dhcpcd-discuss

Le mer. 25 juin 2014 10:01:02 CEST, Roy Marples a écrit :
> Hi
>
> On 24/06/2014 21:24, Neitsab wrote:
>> I've just subscribed to the list to express my gratitude for the quick
>> and functional implementation of RFC7217 in the last dhcpcd version,
>> which greatly improves the ease of getting SLAAC IPv6 addresses in a
>> privacy-respecting configuration.
>>
>> It is only recently that I started delving into IPv6 configuration, and
>> even more recently that I discovered the need to enable Privacy
>> Extensions for IPv6 addresses not to be used as a mean of tracking
>> network interfaces throughout the Internet.
>>
>> After having been through the various steps to enable them on a
>> GNU/Linux distro (I'm running Archlinux with NetworkManager for network
>> handling), now gathered at
>> https://wiki.archlinux.org/index.php/IPv6#Privacy_extensions, I realize
>> how great an improvement the inclusion of the "slaac private" parameter
>> in the default dhcpcd configuration will be as it allows for a hands-off
>> approach of privacy-respecting IPv6 addresses in SLAAC mode, making it
>> secure-by-default for everybody.
>>
>> Provided the number of systems and softwares that rely on dhcpcd to get
>> network connectivity, I expect this change will do much in favour of a
>> privacy-friendly IPv6 environment, in those times of increasing tracking
>> and reduced liberties; I believe this small change does a lot for the
>> fight against massive surveillance and is greatly welcome, hence my
>> desire to thank you explicitly for that.
>>
>> While searching about this feature and its surrounding technological
>> environment (how iproute2 displays its activation etc.), I've had the
>> occasion to appreciate the presence and reactivity of this program's
>> author. So let him be thanked for his involvement, including on the Arch
>> bug tracker and I guess other downstream forums as well.
>
> WOW!
>
> That's the biggest wall of thanks I've ever had!
> If you don't mind I'll quote it on my Google+ page :)
> I don't actively use Arch, but I do lurk on the bug tracker and forums
> from time to time to check dhcpcd is working fine there.
>

As I said I believe it is strongly deserved, so please quote it wherever
you want :-) And for sure Arch is a great distro to have early feedback
on new software versions.

>> For the little technical question "while we're at it":
>> Recently I was trying to configure a static profile in dhcpcd.conf, for
>> a home server connected to a router via Ethernet. I was trying to get
>> dhcpcd assign the wired interface both a static IPv4 and IPv6 address,
>> however it didn't seem to understand my stanza. Here it is:
>>
>> ----------------
>> /etc/dhcpcd.conf
>> ----------------
>> ...
>> # A hook script is provided to lookup the hostname if not set by the
>> DHCP
>> # server, but it should not be run by default.
>> nohook lookup-hostname
>> noipv4ll
>>
>> # define static profile for Ethernet interface
>> interface enp7s8
>> static ip_address=192.168.1.22/24
>> static ip6_address=2001:42d1:ed07:f200::22/64
>> ----------------------------------------------
>> Note: here the ip6 prefix is made up, but I know the one I actually use
>> is correct.
>>
>> I tried with both ip6address and ip6_address, as the two syntaxes appear
>> in the man page for the corresponding IPv4 parameter.
>>
>> What am I missing here?
>
> Nothing.
> dhcpcd presently does not support IPv6 static addressing.

Alright, this explains that! I thought I was really missing something
obvious, as it wasn't explicitly stated in the doc and I couldn't find
info about it on the web.

> Of course, such a patch is fairly easy, just a little time consuming.
> I have one feature to add (allowing IA_NA and IA_PD in the same
> session as needed by Robert White on this ML)
> and once that's done I'll look into adding IPv6 static addressing and
> routing.

I'd say it is of lesser importance to implement for me now: now that I
better understand how IPv6 networking works and that the "slaac private"
option allows for an autoconfigured private global address, I can simply
use that. My aim was to have a shorter IPv6 scope global address to use
with SSH, but I've configured my ssh client to remember the regular one
so... Definitely not mission-critical here, and I prefer the "it just
works" focused approach :-)

> One question though - in IPv4 this explicitly disables DHCP and IPv4LL
> - would you expect this to disable IPv6RS and DHCPv6 as well?

TBH I can't really answer. A glimpse at my logs seems to say I currently
rely on IPv6RS and DHCPv6, so that would be a no.

Thanks,
Neitsab