network: add global setting for IPv6PrivacyExtensions=

Closes #28186.

man/networkd.conf.xml

@@ -94,6 +94,16 @@
         specified earlier are cleared. Defaults to unset.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>IPv6PrivacyExtensions=</varname></term>
+        <listitem>
+          <para>Specifies the default value for per-network <varname>IPv6PrivacyExtensions=</varname>.
+          Takes a boolean or the special values <literal>prefer-public</literal> and
+          <literal>kernel</literal>. See for details in
+          <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+          Defaults to <literal>no</literal>.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

man/systemd.network.xml

@@ -724,8 +724,10 @@ Table=1234</programlisting></para>
           enables the privacy extensions and prefers temporary addresses over public addresses. When
           <literal>prefer-public</literal>, enables the privacy extensions, but prefers public
           addresses over temporary addresses. When false, the privacy extensions remain disabled. When
-          <literal>kernel</literal>, the kernel's default setting will be left in place. Defaults to
-          <literal>no</literal>.</para>
+          <literal>kernel</literal>, the kernel's default setting will be left in place. When unspecified,
+          the value specified in the same setting in
+          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+          which defaults to <literal>no</literal>, will be used.</para>
         </listitem>
       </varlistentry>
 

src/network/networkd-gperf.gperf

@@ -26,6 +26,7 @@ Network.SpeedMeterIntervalSec,           config_parse_sec,
 Network.ManageForeignRoutingPolicyRules, config_parse_bool,                      0,          offsetof(Manager, manage_foreign_rules)
 Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
 Network.RouteTable,                      config_parse_route_table_names,         0,          0
+Network.IPv6PrivacyExtensions,           config_parse_ipv6_privacy_extensions,   0,          offsetof(Manager, ipv6_privacy_extensions)
 DHCPv4.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp_duid)
 DHCPv4.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp_duid)
 DHCPv6.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp6_duid)

src/network/networkd-manager.c

@@ -589,6 +589,7 @@ int manager_new(Manager **ret, bool test_mode) {
 
         *m = (Manager) {
                 .keep_configuration = _KEEP_CONFIGURATION_INVALID,
+                .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
                 .test_mode = test_mode,
                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
                 .online_state = _LINK_ONLINE_STATE_INVALID,

src/network/networkd-manager.h

@@ -13,6 +13,7 @@
 #include "hashmap.h"
 #include "networkd-link.h"
 #include "networkd-network.h"
+#include "networkd-sysctl.h"
 #include "ordered-set.h"
 #include "set.h"
 #include "time-util.h"
@@ -29,6 +30,7 @@ struct Manager {
         int ethtool_fd;
 
         KeepConfiguration keep_configuration;
+        IPv6PrivacyExtensions ipv6_privacy_extensions;
 
         bool test_mode;
         bool enumerating;

src/network/networkd-network.c

@@ -467,7 +467,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
 
                 .ipv4_accept_local = -1,
                 .ipv4_route_localnet = -1,
-                .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
+                .ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID,
                 .ipv6_dad_transmits = -1,
                 .ipv6_hop_limit = -1,
                 .ipv6_proxy_ndp = -1,

src/network/networkd-sysctl.c

@@ -5,6 +5,7 @@
 
 #include "missing_network.h"
 #include "networkd-link.h"
+#include "networkd-manager.h"
 #include "networkd-network.h"
 #include "networkd-sysctl.h"
 #include "socket-util.h"
@@ -89,7 +90,10 @@ static int link_set_ipv6_forward(Link *link) {
 }
 
 static int link_set_ipv6_privacy_extensions(Link *link) {
+        IPv6PrivacyExtensions val;
+
         assert(link);
+        assert(link->manager);
 
         if (!socket_ipv6_is_supported())
                 return 0;
@@ -100,11 +104,15 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
         if (!link->network)
                 return 0;
 
+        val = link->network->ipv6_privacy_extensions;
+        if (val < 0) /* If not specified, then use the global setting. */
+                val = link->manager->ipv6_privacy_extensions;
+
         /* When "kernel", do not update the setting. */
-        if (link->network->ipv6_privacy_extensions == IPV6_PRIVACY_EXTENSIONS_KERNEL)
+        if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
                 return 0;
 
-        return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) link->network->ipv6_privacy_extensions);
+        return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val);
 }
 
 static int link_set_ipv6_accept_ra(Link *link) {

src/network/networkd.conf

@@ -18,6 +18,7 @@
 #ManageForeignRoutingPolicyRules=yes
 #ManageForeignRoutes=yes
 #RouteTable=
+#IPv6PrivacyExtensions=no
 
 [DHCPv4]
 #DUIDType=vendor