mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-01 13:55:36 +00:00
ip6: revert to using sysctl ipv6.conf.default for ip6-privacy
Commit797f3cafee('device: fall back to saved use_tempaddr value instead of rereading /proc') changed the behaviour of how to get the last resort default value for ip6-privacy property. Previously we read it from /proc/sys/net/ipv6/conf/default, buf after this commit we started to read /proc/sys/net/ipv6/conf/<iface> instead, because the user might have set a different value specific for that device. As NetworkManager changes that value on connection activation, we used the value read at the time that NetworkManager was started. Commit6cb14ae6a6('device: introduce ipv6.temp-valid-lifetime and ipv6.temp-preferred-lifetime properties') introduced 2 new IPv6 privacy related properties relying on the same mechanism. However, this new behaviour is problematic because it's not predictable nor reliable: - NetworkManager is normally started at boot time. That means that, if a user wants to set a new value to /proc/sys/net/ipv6/conf/<iface>, NetworkManager is likely alread running, so the change won't take effect. - If NetworkManager is restarted it will read the value again, but this value can be the one set by NetworkManager itself in the last activation. This means that different values can be used as default in the same system boot depending on the restarts of NetworkManager. Moreover, this weird situation might happen: - Connection A with ip6-privacy=2 is activated - NetworkManager is stopped. The value in /proc/sys/net/ipv6/conf/<iface>/use_tempaddr remains as 2. - NetworkManager starts. It reads from /proc/sys/... and saves the value '2' as the default. - Connection B with no ip6-privacy setting is activated. The '2' saved as default value is used. The connection didn't specify any value for it, and the value '2' was set by another connection for that specific connection only, not manually by a user that wanted '2' to be the default. A user shouldn't have to think on when NetworkManager starts or restarts to known in an easy and predictable way what the default value for certain property is. It's totally counterintuitive. Revert back to the old behaviour of reading from /proc/sys/net/ipv6/conf/default. Although this value is used by the kernel only for newly created interfaces, and not for already existing ones, it is reasonable to think on these settings as "systemwide defaults" that the user has chosen. Note that setting a different default in NetworkManager.conf still takes precedence.
This commit is contained in:
Íñigo Huguet
Íñigo Huguet
parent
edb6fa1dd7
commit
7ec363a79a
|
|
@ -1023,23 +1023,20 @@ ipv6.ip6-privacy=0
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>ipv6.ip6-privacy</varname></term>
|
||||
<listitem><para>If <literal>ipv6.ip6-privacy</literal> is unset, fall back to the original
|
||||
value of "/proc/sys/net/ipv6/conf/<iface>/use_tempaddr" from before NetworkManager
|
||||
started.
|
||||
<listitem><para>If <literal>ipv6.ip6-privacy</literal> is unset, use the content of
|
||||
"/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>ipv6.temp-valid-lifetime</varname></term>
|
||||
<listitem><para>If <literal>ipv6.temp-valid-lifetime</literal> is unset, fall back to the
|
||||
original value of "/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft" from before
|
||||
NetworkManager started.
|
||||
<listitem><para>If <literal>ipv6.temp-valid-lifetime</literal> is unset, use the
|
||||
content of "/proc/sys/net/ipv6/conf/default/temp_valid_lft" as last fallback.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>ipv6.temp-preferred-lifetime</varname></term>
|
||||
<listitem><para>If <literal>ipv6.temp-preferred-lifetime</literal> is unset, fall back to
|
||||
the original value of "/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft" from
|
||||
before NetworkManager started.
|
||||
<listitem><para>If <literal>ipv6.temp-preferred-lifetime</literal> is unset, use
|
||||
the content of "/proc/sys/net/ipv6/conf/default/temp_prefered_lft" as last fallback.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -2273,7 +2273,6 @@ _prop_get_ipv4_dhcp_vendor_class_identifier(NMDevice *self, NMSettingIP4Config *
|
|||
static NMSettingIP6ConfigPrivacy
|
||||
_prop_get_ipv6_ip6_privacy(NMDevice *self)
|
||||
{
|
||||
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||
NMSettingIP6ConfigPrivacy ip6_privacy;
|
||||
NMConnection *connection;
|
||||
|
||||
|
|
@ -2307,22 +2306,23 @@ _prop_get_ipv6_ip6_privacy(NMDevice *self)
|
|||
if (!nm_device_get_ip_ifindex(self))
|
||||
return NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN;
|
||||
|
||||
/* 3.) No valid default value configured. Fall back to the original value
|
||||
* from before NM started. */
|
||||
return _ip6_privacy_clamp(_nm_utils_ascii_str_to_int64(
|
||||
g_hash_table_lookup(priv->ip6_saved_properties, "use_tempaddr"),
|
||||
10,
|
||||
G_MININT32,
|
||||
G_MAXINT32,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN));
|
||||
/* 3.) No valid default-value configured. Fallback to reading sysctl.
|
||||
*
|
||||
* Instead of reading static config files in /etc, just read the current sysctl value.
|
||||
* This works as NM only writes to "/proc/sys/net/ipv6/conf/IFNAME/use_tempaddr", but leaves
|
||||
* the "default" entry untouched. */
|
||||
ip6_privacy = nm_platform_sysctl_get_int32(
|
||||
nm_device_get_platform(self),
|
||||
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv6/conf/default/use_tempaddr"),
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN);
|
||||
return _ip6_privacy_clamp(ip6_privacy);
|
||||
}
|
||||
|
||||
static gint32
|
||||
_prop_get_ipv6_temp_valid_lifetime(NMDevice *self)
|
||||
{
|
||||
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||
gint32 temp_valid_lifetime;
|
||||
NMConnection *connection;
|
||||
gint32 temp_valid_lifetime;
|
||||
NMConnection *connection;
|
||||
|
||||
g_return_val_if_fail(self, 0);
|
||||
|
||||
|
|
@ -2350,22 +2350,25 @@ _prop_get_ipv6_temp_valid_lifetime(NMDevice *self)
|
|||
if (temp_valid_lifetime)
|
||||
return temp_valid_lifetime;
|
||||
|
||||
/* 3.) No valid default value configured. Fall back to the original value
|
||||
* from before NM started. */
|
||||
return _nm_utils_ascii_str_to_int64(
|
||||
g_hash_table_lookup(priv->ip6_saved_properties, "temp_valid_lft"),
|
||||
/* 3.) No valid default-value configured. Fallback to reading sysctl.
|
||||
*
|
||||
* Instead of reading static config files in /etc, just read the current sysctl value.
|
||||
* This works as NM only writes to "/proc/sys/net/ipv6/conf/IFNAME/temp_valid_lft",
|
||||
* but leaves the "default" entry untouched. */
|
||||
return nm_platform_sysctl_get_int_checked(
|
||||
nm_device_get_platform(self),
|
||||
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv6/conf/default/temp_valid_lft"),
|
||||
10,
|
||||
0,
|
||||
G_MAXINT32,
|
||||
SECONDS_PER_WEEK /* final hardcoded fallback: 1 week */);
|
||||
SECONDS_PER_WEEK);
|
||||
}
|
||||
|
||||
static gint32
|
||||
_prop_get_ipv6_temp_preferred_lifetime(NMDevice *self)
|
||||
{
|
||||
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||
gint32 temp_preferred_lifetime;
|
||||
NMConnection *connection;
|
||||
gint32 temp_preferred_lifetime;
|
||||
NMConnection *connection;
|
||||
|
||||
g_return_val_if_fail(self, 0);
|
||||
|
||||
|
|
@ -2393,14 +2396,18 @@ _prop_get_ipv6_temp_preferred_lifetime(NMDevice *self)
|
|||
if (temp_preferred_lifetime)
|
||||
return temp_preferred_lifetime;
|
||||
|
||||
/* 3.) No valid default value configured. Fall back to the original value
|
||||
* from before NM started. */
|
||||
return _nm_utils_ascii_str_to_int64(
|
||||
g_hash_table_lookup(priv->ip6_saved_properties, "temp_prefered_lft"),
|
||||
/* 3.) No valid default-value configured. Fallback to reading sysctl.
|
||||
*
|
||||
* Instead of reading static config files in /etc, just read the current sysctl value.
|
||||
* This works as NM only writes to "/proc/sys/net/ipv6/conf/IFNAME/temp_prefered_lft",
|
||||
* but leaves the "default" entry untouched. */
|
||||
return nm_platform_sysctl_get_int_checked(
|
||||
nm_device_get_platform(self),
|
||||
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv6/conf/default/temp_prefered_lft"),
|
||||
10,
|
||||
0,
|
||||
G_MAXINT32,
|
||||
SECONDS_PER_DAY /* final hardcoded fallback: 1 day */);
|
||||
SECONDS_PER_DAY);
|
||||
}
|
||||
|
||||
static NMSettingIP6ConfigAddrGenMode
|
||||
|
|
|
|||
|
|
@ -963,11 +963,9 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
|
|||
* 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary
|
||||
* addresses).
|
||||
*
|
||||
* If set to "-1" (unknown) for a connection, the value is taken from the
|
||||
* global "ipv6.ip6-privacy" setting. If the global setting is unspecified
|
||||
* or also set to "-1", the value is set from the original value of
|
||||
* "/proc/sys/net/ipv6/conf/<iface>/use_tempaddr" from before NetworkManager
|
||||
* started.
|
||||
* Having a per-connection setting set to "-1" (default) means fallback to
|
||||
* global configuration "ipv6.ip6-privacy". If it's also unspecified or set
|
||||
* to "-1", fallback to read "/proc/sys/net/ipv6/conf/default/use_tempaddr".
|
||||
*
|
||||
* Note that this setting is distinct from the Stable Privacy addresses
|
||||
* that can be enabled with the "addr-gen-mode" property's "stable-privacy"
|
||||
|
|
@ -999,11 +997,10 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
|
|||
*
|
||||
* The valid lifetime of autogenerated temporary addresses, in seconds.
|
||||
*
|
||||
* If set to "0" (unknown) for a connection, the value is taken from the
|
||||
* global "ipv6.temp-valid-lifetime" setting. If the global setting is
|
||||
* unspecified or also set to "0", the value is set from the original value
|
||||
* of "/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft" from before
|
||||
* NetworkManager started.
|
||||
* Having a per-connection setting set to "0" (default) means fallback to
|
||||
* global configuration "ipv6.temp-valid-lifetime" setting". If it's also
|
||||
* unspecified or set to "0", fallback to read
|
||||
* "/proc/sys/net/ipv6/conf/default/temp_valid_lft".
|
||||
*
|
||||
* Since: 1.48
|
||||
**/
|
||||
|
|
@ -1023,11 +1020,10 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
|
|||
*
|
||||
* The preferred lifetime of autogenerated temporary addresses, in seconds.
|
||||
*
|
||||
* If set to "0" (unknown) for a connection, the value is taken from the
|
||||
* global "ipv6.temp-preferred-lifetime" setting. If the global setting is
|
||||
* unspecified or also set to "0", the value is set from the original value
|
||||
* of "/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft" from before
|
||||
* NetworkManager started.
|
||||
* Having a per-connection setting set to "0" (default) means fallback to
|
||||
* global configuration "ipv6.temp-preferred-lifetime" setting". If it's also
|
||||
* unspecified or set to "0", fallback to read
|
||||
* "/proc/sys/net/ipv6/conf/default/temp_prefered_lft".
|
||||
*
|
||||
* Since: 1.48
|
||||
**/
|
||||
|
|
|
|||
|
|
@ -6620,7 +6620,17 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
|
|||
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_IP6_PRIVACY,
|
||||
.property_type = &_pt_gobject_enum,
|
||||
.property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE (gobject_enum,
|
||||
.value_infos = ENUM_VALUE_INFOS(
|
||||
{
|
||||
.value = NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN,
|
||||
.nick = "default",
|
||||
},
|
||||
),
|
||||
.value_infos_get = ENUM_VALUE_INFOS (
|
||||
{
|
||||
.value = NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN,
|
||||
.nick = "default",
|
||||
},
|
||||
{
|
||||
.value = NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR,
|
||||
.nick = "enabled, prefer public IP",
|
||||
|
|
@ -6634,9 +6644,25 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
|
|||
),
|
||||
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME,
|
||||
.property_type = &_pt_gobject_int,
|
||||
.property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE(gobject_int,
|
||||
.value_infos = INT_VALUE_INFOS(
|
||||
{
|
||||
.value.i64 = 0,
|
||||
.nick = "default"
|
||||
},
|
||||
),
|
||||
),
|
||||
),
|
||||
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME,
|
||||
.property_type = &_pt_gobject_int,
|
||||
.property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE(gobject_int,
|
||||
.value_infos = INT_VALUE_INFOS(
|
||||
{
|
||||
.value.i64 = 0,
|
||||
.nick = "default"
|
||||
},
|
||||
),
|
||||
),
|
||||
),
|
||||
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE,
|
||||
.property_type = &_pt_gobject_enum,
|
||||
|
|
|
|||
|
|
@ -216,7 +216,7 @@
|
|||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IGNORE_AUTO_DNS N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured name servers and search domains are ignored and only name servers and search domains specified in the \"dns\" and \"dns-search\" properties, if any, are used.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IGNORE_AUTO_ROUTES N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured routes are ignored and only routes specified in the \"routes\" property, if any, are used.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IP6_PRIVACY N_("Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). If set to \"-1\" (unknown) for a connection, the value is taken from the global \"ipv6.ip6-privacy\" setting. If the global setting is unspecified or also set to \"-1\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/use_tempaddr\" from before NetworkManager started. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the \"addr-gen-mode\" property's \"stable-privacy\" setting as another way of avoiding host tracking with IPv6 addresses.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IP6_PRIVACY N_("Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). Having a per-connection setting set to \"-1\" (default) means fallback to global configuration \"ipv6.ip6-privacy\". If it's also unspecified or set to \"-1\", fallback to read \"/proc/sys/net/ipv6/conf/default/use_tempaddr\". Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the \"addr-gen-mode\" property's \"stable-privacy\" setting as another way of avoiding host tracking with IPv6 addresses.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out. Note that at least one IP configuration must succeed or overall network configuration will still fail. For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_METHOD N_("The IPv6 connection method.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MTU N_("Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.")
|
||||
|
|
@ -228,8 +228,8 @@
|
|||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTES N_("Array of IP routes.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTING_RULES N_("A comma separated list of routing rules for policy routing.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME N_("The preferred lifetime of autogenerated temporary addresses, in seconds. If set to \"0\" (unknown) for a connection, the value is taken from the global \"ipv6.temp-preferred-lifetime\" setting. If the global setting is unspecified or also set to \"0\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft\" from before NetworkManager started.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME N_("The valid lifetime of autogenerated temporary addresses, in seconds. If set to \"0\" (unknown) for a connection, the value is taken from the global \"ipv6.temp-valid-lifetime\" setting. If the global setting is unspecified or also set to \"0\", the value is set from the original value of \"/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft\" from before NetworkManager started.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_PREFERRED_LIFETIME N_("The preferred lifetime of autogenerated temporary addresses, in seconds. Having a per-connection setting set to \"0\" (default) means fallback to global configuration \"ipv6.temp-preferred-lifetime\" setting\". If it's also unspecified or set to \"0\", fallback to read \"/proc/sys/net/ipv6/conf/default/temp_prefered_lft\".")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TEMP_VALID_LIFETIME N_("The valid lifetime of autogenerated temporary addresses, in seconds. Having a per-connection setting set to \"0\" (default) means fallback to global configuration \"ipv6.temp-valid-lifetime\" setting\". If it's also unspecified or set to \"0\", fallback to read \"/proc/sys/net/ipv6/conf/default/temp_valid_lft\".")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TOKEN N_("Configure the token for draft-chown-6man-tokenised-ipv6-identifiers-02 IPv6 tokenized interface identifiers. Useful with eui64 addr-gen-mode. When set, the token is used as IPv6 interface identifier instead of the hardware address. This only applies to addresses from stateless autoconfiguration, not to IPv6 link local addresses.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels. To disable this option, add 0x1 (ip6-ign-encap-limit) to ip-tunnel flags.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLAGS N_("Tunnel flags. Currently, the following values are supported: 0x1 (ip6-ign-encap-limit), 0x2 (ip6-use-orig-tclass), 0x4 (ip6-use-orig-flowlabel), 0x8 (ip6-mip6-dev), 0x10 (ip6-rcv-dscp-copy) and 0x20 (ip6-use-orig-fwmark). They are valid only for IPv6 tunnels.")
|
||||
|
|
|
|||
|
|
@ -1454,17 +1454,19 @@
|
|||
values="-1 - 2147483647"
|
||||
special-values="default (-1), infinity (2147483647)" />
|
||||
<property name="ip6-privacy"
|
||||
nmcli-description="Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). If set to "-1" (unknown) for a connection, the value is taken from the global "ipv6.ip6-privacy" setting. If the global setting is unspecified or also set to "-1", the value is set from the original value of "/proc/sys/net/ipv6/conf/<iface>/use_tempaddr" from before NetworkManager started. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the "addr-gen-mode" property's "stable-privacy" setting as another way of avoiding host tracking with IPv6 addresses."
|
||||
nmcli-description="Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: -1: unknown, 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses). Having a per-connection setting set to "-1" (default) means fallback to global configuration "ipv6.ip6-privacy". If it's also unspecified or set to "-1", fallback to read "/proc/sys/net/ipv6/conf/default/use_tempaddr". Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the "addr-gen-mode" property's "stable-privacy" setting as another way of avoiding host tracking with IPv6 addresses."
|
||||
format="choice (NMSettingIP6ConfigPrivacy)"
|
||||
values="unknown (-1), disabled (0), prefer-public-addr (1), prefer-temp-addr (2)" />
|
||||
values="unknown/default (-1), disabled (0), prefer-public-addr (1), prefer-temp-addr (2)" />
|
||||
<property name="temp-valid-lifetime"
|
||||
nmcli-description="The valid lifetime of autogenerated temporary addresses, in seconds. If set to "0" (unknown) for a connection, the value is taken from the global "ipv6.temp-valid-lifetime" setting. If the global setting is unspecified or also set to "0", the value is set from the original value of "/proc/sys/net/ipv6/conf/<iface>/temp_valid_lft" from before NetworkManager started."
|
||||
nmcli-description="The valid lifetime of autogenerated temporary addresses, in seconds. Having a per-connection setting set to "0" (default) means fallback to global configuration "ipv6.temp-valid-lifetime" setting". If it's also unspecified or set to "0", fallback to read "/proc/sys/net/ipv6/conf/default/temp_valid_lft"."
|
||||
format="integer"
|
||||
values="0 - 2147483647" />
|
||||
values="0 - 2147483647"
|
||||
special-values="default (0)" />
|
||||
<property name="temp-preferred-lifetime"
|
||||
nmcli-description="The preferred lifetime of autogenerated temporary addresses, in seconds. If set to "0" (unknown) for a connection, the value is taken from the global "ipv6.temp-preferred-lifetime" setting. If the global setting is unspecified or also set to "0", the value is set from the original value of "/proc/sys/net/ipv6/conf/<iface>/temp_prefered_lft" from before NetworkManager started."
|
||||
nmcli-description="The preferred lifetime of autogenerated temporary addresses, in seconds. Having a per-connection setting set to "0" (default) means fallback to global configuration "ipv6.temp-preferred-lifetime" setting". If it's also unspecified or set to "0", fallback to read "/proc/sys/net/ipv6/conf/default/temp_prefered_lft"."
|
||||
format="integer"
|
||||
values="0 - 2147483647" />
|
||||
values="0 - 2147483647"
|
||||
special-values="default (0)" />
|
||||
<property name="addr-gen-mode"
|
||||
nmcli-description="Configure method for creating the IPv6 interface identifer of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: "eui64" (0), "stable-privacy" (1), "default" (3) or "default-or-eui64" (2). If the property is set to "eui64", the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host's presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the "ipv6.token" is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to "stable-privacy", the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection's "connection.stable-id" property and the address prefix. This improves privacy by making it harder to use the address to track the host's presence and the address is stable when the network interface hardware is replaced. The special values "default" and "default-or-eui64" will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is "stable-privacy" or "eui64", respectively. If not specified, when creating a new profile the default is "default". Note that this setting is distinct from the Privacy Extensions as configured by "ip6-privacy" property and it does not affect the temporary addresses configured with this option."
|
||||
format="choice (NMSettingIP6ConfigAddrGenMode)"
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue