Turns on IPv6 privacy extensions regardless of settings in 10-ipv6-privacy.conf

Bug #998223 reported by Jeroen Dekkers on 2012-05-11
This bug affects 7 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Mathieu Trudel-Lapierre

Bug Description

After installing the latest network-manager package that fixes bug 990011, I noticed that my IPv6 address was suddenly different because IPv6 privacy extensions had been turned on. Turning them off in /etc/sysctl.d/10-ipv6-privacy.conf doesn't stop network-manager from enabling it. I'm using the default automatically generated wired connection, so there are no connection settings in /etc/NetworkManager/system-connections.

If I change some settings so that NM writes the connection to system-connections and then add ip6-privacy=0 to the configuration the privacy extensions are turned off, but it would be nice if that was also the case when it is turned of using /etc/sysctl.d/10-ipv6-privacy.conf.

Jeroen Dekkers (dekkers) wrote :
Jeroen Dekkers (dekkers) wrote :
Jeroen Dekkers (dekkers) wrote :
description: updated

Confirming / In Progress : the NM backend doesn't check for that particular file for the values, just looks at /etc/sysctl.conf. I'm going to be shipping more updates to fix this.

Changed in network-manager (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Jeroen Dekkers (dekkers) wrote :

Is there a reason why /etc/sysctl.conf is parsed instead of getting the current configuration from /proc/sys/net/ipv6/conf/default/use_tempaddr?

summary: - Turns on IPv6 privacy extensions with latest update, even when turned
- off by sysctl
+ Turns on IPv6 privacy extensions regardless of settings in
+ 10-ipv6-privacy.conf
Romain Boissat (rboissat) wrote :

I did some dirty hack to circumvent this behavior: https://chroot-me.in/blog/index.php/blog/43
Works reliably for me, but certainly not a *proper* fix :)

Romain, a much simpler fix would be to change the settings in /etc/sysctl.conf; after commenting out the ones in /etc/sysctl.d/10-ipv6-privacy.conf.

Romain Boissat (rboissat) wrote :

Mathieu, I agree, except it won't work: it seems that NM enforces the value '2'. I'll check again.

Romain Boissat (rboissat) wrote :

Mathieu, I concur. By commenting out sysctls in /etc/sysctl.d/10-ipv6-privacy.conf, disabling my fix and rebooting my laptop, NM does not enforce privacy addresses. Thanks for correcting me :)

Yeah, sorry about that, will be fixed in a future SRU.

dnmvisser (dnmvisser) wrote :

The same applies to Ubuntu 12.04 server.
Despite what interfaces(5) says:

              privext int
                     Privacy extensions (RFC3041) (0=off, 1=assign, 2=prefer)

That statement does not seem to get honoured.
This entry in /etc/nework/interfaces worked fine at least in beta2, but now does not work any more:

iface eth0 inet6 static
        address 2001:610:148:dead::54
        gateway 2001:610:148:dead::1
        netmask 64
        autoconf 0
        privext 0
        dns-search terena.org
        dns-domain terena.org
        dns-nameservers 2001:610:1:800a:192:87:106:105 2001:610:188:140:145:100:188:188

What's worse, booting a 12.04 machine with this very config will yield no IPv6 connectivity *at all*:

eth0 Link encap:Ethernet HWaddr 00:50:56:86:00:25
          inet addr: Bcast: Mask:
          inet6 addr: fe80::250:56ff:fe86:25/64 Scope:Link
          RX packets:97 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:12528 (12.5 KB) TX bytes:9673 (9.6 KB)

If privext=0 doesn't get honoured and actually = 2 (as per /etc/sysctl.d/10-ipv6-privacy.conf), then it looks like autoconf=0 and privext=2 don't mix.

Commenting out /etc/sysctl.d/10-ipv6-privacy.conf, or setting autoconf=1 both fix the problem.

Changed in network-manager (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager -

network-manager ( quantal; urgency=low

  * debian/patches/dnsmasq-dbus-updates.patch: make sure the no_reply flag is
    set for the SetServers message we send to dnsmasq -- we're not expecting a
    reply and the messages otherwise stick around in the queue as pending.
    (LP: #1033600)
  * debian/patches/lp990011_use_tempaddr_sysctl_default.patch: properly query
    both /etc/sysctl.d/10-ipv6-privacy.conf and /etc/sysctl.conf for the value
    of use_tempaddr. (LP: #998223)
  * debian/patches/dnsmasq-dbus-updates.patch: fail DNS caching updates (so as
    to not write to resolv.conf) if the lists of device configs were
    empty (no nameservers or domains). (LP: #1023486)
 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 16 Aug 2012 00:46:06 -0400

Changed in network-manager (Ubuntu):
status: In Progress → Fix Released
Nikos Skalkotos (skalkoto) wrote :

I think this bug still affects network-manager shipped with Ubuntu 12.04 LTS. Settings found in /etc/sysctl.d/10-ipv6-privacy.conf don't get honored by NM.

Jon Schewe (jpschewe) wrote :

This appears to still be broken in Ubuntu 14.04. NetworkManager

Paul Necsoiu (paul-necsoiu) wrote :

Also in 15.04.

halfgaar (wiebe-halfgaar) wrote :

I seem to be getting the same behavior in Ubuntu 18.04 with the new Netplan. I configured a static address, and regardless of the sysctl settings, I'm getting a privacy extensions address, which is undesirable on (my) servers.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers