Support stable private IPv6 addresses about netctl HOT 4 CLOSED

Could you give some more details? When would this be most useful? How should this be configured without any network manager? A quick search revealed that /proc/sys/net/ipv6/*/stable_secret is the meat of the implementation of the RFC.

from netctl.

I'm not totally sure myself how it's managed or implemented, but it appears to be implemented in the kernel with
addr_gen_mode.

I don't think NetworkManager does it this way, seeing as how my NetworkManager interfaces are set addr_gen_mode=1 and are nevertheless set using stable secret.

I'm not overly knowledgeable here, but can we just set sysctl net.ipv6.conf.<if>.addr_gen_mode=3 on the interface?

EDIT: Yes, we can, which of course means it's probably not something that needs to be handled at all by netctl 😁

from netctl.

Sure, netctl could set addr_gen_mode. The question is when should it do so. What are the IP6= settings for which it makes sense? What additional parameters do we need/want (and document)?
I can already see many levels of randomized addresses:

• random addresses (via use_tempaddr?)
• stable random addresses (addr_gen_mode=3?)
• stable random addresses with a controlled key (should netctl touch stable_secret?)

If any of these settings are to be exposed by netctl, they should be exposed using meaningful names and settings. Not via cryptic names and numeric constants.

All of this could also be controlled via stable sysctl settings, see for instance the Arch Wiki. This is not profile-specific, so there is a use case for these settings in netctl. Note, though, that stateless address privacy is meant to transcend profiles!

from netctl.

I originally asked because I hadn't found addr_gen_mode and knew that NM was setting it some other way. But setting addr_gen_mode to 2/3 for the entire interface works fine for me. I.e. my use case is covered without needing to change netctl.
I think your last point is important, profile specific settings are not the way to go 99% of the time.

from netctl.