[Bug 841353] Re: please enable IPv6 privacy extensions by default
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Mon Dec 12 20:08:05 UTC 2011
Kees,
It does, for most cases. The settings are applied depending on how fast
interfaces come up at boot. For instance, on my main laptop I'll get
wlan0 to always have extensions enabled, and eth0 tends to not have them
(because it's initialized earlier, before the sysctls are applied). I'm
working on fixing that for all interfaces to make sure it does get
applied properly everywhere, everytime, but as you mentioned, it's
tracked in another bug report
(https://bugs.launchpad.net/ubuntu/+source/procps/+bug/803739), and
linked in the blueprint.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/841353
Title:
please enable IPv6 privacy extensions by default
Status in “procps” package in Ubuntu:
Fix Released
Bug description:
We don't appear to enable IPv6 privacy extensions[1] by default.
Could we please do so? Leaking the MAC address of any IPv6 enabled
device is both undesirable and a regression from IPv4.
Enabling them appears to be as simple as a sysctl.d file with the
following in it:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
With those set, I now have 3 IPv6 addresses, one link local, one with
my MAC address and one without my MAC address. Although my machine
will answer to all 3 it will only use the non-MAC address based one
for outbound traffic.
[1] http://tools.ietf.org/html/rfc4941
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/841353/+subscriptions
More information about the foundations-bugs
mailing list