Remove All Ads from XDA

[Q] hacking the netd daemon to disable "IPv6 privacy extensions"

1 posts
Thanks Meter: 0
By Gro-Tsen, Junior Member on 10th January 2014, 09:47 PM
Post Reply Email Thread
Android's netd daemon, by default, enables something known as "IPv6 privacy extensions" (this means that the IPv6 address, instead of being generated from the device's MAC address, will be randomized but this is irrelevant for my question).

In a nutshell, my problem is this: how can I hack, or communicate with, the netd daemon to force it to disable this feature?

(Android offers no configuration for this. I bug-reported the issue to Google ad android bug #31102 aka http : / / (sorry I'm not allowed to post links) but they, of course, ignored it. Please note that there are lots of pages dealing with the question of how to enable IPv6 privacy extensions, because old versions of Android did not enable them: my question is how to disable them, permanently.)

What the netd daemon actually does is that when a network interface $IFACE is brought up, it opens the file /proc/sys/net/ipv6/conf/$IFACE/use_tempaddr and writes "2" there (this asks the Linux kernel to enable the feature). Up to Android 4.2, what I did was binary patch netd to replace the string "/proc/sys/net/ipv6/conf/%s/use_tempaddr" by "/dev/null\000" so the daemon would simply write that "2" to /dev/null and nothing would happen. But in Android 4.3 that part of the code has been slightly refactored, see InterfaceController.cpp from the netd source code, around line 134 (https : / / again I'm not allowed to put links, what a pain), so a binary patch is not so trivial. (I could probably replace "use_tempaddr" by "hfr_grzcnqqe", but it would cause an error message in the logs and I'd like to avoid that.)

(Changing netd's source would be absolutely trivial. But I want to avoid recompiling it, because I'd probably spend many sleepless nights getting the correct native toolchain and convincing the Android makefiles to recompile just this bit: I don't have the resources to do a full Android build. Maybe I'm being pessimistic.)

In principle, it seems that netd reacts to commands that are sent to it (see https : / / starting from around line 434). What I don't know is how to communicate with it to send it such commands, let alone do it precisely when a new interface is brought up. I know that at the other end of the line there is, for example, (see https : / / around line 2104). I'm a Linux dev, not so familiar with the Android IPC mechanisms or daemons, so I was hoping someone more knowledgeable could think of a way to pass a command at the right time.

PS: I'm aware that there's an app called which claims to solve the problem I'm talking about. But, looking at the code (https : / / around line 103), it's obvious that it does so in a completely wrong way, namely by talking to the kernel, bypassing netd's role as the network gatekeeper altogether.

PPS: I'm using CyanogenMod (currently 10.1.3, and this issue is preventing me from upgrading to 10.2), but I don't think this is relevant at all (I must admit I didn't check to see if CyanogenMod patched netd and/or in any way).

Meta-question: Is this the right place to ask? Apparently I have to ask 10 stupid questions before I'm allowed to post anywhere else.
3rd June 2015, 07:08 PM |#2  
Thanks Meter: 4
Did you ever find a permanent solution? I've been tackling the issue on my new Galaxy S6 using the steps as outlined in this link:
23rd October 2015, 06:16 PM |#3  
Junior Member
Thanks Meter: 1
On the chance that someone has this issue and finds this thread ..

As far as I have seen (< 5.0), communication with the network daemon, netd, is done through unix-domain socket IPC on /dev/socket/netd. The commands are of the form:
interface setcfg [iface name] [options]
Where 'options' includes 'up' and 'down', among others. I have not verified this, but you may be able to do this from the console -- see 'netcfg'. As far as the specific command to do what you are requesting, I would either pull the netcfg executable into IDA or start by looking at the WifiStateMachine. The state machine set sets this option at line 2092 in the source:

mNwService.setInterfaceIpv6PrivacyExtensions(mInterfaceName, true);
Additionally, you could just pull in the apk for the WifiStateMachine and modify the smali to send false, rather than true, at the line above and you'll have your permanent disable. For this, see /system/framework/*.apk, or equivalent. The WSM implementation should be there somewhere.


From the source you posted, I found this too ..

"Usage: interface ipv6privacyextensions <interface> <enable|disable>"
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes