Ubuntu 10.04LTS does not keep privacy setting
Shadow Hawkins on Friday, 02 September 2011 16:32:31
hi,
i have in my sysctl.conf
net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.wlan0.use_tempaddr = 2
when the system startups it receives after login an IPv4 from dhcp and IPv6 from ra (Cisco).
When i do an "ip addr show dev eth0" after 2min it shows like this:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:21:70:a9:b5:e2 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.49/24 brd 192.168.111.255 scope global eth0
inet6 2001:6f8:aaa:0:346a:db97:2cb8:e675/64 scope global secondary dynamic
valid_lft 354sec preferred_lft 54sec
inet6 2001:6f8:aaa:0:7801:e6e1:3add:8932/64 scope global secondary dynamic
valid_lft 302sec preferred_lft 2sec
inet6 2001:6f8:aaa:0:293a:33d8:7286:6f67/64 scope global secondary deprecated dynamic
valid_lft 246sec preferred_lft 0sec
inet6 2001:6f8:aaa:0:221:70ff:fea9:b5e2/64 scope global dynamic
valid_lft 354sec preferred_lft 54sec
inet6 fe80::221:70ff:fea9:b5e2/64 scope link
valid_lft forever preferred_lft forever
some minutes after i have more secondary deprecated dynamic and after a while, maybe 10min.
i have only the ip 2001:6f8:aaa:0:221:70ff:fea9:b5e2/64, which depends on the mac-address.
how does privacy extenstion work. does it change the ip address all minute?
why does this stop working?
best regards
thomas
Ubuntu 10.04LTS does not keep privacy setting
Jeroen Massar on Friday, 02 September 2011 16:50:02
Having it in sysctl is one thing, but is it really applied on boot?
check 'sysctl -a | grep use_tempaddr' if that is really the case.
Tthere used to be some race conditions with the IPv6 module being loaded after the sysctl settings where executed and thus not applied as they didn't exist yet; thus you might want to check if your kernel has IPv6 built-in, which is likely, or loads it as a module when the interface goes up.
how does privacy extenstion work. does it change the ip address all minute?
It generates a new IP address almost per connection/application actually.
See RFC3041 for the details, though the actual implementations tend to differ at least a wee bit.
why does this stop working?
You are using Open Source? :) Best is to ask on the kernel mailing list, most people I know turn those silly temporary addresses off, as they don't offer anything as an advantage as tracking is done with cookies and simply on the /48 you are coming from.
Ubuntu 10.04LTS does not keep privacy setting
Shadow Hawkins on Friday, 02 September 2011 17:30:12
Hi Jeroen,
yes i am using OpenSource ;)
the use_tempaddr is set to 2 where it is defined.
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.wlan0.use_tempaddr = 2
net.ipv6.conf.sit0.use_tempaddr = -1
net.ipv6.conf.tun0.use_tempaddr = -1
net.ipv6.conf.vboxnet0.use_tempaddr = 2
error: permission denied on key 'net.ipv6.route.flush'
as the IP addresses are setup after logon, i assume it the ipv6.ko was already loaded before.
hm, i will ask ubuntu, if they know something about this.
thanks
thomas
Ubuntu 10.04LTS does not keep privacy setting
Jeroen Massar on Friday, 02 September 2011 17:32:47 as the IP addresses are setup after logon, i assume it the ipv6.ko was already loaded before.
That is not what I mean; I mean that the IPv6 module has to either be statically included in the kernel or loaded at the point in time that the sysctl.conf settings are applied. But as the values are '2', this seems to be the case.
Posting is only allowed when you are logged in. |