[ipv6hackers] Configuring my laptop to use RFC 7217

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Fri Jul 14 02:03:46 CEST 2017


Hmm,
So I think in theory you would set the addrgenmode for a link to be 'stable_secret' via the 'ip link' command, and then it would perform RFC7217 using the stable_secret sysctl value among other things, at least when generating the Link-Local address.
For example, here is one of my interfaces current addrgenmode
[mark at opy ~]$ ip -d link show enp0s253: enp0s25: <BROADCAST,MULTICAST> mtu 1500 qdisc fq state DOWN mode DEFAULT group default qlen 1000    link/ether 62:bc:5f:0e:4a:c7 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 [mark at opy ~]$

However if I try to switch it to stable_secret mode, I get an error.
[mark at opy ~]$ sudo ip link set enp0s25 addrgenmode stable_secret[sudo] password for mark: RTNETLINK answers: Invalid argument[mark at opy ~]$
I also get an error when I try to set a stable secret value.
[root at opy enp0s25]# pwd/proc/sys/net/ipv6/conf/enp0s25[root at opy enp0s25]# echo 1234 > stable_secret bash: echo: write error: Input/output error[root at opy enp0s25]#

It seems there might be some other setting somewhere else to enable it in addition to the above, as above is what I'd expect is all that is needed.

      From: Mark Elkins <mje at posix.co.za>
 To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com> 
 Sent: Thursday, 13 July 2017, 0:10
 Subject: [ipv6hackers] Configuring my laptop to use RFC 7217
   
Hi,

On my laptop, I run Gentoo linux, Kernel 4.9.16

I currently generate random IPv6 addresses (RFC 4941) which means in my 
/etc/syctl.conf, i have:

# Allow IPV6 Random addresses
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2

This works just fine - but I would like to have deterministic IPv6
addresses per network that I visit (RFC 7217)

My "/etc/dhcpcd.conf" file contains "slaac private"

Also - running "sysctl -a" gives me what appears to suggest RFC 7217 is
enabled in my kernel,


sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
...

I have been searching around, read RFC 7217 - etc and see some info on
the subject but not enough..

I don't have a program called "addrgenmode" (neither does "equery b
addrgenmode" give anything). From reading - this appears to initialise
the "stable secret".

Anyone care to  provide idiot instructions on how to run "Opaque
Interface" addresses on my Linux gentoo laptop?

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za      Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
https://lists.si6networks.com/mailman/listinfo/ipv6hackers


   


More information about the Ipv6hackers mailing list