Date: Sun, 21 Sep 2025 11:58:15 +0200 From: Guido Falsi <madpilot@FreeBSD.org> To: "Herbert J. Skuhra" <herbert@gojira.at> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 Message-ID: <bad8cb94-8243-468a-9919-a713a9426eae@FreeBSD.org> In-Reply-To: <874iswhip4.wl-herbert@gojira.at> References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/21/25 00:17, Herbert J. Skuhra wrote: > On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: >> >> The branch main has been updated by madpilot: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=31ec8b6407fdd5a87d70265762457c67ce618283 >> >> commit 31ec8b6407fdd5a87d70265762457c67ce618283 >> Author: Guido Falsi <madpilot@FreeBSD.org> >> AuthorDate: 2025-09-20 12:26:41 +0000 >> Commit: Guido Falsi <madpilot@FreeBSD.org> >> CommitDate: 2025-09-20 12:31:44 +0000 >> >> sys/netinet6: Implement RFC 7217 >> >> Implement RFC 7217 (A Method for Generating Semantically Opaque >> Interface Identifiers with IPv6 Stateless Address Autoconfiguration >> (SLAAC)) in our IPv6 stack. >> >> A new ifconfig `stableaddr` flag is added to enable the feature on >> interfaces, which defaults to on or off for new interfaces based >> on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so >> this commit causes no change in behavior with default settings). >> >> The algorithm follows the RFC in its logic, using SHA256-HMAC as >> the algorithm to derive addresses so as to provide code that can >> be leveraged by future implentations of RFC 8981, leveraging the >> `hostuuid` as the secret. >> >> The source of the hostidentifier can be configured using the sysctl >> `net.inet6.ip6.stableaddr_netifsource`, while the number of retries >> generating a new address in case of collision can be configured >> using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). >> >> Documentation about all these flags is added to the ifconfig(8) man >> page. >> >> Reviewed by: cognet, glebius, hrs >> Tested by: zarychtam@plan-b.pwste.edu.pl >> Approved by: cognet, glebius >> Relnotes: yes >> Differential Revision: https://reviews.freebsd.org/D49681 >> --- >> sbin/ifconfig/af_inet6.c | 2 + >> sbin/ifconfig/af_nd6.c | 1 + >> sbin/ifconfig/ifconfig.8 | 30 +++++ >> sys/netinet6/in6.h | 3 + >> sys/netinet6/in6_ifattach.c | 275 +++++++++++++++++++++++++++++++++++++------- >> sys/netinet6/in6_ifattach.h | 2 + >> sys/netinet6/in6_proto.c | 10 ++ >> sys/netinet6/ip6_input.c | 1 + >> sys/netinet6/ip6_var.h | 12 ++ >> sys/netinet6/nd6.c | 9 ++ >> sys/netinet6/nd6.h | 2 + >> sys/netinet6/nd6_nbr.c | 35 +++++- >> sys/netinet6/nd6_rtr.c | 128 +++++++++++++-------- >> usr.sbin/ndp/ndp.c | 7 ++ >> 14 files changed, 423 insertions(+), 94 deletions(-) > > This commit breaks security/netbird: > > Management: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument > Signal: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument > Thanks for reporting this, I'm going to take a look shortly, although I'm not sure why, since the functionality is disabled by default. -- Guido Falsi <madpilot@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bad8cb94-8243-468a-9919-a713a9426eae>