procps' 10-ipv6-privacy.conf stomps on the ifup/NetworkManager "privext"/"ipv6.ip6-privacy" settings
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ifupdown (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
network-manager (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
procps (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I have configured the following in /etc/network/
auto eth0
iface eth0 inet6 auto
privext 0
According to interfaces(5), this should disable IPv6 Privacy Extensions. However, after booting the machine, /proc/sys/
What's going on is that sometime later in the bootup process, the procps package overrides the user-configured value and sets it unconditionally to "2" for every interface on the system. This happens because the file /etc/sysctl.
On a related node, enabling IPv6 Privacy Extensions by default is counter to RFC 4941's recommendations. Quoting from section 3.6 Deployment Considerations:
The use of temporary addresses may cause unexpected difficulties with
some applications. As described below, some servers refuse to accept
communications from clients for which they cannot map the IP address
into a DNS name. In addition, some applications may not behave
robustly if temporary addresses are used and an address expires
before the application has terminated, or if it opens multiple
sessions, but expects them to all use the same addresses.
Consequently, the use of temporary addresses SHOULD be disabled by
default in order to minimize potential disruptions. Individual
applications, which have specific knowledge about the normal duration
of connections, MAY override this as appropriate.
As such, the most appropriate course of action is probably to stop shipping the 10-ipv6-
The described behaviour is observed on Trusty LTS.
Tore
summary: |
- 10-ipv6-privacy.conf stomps on the ifup/NetworkManager + procps' 10-ipv6-privacy.conf stomps on the ifup/NetworkManager "privext"/"ipv6.ip6-privacy" settings |
I just realised that this bug also impacts NetworkManager, at least on Vivid: I set the property "ipv6.ip6-privacy" on the default wired Ethernet interface to 0 (in order to prevent a remote CIFS mount from freezing every few hours), however after a reboot, privacy extensions remained active. My assumption is that NetworkManager configured the interface correctly (without privacy extensions) early on during the boot process, only to have the procps' 10-ipv6- privacy. conf overwrite it moments later. Disabling 10-ipv6- privacy. conf solved this issue too.