Bug 916045

Summary: No IPv6 privacy extensions with "Traditional Method"
Product: [openSUSE] openSUSE 13.1 Reporter: James Knott <james.knott>
Component: NetworkAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: aj, bwiedemann, james.knott, mt
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description James Knott 2015-02-03 18:53:05 UTC 
IPv6 supports a privacy address based on a random number, instead of the MAC address.  This was easily configurable in earlier versions of openSUSE, but not in 13.1 when using the traditional method for configuring a network interface.  It is available when using the KDE network manager.

How can this be enabled?  Or is it a bug that needs to be fixed?
Comment 1 Bernhard Wiedemann 2015-02-04 07:16:14 UTC 
Privacy extensions should be on by default since years. E.g. see
head /proc/sys/net/ipv6/conf/*/use_tempaddr

those should show 2 for interfaces that have it enabled

you could probably change these via an additional line in
/etc/sysctl.conf


Please note, that if you configure a machine as router (forwarding=1),
automatic address assignment and privacy extensions
might be automatically disabled
Comment 2 James Knott 2015-02-04 15:51:06 UTC 
# head /proc/sys/net/ipv6/conf/*/use_tempaddr
==> /proc/sys/net/ipv6/conf/all/use_tempaddr <==
2

==> /proc/sys/net/ipv6/conf/default/use_tempaddr <==
2

==> /proc/sys/net/ipv6/conf/eth0/use_tempaddr <==
0

==> /proc/sys/net/ipv6/conf/lo/use_tempaddr <==
-1

==> /proc/sys/net/ipv6/conf/vboxnet0/use_tempaddr <==


But if I try:

# echo 2>/proc/sys/net/ipv6/eth0/use_tempaddr
-bash: /proc/sys/net/ipv6/eth0/use_tempaddr: No such file or directory


Here is the contents of sysctl.conf

# more /etc/sysctl.conf
####
#
# /etc/sysctl.conf is meant for local sysctl settings
#
# sysctl reads settings from the following locations:
#   /boot/sysctl.conf-<kernelversion>
#   /lib/sysctl.d/*.conf
#   /usr/lib/sysctl.d/*.conf
#   /usr/local/lib/sysctl.d/*.conf
#   /etc/sysctl.d/*.conf
#   /run/sysctl.d/*.conf
#   /etc/sysctl.conf
#
# To disable or override a distribution provided file just place a
# file with the same name in /etc/sysctl.d/
#
# See sysctl.conf(5), sysctl.d(5) and sysctl(8) for more information
#
####

# net.ipv6.conf.all.disable_ipv6 = 1
# net.ipv6.conf.all.disable_ipv6 = 1
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
Comment 3 Marius Tomaschewski 2015-02-04 17:17:01 UTC 
A use_tempaddr=2 can't be properly applied via /etc/sysctl.conf, instead
put the (per interface) settings to /etc/sysconfig/network/ifsysctl, e.g.:

echo "net.ipv6.conf.all.use_tempaddr=2"  >> /etc/sysconfig/network/ifsysctl
#  or
echo "net.ipv6.conf.eth0.use_tempaddr=2" >> /etc/sysconfig/network/ifsysctl

See bug 494958 for all the details about, incl. kernel bug references.

(In reply to James Knott from comment #2)
> But if I try:
> 
> # echo 2>/proc/sys/net/ipv6/eth0/use_tempaddr
> -bash: /proc/sys/net/ipv6/eth0/use_tempaddr: No such file or directory

The path is without conf -> /proc/sys/net/ipv6/conf/eth0/use_tempaddr

*** This bug has been marked as a duplicate of bug 494958 ***
Comment 4 Marius Tomaschewski 2015-02-04 17:24:45 UTC 
BTW: In (more recent?) systemd-udev, there is also an another udev rule
applying the per interface setttings:

See /usr/lib/udev/rules.d/99-systemd.rules [here from 13.2]:

ACTION=="add", SUBSYSTEM=="net", KERNEL!="lo", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/ipv4/conf/$name --prefix=/proc/sys/net/ipv4/neigh/$name --prefix=/proc/sys/net/ipv6/conf/$name --prefix=/proc/sys/net/ipv6/neigh/$name"

or grep for sysctl in the rules directory.