Re: blacklistd and IPv6 mapped IPv4 addresses

Subject: Re: blacklistd and IPv6 mapped IPv4 addresses
From: ignatios <ignatios%beverly.kleinbus.org@localhost>
Date: Tue, 17 Jan 2017 13:32:00 +0100

It's late, but I'd like to mention my observation:

On Fri, Jan 22, 2016 at 06:59:19PM -0500, Mouse wrote:

> I think v4mapped v6 is supposed to
> never appear on the wire, right?  If it does appear on the wire, IMO
> the v6 filter should block it completely but the v4 filter should block
> it only for v4 sockets.)

I'd expect that, too. However, @work our network is delivered to our
department over a MPLS core. Those routers do not have v6 addresses
themselves, and ICMPv6 messages generated as error respons do have
::FFFF:a.b.c.d as their *source* address.

	-is

References:
- blacklistd and IPv6 mapped IPv4 addresses
  - From: Christos Zoulas
- Re: blacklistd and IPv6 mapped IPv4 addresses
  - From: Mouse

Prev by Date: allocation policy of PACKET_TAG_* values
Next by Date: Re: NPF tuning
Previous by Thread: Re: blacklistd and IPv6 mapped IPv4 addresses
Next by Thread: passive references
Indexes:

Home | Main Index | Thread Index | Old Index