diff options
| author |   florian <florian@openbsd.org> | 2021-03-11 19:53:39 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2021-03-11 19:53:39 +0000 |
| commit | 4d35d720143715ad94f30a70ac7e192d3aa7822f (patch) | |
| tree | d96a11c1d2298b3ee80f7f84c2c77b9775ed4b5b /sbin | |
| parent | Use unveil(2) (diff) | |
| download | wireguard-openbsd-4d35d720143715ad94f30a70ac7e192d3aa7822f.tar.xz wireguard-openbsd-4d35d720143715ad94f30a70ac7e192d3aa7822f.zip | |
When RFC 8981 obsoleted RFC 4941 the terminology changed from
"privacy extensions" to "temporary address extensions"
Change ifconfig(8) to output temporary after temporary addresses and
add "temporary" option which is an alias for autoconfprivacy for now.
Also make AUTOCONF6TEMP a positiv flag that is set by default.
Previously the negative flag "INET6_NOPRIVACY" was set when privacy
addresses were disabled. This makes the flags output less ugly and
will allow us to disable autoconf addresses while having temporary
addresses enabled in the future.
More work is needed in slaacd.
input benno, jmc, deraadt
previous verison OK benno
OK jmc, kn
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 14 | ||||
| -rw-r--r-- | sbin/ifconfig/ifconfig.c | 15 | ||||
| -rw-r--r-- | sbin/slaacd/frontend.c | 4 |
3 files changed, 18 insertions, 15 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index caa8c454101..1cb1227e463 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.367 2021/03/11 10:12:51 kn Exp $ +.\" $OpenBSD: ifconfig.8,v 1.368 2021/03/11 19:53:39 florian Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -1321,7 +1321,7 @@ protocol when supported by the access point. .Ar interface .Cm inet6 .Op Oo Fl Oc Ns Cm anycast -.Op Oo Fl Oc Ns Cm autoconfprivacy +.Op Oo Fl Oc Ns Cm temporary .Op Cm eui64 .Op Cm pltime Ar n .Op Oo Fl Oc Ns Cm soii @@ -1338,9 +1338,9 @@ interface: Set the IPv6 anycast address bit. .It Cm -anycast Clear the IPv6 anycast address bit. -.It Cm autoconfprivacy -Enable privacy extensions for stateless IPv6 address autoconfiguration -(RFC 4941) on the interface. +.It Cm temporary +Enable temporary address extensions for stateless IPv6 address +autoconfiguration (RFC 8981) on the interface. These extensions are enabled by default. The purpose of these extensions is to prevent tracking of individual devices which connect to the IPv6 internet from different networks @@ -1362,8 +1362,8 @@ Deprecated addresses will not be used for new connections as long as a non-deprecated address remains available. Temporary addresses become invalid after another 24 hours, at which time they will be removed from the interface. -.It Cm -autoconfprivacy -Disable IPv6 autoconf privacy extensions on the interface. +.It Cm -temporary +Disable IPv6 autoconf temporary address extensions on the interface. Currently configured addresses will not be removed until they become invalid. .It Cm eui64 diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 859ee4a3870..5a274d1e3d7 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.435 2021/03/04 07:46:26 jsg Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.436 2021/03/11 19:53:39 florian Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -464,8 +464,10 @@ const struct cmd { { "pltime", NEXTARG, 0, setia6pltime }, { "vltime", NEXTARG, 0, setia6vltime }, { "eui64", 0, 0, setia6eui64 }, - { "autoconfprivacy", -IFXF_INET6_NOPRIVACY, 0, setifxflags }, - { "-autoconfprivacy", IFXF_INET6_NOPRIVACY, 0, setifxflags }, + { "autoconfprivacy", IFXF_AUTOCONF6TEMP, 0, setifxflags }, + { "-autoconfprivacy", -IFXF_AUTOCONF6TEMP, 0, setifxflags }, + { "temporary", IFXF_AUTOCONF6TEMP, 0, setifxflags }, + { "-temporary", -IFXF_AUTOCONF6TEMP, 0, setifxflags }, { "soii", -IFXF_INET6_NOSOII, 0, setifxflags }, { "-soii", IFXF_INET6_NOSOII, 0, setifxflags }, { "monitor", IFXF_MONITOR, 0, setifxflags }, @@ -676,7 +678,7 @@ const struct cmd { "\024\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6STATICARP" \ "\7RUNNING\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX" \ "\15LINK0\16LINK1\17LINK2\20MULTICAST" \ - "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6\27INET6_NOSOII" \ + "\23AUTOCONF6TEMP\24MPLS\25WOL\26AUTOCONF6\27INET6_NOSOII" \ "\30AUTOCONF4" "\31MONITOR" int getinfo(struct ifreq *, int); @@ -1577,7 +1579,8 @@ setautoconf(const char *cmd, int val) setifxflags("inet", val * IFXF_AUTOCONF4); break; case AF_INET6: - setifxflags("inet6", val * IFXF_AUTOCONF6); + setifxflags("inet6", val * (IFXF_AUTOCONF6 | + IFXF_AUTOCONF6TEMP)); break; default: errx(1, "autoconf not allowed for this address family"); @@ -3676,7 +3679,7 @@ in6_alias(struct in6_ifreq *creq) if (ifr6.ifr_ifru.ifru_flags6 & IN6_IFF_AUTOCONF) printf(" autoconf"); if (ifr6.ifr_ifru.ifru_flags6 & IN6_IFF_TEMPORARY) - printf(" autoconfprivacy"); + printf(" temporary"); } if (scopeid) diff --git a/sbin/slaacd/frontend.c b/sbin/slaacd/frontend.c index 416a529a65d..1a0c596914d 100644 --- a/sbin/slaacd/frontend.c +++ b/sbin/slaacd/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.51 2021/03/07 10:31:20 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.52 2021/03/11 19:53:40 florian Exp $ */ /* * Copyright (c) 2017 Florian Obser <florian@openbsd.org> @@ -532,7 +532,7 @@ update_iface(uint32_t if_index, char* if_name) imsg_ifinfo.rdomain = ifrdomain; imsg_ifinfo.running = (flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING); - imsg_ifinfo.autoconfprivacy = !(xflags & IFXF_INET6_NOPRIVACY); + imsg_ifinfo.autoconfprivacy = (xflags & IFXF_AUTOCONF6TEMP); imsg_ifinfo.soii = !(xflags & IFXF_INET6_NOSOII); if (getifaddrs(&ifap) != 0) |