Re: IPv6 temporary address and SSH

[Gert Doering <gert%greenie.muc.de@localhost>]

Hi,

On Tue, Nov 28, 2023 at 10:57:11AM +0100, Wolfgang Solfrank wrote:
> One way to disable the use of temporary addresses in one
> application would be to walk the addresses returned by
> getiaddrs(3) and look in the ifa_addrflags for the flag
> IN6_IFF_TEMPORARY.  Then you would bind the socket
> to an address with or without that flag.  You'll be able to
> see how this works, when my patch is ready, as this
> approach is neccessary for the case where BindInterface
> is specified in the ssh_config.

This is something I try to avoid, especially when there are more
then one interfaces which could be used.  But of course, when you
do BindInterface, this is what you need.

> But there is an even simpler way if you want to select/
> avoid any temporary address:   You can setsockopt(2)
> the IPV6_PREFER_TEMPADDR on the socket to either
> IP6PO_TEMPADDR_PREFER or IP6PO_TEMPADDR_NOTPREFER.

Now this sounds highly interesting.  Is this a NetBSD specific thing, or
"generic POSIX sockets" or so?  I see FreeBSD has all the #defines in in6.h,
while MacOS has the IPV6_PREFER_TEMPADDR but not the IP6PO_ defines..

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert%greenie.muc.de@localhost