[ipv6hackers] Configuring my laptop to use RFC 7217
Mark ZZZ Smith
markzzzsmith at yahoo.com.au
Fri Jul 14 02:03:46 CEST 2017
So I think in theory you would set the addrgenmode for a link to be 'stable_secret' via the 'ip link' command, and then it would perform RFC7217 using the stable_secret sysctl value among other things, at least when generating the Link-Local address.
For example, here is one of my interfaces current addrgenmode
[mark at opy ~]$ ip -d link show enp0s253: enp0s25: <BROADCAST,MULTICAST> mtu 1500 qdisc fq state DOWN mode DEFAULT group default qlen 1000 link/ether 62:bc:5f:0e:4a:c7 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 [mark at opy ~]$
However if I try to switch it to stable_secret mode, I get an error.
[mark at opy ~]$ sudo ip link set enp0s25 addrgenmode stable_secret[sudo] password for mark: RTNETLINK answers: Invalid argument[mark at opy ~]$
I also get an error when I try to set a stable secret value.
[root at opy enp0s25]# pwd/proc/sys/net/ipv6/conf/enp0s25[root at opy enp0s25]# echo 1234 > stable_secret bash: echo: write error: Input/output error[root at opy enp0s25]#
It seems there might be some other setting somewhere else to enable it in addition to the above, as above is what I'd expect is all that is needed.
From: Mark Elkins <mje at posix.co.za>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Sent: Thursday, 13 July 2017, 0:10
Subject: [ipv6hackers] Configuring my laptop to use RFC 7217
On my laptop, I run Gentoo linux, Kernel 4.9.16
I currently generate random IPv6 addresses (RFC 4941) which means in my
/etc/syctl.conf, i have:
# Allow IPV6 Random addresses
This works just fine - but I would like to have deterministic IPv6
addresses per network that I visit (RFC 7217)
My "/etc/dhcpcd.conf" file contains "slaac private"
Also - running "sysctl -a" gives me what appears to suggest RFC 7217 is
enabled in my kernel,
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
I have been searching around, read RFC 7217 - etc and see some info on
the subject but not enough..
I don't have a program called "addrgenmode" (neither does "equery b
addrgenmode" give anything). From reading - this appears to initialise
the "stable secret".
Anyone care to provide idiot instructions on how to run "Opaque
Interface" addresses on my Linux gentoo laptop?
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
More information about the Ipv6hackers