Re: we should enable RFC7217 by default

On 1/28/26 11:00, Brooks Davis wrote:
> On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote:
>> Hi everyone,
>>
>> With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable
>> it by default in CURRENT at least.
>> As you may already know, we currently use the EUI64 method for generating
>> stable IPv6 addresses, which has serious privacy issues.
>>
>> IMHO, trying to maintain backward compatibility defeats the purpose of a
>> privacy RFC.
>>
>> To be clear, we don't want to change the ip addresses of existing servers.
>> However, it's reasonable for users to expect changes during a major upgrade
>> (15 -> 16), a fresh install of a new major release, or living on CURRENT.
>> So, for obvious reasons, changing the default value would not be MFCed.
>>
>> What do you think?
> 
> I wonder if we should ship an update to 15 (landing in 15.1) explicitly
> adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to
> /etc/sysctl.conf so people who later upgrade to 16 aren't painfully
> surprised when their server disappears.  New installs of 16 would get
> the new default, but upgrades would keep the old default.  The downside
> would be that people who have edited sysctl.conf would have a merge
> conflict to resolve, but that's a fairly normal thing.
> 
> -- Brooks
> 


Hi all, I just committed the change in the default (thanks to zlei for 
approving it, and all the reviewers). [1]


I'll also send an heads up to current@ and net@ just in case.


I am replying t this specific message in the thread because I do like 
brooks' idea on how to introduce this on stable.

Once I get the MFC approved and committed [2], I could send a further PR 
implementing such a change on stable/15 sysctl.conf.

Thanks all for the support.



[1] 
https://cgit.freebsd.org/src/commit/?id=a2eb0894b79bd0241e51c6888a52bea369ae8a6a

[2] https://reviews.freebsd.org/D54382

-- 
Guido Falsi <madpilot@FreeBSD.org>