Date: Tue, 1 Apr 2025 16:11:04 -0400 From: Chris Ross <cross+freebsd@distal.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: freebsd-net@freebsd.org Subject: Re: RFC4941 IPv6 privacy knobs and how to set them Message-ID: <88DB625A-DCC1-4198-BAB9-8281CA07393D@distal.com> In-Reply-To: <b251f1ee-a77f-41ea-8309-cb5780404e8f@plan-b.pwste.edu.pl> References: <EB360A00-2CFB-439F-918E-1C7450BB9BB6@distal.com> <b251f1ee-a77f-41ea-8309-cb5780404e8f@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mar 31, 2025, at 16:05, Marek Zarychta =
<zarychtam@plan-b.pwste.edu.pl> wrote:
> Hello Chris,
>=20
> our ip6 network stack is old and likely still relying on the older RFC =
3041, even though RFC 4941 is mentioned in the man pages. However, both =
have been obsoleted by RFC 8981. If you're open to experimentation, you =
can apply the patch from PR 245103 to push things further.
>=20
> I have always set these sysctl knobs to 1, but I only use privacy =
extensions on PCs and laptops - never on routers.
I wish I knew why I set them to 2. :-/. If I _wanted_ them set to 1, =
then I could use the knob in rc.conf. I know I have some complaints =
about the privacy things being done with MAC address and IPv6 addresses, =
because I need my IPv6 addresses to be predictable for DNS. Trying to =
figure out how to get (1) [information] secure and (2) =
predictable/repeatable addresses so I can set up forward and reverse DNS =
has been challenging=E2=80=A6.
Though, mostly that=E2=80=99s an issue for the client machines on the =
network, not the router. The router mostly has hard-set IPv6 addresses, =
since it is after all, a router. Maybe I was trying to adjust in some =
way the upstream to my ISP. There isn=E2=80=99t any SLACC going on on =
my router at the moment though, I don=E2=80=99t think, so this may be =
some left-over from my trials and tribulations last year getting the =
IPv6 allocation from Verizon up and running.
So, no-one knows any reason why these numbers being =E2=80=9C2=E2=80=9D =
could mean anything? If so I=E2=80=99ll pull that out of my config.
- Chris=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88DB625A-DCC1-4198-BAB9-8281CA07393D>