system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-09 04:05:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

merge: branch 'ipv6-temp-lifetime'

Browse Source 
device: introduce ipv6.temp-valid-lifetime and ipv6.temp-preferred-lifetime properties

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1846
This commit is contained in:
Íñigo Huguet 2024-03-21 07:09:35 +00:00
commit 46245b23ce
11 changed files with 1077 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
man/NetworkManager.conf.xml
View File

@ -1023,8 +1023,23 @@ ipv6.ip6-privacy=0
</varlistentry>
<varlistentry>
<term><varname>ipv6.ip6-privacy</varname></term>
<listitem><para>If <literal>ipv6.ip6-privacy</literal> is unset, use the content of
"/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback.
<listitem><para>If <literal>ipv6.ip6-privacy</literal> is unset, fall back to the original
value of "/proc/sys/net/ipv6/conf/&lt;iface&gt;/use_tempaddr" from before NetworkManager
started.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>ipv6.temp-valid-lifetime</varname></term>
<listitem><para>If <literal>ipv6.temp-valid-lifetime</literal> is unset, fall back to the
original value of "/proc/sys/net/ipv6/conf/&lt;iface&gt;/temp_valid_lft" from before
NetworkManager started.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>ipv6.temp-preferred-lifetime</varname></term>
<listitem><para>If <literal>ipv6.temp-preferred-lifetime</literal> is unset, fall back to
the original value of "/proc/sys/net/ipv6/conf/&lt;iface&gt;/temp_prefered_lft" from
before NetworkManager started.
</para></listitem>
</varlistentry>
<varlistentry>

121
src/core/devices/nm-device.c
View File

@ -95,6 +95,9 @@
#define CARRIER_WAIT_TIME_MS 6000
#define CARRIER_WAIT_TIME_AFTER_MTU_MSEC 10000
#define SECONDS_PER_WEEK 604800
#define SECONDS_PER_DAY 86400
#define NM_DEVICE_AUTH_RETRIES_UNSET -1
#define NM_DEVICE_AUTH_RETRIES_INFINITY -2
#define NM_DEVICE_AUTH_RETRIES_DEFAULT 3
@ -2270,6 +2273,7 @@ _prop_get_ipv4_dhcp_vendor_class_identifier(NMDevice *self, NMSettingIP4Config *
static NMSettingIP6ConfigPrivacy
_prop_get_ipv6_ip6_privacy(NMDevice *self)
{
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
NMSettingIP6ConfigPrivacy ip6_privacy;
NMConnection *connection;
@ -2303,16 +2307,100 @@ _prop_get_ipv6_ip6_privacy(NMDevice *self)
if (!nm_device_get_ip_ifindex(self))
return NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN;
/* 3.) No valid default-value configured. Fallback to reading sysctl.
*
* Instead of reading static config files in /etc, just read the current sysctl value.
* This works as NM only writes to "/proc/sys/net/ipv6/conf/IFNAME/use_tempaddr", but leaves
* the "default" entry untouched. */
ip6_privacy = nm_platform_sysctl_get_int32(
nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv6/conf/default/use_tempaddr"),
NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN);
return _ip6_privacy_clamp(ip6_privacy);
/* 3.) No valid default value configured. Fall back to the original value
* from before NM started. */
return _ip6_privacy_clamp(_nm_utils_ascii_str_to_int64(
g_hash_table_lookup(priv->ip6_saved_properties, "use_tempaddr"),
10,
G_MININT32,
G_MAXINT32,
NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN));
}
static gint32
_prop_get_ipv6_temp_valid_lifetime(NMDevice *self)
{
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
gint32 temp_valid_lifetime;
NMConnection *connection;
g_return_val_if_fail(self, 0);
/* 1.) First look at the per-connection setting. If it is not 0 (unknown), use it. */
connection = nm_device_get_applied_connection(self);
if (connection) {
NMSettingIPConfig *s_ip6 = nm_connection_get_setting_ip6_config(connection);
if (s_ip6) {
temp_valid_lifetime =
nm_setting_ip6_config_get_temp_valid_lifetime(NM_SETTING_IP6_CONFIG(s_ip6));
if (temp_valid_lifetime)
return temp_valid_lifetime;
}
}
/* 2.) Use the default value from the configuration. */
temp_valid_lifetime =
nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
NM_CON_DEFAULT("ipv6.temp-valid-lifetime"),
self,
0,
G_MAXINT32,
0);
if (temp_valid_lifetime)
return temp_valid_lifetime;
/* 3.) No valid default value configured. Fall back to the original value
* from before NM started. */
return _nm_utils_ascii_str_to_int64(
g_hash_table_lookup(priv->ip6_saved_properties, "temp_valid_lft"),
10,
0,
G_MAXINT32,
SECONDS_PER_WEEK /* final hardcoded fallback: 1 week */);
}
static gint32
_prop_get_ipv6_temp_preferred_lifetime(NMDevice *self)
{
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
gint32 temp_preferred_lifetime;
NMConnection *connection;
g_return_val_if_fail(self, 0);
/* 1.) First look at the per-connection setting. If it is not 0 (unknown), use it. */
connection = nm_device_get_applied_connection(self);
if (connection) {
NMSettingIPConfig *s_ip6 = nm_connection_get_setting_ip6_config(connection);
if (s_ip6) {
temp_preferred_lifetime =
nm_setting_ip6_config_get_temp_preferred_lifetime(NM_SETTING_IP6_CONFIG(s_ip6));
if (temp_preferred_lifetime)
return temp_preferred_lifetime;
}
}
/* 2.) Use the default value from the configuration. */
temp_preferred_lifetime =
nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
NM_CON_DEFAULT("ipv6.temp-preferred-lifetime"),
self,
0,
G_MAXINT32,
0);
if (temp_preferred_lifetime)
return temp_preferred_lifetime;
/* 3.) No valid default value configured. Fall back to the original value
* from before NM started. */
return _nm_utils_ascii_str_to_int64(
g_hash_table_lookup(priv->ip6_saved_properties, "temp_prefered_lft"),
10,
0,
G_MAXINT32,
SECONDS_PER_DAY /* final hardcoded fallback: 1 day */);
}
static NMSettingIP6ConfigAddrGenMode
@ -12426,6 +12514,8 @@ _dev_sysctl_save_ip6_properties(NMDevice *self)
"disable_ipv6",
"hop_limit",
"use_tempaddr",
"temp_valid_lft",
"temp_prefered_lft",
};
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
NMPlatform *platform = nm_device_get_platform(self);
@ -12525,6 +12615,17 @@ _dev_addrgenmode6_set(NMDevice *self, guint8 addr_gen_mode)
}
}
nm_device_sysctl_ip_conf_set(
self,
AF_INET6,
"temp_valid_lft",
nm_sprintf_buf(sbuf, "%u", (unsigned) _prop_get_ipv6_temp_valid_lifetime(self)));
nm_device_sysctl_ip_conf_set(
self,
AF_INET6,
"temp_prefered_lft",
nm_sprintf_buf(sbuf, "%u", (unsigned) _prop_get_ipv6_temp_preferred_lifetime(self)));
if (addr_gen_mode == NM_IN6_ADDR_GEN_MODE_NONE) {
gs_free char *value = NULL;

2
src/libnm-client-impl/libnm.ver
View File

@ -1983,6 +1983,8 @@ libnm_1_48_0 {
global:
nm_setting_connection_down_on_poweroff_get_type;
nm_setting_connection_get_down_on_poweroff;
nm_setting_ip6_config_get_temp_preferred_lifetime;
nm_setting_ip6_config_get_temp_valid_lifetime;
nm_setting_ip_config_get_dhcp_send_release;
nm_setting_wired_add_mac_denylist_item;
nm_setting_wired_clear_mac_denylist_items;

8
src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
View File

@ -1848,6 +1848,14 @@
<property name="routing-rules"
dbus-type="aa{sv}"
/>
<property name="temp-preferred-lifetime"
dbus-type="i"
gprop-type="gint"
/>
<property name="temp-valid-lifetime"
dbus-type="i"
gprop-type="gint"
/>
<property name="token"
dbus-type="s"
gprop-type="gchararray"

100
src/libnm-core-impl/nm-setting-ip6-config.c
View File

@ -40,6 +40,8 @@
/*****************************************************************************/
NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_IP6_PRIVACY,
PROP_TEMP_VALID_LIFETIME,
PROP_TEMP_PREFERRED_LIFETIME,
PROP_ADDR_GEN_MODE,
PROP_TOKEN,
PROP_DHCP_DUID,
@ -54,6 +56,8 @@ typedef struct {
char *dhcp_duid;
char *dhcp_pd_hint;
int ip6_privacy;
gint32 temp_valid_lifetime;
gint32 temp_preferred_lifetime;
gint32 addr_gen_mode;
gint32 ra_timeout;
guint32 mtu;
@ -97,6 +101,44 @@ nm_setting_ip6_config_get_ip6_privacy(NMSettingIP6Config *setting)
return NM_SETTING_IP6_CONFIG_GET_PRIVATE(setting)->ip6_privacy;
}
/**
* nm_setting_ip6_config_get_temp_valid_lifetime:
* @setting: the #NMSettingIP6Config
*
* Returns the value contained in the #NMSettingIP6Config:temp-valid-lifetime
* property.
*
* Returns: The valid lifetime of autogenerated temporary addresses.
*
* Since: 1.48
**/
gint32
nm_setting_ip6_config_get_temp_valid_lifetime(NMSettingIP6Config *setting)
{
g_return_val_if_fail(NM_IS_SETTING_IP6_CONFIG(setting), 0);
return NM_SETTING_IP6_CONFIG_GET_PRIVATE(setting)->temp_valid_lifetime;
}
/**
* nm_setting_ip6_config_get_temp_preferred_lifetime:
* @setting: the #NMSettingIP6Config
*
* Returns the value contained in the #NMSettingIP6Config:temp-preferred-lifetime
* property.
*
* Returns: The preferred lifetime of autogenerated temporary addresses.
*
* Since: 1.48
**/
gint32
nm_setting_ip6_config_get_temp_preferred_lifetime(NMSettingIP6Config *setting)
{
g_return_val_if_fail(NM_IS_SETTING_IP6_CONFIG(setting), 0);
return NM_SETTING_IP6_CONFIG_GET_PRIVATE(setting)->temp_preferred_lifetime;
}
/**
* nm_setting_ip6_config_get_dhcp_pd_hint:
* @setting: the #NMSettingIP6Config
@ -921,11 +963,11 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
* 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary
* addresses).
*
* Having a per-connection setting set to "-1" (unknown) means fallback to
* global configuration "ipv6.ip6-privacy".
*
* If also global configuration is unspecified or set to "-1", fallback to read
* "/proc/sys/net/ipv6/conf/default/use_tempaddr".
* If set to "-1" (unknown) for a connection, the value is taken from the
* global "ipv6.ip6-privacy" setting. If the global setting is unspecified
* or also set to "-1", the value is set from the original value of
* "/proc/sys/net/ipv6/conf/<iface>/use_tempaddr" from before NetworkManager
* started.
*
* Note that this setting is distinct from the Stable Privacy addresses
* that can be enabled with the "addr-gen-mode" property's "stable-privacy"
@ -952,6 +994,54 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
NMSettingIP6ConfigPrivate,
ip6_privacy);
/**
* NMSettingIP6Config:temp-valid-lifetime:
*
* The valid lifetime of autogenerated temporary addresses, in seconds.
*
* If set to "0" (unknown) for a connection, the value is taken from the
* global "ipv6.temp-valid-lifetime" setting. If the global setting is
* unspecified or also set to "0", the value is set from the original value
* of "/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft" from before
* NetworkManager started.
*
* Since: 1.48
**/
_nm_setting_property_define_direct_int32(properties_override,
obj_properties,
NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME,
PROP_TEMP_VALID_LIFETIME,
0,
G_MAXINT32,
0,
NM_SETTING_PARAM_FUZZY_IGNORE,
NMSettingIP6ConfigPrivate,
temp_valid_lifetime);
/**
* NMSettingIP6Config:temp-preferred-lifetime:
*
* The preferred lifetime of autogenerated temporary addresses, in seconds.
*
* If set to "0" (unknown) for a connection, the value is taken from the
* global "ipv6.temp-preferred-lifetime" setting. If the global setting is
* unspecified or also set to "0", the value is set from the original value
* of "/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft" from before
* NetworkManager started.
*
* Since: 1.48
**/
_nm_setting_property_define_direct_int32(properties_override,
obj_properties,
NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME,
PROP_TEMP_PREFERRED_LIFETIME,
0,
G_MAXINT32,
0,
NM_SETTING_PARAM_FUZZY_IGNORE,
NMSettingIP6ConfigPrivate,
temp_preferred_lifetime);
/**
* NMSettingIP6Config:addr-gen-mode:
*

8
src/libnm-core-public/nm-setting-ip6-config.h
View File

@ -30,6 +30,10 @@ G_BEGIN_DECLS
#define NM_SETTING_IP6_CONFIG_IP6_PRIVACY "ip6-privacy"
#define NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME "temp-valid-lifetime"
#define NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME "temp-preferred-lifetime"
#define NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE "addr-gen-mode"
#define NM_SETTING_IP6_CONFIG_TOKEN "token"
@ -156,6 +160,10 @@ GType nm_setting_ip6_config_get_type(void);
NMSetting *nm_setting_ip6_config_new(void);
NMSettingIP6ConfigPrivacy nm_setting_ip6_config_get_ip6_privacy(NMSettingIP6Config *setting);
NM_AVAILABLE_IN_1_48
gint32 nm_setting_ip6_config_get_temp_valid_lifetime(NMSettingIP6Config *setting);
NM_AVAILABLE_IN_1_48
gint32 nm_setting_ip6_config_get_temp_preferred_lifetime(NMSettingIP6Config *setting);
NM_AVAILABLE_IN_1_2
NMSettingIP6ConfigAddrGenMode nm_setting_ip6_config_get_addr_gen_mode(NMSettingIP6Config *setting);
NM_AVAILABLE_IN_1_4

6
src/libnmc-setting/nm-meta-setting-desc.c
View File

@ -6664,6 +6664,12 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
),
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME,
.property_type = &_pt_gobject_int,
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME,
.property_type = &_pt_gobject_int,
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE,
.property_type = &_pt_gobject_enum,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (

4
src/libnmc-setting/settings-docs.h.in
View File

@ -216,7 +216,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IGNORE_AUTO_DNS N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured name servers and search domains are ignored and only name servers and search domains specified in the \"dns\" and \"dns-search\" properties, if any, are used.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IGNORE_AUTO_ROUTES N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured routes are ignored and only routes specified in the \"routes\" property, if any, are used.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IP6_PRIVACY N_("Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). Having a per-connection setting set to \"-1\" (unknown) means fallback to global configuration \"ipv6.ip6-privacy\". If also global configuration is unspecified or set to \"-1\", fallback to read \"/proc/sys/net/ipv6/conf/default/use_tempaddr\". Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the \"addr-gen-mode\" property's \"stable-privacy\" setting as another way of avoiding host tracking with IPv6 addresses.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IP6_PRIVACY N_("Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). If set to \"-1\" (unknown) for a connection, the value is taken from the global \"ipv6.ip6-privacy\" setting. If the global setting is unspecified or also set to \"-1\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/use_tempaddr\" from before NetworkManager started. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the \"addr-gen-mode\" property's \"stable-privacy\" setting as another way of avoiding host tracking with IPv6 addresses.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out. Note that at least one IP configuration must succeed or overall network configuration will still fail. For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_METHOD N_("The IPv6 connection method.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MTU N_("Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.")
@ -228,6 +228,8 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTES N_("Array of IP routes.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTING_RULES N_("A comma separated list of routing rules for policy routing.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME N_("The preferred lifetime of autogenerated temporary addresses, in seconds. If set to \"0\" (unknown) for a connection, the value is taken from the global \"ipv6.temp-preferred-lifetime\" setting. If the global setting is unspecified or also set to \"0\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft\" from before NetworkManager started.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME N_("The valid lifetime of autogenerated temporary addresses, in seconds. If set to \"0\" (unknown) for a connection, the value is taken from the global \"ipv6.temp-valid-lifetime\" setting. If the global setting is unspecified or also set to \"0\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft\" from before NetworkManager started.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TOKEN N_("Configure the token for draft-chown-6man-tokenised-ipv6-identifiers-02 IPv6 tokenized interface identifiers. Useful with eui64 addr-gen-mode. When set, the token is used as IPv6 interface identifier instead of the hardware address. This only applies to addresses from stateless autoconfiguration, not to IPv6 link local addresses.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels. To disable this option, add 0x1 (ip6-ign-encap-limit) to ip-tunnel flags.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLAGS N_("Tunnel flags. Currently, the following values are supported: 0x1 (ip6-ign-encap-limit), 0x2 (ip6-use-orig-tclass), 0x4 (ip6-use-orig-flowlabel), 0x8 (ip6-mip6-dev), 0x10 (ip6-rcv-dscp-copy) and 0x20 (ip6-use-orig-fwmark). They are valid only for IPv6 tunnels.")

10
src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
View File

@ -1454,9 +1454,17 @@
values="-1 - 2147483647"
special-values="default (-1), infinity (2147483647)" />
<property name="ip6-privacy"
nmcli-description="Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). Having a per-connection setting set to &quot;-1&quot; (unknown) means fallback to global configuration &quot;ipv6.ip6-privacy&quot;. If also global configuration is unspecified or set to &quot;-1&quot;, fallback to read &quot;/proc/sys/net/ipv6/conf/default/use_tempaddr&quot;. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the &quot;addr-gen-mode&quot; property&apos;s &quot;stable-privacy&quot; setting as another way of avoiding host tracking with IPv6 addresses."
nmcli-description="Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). If set to &quot;-1&quot; (unknown) for a connection, the value is taken from the global &quot;ipv6.ip6-privacy&quot; setting. If the global setting is unspecified or also set to &quot;-1&quot;, the value is set from the original value of &quot;/proc/sys/net/ipv6/conf/&lt;iface&gt;/use_tempaddr&quot; from before NetworkManager started. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the &quot;addr-gen-mode&quot; property&apos;s &quot;stable-privacy&quot; setting as another way of avoiding host tracking with IPv6 addresses."
format="choice (NMSettingIP6ConfigPrivacy)"
values="unknown (-1), disabled (0), prefer-public-addr (1), prefer-temp-addr (2)" />
<property name="temp-valid-lifetime"
nmcli-description="The valid lifetime of autogenerated temporary addresses, in seconds. If set to &quot;0&quot; (unknown) for a connection, the value is taken from the global &quot;ipv6.temp-valid-lifetime&quot; setting. If the global setting is unspecified or also set to &quot;0&quot;, the value is set from the original value of &quot;/proc/sys/net/ipv6/conf/&lt;iface&gt;/temp_valid_lft&quot; from before NetworkManager started."
format="integer"
values="0 - 2147483647" />
<property name="temp-preferred-lifetime"
nmcli-description="The preferred lifetime of autogenerated temporary addresses, in seconds. If set to &quot;0&quot; (unknown) for a connection, the value is taken from the global &quot;ipv6.temp-preferred-lifetime&quot; setting. If the global setting is unspecified or also set to &quot;0&quot;, the value is set from the original value of &quot;/proc/sys/net/ipv6/conf/&lt;iface&gt;/temp_prefered_lft&quot; from before NetworkManager started."
format="integer"
values="0 - 2147483647" />
<property name="addr-gen-mode"
nmcli-description="Configure method for creating the IPv6 interface identifer of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: &quot;eui64&quot; (0), &quot;stable-privacy&quot; (1), &quot;default&quot; (3) or &quot;default-or-eui64&quot; (2). If the property is set to &quot;eui64&quot;, the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host&apos;s presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the &quot;ipv6.token&quot; is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to &quot;stable-privacy&quot;, the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection&apos;s &quot;connection.stable-id&quot; property and the address prefix. This improves privacy by making it harder to use the address to track the host&apos;s presence and the address is stable when the network interface hardware is replaced. The special values &quot;default&quot; and &quot;default-or-eui64&quot; will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is &quot;stable-privacy&quot; or &quot;eui64&quot;, respectively. If not specified, when creating a new profile the default is &quot;default&quot;. Note that this setting is distinct from the Privacy Extensions as configured by &quot;ip6-privacy&quot; property and it does not affect the temporary addresses configured with this option."
format="choice (NMSettingIP6ConfigAddrGenMode)"

600
src/tests/client/test-client.check-on-disk/test_003.expected
View File

File diff suppressed because it is too large Load Diff

756
src/tests/client/test-client.check-on-disk/test_004.expected
View File

File diff suppressed because it is too large Load Diff