From a845e4500bfee2f43e1ee3bc30a43a2cf0e6bd59 Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Sat, 10 Feb 2018 05:55:27 +0000 Subject: ifconfig can be used to to set interface flag to not do RFC 7217. OK naddy, sthen man page bits input & OK jmc --- sbin/ifconfig/brconfig.h | 4 ++-- sbin/ifconfig/ifconfig.8 | 21 +++++++++++++++++++-- sbin/ifconfig/ifconfig.c | 4 +++- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/sbin/ifconfig/brconfig.h b/sbin/ifconfig/brconfig.h index e8342f4c9e8..a517c5b5bc3 100644 --- a/sbin/ifconfig/brconfig.h +++ b/sbin/ifconfig/brconfig.h @@ -1,4 +1,4 @@ -/* $OpenBSD: brconfig.h,v 1.13 2018/02/08 13:15:32 mpi Exp $ */ +/* $OpenBSD: brconfig.h,v 1.14 2018/02/10 05:55:26 florian Exp $ */ /* * Copyright (c) 2009 Claudio Jeker @@ -75,7 +75,7 @@ void switch_portno(const char *, const char *); "\024\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6STATICARP" \ "\7RUNNING\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX" \ "\15LINK0\16LINK1\17LINK2\20MULTICAST" \ - "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6" + "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6\27INET6_NOSOII" void printb(char *, unsigned int, unsigned char *); diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 9e51bcec01b..f928767cd89 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.297 2018/02/09 20:13:28 mpi Exp $ +.\" $OpenBSD: ifconfig.8,v 1.298 2018/02/10 05:55:26 florian Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -31,7 +31,7 @@ .\" .\" @(#)ifconfig.8 8.4 (Berkeley) 6/1/94 .\" -.Dd $Mdocdate: February 9 2018 $ +.Dd $Mdocdate: February 10 2018 $ .Dt IFCONFIG 8 .Os .Sh NAME @@ -1126,6 +1126,7 @@ protocol when supported by the access point. .Op Oo Fl Oc Ns Cm autoconfprivacy .Op Cm eui64 .Op Cm pltime Ar n +.Op Oo Fl Oc Ns Cm soii .Op Oo Fl Oc Ns Cm tentative .Op Cm vltime Ar n .Ek @@ -1186,6 +1187,22 @@ Fill the interface index automatically. .It Cm pltime Ar n Set preferred lifetime for the address. +.It Cm soii +Enable persistent Semantically Opaque Interface Identifiers (SOIIs), +as per RFC 7217, for link local and SLAAC addresses on the interface. +The purpose of these identifiers is to make discovery of hosts by +scanning a whole prefix more difficult. +SOIIs use the whole 64 bits of the host part while SLAAC addresses are +formed from MAC addresses which can lower the entropy to 24 bits if +the host is running in a virtualization environment or the hardware +manufacturer is known. +See RFC 8064 for details. +SOIIs are enabled by default. +.It Cm -soii +Disable IPv6 persistent Semantically Opaque Interface Identifiers on the +interface. +Currently configured addresses will not be removed until they become +invalid. .It Cm tentative Set the IPv6 tentative address bit. .It Cm -tentative diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 0bf921f5a5d..ac5705b2651 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.356 2018/02/08 21:54:55 dlg Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.357 2018/02/10 05:55:26 florian Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -388,6 +388,8 @@ const struct cmd { { "eui64", 0, 0, setia6eui64 }, { "autoconfprivacy", -IFXF_INET6_NOPRIVACY, 0, setifxflags }, { "-autoconfprivacy", IFXF_INET6_NOPRIVACY, 0, setifxflags }, + { "soii", -IFXF_INET6_NOSOII, 0, setifxflags }, + { "-soii", IFXF_INET6_NOSOII, 0, setifxflags }, #ifndef SMALL { "hwfeatures", NEXTARG0, 0, printifhwfeatures }, { "metric", NEXTARG, 0, setifmetric }, -- cgit v1.2.3