From nobody Sun Sep 21 11:49:12 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cV4Kx4cYfz680p2; Sun, 21 Sep 2025 11:49:57 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [IPv6:2001:67c:2050:0:465::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4cV4Kx2CKcz3bVK; Sun, 21 Sep 2025 11:49:57 +0000 (UTC) (envelope-from herbert@gojira.at) Authentication-Results: mx1.freebsd.org; none Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4cV4Kg4JGwz9tBL; Sun, 21 Sep 2025 13:49:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gojira.at; s=MBO0001; t=1758455383; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Fx0n6RJ4iML3uNOmVUdRquJXnnViJlr5GVir0rVl+7c=; b=YvnBbqQveuU3TWrncxHvL5G1WXVOZE3nNQEPRF0V0qVQ4tm0sWvJiwjlWqAc+7/G7+7eJ5 lyeG4b9w7LXqhKyuoQkzXuucbK+pquC7sU6t5Z/nAA8y1btqsZJ6mLKI3DBwJb7swaqeI5 3E8o7eQ8bVnj49ue/CroNAJgwYEjRz83nKzNllxSn13EKWTRx/rxKbvz4y7LwYwz75dxbO qtTKNm5Qwkv89SpoCYFiMPYNVwaHM4EPew0uDW8dzDE+Oen/l5DHZP9pteESIaXCFiN2c2 mpjFb+hP3M4mAMTewTn/ONUCwmbAH4ZxB3IhkjcAAZhPSwH9Jp4YpjWSlwU6gw== Date: Sun, 21 Sep 2025 13:49:12 +0200 Message-ID: <87jz1sc9fr.wl-herbert@gojira.at> From: "Herbert J. Skuhra" To: Guido Falsi Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 In-Reply-To: <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org> References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at> <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:199118, ipnet:2001:67c:2050::/48, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4cV4Kx2CKcz3bVK On Sun, 21 Sep 2025 12:44:42 +0200, Guido Falsi wrote: >=20 > On 9/21/25 11:58, Guido Falsi wrote: > > On 9/21/25 00:17, Herbert J. Skuhra wrote: > >> On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: > >>>=20 > >>> The branch main has been updated by madpilot: > >>>=20 > >>> URL: https://cgit.FreeBSD.org/src/commit/? > >>> id=3D31ec8b6407fdd5a87d70265762457c67ce618283 > >>>=20 > >>> commit 31ec8b6407fdd5a87d70265762457c67ce618283 > >>> Author:=A0=A0=A0=A0 Guido Falsi > >>> AuthorDate: 2025-09-20 12:26:41 +0000 > >>> Commit:=A0=A0=A0=A0 Guido Falsi > >>> CommitDate: 2025-09-20 12:31:44 +0000 > >>>=20 > >>> =A0=A0=A0=A0 sys/netinet6: Implement RFC 7217 > >>> =A0=A0=A0=A0 Implement RFC 7217 (A Method for Generating Semantically= Opaque > >>> =A0=A0=A0=A0 Interface Identifiers with IPv6 Stateless Address Autoco= nfiguration > >>> =A0=A0=A0=A0 (SLAAC)) in our IPv6 stack. > >>> =A0=A0=A0=A0 A new ifconfig `stableaddr` flag is added to enable the = feature on > >>> =A0=A0=A0=A0 interfaces, which defaults to on or off for new interfac= es based > >>> =A0=A0=A0=A0 on the sysctl `net.inet6.ip6.use_stableaddr` (off by def= ault, so > >>> =A0=A0=A0=A0 this commit causes no change in behavior with default se= ttings). > >>> =A0=A0=A0=A0 The algorithm follows the RFC in its logic, using SHA256= -HMAC as > >>> =A0=A0=A0=A0 the algorithm to derive addresses so as to provide code = that can > >>> =A0=A0=A0=A0 be leveraged by future implentations of RFC 8981, levera= ging the > >>> =A0=A0=A0=A0 `hostuuid` as the secret. > >>> =A0=A0=A0=A0 The source of the hostidentifier can be configured using= the sysctl > >>> =A0=A0=A0=A0 `net.inet6.ip6.stableaddr_netifsource`, while the number= of retries > >>> =A0=A0=A0=A0 generating a new address in case of collision can be con= figured > >>> =A0=A0=A0=A0 using the `net.inet6.ip6.stableaddr_maxretries` sysctl (= default 3). > >>> =A0=A0=A0=A0 Documentation about all these flags is added to the ifco= nfig(8) man > >>> =A0=A0=A0=A0 page. > >>> =A0=A0=A0=A0 Reviewed by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 cognet, gl= ebius, hrs > >>> =A0=A0=A0=A0 Tested by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 zarych= tam@plan-b.pwste.edu.pl > >>> =A0=A0=A0=A0 Approved by:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 cognet, gl= ebius > >>> =A0=A0=A0=A0 Relnotes:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 yes > >>> =A0=A0=A0=A0 Differential Revision:=A0 https://reviews.freebsd.org/D4= 9681 > >>> --- > >>> =A0 sbin/ifconfig/af_inet6.c=A0=A0=A0 |=A0=A0 2 + > >>> =A0 sbin/ifconfig/af_nd6.c=A0=A0=A0=A0=A0 |=A0=A0 1 + > >>> =A0 sbin/ifconfig/ifconfig.8=A0=A0=A0 |=A0 30 +++++ > >>> =A0 sys/netinet6/in6.h=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 3 + > >>> =A0 sys/netinet6/in6_ifattach.c | 275 > >>> +++++++++++++++++++++++++++++++++ ++++------- > >>> =A0 sys/netinet6/in6_ifattach.h |=A0=A0 2 + > >>> =A0 sys/netinet6/in6_proto.c=A0=A0=A0 |=A0 10 ++ > >>> =A0 sys/netinet6/ip6_input.c=A0=A0=A0 |=A0=A0 1 + > >>> =A0 sys/netinet6/ip6_var.h=A0=A0=A0=A0=A0 |=A0 12 ++ > >>> =A0 sys/netinet6/nd6.c=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 9 ++ > >>> =A0 sys/netinet6/nd6.h=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 2 + > >>> =A0 sys/netinet6/nd6_nbr.c=A0=A0=A0=A0=A0 |=A0 35 +++++- > >>> =A0 sys/netinet6/nd6_rtr.c=A0=A0=A0=A0=A0 | 128 +++++++++++++-------- > >>> =A0 usr.sbin/ndp/ndp.c=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0 7 ++ > >>> =A0 14 files changed, 423 insertions(+), 94 deletions(-) > >>=20 > >> This commit breaks security/netbird: > >>=20 > >> Management: Disconnected, reason: create wg interface: error > >> creating tun device: unable to get nd6 flags for tun0: invalid > >> argument > >> Signal: Disconnected, reason: create wg interface: error creating > >> tun device: unable to get nd6 flags for tun0: invalid argument > >>=20 > >=20 > > Thanks for reporting this, > >=20 > > I'm going to take a look shortly, although I'm not sure why, since > > the functionality is disabled by default. > >=20 > >=20 >=20 > Hi again, >=20 > I'm going to try to reproduce this, but in the while, looking at the > source code, the error comes from the wireguard-go package that is > being used by netbird (we also have that in a port of its own BTW). >=20 > The code there is manipulating the interface flags at a low level, but > my commit modified that structure. There is some chance that simply > forcing a rebuild and reinstall of the package will "fix" it. >=20 > Have you tried that? >=20 > If you already have, I'll go on and reproduce locally, if I can. Yes, I've already rebuilt both go124 and netbird. Sorry I didn't mention this before.