[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
- To: der Mouse <mouse@Rodents.Montreal.QC.CA>
- Subject: Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
- From: Colm MacCarthaigh <colmmacc@redbrick.dcu.ie>
- Date: Wed, 29 Oct 2003 19:19:56 +0000
On Wed, Oct 29, 2003 at 01:06:55PM -0500, der Mouse wrote:
> Also, note that the application can get whichever set of semantics it
> prefers by explicitly setting the V6ONLY option on the socket;
My main point is that this is not the case. The V6ONLY socket option
is not honoured by some widely-deployed Operating Systems.
Although the situation is rapidly improving, I would argue that
it is currently still worth accompanying a recommendation of using
explicit AF sockets with the excellent recommendation from section
4 of the I-D;
"In EVERY application, check for IPv4-mapped addresses wherever
addresses enter code paths under your control (i.e., are returned from
system calls, or from library calls, or are input from the user or a
file), and handle them in an appropriate manner. This approach is
difficult in reality, and there is no way to determine whether it has
been followed fully."
Proposing "do not accept IPv4 traffic by using AF_INET6 socket" without
even a "where available" qualifier as a solution is unsuitable and
unrealistic. It is a simple fact of life that current application
developers have to live with the fact that some OS's do not support
this behaviour.
--
colmmacc@redbrick.dcu.ie PubKey: colmmacc+pgp@redbrick.dcu.ie
Web: http://devnull.redbrick.dcu.ie/