Date: Mon, 31 Mar 2025 22:05:29 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Chris Ross <cross+freebsd@distal.com>, freebsd-net@freebsd.org Subject: Re: RFC4941 IPv6 privacy knobs and how to set them Message-ID: <b251f1ee-a77f-41ea-8309-cb5780404e8f@plan-b.pwste.edu.pl> In-Reply-To: <EB360A00-2CFB-439F-918E-1C7450BB9BB6@distal.com> References: <EB360A00-2CFB-439F-918E-1C7450BB9BB6@distal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
W dniu 31.03.2025 o 21:39, Chris Ross pisze: > Hello all. Looking at some changes I made to configure my new gw router > last year but failed to document and check in, I find in my sysctl.conf: > > + # Use and prefer the RFC 4941 temporary addresses > + net.inet6.ip6.use_tempaddr: 2 > + net.inet6.ip6.prefer_tempaddr: 2 > > Looking across the interwebs, I see information about setting these to 1, > and on using `ipv6_privacy` in /etc/rc.conf (which set them to 1), which > I did not do. > > Is there documentation about what these variables mean, and if “2” is > a useful value different than “1”? If so, how are they different? > > Thanks. > > - Chris Hello Chris, our ip6 network stack is old and likely still relying on the older RFC 3041, even though RFC 4941 is mentioned in the man pages. However, both have been obsoleted by RFC 8981. If you're open to experimentation, you can apply the patch from PR 245103 to push things further. I have always set these sysctl knobs to 1, but I only use privacy extensions on PCs and laptops - never on routers. Cheers -- Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b251f1ee-a77f-41ea-8309-cb5780404e8f>