You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/04/10 17:47:38 UTC
[Bug 6927] New: IP_PRIVATE should also include shared address space
(used in CGN, RFC 6598)
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6927
Bug ID: 6927
Summary: IP_PRIVATE should also include shared address space
(used in CGN, RFC 6598)
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P2
Component: Libraries
Assignee: dev@spamassassin.apache.org
Reporter: Mark.Martinec@ijs.si
Classification: Unclassified
RFC 6598 (= "Shared Address Space Request") assigns a new IPv4 address
range 100.64.0.0/10 for use by CGN (Carrier-Grade NAT, horrors!).
This address range should be treated much like private address
ranges (RFC 1918) in that such addresses are not globally routable
and have no place in public networks. Also the CYMRU lists the
RFC 6598 shared address space along with private address ranges
(Martians, http://www.team-cymru.org/Services/Bogons/ ).
RFC 6598:
1. Introduction
IPv4 address space is nearly exhausted. However, ISPs must continue
to support IPv4 growth until IPv6 is fully deployed. To that end,
many ISPs will deploy a Carrier-Grade NAT (CGN) device, such as that
described in [RFC6264]. Because CGNs are used on networks where
public address space is expected, and currently available private
address space causes operational issues when used in this context,
ISPs require a new IPv4 /10 address block. This address block will
be called the "Shared Address Space" and will be used to number the
interfaces that connect CGN devices to Customer Premises Equipment
(CPE).
Shared Address Space is similar to [RFC1918] private address space in
that it is not globally routable address space and can be used by
multiple pieces of equipment.
[...]
4. Use of Shared CGN Space
Shared Address Space is IPv4 address space designated for Service
Provider use with the purpose of facilitating CGN deployment. Also,
Shared Address Space can be used as additional non-globally routable
space on routing equipment that is able to do address translation
across router interfaces when the addresses are identical on two
different interfaces.
[...]
o routing information about Shared Address Space networks MUST NOT
be propagated across Service Provider boundaries. Service
Providers MUST filter incoming advertisements regarding Shared
Address Space.
o packets with Shared Address Space source or destination addresses
MUST NOT be forwarded across Service Provider boundaries. Service
Providers MUST filter such packets on ingress links.
o Service Providers MUST NOT include Shared Address Space in
external-facing DNS zone files.
o reverse DNS queries for Shared Address Space addresses MUST NOT be
forwarded to the global DNS infrastructure.
o DNS Providers SHOULD filter requests for Shared Address Space
reverse DNS queries on recursive nameservers.
I'm suggesting to include the 100.64.0.0/10 range in the IP_PRIVATE
regular expression (in Mail/SpamAssassin/Constants.pm ) :
--- lib/Mail/SpamAssassin/Constants.pm (revision 1466510)
+++ lib/Mail/SpamAssassin/Constants.pm (working copy)
@@ -85,2 +85,3 @@
# private-use address space 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16,
+# shared address space 100.64.0.0/10 (RFC 6598 - for use in CGN),
# IPv4-mapped IPv6 addresses.
@@ -93,3 +94,4 @@
172\.(?:1[6-9]|2[0-9]|3[01])| # 172.16.0.0/12 Private Use (5735, 1918)
- 192\.168 # 192.168.0.0/16 Private Use (5735, 1918)
+ 192\.168| # 192.168.0.0/16 Private Use (5735, 1918)
+ 100\.(?:6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7]) # 100.64.0.0/10 CGN (6598)
)\..*
@@ -132,3 +134,4 @@
172\.(?:1[6-9]|2[0-9]|3[01])|
- 192\.168
+ 192\.168|
+ 100\.(?:6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])
)\..*
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6927] IP_PRIVATE should also include shared address space (used
in CGN, RFC 6598)
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6927
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|3.4.1 |3.4.0
--- Comment #3 from Mark Martinec <Ma...@ijs.si> ---
Closing this as fixed: the shared address space is now recognized, the
"Unique Local Unicast Addresses" (fc00::/7) is not of immediate concern.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6927] IP_PRIVATE should also include shared address space (used
in CGN, RFC 6598)
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6927
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
Target Milestone|3.4.0 |3.4.1
--- Comment #2 from Kevin A. McGrail <km...@pccc.com> ---
Moving all open bugs where target is defined and 3.4.0 or lower to 3.4.1 target
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6927] IP_PRIVATE should also include shared address space (used
in CGN, RFC 6598)
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6927
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.4.0
--- Comment #1 from Mark Martinec <Ma...@ijs.si> ---
trunk:
Bug 6927: IP_PRIVATE should also include shared
address space (used in CGN, RFC 6598)
Sending lib/Mail/SpamAssassin/Constants.pm
Committed revision 1468853.
Btw, I suppose the fc00::/7 should also be added to the IP_PRIVATE
(Unique Local Unicast Addresses, RFC 4193).
Although the IPv6 part of this regexp is already hairy enough,
and inaccurate too (it assumes the IPv4-mapped IPv6 address
is in 'alternative form' syntax, which need not be the case.
Seems to me that a regexp is quite unsuitable for parsing
address ranges, especially in the complex IPv6 syntax.
--
You are receiving this mail because:
You are the assignee for the bug.