GNOME Bugzilla – Bug 633233
No option to enable IPv6 privacy extensions
Last modified: 2014-05-28 23:02:19 UTC
Summary says it all.
Can you give me a pointer or link to how this gets done if you have one handy?
I've gotten a bit spoiled over the years and rarely deal with the low level interfaces anymore. But Red Hat's initscripts has this piece of code: # Enable IPv6 RFC3041 privacy extensions if desired if [ "$IPV6_PRIVACY" = "rfc3041" ]; then /sbin/sysctl -e -w net.ipv6.conf.$DEVICE.use_tempaddr=2 >/dev/null 2>&1 if [ $? -ne 0 ]; then echo $"Cannot enable IPv6 privacy method '$IPV6_PRIVACY', not supported by kernel" fi fi I suspect there might be a netlink way of doing this that might be more proper. It also seems you need to do this before you bring the interface up. The kernel then adds an extra address, which it prefers over the normal one.
I would even consider enabling this by default on desktop systems.
Created attachment 191789 [details] [review] [0/4] cover-letter: IPv6 privacy feature
Created attachment 191790 [details] [review] [PATCH 1/4] utils: more flexible reading of /proc/sys/net
Created attachment 191791 [details] [review] [PATCH 2/4] libnm-util: add 'enable-ip6-privacy' property to NMSettingIP6Config
Created attachment 191792 [details] [review] [PATCH 3/4] core: add support for IPv6 Privacy Extensions for SLAAC (RFC4941)
Created attachment 191793 [details] [review] [PATCH 4/4] ifcfg-rh: read/write IPV6_PRIVACY
What about a system setup by an admin or distribution wide with net.ipv6.conf.default.use_tempaddr = 0 in /etc/sysctl.conf or /lib/sysctl.d/ I believe that if this is setup like this, the end-user shouldn't have the possibility to change it for any connection he would create ?
The same could be said for accept_ra or autoconf (and a whole range of other things). So I'd say that's a separate feature. Since NM already uses PolicyKit, I guess what would be needed are more fine grained settings.
The newest update of Mac OS X enables privacy extensions by default, too (Windows does it already). I recommend doing the same on linux desktop installations, too.
Even if it's enable by default, the user/admin should have an efficient way to enable/disable it.
I have no idea if this pointer helps at all. The fedora firewalld people are having some of the same problems with racy sysctl knobs and wrote some ideas about a sysctld in the fedora wiki: <https://fedoraproject.org/wiki/FirewallD/#sysctld>. It seems not implemented at the moment.
(In reply to comment #9) > What about a system setup by an admin or distribution wide with > net.ipv6.conf.default.use_tempaddr = 0 > in /etc/sysctl.conf or /lib/sysctl.d/ > > I believe that if this is setup like this, the end-user shouldn't have the > possibility to change it for any connection he would create ? I suppose we could have the distro plugins read that file and provide this value to core NM, which would then use it instead of the connection-specific values. Jiri, we should probably default this to on in the complete_connection() code too, so that new connections get it by default but old connections remain the same.
Created attachment 208136 [details] [review] IPv6 privacy feature
Created attachment 208137 [details] [review] more flexible reading of /proc/sys/net
Created attachment 208139 [details] [review] add 'ip6-privacy' property to NMSettingIP6Config
Created attachment 208140 [details] [review] ifcfg-rh: read/write IPV6_PRIVACY and IPV6_PRIVACY_PREFER_PUBLIC_IP
Created attachment 208142 [details] [review] backend: read system-wide configuration for IPv6 privacy
Created attachment 208144 [details] [review] core: add support for IPv6 Privacy Extensions for SLAAC (RFC4941)
Patches re-spinned. Changes: * libnm-util property changed to 'ip6-privacy' as interger, so that we can also enable IPv6 privacy, but still prefer public address. * ifcfg-rh: updated accordingly - use IPV6_PRIVACY_PREFER_PUBLIC_IP in addidion to IPV6_PRIVACY * backends: added functions to read net.ipv6.conf.default.use_tempaddr from /etc/sysctl.conf or /lib/sysctl.d/sysctl.conf. Currently only this is done in generic plugin. If some distributions use other configuration means, it has to be adjusted. * core: system-wide value if configured is read and used instead of per-connection privacy configuration. One note regarding system-wide configuration: there is a bug or discrepancy in the behaviour of /conf/all/* and /conf/default/* in kernel. Basically, 'default' values are set to all interfaces in time of device creation/initialization. 'all' values, on the other hand, should be propagated to interfaces any time, else there is no difference from 'default' values. But that's not done. So, if you do: sysctl -w net.ipv6.conf.all.use_tempaddr=2 then sysctl net.ipv6.conf.all.use_tempaddr will show "2", but sysctl net.ipv6.conf.eth0.use_tempaddr still contains the original value and is not changed. See: https://bugzilla.kernel.org/show_bug.cgi?id=11655 There is also a patch from Mathieu Trudel-Lapierre to fix the issue, however it was not accepted: http://patchwork.ozlabs.org/patch/131911/
Review of attachment 208137 [details] [review]: Looks good.
All the patches look good to commit, thanks. One note: in real_act_stage3_ip6_config_start() glib has a nice function called CLAMP() that can be used to keep ipv6_privacy within bounds.
Thanks for the review! The following commits were pushed upstream: commit 785b6fb8073cf4af8168828ba5a48e2efe69b5d6 commit 788720abecfb5c3ccaaacf67bf3c0e7777fd5cca commit 88dc641e6ea60b8f05c580c5c5554b704cf52a5c commit 96378dfa82bdfc717439d9fcc9033b61bc508759 commit d376270bfe673c041e610a981bd6c77c7cb37ba1 commit 5ea7e6086a296a5e7facc3c044f3b5677a75c4b2
When testing NetworkManager-0.9.3.997-1.git20120321.fc17 using only default settings, I noticed that I got a temporary/privacy IPv6 address when connecting to the network using wireless LAN, but not if I used wired ethernet. This seems a bit inconsistent to me, is it like this intentionally? Tore
Temporary address is switched on in nm_device_complete_connection() that is called to complete connection for AddAndActivateConnection() dbus call, i.e. for new created Wi-Fi connections when one click a new SSID in an applet. Else the default value in ip6-config setting is NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN, which is regarded as NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED. The IPv6 privacy was enabled in nm_device_complete_connection() as reaction to comment #14. Nonetheless, it appears now that it may be better to have it disabled too to be more consistent, as you mention. And some people seem to really hate IPv6 privacy stuff too: https://bugzilla.redhat.com/show_bug.cgi?id=825794 :( :)
Created attachment 215639 [details] [review] [PATCH] do not enable IPv6 privacy temp addresses while completing connections
Reposting some comments from the RH bug: We've got a supplicant reconnect timeout (15 seconds or so) that handles reconnection to a WiFi network, and if the supplicant is able to reconnect during that time then the connection won't be torn down and the address should still exist on the interface. However, if the supplicant can't reconnect, then we have to tear things down and see if another connection would be better. In that case, obviously addresses are deleted. It appears that the address regen gets called whenever the interface goes up: addrconf_notify() (I assume) gets called for netdev events and in the block for NETDEV_UP/NETDEV_CHANGE addrconf_dev_config() gets called, which regenerates the address. This means that if we *ever* take the device down, we'll get a new address. We take the device down to ensure that it's configuration is completely cleared and it's ready to be reactivated with completely new configuration. We also have to take bond devices down (and maybe bridges too) and their slaves since various bonding/bridging operations cannot be done unless the device is down. One approach is to deactivate the device, but not take it down until we reconnect to a *different* network. This would involve adding an argument to nm_device_deactivate() for "take device down" which would be FALSE when deactivating the device in response to a failure or manual deactivation, and upon reconnecting to a different network (*or if the connection has been modified*) then we call nm_device_deactivate(TRUE). In the future we could extend this to even keep IP addresses up (and dhclient) for a short period of time, even though the L2 link is gone, so that we reconnect more quickly. Basically, we decouple the L2 link state from the L3+ states somewhat.
(In reply to comment #27) > Created an attachment (id=215639) [details] [review] > [PATCH] do not enable IPv6 privacy temp addresses while completing connections Committed to master as af0eb9e7adf0732921ebe927408a41a36f56f72e
Created attachment 217377 [details] [review] [PATCH] nm-connection-editor GUI for IPv6 privacy extensions The patch adds a combobox into editor's 'IPv6 Settings' tab for setting IPv6 privacy extensions.
As ip6-privacy is implemented already, moving to nm-connection-editor.
(fixing the status of already-committed patches)
*** Bug 689080 has been marked as a duplicate of this bug. ***
Created attachment 275142 [details] [review] rebased patch for nm-c-e The patch looks good. I rebased to master, and (as always) the .ui file changes didn't apply cleanly; Jirka, can you double-check to make sure the widget ended up in the spot where you'd intended it to?
Patch looks good to me, and seemed to work fine when I tested it out.
Patch from comment 34 looks good to me too (tested fine too) ACK
The rebase looks fine, thanks. Committed to master as 77b29ed editor: add GUI for IPv6 privacy extensions (bgo #633233)