* Avoid deprecated IPv6 temporary addresses
@ 2025-01-31 17:11 Rio Z
0 siblings, 0 replies; only message in thread
From: Rio Z @ 2025-01-31 17:11 UTC (permalink / raw)
To: wireguard
Background: IPv6 Privacy Extensions (RFC 4941)-enabled host creates a
temporary address that is preferred for a short period of time
(usually 1 day), after which it becomes deprecated and a new temporary
address is generated. RFC 4941 §3.2 states that "deprecated address
can continue to be used for already established connections, but are
not used to initiate new connections."
RFC 4941 §6 discusses the problem of tracking deprecated addresses to
be removed. In particular, TCP connections can be easily tracked. But
for UDP-based applications like WireGuard, it's not straightforward as
it is usually connectionless.
Problem: Currently WireGuard keeps using the same temporary address to
send UDP packets to an existing peer even after the address becomes
deprecated. It should use the preferred (i.e. non-deprecated)
temporary address as soon as possible to satisfy the requirement of
privacy and also to make the deprecated addresses eligible to be
removed.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-21 17:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-31 17:11 Avoid deprecated IPv6 temporary addresses Rio Z
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).