IPv6 Privacy Extensions use_tempaddr=1 vs use_tempaddr=2

Question

I understand privacy extensions and that you enable them by setting use_tempaddr. Unfortunately I haven't found any explantion for the different settings. Every articel I read used either 1 or 2 or cited kernel.org without further explanation.

The Kernel.org documentation*:

use_tempaddr - INTEGER
  Preference for Privacy Extensions (RFC3041).
    <= 0 : disable Privacy Extensions
    == 1 : enable Privacy Extensions, but prefer public
           addresses over temporary addresses.
    >  1 : enable Privacy Extensions and prefer temporary
     addresses over public addresses.
  Default:  0 (for most devices)
           -1 (for point-to-point devices and loopback devices)

But I still do not understand the difference between 1 and >1. What's the public IP in contrast to the temporary IP? The one that is assigned with DHCP / set statically? Or something else?

Thanks for your help!

Answer 1

Privacy extension is usable with Stateless Address Autoconfiguration (SLAAC). This option doesn't have effect for DHCPv6 or static configuration. With privacy extension, you have at least two public IPv6 addresses (and link-local FE80::), one, for example, with EUI-64 identifier and one with identifier generated according to RFC-3041. You can see it with command ip a. Station listens on both of them, but use_tempaddr 1 or 2 to define which address is used for outgoing traffic.

When use_tempaddr=2, the privacy address is used as source of all outgoing traffic. With use_tempaddr=1, system generate privacy address is used, but as the more "predictable" one is used for outgoing traffic, its purpose looks to be redundant.