git: a2eb0894b79b - main - sys/netinet6: switch net.inet6.ip6.use_stableaddr to on by default

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Guido Falsi <madpilot_at_FreeBSD.org>
Date: Mon, 09 Feb 2026 20:29:16 UTC
The branch main has been updated by madpilot:

URL: https://cgit.FreeBSD.org/src/commit/?id=a2eb0894b79bd0241e51c6888a52bea369ae8a6a

commit a2eb0894b79bd0241e51c6888a52bea369ae8a6a
Author:     Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2026-02-09 20:27:15 +0000
Commit:     Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2026-02-09 20:27:15 +0000

    sys/netinet6: switch net.inet6.ip6.use_stableaddr to on by default
    
    This change switches to using RFC 7217 algorithm as the default to
    generate SLAAC addresses for IPv6 interfaces configured with
    accept_rtadv.
    
    Reviewed by:            pouria, glebius, zlei
    Approved by:            zlei
    Relnotes:               yes
    Differential Revision:  https://reviews.freebsd.org/D55138
---
 UPDATING               | 9 +++++++++
 sys/netinet6/nd6_rtr.c | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/UPDATING b/UPDATING
index 5029bf086bdd..d4a6e486aed0 100644
--- a/UPDATING
+++ b/UPDATING
@@ -27,6 +27,15 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 16.x IS SLOW:
 	world, or to merely disable the most expensive debugging functionality
 	at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20260129:
+	The "net.inet6.ip6.use_stableaddr" sysctl is now on by default.
+	This changes the default algorithm to choose IPv6 SLAAC autogenerated
+	addresses from embedding the interface hardware address to using
+	SHA256-HMAC hash as described in RFC 7217 to derive an opaque but
+	stable Address.  If you are using autoconfigured IPv6 addresses at
+	reboot they will be different after this change, but constant
+	thereafter, please update your DNS records if any.
+
 20260106:
 	Zstd has moved to the new "zstd" package.  If you have set-minimal
 	installed, this package will be installed automatically, otherwise
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 0ca97125110c..8f557ba77af5 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -95,7 +95,7 @@ VNET_DEFINE(int, nd6_defifindex);
 #define	V_nd6_defifp			VNET(nd6_defifp)
 
 VNET_DEFINE(int, ip6_use_tempaddr) = 0;
-VNET_DEFINE(bool, ip6_use_stableaddr) = 0;
+VNET_DEFINE(bool, ip6_use_stableaddr) = 1;
 
 VNET_DEFINE(int, ip6_desync_factor);
 VNET_DEFINE(uint32_t, ip6_temp_max_desync_factor) = TEMP_MAX_DESYNC_FACTOR_BASE;