Re: [PATCH] Add an option for RFC5014 IPv6 source address preference

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Quoting Maximilian Eschenbacher (2021-06-02 21:21:52)
> Hey,
> 
> this topic is indeed interesting.
> 
> I've read up on the bugreport: The patch does not seem to include the
> preference flags to getaddinfo(3) as discussed here
> https://bugzilla.redhat.com/show_bug.cgi?id=512032#c8. Is this
> intentional?

Sort of. As far as I can tell, AI_EXTFLAGS is not actually implemented
on Linux (or any other commonly used OS).

> 
> https://biplane.com.au/blog/?p=30 lists the first three options to
> globally control the ipv6 source address preference on linux. Technique
> four and five can be used per socket (and by extension per process):
> 
> - Technique One: Deprecate the addresses you don't want selected
>   via ip addr change $ip dev $dev preferred_lft 0
> - Technique Two: Modify the label table
>   via ip addrlabel
> - Technique Three: Prefer privacy addresses
>   via sysctl /proc/sys/net/ipv6/conf/$dev/use_tempaddr
> - Technique Four: setsockopt(2) (may be set per socket)
> - Technique Five: bind(2) (may be set per socket)
> 
> Is this assessment correct or did I miss some options?

I don't know of any others.
bind()ing to a specific address is of course already implemented in
openssh, but that requires me to hardcode the public address in ssh
config on every machine I ssh from, which I would really like to avoid.

-- 
Anton Khirnov
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux