Dear Debian Networking Team,

I've included a patch that adds an option "soii" to the auto method of
family inet6. When enabled, a secret (stored in /etc/network/soii.key)
is loaded into sysctl net.ipv6.conf.$if.stable_secret, which has the
side-effect of setting net.ipv6.conf.$if.addr_gen_mode=2. This is
sufficient to enable Semantically Opaque Interface Identifiers as
described in RFC 7217.

Setting net.ipv6.conf.$if.addr_gen_mode=0 earlier in ifup means that:
  ifdown $if; sed -i /soii/d /etc/network/interfaces; ifup $if
has the expected effect of disabling Semantically Opaque Interface
Identifiers. Doing this early in ifup rather than during ifdown means
that the following does not have the unexpected effect of changing the
machine's address:
  ifdown $if; ip link set dev $if up

I've also provided for your consideration machinery for generating
/etc/network/soii.key during package installation.

I've left soii's default value at 0, such that it is necessary to
change /etc/network/interfaces to enables SOIIs, but I will note that
RFC 8504 RECOMMENDs "that unless there is a specific requirement for
Media Access Control (MAC) addresses to be embedded in an Interface
Identifier (IID), nodes follow the procedure in [RFC7217] to generate
SLAAC-based addresses". I take this as RECOMMENDing setting soii's
default to 1 and waiting to see if anybody screams about it.

Yours,
    Callum Davies <cd@debian.crdavies.eu>