tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Enabling SLAAC for IPv6 by default

			Hi tech-net@,

during my talk yesterday at EuroBSDCon 2018
( I
mentioned the SLAAC privacy extensions for IPv6 (RFC 4941). They help
maintain privacy on the Internet when using IPv6, by using a random
address when auto-configuring IPv6 addresses (ie with "ip6mode=autohost"
set in /etc/rc.conf).

This is obviously a big concern, and SLAAC has been enabled by default
in most commercial Operating Systems with support for IPv6 for a while:
- Windows since XP SP1,
- macOS since 10.7,
- iOS since 4.3,
- Android since 4.0,
- And in "some Linux distributions" as well.

It is apparently implemented in the major BSDs, including us. However it
is not enabled by default in NetBSD nor FreeBSD, and from what I can
tell while skimming the sources, not in OpenBSD either. The
corresponding sysctls in NetBSD are "net.inet6.ip6.use_tempaddr" and
"net.inet6.ip6.prefer_tempaddr" by the way.

Can we consider setting "use_tempaddr" as the default on NetBSD?
I believe the patch attached would do the trick.

Let me know,
Index: sys/netinet6/nd6_rtr.c
RCS file: /cvsroot/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.144
diff -p -u -r1.144 nd6_rtr.c
--- sys/netinet6/nd6_rtr.c	14 Aug 2018 01:10:58 -0000	1.144
+++ sys/netinet6/nd6_rtr.c	24 Sep 2018 22:00:19 -0000
@@ -94,7 +94,7 @@ static struct nd_prefix *nd6_prefix_look
 extern int nd6_recalc_reachtm_interval;
-int ip6_use_tempaddr = 0;
+int ip6_use_tempaddr = 1;
 int ip6_desync_factor;
 u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME;

Attachment: signature.asc
Description: OpenPGP digital signature

Home | Main Index | Thread Index | Old Index