[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02484) Re: ip6tables Feature Request

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02484) Re: ip6tables Feature Request
From: Pekka Savola <pekkas@xxxxxxxxxx>
Date: Fri, 25 Jul 2003 06:33:22 +0300 (EEST)
In-reply-to: <200307242323.h6ONNckX026177@m5p.com>
Reply-to: usagi-users@xxxxxxxxxxxxxx

On Thu, 24 Jul 2003, Elliott Mitchell wrote:
> The situations where it would be crucial don't appear to be common yet,
> but could a V6 target be created that passes a packet through the V4
> table?
> 
> Specifically for the case where there are IPv6-only hosts, and therefore
> V4-mapped addresses directly on the wire it would be very useful to
> filter those packets through the V4 tables. There is plenty of
> documentation on how to generate new tests/targets, but much less on how
> to hack a packet to test versus the V4 rules.

IPv4-mapped addresses on the wire are completely bogus.  DON'T DO THAT!

http://www.ietf.org/internet-drafts/draft-itojun-v6ops-v4mapped-harmful-01.txt

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- (usagi-users 02485) Re: ip6tables Feature Request
  - From: Elliott Mitchell

References:
- (usagi-users 02482) ip6tables Feature Request
  - From: Elliott Mitchell

Prev by Date: (usagi-users 02483) Re: Small compile error in usagi-linux26-20030721 snapshot
Next by Date: (usagi-users 02485) Re: ip6tables Feature Request
Previous by thread: (usagi-users 02482) ip6tables Feature Request
Next by thread: (usagi-users 02485) Re: ip6tables Feature Request
Index(es):
- Date
- Thread