Re: Linux kernel handling of IPv6 temporary addresses

[George Kargiotakis <kargig () void gr>]

Hello, 

On Thu, 17 Jan 2013 17:21:33 +0530 (IST)
P J P <ppandit () redhat com> wrote:

> +-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+
> |        valid_lft 131007sec preferred_lft 65471sec
> |  inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global
> tentative dynamic |        valid_lft 131007sec preferred_lft 65471sec
> | 
> | what I also find wrong here is that all temporary addresses
> (dynamic) | acquired have gotten the same last 64bits. I don't think
> this is OK per RFC | 4941 even if not explicitly defined there. Every
> temp. address created | should be different per prefix from the rest.
>
>    True, the last few bits of the addresses are same as the IPv6
> address of the host, with scope::global, but no tentative dynamic
> bits set. Plus network becomes unreachable till I reboot the host.
>
> | use_tempaddr for the iface still has '2' as its value
> | # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 
> | 2
>
>    This value is always 0, before ifconfig eth0 down and after
> ifconfig eth0 up.

Ubuntu is the only distribution that has by default enabled Privacy
Extensions as far as I know. On your RHEL it's '0' and
that's why you weren't seeing any 'ipv6_create_tempaddr' as previously
mentioned on your emails. If you change this value to '2' you'll also
see those kernel messages.

> Thank you.
> --
> Prasad J Pandit / Red Hat Security Response Team
> DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


Regards,
-- 
George Kargiotakis
https://void.gr
GPG KeyID: 0xE4F4FFE6
GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6