Enable IPv6 Support

Question

Enable IPv6 Support

wkcaj opened this issue 10 years ago · 6 comments

Currently SafeCurl only supports IPv4.

This is due to the gethostbynamel function in PHP only supporting v4 addresses.

IPv6 support could be done via calls to dig, however, this could be dangerous. Investigation needed.

Answer 1 · 2014-05-20T08:10:50.000Z

If there was IPv6 support in safecurl, it would be possible to get btc.txt with the current blacklists with http://[::1]/btc.txt. But since the code tries to resolve [::1] with gethostbynamel() and fails, it doesn't work.

Answer 2 · 2014-05-20T08:11:30.000Z

And don't forget about IPv4-IPv6 mapping via ::ffff:aaaa:bbbb

Answer 3 · 2014-05-20T08:34:59.000Z

Anyway, you should use dns_get_record() and resolve both A and AAAA records.

Answer 4 · 2014-05-20T15:13:09.000Z

Great idea. This is something I'll work on tonight and hopefully get merged in.

Answer 5 · 2014-05-21T13:17:50.000Z

For completeness' sake I'd like to mention the ip6-localnet, ip6-localhost ip6-loopback host names defined in /etc/hosts. But the current setup that checks the numerical IP shouldn't make it a bypass.

If you support IPv6 you'll have to block a lot of subnets and I'm not sure I remember all of them.

fe80::/10
ff00::/8 (multicast)
::/16
...

Maybe even those in 6to4 that imply private IP6 (e.g., 2002:quad1:quad2:quad3:quad4::) even though that highly depends on 6to4 routing and setup.

I found these docs useful resources once: https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml and http://computernetworkingnotes.com/ipv6-features-concepts-and-configurations/special-ipv6-to-devices.html

Answer 6 · 2020-06-16T19:20:17.000Z

Have you considered using PHP's filter_var() with appropriate flags?