[Bug 250919] IPV6_PRIVACY=rfc3041 in /etc/sysconfig/networking/devices/ifcfg-eth0 does not take effect
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=250919
--- Comment #38 from Bill C. Riemers <briemers(a)redhat.com> 2011-04-27 12:25:09 EDT ---
At least with Fedora 14, I can confirm that you can enable rfc3401 privacy by
adding the respective option in the /etc/sysctl.conf. e.g.
echo net.ipv6.conf.eth0.use_tempaddr=2 >> /etc/sysctl.conf
presumably you could specify all devices with:
echo net.ipv6.conf.all.use_tempaddr=2 >> /etc/sysctl.conf
You can enable it at runtime per device via:
ifdown eth0
sysctl net.ipv6.conf.eth0.use_tempaddr=2
ifup eth0
This to me seems much better than setting an option inside an ifcfg file.
Bill
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years
[Bug 700138] New: IPv6 use_tempaddr kernel parameter does not work: IPV6_PRIVACY=rfc3041 in /etc/sysconfig/networking/devices/ifcfg-eth0 does not take effect
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: IPv6 use_tempaddr kernel parameter does not work: IPV6_PRIVACY=rfc3041 in /etc/sysconfig/networking/devices/ifcfg-eth0 does not take effect
https://bugzilla.redhat.com/show_bug.cgi?id=700138
Summary: IPv6 use_tempaddr kernel parameter does not work:
IPV6_PRIVACY=rfc3041 in
/etc/sysconfig/networking/devices/ifcfg-eth0 does not
take effect
Product: Fedora
Version: 14
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: kernel
AssignedTo: kernel-maint(a)redhat.com
ReportedBy: briemers(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: cra(a)wpi.edu, pekkas(a)netcore.fi, dr(a)cluenet.de,
tomek(a)jot23.org, pb(a)bieringer.de,
russ+bugzilla-redhat(a)gloomytrousers.co.uk,
bugs+fedora(a)juliano.info, kernel-maint(a)redhat.com,
itamar(a)ispbrasil.com.br, briemers(a)redhat.com,
jonathan(a)jonmasters.org,
triage(a)lists.fedoraproject.org, bsiege(a)gmail.com,
gansalmon(a)Gmail.com, madhu.chinakonda(a)gmail.com
Depends on: 250919
Estimated Hours: 0.0
Classification: Fedora
Story Points: ---
Clone Of: 250919
I connected to http://test-ipv6.com/ it detects me as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
I used the command:
sudo sysctl net.ipv6.conf.all.use_tempaddr=1
Then I connected to http://test-ipv6.com/ and I am still detected as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
I then do:
sudo service NetworkManager stop
sudo ifdown eth0
sudo sysctl net.ipv6.conf.all.use_tempaddr=1
sudo service NetworkManager start
Now I connect to http://test-ipv6.com and I am still detected as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
This strikes me as a very critical security bug...
It looks like the random address is being generated, but it just is not being
used for outgoing connections...
$ sudo sysctl net.ipv6.conf.eth0.use_tempaddr=1
$ sudo ifdown eth0
$ sudo ifup eth0
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr F0:DE:F1:05:85:79
inet addr:172.31.253.220 Bcast:172.31.255.255 Mask:255.255.0.0
inet6 addr: 2001:470:1d:1c6:f2de:f1ff:fe05:8579/64 Scope:Global
inet6 addr: fe80::f2de:f1ff:fe05:8579/64 Scope:Link
inet6 addr: 2001:470:1d:1c6:9d30:ec7c:9d47:b95e/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14606 errors:0 dropped:0 overruns:0 frame:0
TX packets:12207 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10585779 (10.0 MiB) TX bytes:2428097 (2.3 MiB)
Interrupt:20 Memory:f2600000-f2620000
I suspect all only effects devices where the kernel module has not yet been
loaded.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years