Bug 700138

Summary: IPv6 use_tempaddr kernel parameter does not work
Product: [Fedora] Fedora Reporter: Bill C. Riemers <briemers>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: briemers, bsiege, bugs+fedora, cra, dr, gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, pb, pekkas, russ+bugzilla-redhat, tomek, triage
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 250919 Environment:
Last Closed: 2011-04-27 16:06:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 250919    

Description Bill C. Riemers 2011-04-27 15:06:03 UTC 
I connected to http://test-ipv6.com/ it detects me as:

2001:470:1d:1c6:f2de:f1ff:fe05:8579

I used the command:

sudo sysctl net.ipv6.conf.all.use_tempaddr=1

Then I connected to http://test-ipv6.com/ and I am still detected as:

2001:470:1d:1c6:f2de:f1ff:fe05:8579

I then do:

sudo service NetworkManager stop
sudo ifdown eth0
sudo sysctl net.ipv6.conf.all.use_tempaddr=1
sudo service NetworkManager start

Now I connect to http://test-ipv6.com and I am still detected as:

2001:470:1d:1c6:f2de:f1ff:fe05:8579

This strikes me as a very critical security bug...

It looks like the random address is being generated, but it just is not being used for outgoing connections...

$ sudo sysctl net.ipv6.conf.eth0.use_tempaddr=1
$ sudo ifdown eth0
$ sudo ifup eth0
$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr F0:DE:F1:05:85:79  
          inet addr:172.31.253.220  Bcast:172.31.255.255  Mask:255.255.0.0
          inet6 addr: 2001:470:1d:1c6:f2de:f1ff:fe05:8579/64 Scope:Global
          inet6 addr: fe80::f2de:f1ff:fe05:8579/64 Scope:Link
          inet6 addr: 2001:470:1d:1c6:9d30:ec7c:9d47:b95e/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14606 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12207 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:10585779 (10.0 MiB)  TX bytes:2428097 (2.3 MiB)
          Interrupt:20 Memory:f2600000-f2620000

I suspect all only effects devices where the kernel module has not yet been loaded.
Comment 1 Bill C. Riemers 2011-04-27 16:06:26 UTC 
My bad, it looks like for linux the correct procedure would be:

$ sudo sysctl net.ipv6.conf.eth0.use_tempaddr=2
$ sudo ifdown eth0
$ sudo ifup eth0


I'm not sure how it is at all useful to generate a temporary address with use_tempaddr=1 and then not use it.   But that does appear to be the way it is designed to work...