OpenBSD/src v0oU5lVlib/libc/sys sysctl.2, sbin/ifconfig ifconfig.8

       Remove support for semantically opace interface identifiers (RFC 7217)
       for IPv6 link local addresses.

       Some hosting and VM providers route customer IPv6 prefixes to link
       local addresses derived from ethernet MAC addresses (RFC 2464). This
       leads to hard to debug IPv6 connectivity problems and is probably not
       worth the effort.

       RFC 7721 lists 4 weaknesses:

       3.1. Correlation of Activities over Time & 3.2. Location Tracking
       These are still possible with RFC 7217 addresses for an adversary
       connected to the same layer 2 network (think conference wifi). Since
       the link local prefix stays the same (fe80::/64) the link local
       addresses do not change between different networks.
       An adversary on the same layer 2 network can probably track ethernet
       MAC addresses via different means, too.

       3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
       These now become possible, however, as noted above a layer 2 adversary
       was probably able to do this via different means.

       People concerned with these weaknesses are advised to use
       ifconfig lladdr random.
   OK benno
   input & OK kn
VersionDeltaFile
1.114+2-83sys/netinet6/in6_ifattach.c
1.219+1-12sys/netinet6/ip6_input.c
1.588+3-7sys/net/if.c
1.341+4-4sbin/ifconfig/ifconfig.8
1.30+2-2lib/libc/sys/sysctl.2
1.10+1-2sys/netinet6/in6_ifattach.h
+13-1106 files

UnifiedSplitRaw