Skip to Content [alt-c]

rdiscd - IPv6 Router Discovery and SLAAC Daemon

rdiscd is a daemon for performing IPv6 router discovery and stateless address autoconfiguration (SLAAC) in userspace. It provides greater flexibility and more functionality than the kernel's implementation. For example, rdiscd supports static interface IDs, where the advertised prefix is combined with a static suffix to form a complete address. It also supports RFC 7217 for generating semantically opaque interface IDs (aka "stable privacy addresses").

Getting rdiscd

Building from Source (latest official release)

Download and extract rdiscd-0.6.tar.gz (PGP signature) and run:

cd rdiscd-0.6


make install

To install to a specific location:

make install PREFIX=/usr/local

Building from Git (development version; less stable and with no compatibility guarantee)

git clone

cd rdiscd


make install

Verifying the Source

Since version 0.5, all tarballs and Git tags are signed by my PGP key, EF5D 84C1 838F 2EB6 D896 8C04 1037 8EFC 2080 080C.

Building rdiscd

Run make and make install. See the README for advanced build options.


rdiscd depends on libndp v1.2 or higher.

To build rdiscd, you need:

  • GNU Make
  • A C++ compiler supporting C++11 (e.g. GCC 4.7 or higher)
  • Development headers for libndp

Current Status

The current version of rdiscd is 0.6, released on 2017-04-16. rdiscd aims to be bug-free and reliable, meaning it shouldn't crash or malfunction. It has been successfully used in production on servers, desktops, and laptops. It contains basic support for autoconfiguring addresses and the default gateway, but does not support route or DNS server advertisements.

As of 2019, rdiscd is no longer under active development. It will receive critical bug fixes but new features are unlikely to be added.

Project Resources

For help or questions, send mail to the discussion list, To report a bug or make a feature request, please open an issue at GitHub or send mail to the discussion list. To contribute code, please send a properly-formatted patch to the discussion list, or open a pull request at GitHub.

To learn about new releases, subscribe to the announcement list, or watch the GitHub project.


rdiscd was written by Andrew Ayer.

rdiscd is inspired by the userspace SLAAC implementation in NetworkManager, and some code is based on the code found therein.

rdiscd contains a SHA-256 implementation by Colin Percival.

rdiscd would not be possible without libndp, by Jiri Pirko.


rdiscd has been designed and implemented with security in mind. Safe, high-level C++ constructs are used whenever possible to reduce the chance of programmer error. Low-level, potentially-unsafe code is kept to a minimum and written very carefully when it's necessary. In addition, I have audited the code of libndp, the NDP library used by rdiscd. I found one vulnerability, CVE-2014-3554, which is fixed as of libndp 1.4.

By necessity, rdiscd requires privilege, as it configures the system's networking and uses raw sockets. To mitigate the potential impact of a security vulnerability in rdiscd or libndp, rdiscd supports privilege separation. The process that handles NDP packets from the network runs as an unprivileged user in an empty and unwritable root directory, and passes configuration information to the privileged process over a UNIX domain socket using a simple and easily-audited protocol. The privileged process never talks directly to the network.

To use privilege separation, you must pass the name of an unprivileged user to the -u option (you should use a dedicated user for rdiscd), and a root directory to the -r option (you should use an empty and unwritable directory). Privilege separation is enabled by default in the Debian package, with no manual configuration required.

If you find a security vulnerability in rdiscd, please contact me privately, optionally using my PGP key, EF5D 84C1 838F 2EB6 D896 8C04 1037 8EFC 2080 080C.


Copyright © 2014 Andrew Ayer

Licensed predominantly under the GPLv3. Also contains code licensed under more permissive GPL-compatible licenses.

rdiscd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.