oss-sec mailing list archives
Re: Linux kernel handling of IPv6 temporary addresses
From: George Kargiotakis <kargig () void gr>
Date: Thu, 17 Jan 2013 14:27:25 +0200
Hello, On Thu, 17 Jan 2013 17:21:33 +0530 (IST) P J P <ppandit () redhat com> wrote:
+-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+ | valid_lft 131007sec preferred_lft 65471sec | inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global tentative dynamic | valid_lft 131007sec preferred_lft 65471sec | | what I also find wrong here is that all temporary addresses (dynamic) | acquired have gotten the same last 64bits. I don't think this is OK per RFC | 4941 even if not explicitly defined there. Every temp. address created | should be different per prefix from the rest. True, the last few bits of the addresses are same as the IPv6 address of the host, with scope::global, but no tentative dynamic bits set. Plus network becomes unreachable till I reboot the host. | use_tempaddr for the iface still has '2' as its value | # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr | 2 This value is always 0, before ifconfig eth0 down and after ifconfig eth0 up.
Ubuntu is the only distribution that has by default enabled Privacy Extensions as far as I know. On your RHEL it's '0' and that's why you weren't seeing any 'ipv6_create_tempaddr' as previously mentioned on your emails. If you change this value to '2' you'll also see those kernel messages.
Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Regards, -- George Kargiotakis https://void.gr GPG KeyID: 0xE4F4FFE6 GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6
Current thread:
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
- <Possible follow-ups>
- Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
- Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
- Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 17)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
- Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 20)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 21)
- Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)