Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217

Reply: Guido Falsi : "Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217"
In reply to: Guido Falsi : "git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Herbert J. Skuhra <herbert_at_gojira.at>
Date: Sat, 20 Sep 2025 22:17:59 UTC

On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote:
> 
> The branch main has been updated by madpilot:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=31ec8b6407fdd5a87d70265762457c67ce618283
> 
> commit 31ec8b6407fdd5a87d70265762457c67ce618283
> Author:     Guido Falsi <madpilot@FreeBSD.org>
> AuthorDate: 2025-09-20 12:26:41 +0000
> Commit:     Guido Falsi <madpilot@FreeBSD.org>
> CommitDate: 2025-09-20 12:31:44 +0000
> 
>     sys/netinet6: Implement RFC 7217
>     
>     Implement RFC 7217 (A Method for Generating Semantically Opaque
>     Interface Identifiers with IPv6 Stateless Address Autoconfiguration
>     (SLAAC)) in our IPv6 stack.
>     
>     A new ifconfig `stableaddr` flag is added to enable the feature on
>     interfaces, which defaults to on or off for new interfaces based
>     on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so
>     this commit causes no change in behavior with default settings).
>     
>     The algorithm follows the RFC in its logic, using SHA256-HMAC as
>     the algorithm to derive addresses so as to provide code that can
>     be leveraged by future implentations of RFC 8981, leveraging the
>     `hostuuid` as the secret.
>     
>     The source of the hostidentifier can be configured using the sysctl
>     `net.inet6.ip6.stableaddr_netifsource`, while the number of retries
>     generating a new address in case of collision can be configured
>     using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3).
>     
>     Documentation about all these flags is added to the ifconfig(8) man
>     page.
>     
>     Reviewed by:            cognet, glebius, hrs
>     Tested by:              zarychtam@plan-b.pwste.edu.pl
>     Approved by:            cognet, glebius
>     Relnotes:               yes
>     Differential Revision:  https://reviews.freebsd.org/D49681
> ---
>  sbin/ifconfig/af_inet6.c    |   2 +
>  sbin/ifconfig/af_nd6.c      |   1 +
>  sbin/ifconfig/ifconfig.8    |  30 +++++
>  sys/netinet6/in6.h          |   3 +
>  sys/netinet6/in6_ifattach.c | 275 +++++++++++++++++++++++++++++++++++++-------
>  sys/netinet6/in6_ifattach.h |   2 +
>  sys/netinet6/in6_proto.c    |  10 ++
>  sys/netinet6/ip6_input.c    |   1 +
>  sys/netinet6/ip6_var.h      |  12 ++
>  sys/netinet6/nd6.c          |   9 ++
>  sys/netinet6/nd6.h          |   2 +
>  sys/netinet6/nd6_nbr.c      |  35 +++++-
>  sys/netinet6/nd6_rtr.c      | 128 +++++++++++++--------
>  usr.sbin/ndp/ndp.c          |   7 ++
>  14 files changed, 423 insertions(+), 94 deletions(-)

This commit breaks security/netbird:

Management: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument
Signal: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument