Configuration and Operation

How to check, enable and configure temporary addresses depends on the particular Unix again.

Debian Sarge There is no standardized way to configure temporary addresses. Provided that the ipv6 module has been loaded via /etc/modules before the interface is configured, the lines

_f /etc/network/interfaces |_

auto ethO

iface ethO inet manual up /sbin/ip -6 link set ethO up up /sbin/sysctl -w net.ipv6.conf. ethO.use_tempaddr=1

# Change and enable the next lines to configure the lifetimes

# up /sbin/sysctl -w net.ipv6.conf. ethO.temp_prefered_lft=864OO

# up /sbin/sysctl -w net.ipv6.conf. ethO.temp_valid_lft=6O48OO

in /etc/network/interfaces do the trick; the first sysctl variable enables temporary addresses while the second and third set the preferred and valid lifetimes in seconds, respectively. The lifetime values shown here are the defaults (one day and one week). Note that "prefered" in temp_prefered_lft is written with a single "r" instead of the more customary "rr".

The temporary addresses can be observed using either ifconfig or ip. Since ifconfig doesn't show the lifetimes, ip is strongly preferred. Temporary addresses are marked as "secondary". Doing an ip -6 addr show eth0 reveals a minor problem: The addresses are listed multiple times. FreeBSD 6.1 Temporary addresses are controlled via sysctl. To enable temporary addresses, we put these lines into /etc/sysctl.conf:

f /etc/sysctl.conf |

net

inet6

ip6.use_tempaddr=1

y Enable temporary addresses

net

inet6

ip6.temppltime=86400

y Default value (1 day)

net

inet6

ip6.tempvltime=604800

y Default value (1 week)

net

inet6

ip6.prefer_tempaddr=0

y Default value (don't prefer)

The preferred and valid lifetimes can be adjusted as needed. Setting the prefer_tempaddr variable to 1 will change the system behaviour so that outgoing packets will use a temporary address by default. As we will see below, this behaviour may break applications.

There is no way to control this behaviour for individual interfaces. Temporary addresses are displayed using ifconfig -a. They are marked as "temporary". The additional option -L displays the lifetimes as well. Solaris 10 The in.ndpd takes care of temporary address handling. It expects its configuration in /etc/inet/ndpd.conf. We can either enable temporary addresses by interface or like this

ifdefault TmpAddrsEnabled true ifdefault TmpValidLifetime 86400 || Default value (1 day)

ifdefault TmpPreferredLifetime 604800 || Default value (1 week)

for all interfaces. We can check the addresses configured using ifconfig where they are tagged as "temporary" but as already explained in section 4.5.1 there is no way to display the current lifetimes. [ 97 ]

Since temporary addresses are meant to improve privacy, it doesn't make sense to put them into the DNS—at least not to make them globally visible. If we have a name server that only serves local clients, then it might make sense to put the addresses there for debugging purposes, but so far no readily available tools exist to do so.

Dealing with addresses that can't be resolved to host names by the DNS may complicate troubleshooting some problems. What's worse, the more often these addresses change, the harder it is to track down the machine causing a problem. It remains to be seen how troublesome temporary addresses will eventually prove.

Was this article helpful?

0 0

Post a comment