[feature suggestion] enhance ipv6 privacy
since it came up in the forum https://forum.turris.cz/t/ipv6-best-practice-questions/10423/3
With RFC 4941 for DHCP and RFC 7217 for SLAAC ipv6 privacy can be enhanced, which though currently is not the default (vanilla medkit).
RFC 7217 for SLAAC - net.ipv6.conf.default.stable_secret
recommends that a stable secret is to be generated during device set up, e.g. something like head -c 16 /dev/urandom | xxd -p | sed "s/..../:&/g; s/://"
(requires package xxd
) could be utilized.
It would have to be generated and added to sysctl.d (perhaps applied with sysctl -w during setup) prior any iface is setup since 'default' does not apply to any iface already in existence.
net.ipv6.conf.all.stable_secret
does not work.
RFC 4941 for DHCP
Acceptable values:
0 - don’t use privacy extensions.
1 - generate privacy addresses
2 - prefer privacy addresses and use them over the normal addresses.
Probably should do for existing and added ifaces
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2