11 Replies Latest reply: Jul 27, 2012 7:47 AM by cute crow
cute crow Level 1 Level 1 (35 points)

Hi

 

Some time ago I thought I had enabled Privacy Extensions (aka Privacy Address) for IPv6 on my Snow Leopard mac.

 

If I use the ifconfig command, after inet6 it lists what looks like an IPv6 address and it has most of my MAC address in it.

 

So I'm guessing that I haven't set Privacy Extensions up correctly.

 

Is there any one who could help me?

 

To enable Privacy Extensions I used nano to create a file called sysctl.conf in /etc/ and in that file using nano I wrote the following:

net.inet6.ip6.use_tempaddr=1

 

Looking back I think that I may have omitted a key part. According to Sixx.net http://www.sixxs.net/wiki/Privacy it cryptically says  to enable privacy extensions:

sysctl -w net.inet6.ip6.use_tempaddr=1

 

Should I have included the sysctl -w part in my nano edit of my sysctl.conf ?

 

(And as you'll have gathered I'm not particularly proficient with Terminal or Unix etc)

  • Linc Davis Level 10 Level 10 (173,705 points)

    I haven't tried recently, but the last time I checked, sysctl.conf was ignored, even though the sysctl man page says it shouldn't be. If that hasn't changed, you'd have to create a launchd job to run sysctl commands automatically at startup.

  • cute crow Level 1 Level 1 (35 points)

    Hi Linc

     

    Thats interesting and may well be the explanation. But I have to say I'm very surprised by it. I've seen quite a few recommendations to use systcl.conf on OS X and to think its actually disabled is quite surprising.

    How do you check if its being ignored?

     

     

    A bit of an update re. my initial post.

    They way I have privacy extensions set up is correct (excluding your point Linc)

     

    My confusion in my first post stems from the fact that I did it a little while ago and forgot (or never realized) that there are two ways of doing it.

     

    (1) A temporary way for the current login session which is done with

    sysctl -w net.inet6.ip6.use_tempaddr=1

     

    (2) A permanent way which is done by creating (or editing your existing) sysctl.conf with the line:

    net.inet6.ip6.use_tempaddr=1

     

    I then discovered the sysctl -a command which AFAIK lists the enabled sysctl configuration.

     

    When I ran that command my IPv6 Privacy Extension was included in it. So it would seem my sysctl.conf edit has worked and is recognised by OS X (to some level).

     

    So I'm 90% sure I have it setup the way it should be. I'm just flummoxed as to why ifconfig is still displaying an IPv6 type address with my MAC address in it.

     

    For any one who's interested here are some reference links

    http://www.sixxs.net/wiki/OS_X

    http://draft.scyphus.co.jp/macosx/snowleopard.html

    https://isc.sans.edu//diary.html?storyid=10966

    http://arstechnica.com/apple/2012/05/the-future-is-forever-the-state-of-ipv6-in- the-apple-world/2/

     

    There is a final point, is ifconfig actually displaying my IPv6 address or is it some kind of private, internal system IPv6 address (something like loop back?)

  • g_wolfman Level 4 Level 4 (1,120 points)

    ifconfig may very well be displaying the "default canonical" modified EUI-64 address derived from the MAC address by stateless autoconfiguration.

     

    It may also not be the IPv6 address being used on your network (assuming you even have an IPv6 address on your network).  You may get better results seeing what is actually being used with:

     

    networksetup -getinfo Wi-Fi (or -getinfo Ethernet - depending or how you are connected).

  • cute crow Level 1 Level 1 (35 points)

    Thanks g_wolfman.

     

    I did that and it lists

    IPv6: Automatic

    IPv6 IP address: none

    IPv6 Router: none

     

    And you are correct, at the moment the network I'm on isn't IPv6.

     

    The reason I presumed the ifconfig was my IPv6 was if I've WiFi off on the mac, ifconfig for en1 just list the MAC address but no IP addresses (not IPv4 nor IPv6) but when I enable WIFI then I get my IPv4 address (listed after inet) and IPv6 (listed after inet6). So I presumed it was the IPv6 and I was a bit disappointed to see my MAC address in it.

     

    I don't suppose any one knows a sure fire way of examining your IPv6 address without being on an IPv6 network or failing that can anyone explain what exactly ifconfig is displaying?

     

     

    A note for anyone following this

    networksetup -getinfo Wi-Fi

    didn't work for me but this did:

    networksetup -getinfo Airport

  • g_wolfman Level 4 Level 4 (1,120 points)

    networksetup -listallnetworkservices

     

    Will give you the names of all the services (it will be the same as those listed in the Network System Preference sidebar).  Wi-Fi is the default name for WLAN networking on my MBP; perhaps Airport is the default name on an iMac.

     

    The easiest way to see your addresses is via the Network System Preference pane.  If you aren't on IPv6, then no information will be displayed beyond the "Configure" drop-down - very similar to the IPv4 section.

     

    As for ifconfig, it generally shows some combination of the following:

     

    Interface Name (lo0, en0, en1, p2p0, etc);

    Flags associated with the interface and the MTU (max number of bytes in a frame on the interface);

    Options associated with the interface (if there are any);

    The ethernet (MAC) address or link-local (lladdr) address of the interface (if there is one, not all interfaces have a hardware address);

    The inet6 (IPv6) and inet (IPv4) addresses;

    Various other infor; and,

    An "active" or "inactive" indicator.

     

    It's often just easier to open the System Preferences application and use the Network preference pane...also, since that is a GUI frontend to the networksetup program, it's closer to the actual utility OS X uses to manage it's interfaces.

  • cute crow Level 1 Level 1 (35 points)

    Yeah, it must be something to do with hardware. My iMac just lists

    AirPort

    Ethernet

    FireWire

    Bluetooth PAN

     

     

     

    So a little summary of where I stand.

     

    *Can't confirm my IPv6 address cause not on IPv6 network.

    *Unsure of what exactly ifcong is actually displaying re IPv6.

    *I feel like I've got Privacy Extensions setup correctly, 90% sure,  but I'd like to somehow get confirmation.

     

    Must I be on an IPv6 network before I can verify what kind of IPv6 address my mac will generate?

     

     

  • cute crow Level 1 Level 1 (35 points)

    I think the IPv6 that ifconfig is displaying may be a Link-local address. According to Wikipedia a Link Local IPv6 is assigned with the address prefix fe80::/64

    My ifcinfig IPv6 does starts with:

    fe80::

    and after it this text

    prefixlen 64

     

    So it looks like a Link-local IPv6 address ???

     

     

    Wkipedia Link-local url:

    https://en.wikipedia.org/w/index.php?title=Link-local_address&oldid=479789318#IP v6

  • cute crow Level 1 Level 1 (35 points)

    I came across an image with an almost identical example of what I see for ifconfig (only difference is its not my MAC address in the image)

    I've highlighted the IPv6 part that I've been yakin' on about.

     

    In it you can see the fe80:: bit and the prefixlen 64 bit that makes me think its a link-local address

     


  • g_wolfman Level 4 Level 4 (1,120 points)

    Link-local addresses are assigned using stateless autoconfiguration, so that explains the EUI-64 address derived from your MAC address.

     

    As for your earlier question, until and unless you are actually on an IPv6 network, I don't think you'll be able to determine your IPv6 address exactly, because you won't have one until then.

  • cute crow Level 1 Level 1 (35 points)

    Well now that I know what ifconig's IPv6 address is and given that sysctl -a has shown my Privacy Address has been incorperated by OS X I am pretty sure that I have it setup correctly.

     

    I think your absolutely right that the only way to 100% confirm it is to wait until I'm on an IPv6 network.

     

    But with what I have learned so far I am very happy

     

    Thanks a million for your help g_wolfman and Linc Davis. Much appreciated.

     

    Cheers.

  • cute crow Level 1 Level 1 (35 points)

    I accidently marked my own post as helpful - and there isn't a way to undo that.