There are some tunneling protocols, like:
* 6to4
* Teredo
* ISATAP
where it is possible to derive real IPv4 address of the user even if he's connecting via IPv6 to us. While we *may* use their IPv6 address for contributions, we definitely should canonicalize those addresses for purposes like blocking and CheckUser.
We might need to have something like "79.163.138.172 (via 2002:4fa3:8aac::4fa3:8aac)" to be available (at least to CheckUsers if not broader).
We might end up needing a proxy gateway IP address somewhere as well, to block some bad proxies (see bug 23343) or to trust them by the means of similar to current XFF whitelist features (like https://meta.wikimedia.org/wiki/XFF_project and https://www.mediawiki.org/wiki/Manual:$wgSquidServersNoPurge)
--------------------------
**Version**: unspecified
**Severity**: normal
**See Also**:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23343
https://bugzilla.wikimedia.org/show_bug.cgi?id=37395