summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2000-06-14 16:09:16 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2000-06-14 16:09:16 +0000
commite43947aa2c9eaed6bc16193714c0f9616e7421fd (patch)
treee3235fded4fb3a9d891635ea3fa9b691f49a77d0 /share/man
parent8f9ec7b98e0e94b72b52ff5b6c999a944ed54e86 (diff)
move IPv4 mapped issue from inetd.8. some clarifications.
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man4/inet6.479
1 files changed, 77 insertions, 2 deletions
diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4
index 742c542f0c8..ca2c9c3db10 100644
--- a/share/man/man4/inet6.4
+++ b/share/man/man4/inet6.4
@@ -1,5 +1,5 @@
-.\" $OpenBSD: inet6.4,v 1.12 2000/06/12 11:15:37 itojun Exp $
-.\" $KAME: inet6.4,v 1.10 2000/06/12 10:27:23 itojun Exp $
+.\" $OpenBSD: inet6.4,v 1.13 2000/06/14 16:09:15 itojun Exp $
+.\" $KAME: inet6.4,v 1.12 2000/06/14 15:52:25 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
@@ -277,6 +277,81 @@ message protocol is accessible from a raw socket.
.\" will trigger the mechanism; whereas raw
.\" .Tn IP
.\" packets, whether locally-generated or forwarded, will not.
+.Ss Interation between IPv4/v6 sockets
+The behavior of
+.Dv AF_INET6
+TCP/UDP socket is documented in RFC2553.
+Basically, it says as follows:
+.Bl -bullet -compact
+.It
+Specific bind on
+.Dv AF_INET6
+socket
+.Po
+.Xr bind 2
+with address specified
+.Pc
+should accept IPv6 traffic to that address only.
+.It
+If you perform wildcard bind
+on
+.Dv AF_INET6
+socket
+.Po
+.Xr bind 2
+to IPv6 address
+.Li ::
+.Pc ,
+and there is no wildcard bind
+.Dv AF_INET
+socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic
+should be routed to that
+.Dv AF_INET6
+socket.
+IPv4 traffic should be seen as if it came from IPv6 address like
+.Li ::ffff:10.1.1.1 .
+This is called IPv4 mapped address.
+.It
+If there are both wildcard bind
+.Dv AF_INET
+socket and wildcard bind
+.Dv AF_INET6
+socket on one TCP/UDP port, they should behave separately.
+IPv4 traffic should be routed to
+.Dv AF_INET
+socket and IPv6 should be routed to
+.Dv AF_INET6
+socket.
+.El
+.Pp
+However, RFC2553 does not define the constraint between the order of
+.Xr bind 2 ,
+nor how IPv4 TCP/UDP port number and IPv6 TCP/UDP port number
+relate each other
+.Po
+should they be integrated or separated
+.Pc .
+Implemented behavior is very different across kernel to kernel.
+Therefore, it is unwise to rely too much upon the behavior of
+.Dv AF_INET6
+wildcard bind socket.
+.Pp
+It should also be noted that
+malicious parties can take advantage of the complexity presented above,
+and are able to bypass access control,
+if the target node routes IPv4 traffic to
+.Dv AF_INET6
+socket.
+Users are advised to take caution handling connections
+from IPv4 mapped address to
+.Dv AF_INET6
+sockets.
+.Pp
+Because of the above,
+.Ox
+does not route IPv4 traffic to
+.Dv AF_INET6
+socket.
.Sh SEE ALSO
.Xr ioctl 2 ,
.Xr socket 2 ,