Add SLAAC security and privacy options.

This patch adds some security and privacy enhancements to SLAAC configuration.
When SLAAC_PRIVIPGEN is "yes", address generation is enhanced with a secret
key for the interface set in SLAAC_SECRET.  This prevents predictable
address generation.
When SLAAC_TEMPADDR is "yes", a temporary address is used with SLAAC.

Thanks to davjohn from LQ for the inital patches and help testing.

1 files changed, 10 insertions, 0 deletions

diff --git a/netconfig b/netconfig
index 56b8593..a33b85d 100644
--- a/netconfig
+++ b/netconfig
@@ -232,6 +232,16 @@ GATEWAY6="$GATEWAY6"
 #SLAAC_TIMEOUT[4]="15"          # The default timeout for auto configuration to
                                 # wait for the interface to come up is 15 sec.
                                 # Increase the timeout if required.
+#SLAAC_PRIVIPGEN[4]="yes"       # When assigning addresses via SLAAC, use the
+                                # 'private' (RFC7217) address generation method.
+                                # It is advisable to also set SLAAC_SECRET[x].
+#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx"
+                                # When SLAAC_PRIVIPGEN[x]="yes" is set, this is
+                                # the secret to be used.  This must be in the
+                                # form of an IPv6 address.  When left unset, a
+                                # random secret is used (this is the default).
+#SLAAC_TEMPADDR[4]="yes"        # Use a temporary address with SLAAC to enhance
+                                # security.
 #USE_RA[4]="yes"                # Accept router advertisements even when SLAAC
                                 # is disabled on the interface.
 #WLAN_ESSID[4]="DARKSTAR"       # An example of how you can override _any_