View previous topic :: View next topic |
Author |
Message |
truc Advocate
Joined: 25 Jul 2005 Posts: 3199
|
Posted: Wed Nov 30, 2011 7:50 pm Post subject: IPv6 SLAAC & use_tempaddr=2 are fine, want sthg more L33 |
|
|
Hello everybody!
First of all, the following is very hackish and probably a bit useless, so you may want to stop reading there and do something usefull instead! You've been warned!
If you find IPv6 SLAAC very nice and you like the idea of hidding your MAC address (aka as the super cookie?), but do not care if the local identifier(usually based on the MAC address, see EUI-64) stays the same as long as it is L33T then read on! (or may be you just love to configure everything and feel a bit useless with IPv6 SLAAC!?)
For those who don't know you can enable the privacy extension by configuring net.ipv6.conf.all.use_tempaddr. (by the way, I fail to see why one would want to set it to 1, any real use case?)
The idea here is to give the local Identifier _we_ want to use, construct to IPv6 with the prefix received via Router Advertissements and configure it on the interface(ip addr add).
This way you can have public address like this one 2bca:2840:4bb8:69cf::10 or even 2bca:2840:4bb8:69cf::dead:beef (and so on) without the hassle of having to configure it manually
Additionnally, if one of the prefix is no longer valid, then the IPv6 configured above is removed (ip addr del)
Since I already have rdnssd listening to RA and launching a personnaly hook to update the resolv.conf file(s), it was easy to just use this daemon and its hook. I did not want to use temporary files so I just used awk to parse the output of the iproute command and to do the thinking.
Here is an example of what you can add in your rdnssd hook
Code: |
exec >> /var/log/${0##*/}.log 2>&1
# you can even code something to put your IPv4 in there if you wanted to
#IPv6_local_identifier=f22a:20ff:fe21:7ab9
#IPv6_local_identifier=a:b:c:d
#IPv6_local_identifier=:10
IPv6_local_identifier=:dead:beef
msg() {
echo "$(date): $@"
}
addAndRemoveCustomIPv6Addr() {
localID=${IPv6_local_identifier:-"e:f:g:h"}
ip -o -6 a l scope global | awk -f /etc/rdnssd/find_custom_ipv6_to_add_or_remove.awk \
-v LOCAL_ID=$localID | while read action ip iface; do
if [ "$action" = 'add' ]; then
ping -nqc1 $ip > /dev/null 2>&1 && { msg "$ip already in use, I won't try to add it"; continue; }
fi
msg "ip address $action ${ip}/64 dev $iface"
ip address $action ${ip}/64 dev $iface
done
}
addAndRemoveCustomIPv6Addr
|
And here is the awk script
/etc/rdnssd/find_custom_ipv6_to_add_or_remove.awk: | function compressed2extendedIP(ip, i, j, len, elt) { # {{{
# IPv4: no compressed format
if (ip !~ /:/)
return ip
# else IPv6
missing = -1
nb = split(ip, elt, ":")
ip = ""
for (i=1; i<=nb; i++) {
if (0 == length(elt[i])) {
# there should be 8 groups (of 16 bits each, 2 bytes, 4 characters)
if (0 != missing)
missing = 8 - nb
elt[i] = "0000"
for (j=1; j<=missing; j++)
elt[i] = elt[i] ":0000"
# the has to be done one time only (if any)
missing = 0
} else {
# 4 characters per group
len = length(elt[i])
for (j=len ; j<4; j++)
elt[i] = "0" elt[i]
}
ip = sprintf("%s%s%s", ip, (i>1 ? ":" : "" ), elt[i])
}
return ip
}
# }}}
BEGIN {
searched_local_id = substr(compressed2extendedIP("a:b:c:d:" LOCAL_ID), 21)
}
($4 ~ /\/64$/ ) {
iface = $2
ip = $4
sub(/\/64$/, "", ip)
ip = compressed2extendedIP(ip)
flag = $7
prefix = substr(ip, 0, 19)
# dynamic means auto-configured (eg: SLAAC)
if (flag == "dynamic") {
dynamic_prefix_iface[prefix] = iface
# no need to go further
next
}
local_identifier = substr(ip, 21)
# is it an IP I, as a script, have added?
if (local_identifier == searched_local_id)
manually_configured_ip_iface[ip] = iface
}
END {
# is there some manually configured IP that need to be removed?
for (ip in manually_configured_ip_iface) {
iface = manually_configured_ip_iface[ip]
prefix = substr(ip, 0, 19)
# if there is no dynamic ip configured with this prefix
# then we might need to remove it
if (prefix in dynamic_prefix_iface) {
dyn_iface = dynamic_prefix_iface[prefix]
# don't remove it if this prefix is still in use(dynamically) on
# the same interface
if (iface == dyn_iface) continue
}
printf "del %s/64 %s\n", ip, iface
}
# and the other way around: is there a new prefix for which
# a new IP with the right local identifier needs to be added?
for (prefix in dynamic_prefix_iface) {
wanted = prefix ":" searched_local_id
if (wanted in manually_configured_ip_iface)
continue
iface = dynamic_prefix_iface[prefix]
printf "add %s %s\n", wanted, iface
}
}
# vim: set foldmethod=marker : |
Temporarily, you can find these two here(raw and an complete merge-hook example)and there(raw).
Once you've done that, you can:
- wait untill the next RA
- run rdisc $interface
- run sudo /path/to/your/rdnssd/hook
For the two last items you can add a hook to your dhcp client to run one of the commands as you connect to a new network
Notice that if you set use_tempaddr=2, then you're new leet IPv6 address won't be used for outgoing connection
----
[background]I had this idea when adding a AAAA Resource Record pointing to my laptop(well, when it's in the right subnet/prefix), and it just felt weird to add this long and awfull IPv6 address while I could just have a nice one instead, but eh! I like the IPv6 SLAAC, and don't want to lose that by having to manually configure anything![/background]
note: As you may have noticed I used the compressed2extendedIP function that I already presented here. _________________ The End of the Internet! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|