GSoC chromium: IP address synthesis for an IPv6 only network to connect to an IPv4 address literal.

Written in English GSoC chromium

TLDR;

When a client is in an IPv6 only environment it utilises the NAT64 and DNS64 in the network to connect to IPv4 only servers. However, when chrome tries to connect to an IPv4 literal (such as when an IPv4 address is directly written in the search bar) it doesn't use the DNS64 and fails to connect to the address.

With this change Chrome will now append the IPv4 to IPv6 translation prefix (Pref64::/n) to the IPv4 address, in order for the packet to use the NAT64 in the network.

 

Code: 

chromium.googlesource.com

How the NAT64 and DNS64 works


There is a translation technology called NAT64/DNS64 which enables IPv6-only clients to access IPv4-only servers. 

This is great but it does not work for IP address literals because DNS will not be used.

How my implementation works

First, when chrome tries to access a IPv4 literal it checks if it is on an IPv6-only network.

If it is, it resolves the AAAA record of domain ipv4-only.arpa. This is a special domain that only contains an A record.  If this name is resolved inside an IPv6-only network that has a DNS64, the DNS64 will return an answer to the AAAA request that contains the synthesized IPv6 address(in many cases 64:ff9b::192.0.0.170). (Step1)

With this answer received chrome now knows that there is a DNS64 in the network, which means by using the translation prefix we can utilize the NAT64. Chrome will now synthesise an IPv6 address by combining the translation prefix obtained in Step 1 and the original IPv4 address literal. (Step 2)

chrome will now be able to utilize the NAT64 and access the server via a IPv4 address literal even on a IPv6-only network.

Codebase

Made changes in the below files in chromium.

  • net/base/ip_address.c

    net/base/ip_address.h

    net/base/ip_address_unittest.cc

    net/dns/host_resolver_manager.cc

    net/dns/host_resolver_manager.h

    net/dns/host_resolver_manager_unittest.cc

    net/dns/host_resolver_nat64_task.cc [Added]

    net/dns/host_resolver_nat64_task.h [Added]

In host_resolver_manager, when an IP literal is passed it checks if the network is IPv6 only, and if so calls the HostResolverNat64Task that I have created.

In the HostResolverNat64Task it does 3 things. 

  • Resolve the IPv6 address of ipv4only.arpa
  • Extract the IPv4 to IPv6 translation prefix (Pref64::/n) from the returned address
  • Synthesise the IPv4 literal address to IPv6 using the Pref64::/n

 

Actual Code: 

https://chromium-review.googlesource.com/c/chromium/src/+/3691238

 

Releases from chrome 108. (Tue, Nov 29, 2022)

 

Before, accessing 1.1.1.1 from an IPv6-only network.

Can't access server when using IPv4 address literal.

after

 

Can successfully access the server by using IPv4 address literal.