From nobody Mon Feb 9 21:09:04 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f8y432tBsz6QX92 for ; Mon, 09 Feb 2026 21:09:07 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f8y432N9Mz3cbV; Mon, 09 Feb 2026 21:09:07 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770671347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=MAtDIbbwZZ5iQk7U6eSd0Oza6Wz2Ul0uNTBctHyhXME=; b=UmmH8JrmbUbLTmsG51TQRqcDLQ+l9XxYTgjA1b4114pqqwrWKd6gZDG52tLeQ4lZyvQxNJ GBNqLQKkTudcHGeO1GTeF0oMfanzb5GsqUxyBx/WV49iEQx8/EDMUxUFiS9EdjlFAhRW+R EjyquLtsMrojpkyKKRtqZc8spd1VgBK5yKMiGzAtw2A5nsW2sqK4/5YtC4IAiwqFnaEe6N ATRDka4+uW+UqPoexkj/hEIhvqSlBnGJmPi4+YPL5L9VXmlRB6aedo8kSJNqrTTU0kR6Fx OpnwCN4oVxWaviB9Y7Xsio9ytS0ROPuxHYic6y9cxbIUQjPfSSJw4OqSEk3MAw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770671347; a=rsa-sha256; cv=none; b=WinGuw/SmWmjYVNHaOYG4S+HLfUsnhSZo23PDliE/Gdwgs5M/ZgKwhwYa6XkpyBsgvB3wg BMn9xiEEGkCeG1hZxGWRs1b4jIKpoV2iqm/Em5tdJ1biALJqwHID70MttBdKr4mD2gRcaf MQ5y/nRLIrkz7KLhpoFon56mpLVqfJtWg9d9+RNNsBthXKm8JRQUNDWa5qthDSOclAbrll qk59nhUrKhx5u8LFdfhsuGM2dwqs8u2Inzyf/piY6U0UsQYV75An6jnsowqXFzgZ6nf4eW H6cfbzGGxbFfv/bbxmDVBbxBG4MXOM5DRhM9mkDiM8n05f755IUEfcApcpVIww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770671347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=MAtDIbbwZZ5iQk7U6eSd0Oza6Wz2Ul0uNTBctHyhXME=; b=g/8mbWvKIMuc1KLXaTwlTqRM5ShTweh5hPDn6OOMOW0/0ZsyDzag6+wQzOTR6Ki+KXAQOK x1aRsRpji+vfla0wKzJ9cwhpX9JrERIOvOpp7GSU+3Jvxk9uHkuJqtjaG5v1/CHUMqbIlg ohUs/3xtrFjONtybPfBZpRlY9BGLPmN2HLOpboqak6F9fkpt7NS/9/S6JFkO7XFVAumokQ kWgU0WFVIIXumovoSRBGf4NHqika5BXi2UgzEIzEwm+7MBib1QKXVbpmpdnHtgprGdSd7J YHhL3Od1UycnRoWYaSu/2FK3Tk+pG1OM1G4MAVx+ZMKhTn9vLZ5GKcNUus819w== Received: from [IPV6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a] (unknown [IPv6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4f8y425tl1z6Kt; Mon, 09 Feb 2026 21:09:06 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: <2593e290-77ec-41d1-801a-79a6eff3dc93@FreeBSD.org> Date: Mon, 9 Feb 2026 22:09:04 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: we should enable RFC7217 by default To: Brooks Davis , Pouria Mousavizadeh Tehrani Cc: freebsd-current@freebsd.org References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <7521210e-1348-40b8-85ed-8e7a0d3b290a@FreeBSD.org> Content-Language: en-US Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: <7521210e-1348-40b8-85ed-8e7a0d3b290a@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/9/26 21:49, Guido Falsi wrote: > On 1/28/26 11:00, Brooks Davis wrote: >> On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani >> wrote: >>> Hi everyone, >>> >>> With `net.inet6.ip6.use_stableaddr` now available, I believe we >>> should enable >>> it by default in CURRENT at least. >>> As you may already know, we currently use the EUI64 method for >>> generating >>> stable IPv6 addresses, which has serious privacy issues. >>> >>> IMHO, trying to maintain backward compatibility defeats the purpose of a >>> privacy RFC. >>> >>> To be clear, we don't want to change the ip addresses of existing >>> servers. >>> However, it's reasonable for users to expect changes during a major >>> upgrade >>> (15 -> 16), a fresh install of a new major release, or living on >>> CURRENT. >>> So, for obvious reasons, changing the default value would not be MFCed. >>> >>> What do you think? >> >> I wonder if we should ship an update to 15 (landing in 15.1) explicitly >> adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to >> /etc/sysctl.conf so people who later upgrade to 16 aren't painfully >> surprised when their server disappears.  New installs of 16 would get >> the new default, but upgrades would keep the old default.  The downside >> would be that people who have edited sysctl.conf would have a merge >> conflict to resolve, but that's a fairly normal thing. >> >> -- Brooks >> > > > Hi all, I just committed the change in the default (thanks to zlei for > approving it, and all the reviewers). [1] > > > I'll also send an heads up to current@ and net@ just in case. > > > I am replying t this specific message in the thread because I do like > brooks' idea on how to introduce this on stable. > > Once I get the MFC approved and committed [2], I could send a further PR > implementing such a change on stable/15 sysctl.conf. While writing my heads up message I just noticed this plan cannot work, unluckily. Due to the nature of the sysctl, enabling it via /etc/sysctl.conf would cause the change to only affect interfaces created after sourcing the file. This means that for most machines the default interface would be unaffected and keep the default to the in kernel one. To achieve the effect Brooks suggests would require the "soft switch" to happen via loader.conf. Not sure if this is a good idea though. -- Guido Falsi