ifconfig can be used to to set interface flag to not do RFC 7217.

OK naddy, sthen
man page bits input & OK jmc

diff --git a/sbin/ifconfig/brconfig.h b/sbin/ifconfig/brconfig.h
index e8342f4..a517c5b 100644 (file)
--- a/sbin/ifconfig/brconfig.h
+++ b/sbin/ifconfig/brconfig.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: brconfig.h,v 1.13 2018/02/08 13:15:32 mpi Exp $       */
+/*     $OpenBSD: brconfig.h,v 1.14 2018/02/10 05:55:26 florian Exp $   */
 
 /*
  * Copyright (c) 2009 Claudio Jeker <claudio@openbsd.org>
@@ -75,7 +75,7 @@ void switch_portno(const char *, const char *);
        "\024\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6STATICARP" \
        "\7RUNNING\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX"    \
        "\15LINK0\16LINK1\17LINK2\20MULTICAST"  \
-       "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6"
+       "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6\27INET6_NOSOII"
 
 void printb(char *, unsigned int, unsigned char *);
 

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index 9e51bce..f928767 100644 (file)
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ifconfig.8,v 1.297 2018/02/09 20:13:28 mpi Exp $
+.\"    $OpenBSD: ifconfig.8,v 1.298 2018/02/10 05:55:26 florian Exp $
 .\"    $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)ifconfig.8 8.4 (Berkeley) 6/1/94
 .\"
-.Dd $Mdocdate: February 9 2018 $
+.Dd $Mdocdate: February 10 2018 $
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -1126,6 +1126,7 @@ protocol when supported by the access point.
 .Op Oo Fl Oc Ns Cm autoconfprivacy
 .Op Cm eui64
 .Op Cm pltime Ar n
+.Op Oo Fl Oc Ns Cm soii
 .Op Oo Fl Oc Ns Cm tentative
 .Op Cm vltime Ar n
 .Ek
@@ -1186,6 +1187,22 @@ Fill the interface index
 automatically.
 .It Cm pltime Ar n
 Set preferred lifetime for the address.
+.It Cm soii
+Enable persistent Semantically Opaque Interface Identifiers (SOIIs),
+as per RFC 7217, for link local and SLAAC addresses on the interface.
+The purpose of these identifiers is to make discovery of hosts by
+scanning a whole prefix more difficult.
+SOIIs use the whole 64 bits of the host part while SLAAC addresses are
+formed from MAC addresses which can lower the entropy to 24 bits if
+the host is running in a virtualization environment or the hardware
+manufacturer is known.
+See RFC 8064 for details.
+SOIIs are enabled by default.
+.It Cm -soii
+Disable IPv6 persistent Semantically Opaque Interface Identifiers on the
+interface.
+Currently configured addresses will not be removed until they become
+invalid.
 .It Cm tentative
 Set the IPv6 tentative address bit.
 .It Cm -tentative

diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 0bf921f..ac5705b 100644 (file)
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ifconfig.c,v 1.356 2018/02/08 21:54:55 dlg Exp $      */
+/*     $OpenBSD: ifconfig.c,v 1.357 2018/02/10 05:55:26 florian Exp $  */
 /*     $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $      */
 
 /*
@@ -388,6 +388,8 @@ const struct        cmd {
        { "eui64",      0,              0,              setia6eui64 },
        { "autoconfprivacy",    -IFXF_INET6_NOPRIVACY,  0,      setifxflags },
        { "-autoconfprivacy",   IFXF_INET6_NOPRIVACY,   0,      setifxflags },
+       { "soii",       -IFXF_INET6_NOSOII,     0,      setifxflags },
+       { "-soii",      IFXF_INET6_NOSOII,      0,      setifxflags },
 #ifndef SMALL
        { "hwfeatures", NEXTARG0,       0,              printifhwfeatures },
        { "metric",     NEXTARG,        0,              setifmetric },