please enable IPv6 privacy extensions by default

Bug #841353 reported by James Troup
This bug affects 2 people
Affects Status Importance Assigned to Milestone
procps (Ubuntu)
Fix Released

Bug Description

We don't appear to enable IPv6 privacy extensions[1] by default.
Could we please do so? Leaking the MAC address of any IPv6 enabled
device is both undesirable and a regression from IPv4.

Enabling them appears to be as simple as a sysctl.d file with the
following in it:

  net.ipv6.conf.all.use_tempaddr = 2
  net.ipv6.conf.default.use_tempaddr = 2

With those set, I now have 3 IPv6 addresses, one link local, one with
my MAC address and one without my MAC address. Although my machine
will answer to all 3 it will only use the non-MAC address based one
for outbound traffic.


Tags: ipv6 privacy

Related branches

tags: added: ipv6 privacy
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Confirming, we've been discussing this in; and although it's not approved yet we did identify work items for enabling this at the ifupdown and NM levels.

Changed in procps (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package procps - 1:3.2.8-11ubuntu5

procps (1:3.2.8-11ubuntu5) precise; urgency=low

  * debian/sysctl.d/10-ipv6-privacy.conf: add a file to sysctl.d to apply the
    defaults for IPv6 privacy extensions for interfaces. (LP: #176125, #841353)
 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 05 Dec 2011 12:46:24 +0100

Changed in procps (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Does this fix actually work? There was a lot of discussion in 176125 about there being races and other problems with just setting the sysctl like this.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :


It does, for most cases. The settings are applied depending on how fast interfaces come up at boot. For instance, on my main laptop I'll get wlan0 to always have extensions enabled, and eth0 tends to not have them (because it's initialized earlier, before the sysctls are applied). I'm working on fixing that for all interfaces to make sure it does get applied properly everywhere, everytime, but as you mentioned, it's tracked in another bug report (, and linked in the blueprint.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.