dhcpcd-discuss

On 2017-08-26 16:16, Roy Marples wrote:
> On 25/08/17 16:10, Roy Marples wrote:
> > > Add support for Privacy Extensions "temporary addresses" (RFC 4941
> > > <https://tools.ietf.org/html/rfc4941> [1], obsoleted RFC 3041)
> > > Preferrable for outgoing connections. In contrast to stable private
> > > addresses (RFC 7217 <https://tools.ietf.org/html/rfc7217> [2]) for
> > > incoming connections.
> > > This should allow to get rid of /etc/interfaces completely, no more
> > > "iface eth0 inet6 auto" with "privext 2" needed for privacy 
> > > extensions
> > > and no more hardware-address based addresses.
> > > I assume this can be heavily discussed, as sysctl
> > > <https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt> 
> > > [3]
> > > plays another rule in this topic
> > > (/proc/sys/net/ipv6/conf/<interface>/use_tempaddr).
> > >
> > > Or is there another way to *only* have stable private and temporary
> > > addresses assigned via SLAAC? No hardware-based addresses anymore.
> > >
> > > Example:
> > > ## Default to additional temporary addresses for GUA
> > > slaac temporary 2000::/3
> > > ## ULA is handled by dhcp, no SLAAC
> > >
> > > interface eth0
> > >    ## Temporary addresses for GUA
> > >    slaac temporary 2000::/3
> > >    ## Stable private addresses for services on GUA, preferred as the 
> > > very
> > > last for outgoing connections (that's what the temporary address is 
> > > for)
> > >    slaac stableprivate 2000::/3 PLFT=0 inform6
> > >    ## ULA is handled by dhcp, no SLAAC
> > >
> > > [1] https://tools.ietf.org/html/rfc4941
> > > [2] https://tools.ietf.org/html/rfc7217
> > > [3] https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
> > > [4] Linux: ipv6_create_tempaddr()
> >
> > Temporary addresses should already work.
> > But I've not tested this in a long time, so could be broken.
> > I'll look into this tonight.
>
> This was broken in dhcpcd-7!
> I've pushed some patches to fix this, here is sample output with 
> use_tempaddr=2
>
> wlp6s0: soliciting an IPv6 router
> wlp6s0: sending Router Solicitation
> wlp6s0: Router Advertisement from fe80::1
> wlp6s0: adding address fd73:7808:1015:0:34a8:16c7:ed4c:7542/64
> wlp6s0: pltime 120 seconds, vltime 180 seconds
> wlp6s0: adding temporary address 
> fd73:7808:1015:0:5494:bab6:8a56:f7e0/64
> wlp6s0: pltime 120 seconds, vltime 180 seconds
> wlp6s0: adding route to fd73:7808:1015::/64
> wlp6s0: adding default route via fe80::1
> wlp6s0: waiting for Router Advertisement DAD to complete
>
> Looks broken in dhcpcd-6 branch as well, but I've not tested nor fixed 
> it.
>
> Maybe you could try a the latest master in git to verify?
>
> Roy

Hi Roy,

finally was able to correctly build the git master branch for Debian 9.0 
"Stretch".
The fix works but IPv6 addresses are not shown as temporary:

$ cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr
0

$ ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000
    inet6 2003:a:b2b:6100:ba27:ebff:fe58:322e/64 scope global 
noprefixroute dynamic
       valid_lft 6766sec preferred_lft 3166sec

$ echo 2 > /proc/sys/net/ipv6/conf/eth0/use_tempaddr

$ ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000
    inet6 2003:a:b2b:6100:a093:ef1b:b2bc:85a7/64 scope global 
noprefixroute dynamic
       valid_lft 7185sec preferred_lft 3585sec
    inet6 2003:a:b2b:6100:ba27:ebff:fe58:322e/64 scope global 
noprefixroute dynamic
       valid_lft 7185sec preferred_lft 3585sec

When I use the systemd.network:
    inet6 2003:a:b2b:6100:fdbd:14b7:2b45:f77e/64 scope global 
*temporary* dynamic
       valid_lft 6863sec preferred_lft 3263sec

Regards
Maddes