Date: Sun, 21 Sep 2025 13:49:12 +0200 From: "Herbert J. Skuhra" <herbert@gojira.at> To: Guido Falsi <madpilot@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 Message-ID: <87jz1sc9fr.wl-herbert@gojira.at> In-Reply-To: <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org> References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at> <bad8cb94-8243-468a-9919-a713a9426eae@FreeBSD.org> <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 21 Sep 2025 12:44:42 +0200, Guido Falsi wrote: >=20 > On 9/21/25 11:58, Guido Falsi wrote: > > On 9/21/25 00:17, Herbert J. Skuhra wrote: > >> On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: > >>>=20 > >>> The branch main has been updated by madpilot: > >>>=20 > >>> URL: https://cgit.FreeBSD.org/src/commit/? > >>> id=3D31ec8b6407fdd5a87d70265762457c67ce618283 > >>>=20 > >>> commit 31ec8b6407fdd5a87d70265762457c67ce618283 > >>> Author:=A0=A0=A0=A0 Guido Falsi <madpilot@FreeBSD.org> > >>> AuthorDate: 2025-09-20 12:26:41 +0000 > >>> Commit:=A0=A0=A0=A0 Guido Falsi <madpilot@FreeBSD.org> > >>> CommitDate: 2025-09-20 12:31:44 +0000 > >>>=20 > >>> =A0=A0=A0=A0 sys/netinet6: Implement RFC 7217 > >>> =A0=A0=A0=A0 Implement RFC 7217 (A Method for Generating Semantically= Opaque > >>> =A0=A0=A0=A0 Interface Identifiers with IPv6 Stateless Address Autoco= nfiguration > >>> =A0=A0=A0=A0 (SLAAC)) in our IPv6 stack. > >>> =A0=A0=A0=A0 A new ifconfig `stableaddr` flag is added to enable the = feature on > >>> =A0=A0=A0=A0 interfaces, which defaults to on or off for new interfac= es based > >>> =A0=A0=A0=A0 on the sysctl `net.inet6.ip6.use_stableaddr` (off by def= ault, so > >>> =A0=A0=A0=A0 this commit causes no change in behavior with default se= ttings). > >>> =A0=A0=A0=A0 The algorithm follows the RFC in its logic, using SHA256= -HMAC as > >>> =A0=A0=A0=A0 the algorithm to derive addresses so as to provide code = that can > >>> =A0=A0=A0=A0 be leveraged by future implentations of RFC 8981, levera= ging the > >>> =A0=A0=A0=A0 `hostuuid` as the secret. > >>> =A0=A0=A0=A0 The source of the hostidentifier can be configured using= the sysctl > >>> =A0=A0=A0=A0 `net.inet6.ip6.stableaddr_netifsource`, while the number= of retries > >>> =A0=A0=A0=A0 generating a new address in case of collision can be con= figured > >>> =A0=A0=A0=A0 using the `net.inet6.ip6.stableaddr_maxretries` sysctl (= default 3). > >>> =A0=A0=A0=A0 Documentation about all these flags is added to the ifco= nfig(8) man > >>> =A0=A0=A0=A0 page. > >>> =A0=A0=A0=A0 Reviewed by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 cognet, gl= ebius, hrs > >>> =A0=A0=A0=A0 Tested by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 zarych= tam@plan-b.pwste.edu.pl > >>> =A0=A0=A0=A0 Approved by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 cognet, gl= ebius > >>> =A0=A0=A0=A0 Relnotes:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 yes > >>> =A0=A0=A0=A0 Differential Revision:=A0 https://reviews.freebsd.org/D4= 9681 > >>> --- > >>> =A0 sbin/ifconfig/af_inet6.c=A0=A0=A0 |=A0=A0 2 + > >>> =A0 sbin/ifconfig/af_nd6.c=A0=A0=A0=A0=A0 |=A0=A0 1 + > >>> =A0 sbin/ifconfig/ifconfig.8=A0=A0=A0 |=A0 30 +++++ > >>> =A0 sys/netinet6/in6.h=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 3 + > >>> =A0 sys/netinet6/in6_ifattach.c | 275 > >>> +++++++++++++++++++++++++++++++++ ++++------- > >>> =A0 sys/netinet6/in6_ifattach.h |=A0=A0 2 + > >>> =A0 sys/netinet6/in6_proto.c=A0=A0=A0 |=A0 10 ++ > >>> =A0 sys/netinet6/ip6_input.c=A0=A0=A0 |=A0=A0 1 + > >>> =A0 sys/netinet6/ip6_var.h=A0=A0=A0=A0=A0 |=A0 12 ++ > >>> =A0 sys/netinet6/nd6.c=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 9 ++ > >>> =A0 sys/netinet6/nd6.h=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 2 + > >>> =A0 sys/netinet6/nd6_nbr.c=A0=A0=A0=A0=A0 |=A0 35 +++++- > >>> =A0 sys/netinet6/nd6_rtr.c=A0=A0=A0=A0=A0 | 128 +++++++++++++-------- > >>> =A0 usr.sbin/ndp/ndp.c=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 7 ++ > >>> =A0 14 files changed, 423 insertions(+), 94 deletions(-) > >>=20 > >> This commit breaks security/netbird: > >>=20 > >> Management: Disconnected, reason: create wg interface: error > >> creating tun device: unable to get nd6 flags for tun0: invalid > >> argument > >> Signal: Disconnected, reason: create wg interface: error creating > >> tun device: unable to get nd6 flags for tun0: invalid argument > >>=20 > >=20 > > Thanks for reporting this, > >=20 > > I'm going to take a look shortly, although I'm not sure why, since > > the functionality is disabled by default. > >=20 > >=20 >=20 > Hi again, >=20 > I'm going to try to reproduce this, but in the while, looking at the > source code, the error comes from the wireguard-go package that is > being used by netbird (we also have that in a port of its own BTW). >=20 > The code there is manipulating the interface flags at a low level, but > my commit modified that structure. There is some chance that simply > forcing a rebuild and reinstall of the package will "fix" it. >=20 > Have you tried that? >=20 > If you already have, I'll go on and reproduce locally, if I can. Yes, I've already rebuilt both go124 and netbird. Sorry I didn't mention this before.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87jz1sc9fr.wl-herbert>