Re: Enabling SLAAC for IPv6 by default

[Greg Troxel <gdt%lexort.com@localhost>]

Roy Marples <roy%marples.name@localhost> writes:

> He's specifically talking about temporary addresses.
> dhcpcd enables stable private addresses by default instead.

I am not quite following, and will assume I'm not the only one - so a
few questions trying to be precise.

I am unable to find any documentation of use_tempaddr and
prefer_tempaddr under /usr/share/man.

Is the "temp_addr" sysctl about "SLAAC privacy extensions", changing
behavior of the in-kernel stateless autoconfiguration client, such that
if not set, the MAC address is used to form the host part, and if set,
forming the host part randomly?

What is the lifetime of the addresses formed by the kernel when enabled?
Are we following the recommendation of 1 day as preferred and 7 days as
valid?

Is there a mechanism to keep such addresses (marked deprecrated) until
they are no longer in use (well, bound)?  I checked a few Mac machines,
and they seem to keep "deprecated" addresses around for varying
intervals.  Or simply the expiration at the end of the valid lifetime?

I checked one each netbsd-7 and netbsd-8, configured for dhcpcd, and
they have both link-local (fe80::) and global v6 addresses that do not
appear to have been formed from the MAC address.

> dhcpcd does however read the net.inet6.ip6.use_tempaddr sysctl and act
> accordingly and thus defaults to what the kernel is setup to do.

Given that, it seems clear that there is no need to discuss changing
dhcpcd, and the question on the table is about whether/how to change the
default values of sysctl variables.  Is that right?

> I could add an option to dhcpcd to set the sysctls by default in
> dhcpcd.conf, but not all OS's allow userland to set temporay addresses
> which is why I choose to read the kernel option and re-act
> accordingly.

I don't see how that would help; the present discussion is (I think)
about changing the kernel behavior for cases when dhcpcd is not used.

(I think dhcpcd's approach of reading the kernel config and respecting
it is exactly right, and that having dhcpcd start to change sysctls
should not happen.)


With respect to the downside of programs possibly not coping with
changing addresses, we are talking about machines without a configured
static v6 address, and which are therefore behaving as clients.  So I
would expect very minor if any trouble, and programs that run on other
operating systems have to cope anyway.  Programs that use v4 or stateful
v6 also have to cope, as dhcp servers can and do withdraw addresses over
time.


There are two concepts in RFC4941.  One is using a ~random indentifier
instead of the MAC, and the other is periodic changing.

So I wonder if the ~random part is already on by default (and is there a
sysctl), and we are just talking about the periodic changing?

Do we know if there are mechanisms to keep temporary addresses in
deprecated state while ?in use"?