[ipv6hackers] Configuring my laptop to use RFC 7217

Mark Elkins mje at posix.co.za
Fri Jul 14 08:58:40 CEST 2017


Thanks - that helps - a bit... (I'm a 'ifconfig' type of guy)

# ip link help

...
ip link set { DEVICE | dev DEVICE | group DEVGROUP } [ { up | down } ]
...
[ addrgenmode { eui64 | none } ]

So my current (non'~') version of 'ip' (ip utility, iproute2-ss160111)
does not have the 'stable_secret' option.

I Upgraded to the '~' version... (iproute2-ss170705)
[ addrgenmode { eui64 | none | stable_secret | random } ]

Now I get...
# ip link set eth0 addrgenmode stable_secret
RTNETLINK answers: Invalid argument

so something still missing/broken.  :-)

On 14/07/2017 02:03, Mark ZZZ Smith wrote:
> Hmm,
> So I think in theory you would set the addrgenmode for a link to be 'stable_secret' via the 'ip link' command, and then it would perform RFC7217 using the stable_secret sysctl value among other things, at least when generating the Link-Local address.
> For example, here is one of my interfaces current addrgenmode
> [mark at opy ~]$ ip -d link show enp0s253: enp0s25: <BROADCAST,MULTICAST> mtu 1500 qdisc fq state DOWN mode DEFAULT group default qlen 1000    link/ether 62:bc:5f:0e:4a:c7 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 [mark at opy ~]$
>
> However if I try to switch it to stable_secret mode, I get an error.
> [mark at opy ~]$ sudo ip link set enp0s25 addrgenmode stable_secret[sudo] password for mark: RTNETLINK answers: Invalid argument[mark at opy ~]$
> I also get an error when I try to set a stable secret value.
> [root at opy enp0s25]# pwd/proc/sys/net/ipv6/conf/enp0s25[root at opy enp0s25]# echo 1234 > stable_secret bash: echo: write error: Input/output error[root at opy enp0s25]#
>
> It seems there might be some other setting somewhere else to enable it in addition to the above, as above is what I'd expect is all that is needed.
>
>       From: Mark Elkins <mje at posix.co.za>
>  To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com> 
>  Sent: Thursday, 13 July 2017, 0:10
>  Subject: [ipv6hackers] Configuring my laptop to use RFC 7217
>    
> Hi,
>
> On my laptop, I run Gentoo linux, Kernel 4.9.16
>
> I currently generate random IPv6 addresses (RFC 4941) which means in my 
> /etc/syctl.conf, i have:
>
> # Allow IPV6 Random addresses
> net.ipv6.conf.all.use_tempaddr=2
> net.ipv6.conf.default.use_tempaddr=2
>
> This works just fine - but I would like to have deterministic IPv6
> addresses per network that I visit (RFC 7217)
>
> My "/etc/dhcpcd.conf" file contains "slaac private"
>
> Also - running "sysctl -a" gives me what appears to suggest RFC 7217 is
> enabled in my kernel,
>
>
> sysctl: reading key "net.ipv6.conf.all.stable_secret"
> sysctl: reading key "net.ipv6.conf.default.stable_secret"
> sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
> ...
>
> I have been searching around, read RFC 7217 - etc and see some info on
> the subject but not enough..
>
> I don't have a program called "addrgenmode" (neither does "equery b
> addrgenmode" give anything). From reading - this appears to initialise
> the "stable secret".
>
> Anyone care to  provide idiot instructions on how to run "Opaque
> Interface" addresses on my Linux gentoo laptop?
>

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za



More information about the Ipv6hackers mailing list