Hi tech-net@, during my talk yesterday at EuroBSDCon 2018 (https://2018.eurobsdcon.org/talks-speakers/#PierrePronchery) I mentioned the SLAAC privacy extensions for IPv6 (RFC 4941). They help maintain privacy on the Internet when using IPv6, by using a random address when auto-configuring IPv6 addresses (ie with "ip6mode=autohost" set in /etc/rc.conf). This is obviously a big concern, and SLAAC has been enabled by default in most commercial Operating Systems with support for IPv6 for a while: - Windows since XP SP1, - macOS since 10.7, - iOS since 4.3, - Android since 4.0, - And in "some Linux distributions" as well. (source: https://en.wikipedia.org/wiki/IPv6#SLAAC_privacy_extensions) It is apparently implemented in the major BSDs, including us. However it is not enabled by default in NetBSD nor FreeBSD, and from what I can tell while skimming the sources, not in OpenBSD either. The corresponding sysctls in NetBSD are "net.inet6.ip6.use_tempaddr" and "net.inet6.ip6.prefer_tempaddr" by the way. Can we consider setting "use_tempaddr" as the default on NetBSD? I believe the patch attached would do the trick. Let me know, -- khorben
Index: sys/netinet6/nd6_rtr.c =================================================================== RCS file: /cvsroot/src/sys/netinet6/nd6_rtr.c,v retrieving revision 1.144 diff -p -u -r1.144 nd6_rtr.c --- sys/netinet6/nd6_rtr.c 14 Aug 2018 01:10:58 -0000 1.144 +++ sys/netinet6/nd6_rtr.c 24 Sep 2018 22:00:19 -0000 @@ -94,7 +94,7 @@ static struct nd_prefix *nd6_prefix_look extern int nd6_recalc_reachtm_interval; -int ip6_use_tempaddr = 0; +int ip6_use_tempaddr = 1; int ip6_desync_factor; u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME;
Attachment:
signature.asc
Description: OpenPGP digital signature