From nobody Sun Sep 21 09:58:15 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cV1s51xgCz67rW6; Sun, 21 Sep 2025 09:58:17 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cV1s50sNvz3S84; Sun, 21 Sep 2025 09:58:17 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758448697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=mU/P63n0mX1ly8/zOJImkxBaGNQBYIACRbnyNPz2hWQ=; b=AtHafsPRGM5goGex76306ceC0T+iQzwelDhEDPz0UB0erD9fRijIDjwFeAIBrij6htP10x 4GSi9EbJH/Xw0lOEiBasWqOoeNoAkIoChL19kOzaO/KUInKyGMJ+RQi8EbvxOg73i+pQbm KsKbEyWuz/FNY3+huT4/zxMiryhJJJ1Ns88XBUvRWu1gragcQDh74eaoMTiL8TjqUV9lry Tl6PDZbf9mDgSxI87NTgt3Eh+xmB272zlAR6lygyoxyFZeE0clYQrd6DOrf358Ia31Xsat 4vmYh6wBuTHSfPWULhKOcd4jS0iQCd5kUNT/oaHz4uhbLg+4L3reY2xhKJJvhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758448697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=mU/P63n0mX1ly8/zOJImkxBaGNQBYIACRbnyNPz2hWQ=; b=cSYFVkbhUaLqetzL7OKUEApyA2SjnzR/E2M+12tu/4R5lhfDYhxLHc+vJIdY6XAJfj345L nvv/OAyCn239TVUK6W7hqy0vsz5+1+IwmkJyjmloZe5C51bW5zejgs4afW5A/OFF9mTseM k6GqdockKiG4tDLkmh6bOLAorZfpdQmjFoNsXtdSyqudo6MILVXB1TnoMTsKqXhmpHo8CI P27YYlXaewqbCidH/ZIM6io+qEgZrnFY8IrZDqLbqGkzcr9n9r5NZf7VVuXVJyo+o3Nfka AQr/q8QQCvkSAI+0BHRjmAH5LeLqoVR0OoKBI3cfnTD95BGK7eOryH8OFGLCyg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758448697; a=rsa-sha256; cv=none; b=SaoeJcLY9liegaWvXZ69rRHgmj4juCkqMHP4AXTPrYSPYsY1v6qPExNrBxvbdMdHl6cuQR H76eq+yiyCfTSO3kJ/hGG1sbht7slS0ZAtk6hC8sLSrubkn6bJ15MqBH4p5OYw5RggCdIn /XLv4+hotoTmDHayDyCKda3sFTAJpZhWdFYS3iHMtx8vAd2p2zElbOI8YvpeRjvssRXt1+ ZgfxRxfsLfsmJgQj6sxUI8PWIUDI8OA7jq4xpoFU9tLYudYuQefzFSNOp+uPA0ezjilXfO sOt+F+hURGve7d1X+mDpQV058OsHKTRKNjr022/4FqrbJL50FTS5A1YAxTW2eg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from [IPV6:2a01:e11:2002:4280::13:1] (unknown [IPv6:2a01:e11:2002:4280::13:1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cV1s43hYtz1cT; Sun, 21 Sep 2025 09:58:16 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: Date: Sun, 21 Sep 2025 11:58:15 +0200 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 To: "Herbert J. Skuhra" Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at> Content-Language: en-US, it, en-GB Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: <874iswhip4.wl-herbert@gojira.at> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 9/21/25 00:17, Herbert J. Skuhra wrote: > On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: >> >> The branch main has been updated by madpilot: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=31ec8b6407fdd5a87d70265762457c67ce618283 >> >> commit 31ec8b6407fdd5a87d70265762457c67ce618283 >> Author: Guido Falsi >> AuthorDate: 2025-09-20 12:26:41 +0000 >> Commit: Guido Falsi >> CommitDate: 2025-09-20 12:31:44 +0000 >> >> sys/netinet6: Implement RFC 7217 >> >> Implement RFC 7217 (A Method for Generating Semantically Opaque >> Interface Identifiers with IPv6 Stateless Address Autoconfiguration >> (SLAAC)) in our IPv6 stack. >> >> A new ifconfig `stableaddr` flag is added to enable the feature on >> interfaces, which defaults to on or off for new interfaces based >> on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so >> this commit causes no change in behavior with default settings). >> >> The algorithm follows the RFC in its logic, using SHA256-HMAC as >> the algorithm to derive addresses so as to provide code that can >> be leveraged by future implentations of RFC 8981, leveraging the >> `hostuuid` as the secret. >> >> The source of the hostidentifier can be configured using the sysctl >> `net.inet6.ip6.stableaddr_netifsource`, while the number of retries >> generating a new address in case of collision can be configured >> using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). >> >> Documentation about all these flags is added to the ifconfig(8) man >> page. >> >> Reviewed by: cognet, glebius, hrs >> Tested by: zarychtam@plan-b.pwste.edu.pl >> Approved by: cognet, glebius >> Relnotes: yes >> Differential Revision: https://reviews.freebsd.org/D49681 >> --- >> sbin/ifconfig/af_inet6.c | 2 + >> sbin/ifconfig/af_nd6.c | 1 + >> sbin/ifconfig/ifconfig.8 | 30 +++++ >> sys/netinet6/in6.h | 3 + >> sys/netinet6/in6_ifattach.c | 275 +++++++++++++++++++++++++++++++++++++------- >> sys/netinet6/in6_ifattach.h | 2 + >> sys/netinet6/in6_proto.c | 10 ++ >> sys/netinet6/ip6_input.c | 1 + >> sys/netinet6/ip6_var.h | 12 ++ >> sys/netinet6/nd6.c | 9 ++ >> sys/netinet6/nd6.h | 2 + >> sys/netinet6/nd6_nbr.c | 35 +++++- >> sys/netinet6/nd6_rtr.c | 128 +++++++++++++-------- >> usr.sbin/ndp/ndp.c | 7 ++ >> 14 files changed, 423 insertions(+), 94 deletions(-) > > This commit breaks security/netbird: > > Management: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument > Signal: Disconnected, reason: create wg interface: error creating tun device: unable to get nd6 flags for tun0: invalid argument > Thanks for reporting this, I'm going to take a look shortly, although I'm not sure why, since the functionality is disabled by default. -- Guido Falsi