Date: Sat, 14 Mar 2020 04:51:43 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: jbe-mlist@magnetkern.de Cc: freebsd-net@freebsd.org Subject: Re: ifconfig prefer_source and IPv6 privacy extensions Message-ID: <20200314.045143.1650553685773092770.hrs@FreeBSD.org> In-Reply-To: <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de> References: <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Sat_Mar_14_04_51_43_2020_031)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Jan Behrens <jbe-mlist@magnetkern.de> wrote in <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de>: jb> Dear all, jb> jb> I'm using FreeBSD 12.1 with an ISP that supports IPv6. I have IPv6 jb> privacy extensions enabled (ipv6_privacy="YES" in /etc/rc.conf which jb> sets net.inet6.ip6.prefer_tempaddr=1). jb> jb> Given my router and ISP (who supports IPv6), my machine's FreeBSD jb> system assigns me 5 addresses through IPv6 autoconfiguration: jb> jb> link-local: fe80::<modified EUI-64>%<interface> jb> ULA: fd<prefix>:<modified EUI-64> jb> ULA privacy: fd<prefix>:<randomized> jb> Public: 2003:<prefix>:<modified EUI-64> jb> Public privacy: 2003:<prefix>:<randomized> jb> jb> When I setup a static IPv6 address in the ULA range, such as jb> (fd<prefix>::2) and enable the "prefer_source" option (see man jb> ifconfig), the "prefer_source" option is ignored. It seems that jb> net.inet6.ip6.prefer_tempaddr=1 takes precedence. jb> jb> Calling sysctl net.inet6.ip6.prefer_tempaddr=0 fixes my problem but jb> disables privacy extensions altogether (which I would like to keep jb> enabled). jb> jb> Is it intended that "net.inet6.ip6.prefer_tempaddr" takes precedence jb> over "prefer_source"? If yes, why? Yes, and the reason is that RFC 6724 specifies that behavior. Why do you want to use fd<prefix>::2 over fd<prefix>:<random> as the default source address? If prefer_source takes precedence, the tempaddr will nerver be used. -- Hiroki ----Security_Multipart(Sat_Mar_14_04_51_43_2020_031)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iMkEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXmvkTxAcaHJzQGZyZWVi c2Qub3JnAAoJENuwfcZvH3N/rM4CCQEBa9zavj3J3gO+aHG/a4merRQ4dHyPAJwx 9p9Tf5vYVAALN/R9K6463sFzA5T6MyEf6V0v4FXfzdYbr4+CxlI6ugII4DiHJ0xG RZxgNQ8++Z1HKzp/QR855EXw3YXQ5FYFq+5l7wWj3T49eO3nuCzC2djb8KkIg9GQ whkpZX3/Z2iRtHk= =i/XX -----END PGP SIGNATURE----- ----Security_Multipart(Sat_Mar_14_04_51_43_2020_031)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200314.045143.1650553685773092770.hrs>