The default kernel comes with it compiled in, I always remove OPTIONS INET6 in my kernels 'cause I can't stand looking at those ugly v6 addresses when I do an ifconfig. Unless you are directly connected to the 6bone (i.e. you ISP's router that you connect to does ipv6) or are interested in setting up a tunnel or a 6to4 gateway, there is not point in messing with it.
> First what is it? Encryption for network interfaces at
> the packet level?
Partially correct. IPv6 is a major rewrite of IP. One of the advances is that IPsec is built into it from the ground up which means every ipv6 host is intrinsicly capable of encrypting and/or authenticating every packet that comes and goes, all you have to do is turn it on.
In IPv4, to use IPsec, you must setup a VPN (virtual private network). Doing this means having a box at site A grab all the IP traffic heading for site B, encrypt and encapsulate it, and send it on to B where a box decrypts it and delivers it to the destination host(s). These gateway boxes at each end allow the internal networks at A and B run plain old unencrypted v4 AND exchange traffic inter-site as though they had a private secure line because the traffic is only encrypted for transport across the (insecure) Internet.
All this can be done with v6 w/o having to have the gateway/tunnel boxen because encryption/authentication is part of the protocol, not layer on top of an insecure protocol. It will be very cool if it is ever deployed!
> And second, how could it be used to monitor data packets
> in a system or over the net?
This assertion is the product of FUD and/or ignorance and bears a resemblance to other 'scares' like this the zoom around the 'net. If anything, it will be easier for folks to regularly encrypt their traffic so NOBODY, governments or corporations will be able to listen. Further, most computers don't have serial numbers, although many node-locking license schemes treat the ethernet address as a serial number.
If you are running the default FreeBSD kernel and you have an ethernet interface in there when you do an 'ifconfig' you'll see your IPv6 address displayed after the v4 stuff. That address will have the MAC (hardware) address of your ethernet controller as psrt of the v6 IP address. That helps to ensure the address is unique (every ieee 802.3 -- 'ethernet' hardware address is unique). But there is nothing that forces you to use that number, and further, nothing to stop you from buying another ethernet card and using it.
Oh, and whoever thinks that IP addresses are 'randomly' distributed now is very confused.
(type hastily -- forgive the typhos and grammos)
-- no Onan
Undefeated, everybody goes home