please enable IPv6 privacy extensions by default

Bug #841353 reported by James Troup on 2011-09-04
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
procps (Ubuntu)
Medium
Unassigned

Bug Description

We don't appear to enable IPv6 privacy extensions[1] by default.
Could we please do so? Leaking the MAC address of any IPv6 enabled
device is both undesirable and a regression from IPv4.

Enabling them appears to be as simple as a sysctl.d file with the
following in it:

  net.ipv6.conf.all.use_tempaddr = 2
  net.ipv6.conf.default.use_tempaddr = 2

With those set, I now have 3 IPv6 addresses, one link local, one with
my MAC address and one without my MAC address. Although my machine
will answer to all 3 it will only use the non-MAC address based one
for outbound traffic.

[1] http://tools.ietf.org/html/rfc4941

Related branches

tags: added: ipv6 privacy

Confirming, we've been discussing this in https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-ipv6; and although it's not approved yet we did identify work items for enabling this at the ifupdown and NM levels.

Changed in procps (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package procps - 1:3.2.8-11ubuntu5

---------------
procps (1:3.2.8-11ubuntu5) precise; urgency=low

  * debian/sysctl.d/10-ipv6-privacy.conf: add a file to sysctl.d to apply the
    defaults for IPv6 privacy extensions for interfaces. (LP: #176125, #841353)
 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 05 Dec 2011 12:46:24 +0100

Changed in procps (Ubuntu):
status: Confirmed → Fix Released
Kees Cook (kees) wrote :

Does this fix actually work? There was a lot of discussion in 176125 about there being races and other problems with just setting the sysctl like this.

Kees,

It does, for most cases. The settings are applied depending on how fast interfaces come up at boot. For instance, on my main laptop I'll get wlan0 to always have extensions enabled, and eth0 tends to not have them (because it's initialized earlier, before the sysctls are applied). I'm working on fixing that for all interfaces to make sure it does get applied properly everywhere, everytime, but as you mentioned, it's tracked in another bug report (https://bugs.launchpad.net/ubuntu/+source/procps/+bug/803739), and linked in the blueprint.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints