Open BreiteSeite opened 5 months ago
IPv6PrivacyExtensions=
configures use_tempaddr
sysctl attribute, and the attribute is per-interface, not per-address...
Ah, maybe, you request something similar to ManageTemporaryAddress=
in [Address]
for dynamic addressing protocol, like NDisc?
IPv6PrivacyExtensions= configures use_tempaddr sysctl attribute, and the attribute is per-interface, not per-address...
I see. I thought this would use some kernel method but wasn't unsure which to dig deeper. So basically, this is a linux kernel limitation? If so i guess you can close this PR as not planned then as the real issue should be opened on the linux kernel side. I'm not comfortable with doing that currently as from the impressions i have is that they only accept contributions or bugs w/ patches. Not really sure if this could be considered a bug (incomplete RFC implementation). How the RFC is phrased i would assume this constitutes a feature.
Ah, maybe, you request something similar to ManageTemporaryAddress= in [Address] for dynamic addressing protocol, like NDisc?
No i don't think so. From what i understand is that with ManageTemporaryAddress=
i can define the 64-bit interface identifier that is used for temporary address generation? This wouldn't be what i want.
Edit: also someone on reddit 4 years ago wondered the same.
Component
systemd-networkd
Is your feature request related to a problem? Please describe
When
IPv6PrivacyExtensions
is set totrue
for a specific interface, it generates temporary addresses for all global unicast addresses as well as for all unique local addresses (ULA). In my case, generating temporary unique local addresses is undesired.Describe the solution you'd like
RFC 4941 in section
3.6 Deployment Considerations
states:So according to the RFC i think the following makes sense
Explicitly Enable Privacy Extensions Based On Prefixes
Maybe it makes sense to for
IPv6PrivacyExtensions
to not only accept aboolean
but maybe also specific prefixes where temporary addresses should be generated for.true
would continue meaning "all" andfalse
would completely turn privacy extensions off (meaningIPv6PrivacyExtensionsIgnoredPrefixes
would be silently ignored).IPv6PrivacyExtensions=2001::/16 2003::/16
Explicitly Disable Privacy Extensions Based On Prefixes
Could be done for example like this:
IPv6PrivacyExtensionsIgnoredPrefixes=fd00::/8 2002::/16
(not sure if it's the best name).To be clear, for my use-case i would be fine with explicitly enabling privacy extensions for specific prefixes (by using
IPv6PrivacyExtensions
). I proposed both because that is closest to the quoted RFC section.Alternative Version
Alternatively we could have a syntax (!-prefix to disable privacy extensions) like this:
IPv6PrivacyExtensions=!fd00::/8 2001::/16 2003::/16
In which case privacy extensions would be enabled for
2001::/16
and2003::/16
but disabled forfd00::/8
(prefixed with!
). However, i'm not sure how intuitive/parseable this is.The systemd version you checked that didn't have the feature you are asking for
254