IPv6 address. This is just to provide some kind of equivalence of a public, reachable IPv4 address (if available) with IPv6 address. Certainly IPv4-in-IPv6 mapping schemes can be used here. Didn't check with Teredo yet, but I presume it does not give out private IP address of the user embedded in the Teredo IPv6 address. Of course, we should checks the resulting IPv4 against $wgUsePrivateIPs anyway (in case some large enterprise network runs private IP addresses _and_ internal Teredo gateway used to reach some internal MediaWiki installation over IPv6, highly unlikely though). No checks about proper reachability can be done, though. That's why gateway information (i.e. real IP address obtained via socket's getpeername()) should be recorded somewhere for auditing purposes (certainly for CheckUser). Maybe even we could provide new UI for such IP addresses, displaying: 2001:0db8::1234:5678 via a.b.c.d Blocks could be checked for both a.b.c.d and 2001:0db8::1234:5678, which would be similar to blocking mechanism proposed by bug 23343. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
