IPv6 Link-local test wrong

diaz98 / google-dnswall

Automatically exported from code.google.com/p/google-dnswall

Apache License 2.0

0 stars 0 forks source link

IPv6 Link-local test wrong #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

We're using this test for link-local:

  // Link-local
  if (ptr[0] == 0xf0 && (ptr[1] >> 6) == (0x80 >> 6))
    return 0;

This corresponds to f080::/10, but https://ietf.org/rfc/rfc3513.txt says we
should be using fe80::/10 for link-local.

Also, we should consider blocking site-local (fec0::/10) even though the
allocation is deprecated.

Original issue reported on code.google.com by aba...@gmail.com on 5 Jun 2008 at 8:40

GoogleCodeExporter commented 9 years ago

Yes, the link-local prefix being checked in the code right now is wrong, so we 
should
fix that.

After a read through https://ietf.org/rfc/rfc3879.txt, I believe site-local 
prefixes
can be blocked by dnswall without violating the requirements, and it is 
suggested in
the document for routers to continue to not route site-local addresses -- so we
should do that as well.

Original comment by andrew.b...@gmail.com on 5 Jun 2008 at 8:48

GoogleCodeExporter commented 9 years ago

Fixed in r5.

Original comment by aba...@gmail.com on 9 Jun 2008 at 10:02

Changed state: Fixed