From owner-freebsd-net@freebsd.org Fri Mar 13 22:37:57 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 529E526C3DE for ; Fri, 13 Mar 2020 22:37:57 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 48fLDy2l0Pz4JjP; Fri, 13 Mar 2020 22:37:54 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p5DD45F4F.dip0.t-ipconnect.de [93.212.95.79]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id 904A23E36; Fri, 13 Mar 2020 22:37:52 +0000 (UTC) Date: Fri, 13 Mar 2020 23:37:52 +0100 From: Jan Behrens To: Hiroki Sato Cc: freebsd-net@freebsd.org Subject: Re: ifconfig prefer_source and IPv6 privacy extensions Message-Id: <20200313233752.43d6fc44f51a60acbe4a9bb8@magnetkern.de> In-Reply-To: <20200314.045143.1650553685773092770.hrs@FreeBSD.org> References: <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de> <20200314.045143.1650553685773092770.hrs@FreeBSD.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48fLDy2l0Pz4JjP X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [2.79 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MV_CASE(0.50)[]; DMARC_NA(0.00)[magnetkern.de]; NEURAL_SPAM_MEDIUM(0.98)[0.984,0]; IP_SCORE(0.54)[ipnet: 185.228.136.0/22(3.34), asn: 197540(-0.60), country: DE(-0.02)]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.96)[0.961,0]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[79.95.212.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 22:37:57 -0000 On Sat, 14 Mar 2020 04:51:43 +0900 (JST) Hiroki Sato wrote: > Jan Behrens wrote > in <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de>: > > jb> Is it intended that "net.inet6.ip6.prefer_tempaddr" takes precedence > jb> over "prefer_source"? If yes, why? > > Yes, and the reason is that RFC 6724 specifies that behavior. I'm afraid my knowledge on IPv6 is not good enough yet to fully understand the RFC. Would "net.inet6.ip6.prefer_tempaddr" correspond to Rule 7 and "prefer_source" correspond to Rule 8 (that "MAY be superseded if the implementation has other means of choosing among source addresses")? > Why do you want to use fd::2 over fd: as the > default source address? I want to use fd::2 as the preferred address in order to always appear as fd::2 in my local network even if I change my network card. That address won't be used when I access the internet, even if it is preferred (see below). > If prefer_source takes precedence, the tempaddr will nerver be used. That depends on how "prefer_source" competes with other rules for source address selection. Even with current FreeBSD's behavior, if I disable privacy extensions, then for reaching hosts in the internet, 2003:: is used, and only for connections to my LAN, fd::2 (the address with "prefer_source") is used, i.e. the address with "prefer_source" set is NOT always used. Moreover, preferring temporary addresses over addresses marked with "prefer_source" doesn't seem to make much sense (even if the RFC would demand it). This is because it doesn't seem to make much sense to mark a temporary address as preferred. That assumed, the current behavior of FreeBSD effectivly renders "prefer_source" useless if net.inet6.ip6.prefer_tempaddr=1. > > -- Hiroki Regards, Jan Behrens