Date: Sun, 11 May 2025 10:45:27 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Ronald Klop <ronald-lists@klop.ws>, Guido Falsi <madpilot@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org>, net@FreeBSD.org Subject: Re: RFC: Implementation of RFC 7217 [A Method for Generating Semantically Opaque Interface Identifiers, with IPv6 Stateless Address Autoconfiguration (SLAAC)] Message-ID: <df0edc1f-3d45-42e3-8c6a-66518c05fa33@plan-b.pwste.edu.pl> In-Reply-To: <1699210246.52160.1744195886991@localhost> References: <45b17684-75ef-4953-b59a-3c3b483ba21b@FreeBSD.org> <61dfdcac-4893-4c4b-b7e2-48164f1f0c80@plan-b.pwste.edu.pl> <1b9603d8-7128-4809-9926-048426db122e@FreeBSD.org> <1699210246.52160.1744195886991@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] W dniu 9.04.2025 o 12:51, Ronald Klop pisze: > Hi, > > Next to hostuuid you could add a jailname in the mix. > > That is what ether_gen_addr(9) does to make it easier to prevent > collisions while copying jails around or run a jail on a readonly > shared base filesystem. > > Regards, > Ronald. I ran several tests in VNET jails to evaluate the combined behavior of D49681 and D50108. Based on the results, I concluded that since the logic is implemented entirely in the kernel, only the host system’s |hostid| has an effect. This means that cloned or copied jails using interfaces with different names will not interfere with each other. However, if multiple jails are running on the same host and use the same internal interface names, they will be affected by this behavior. Cheers Marek > > *Van:* Guido Falsi <madpilot@FreeBSD.org> > *Datum:* woensdag, 9 april 2025 12:17 > *Aan:* Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>, FreeBSD Current > <freebsd-current@freebsd.org>, net@FreeBSD.org > *Onderwerp:* Re: RFC: Implementation of RFC 7217 [A Method for > Generating Semantically Opaque Interface Identifiers, with IPv6 > Stateless Address Autoconfiguration (SLAAC)] > > On 4/6/25 23:38, Marek Zarychta wrote: > > W dniu 6.04.2025 o 16:49, Guido Falsi pisze: > >> Hi! > >> > >> I have recently implemented and tested the patch at [1], which > >> implements RFC 7217, about generating IPv6 addresses that are > constant >> through reboots, but do not expose the MAC address of > the machine, not >> being in any way derived by those. > >> > >> I'd like to get comments, testing and review for this patch, > with the >> objective of getting approval to commit it to head > once it is >> streamlined enough. > >> > >> BTW I'd like to thank cognet for his suggestions and help with > the >> patch, in particular his help in finding the correct way to > implement >> the dad_failures counter. > >> > >> > >> And thanks in advance to anyone willing to give feedback! > >> > >> > >> [1] https://reviews.freebsd.org/D49681 > >> > > This is great news for the community ! > > > > I've already started testing it on both a desktop and a laptop - > which > is probably even more valuable, especially since the > laptop will be > connecting to various networks. If I encounter > any issues, I will post > comments in the review. > > I posted an updated patch, addressing feedback and containing some > more improvements. > > If testing this new patch, the flag needs to be activated per > interface with ifconfig(8) now, or via tunable in loader.conf. > > Should generate the same addresses it was generating before, with > the only exception of the (relatively improbable) case that the > previous patch was generating a reserved IPv6 address, which is > now checked for and another one generated in such a case. > > -- > Guido Falsi <madpilot@FreeBSD.org> > ------------------------------------------------------------------------ > > [-- Attachment #2 --] <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <div class="moz-cite-prefix">W dniu 9.04.2025 o 12:51, Ronald Klop pisze:<br> </div> <blockquote type="cite" cite="mid:1699210246.52160.1744195886991@localhost">Hi,<br> <br> Next to hostuuid you could add a jailname in the mix.<br> <br> That is what ether_gen_addr(9) does to make it easier to prevent collisions while copying jails around or run a jail on a readonly shared base filesystem.<br> <br> Regards,<br> Ronald.<br> </blockquote> <p>I ran several tests in VNET jails to evaluate the combined behavior of D49681 and D50108. Based on the results, I concluded that since the logic is implemented entirely in the kernel, only the <span data-start="267" data-end="282">host system’s</span> <code data-start="283" data-end="291">hostid</code> has an effect. This means that cloned or copied jails using interfaces with different names will not interfere with each other. However, if multiple jails are running on the same host and use the <span data-start="488" data-end="519">same internal interface names</span>, they will be affected by this behavior.</p> <p>Cheers</p> <p>Marek</p> <blockquote type="cite" cite="mid:1699210246.52160.1744195886991@localhost"> <br> <p><strong>Van:</strong> Guido Falsi <a class="moz-txt-link-rfc2396E" href="mailto:madpilot@FreeBSD.org"><madpilot@FreeBSD.org></a><br> <strong>Datum:</strong> woensdag, 9 april 2025 12:17<br> <strong>Aan:</strong> Marek Zarychta <a class="moz-txt-link-rfc2396E" href="mailto:zarychtam@plan-b.pwste.edu.pl"><zarychtam@plan-b.pwste.edu.pl></a>, FreeBSD Current <a class="moz-txt-link-rfc2396E" href="mailto:freebsd-current@freebsd.org"><freebsd-current@freebsd.org></a>, <a class="moz-txt-link-abbreviated" href="mailto:net@FreeBSD.org">net@FreeBSD.org</a><br> <strong>Onderwerp:</strong> Re: RFC: Implementation of RFC 7217 [A Method for Generating Semantically Opaque Interface Identifiers, with IPv6 Stateless Address Autoconfiguration (SLAAC)]</p> <blockquote> <div class="MessageRFC822Viewer" id="P"> <div class="TextPlainViewer" id="P.P">On 4/6/25 23:38, Marek Zarychta wrote:<br> > W dniu 6.04.2025 o 16:49, Guido Falsi pisze:<br> >> Hi!<br> >><br> >> I have recently implemented and tested the patch at [1], which >> implements RFC 7217, about generating IPv6 addresses that are constant >> through reboots, but do not expose the MAC address of the machine, not >> being in any way derived by those.<br> >><br> >> I'd like to get comments, testing and review for this patch, with the >> objective of getting approval to commit it to head once it is >> streamlined enough.<br> >><br> >> BTW I'd like to thank cognet for his suggestions and help with the >> patch, in particular his help in finding the correct way to implement >> the dad_failures counter.<br> >><br> >><br> >> And thanks in advance to anyone willing to give feedback!<br> >><br> >><br> >> [1] <a href="https://reviews.freebsd.org/D49681" moz-do-not-send="true" class="moz-txt-link-freetext">https://reviews.freebsd.org/D49681</a><br>; >><br> > This is great news for the community !<br> ><br> > I've already started testing it on both a desktop and a laptop - which > is probably even more valuable, especially since the laptop will be > connecting to various networks. If I encounter any issues, I will post > comments in the review.<br> <br> I posted an updated patch, addressing feedback and containing some more improvements.<br> <br> If testing this new patch, the flag needs to be activated per interface with ifconfig(8) now, or via tunable in loader.conf.<br> <br> Should generate the same addresses it was generating before, with the only exception of the (relatively improbable) case that the previous patch was generating a reserved IPv6 address, which is now checked for and another one generated in such a case.<br> <br> -- <br> Guido Falsi <a class="moz-txt-link-rfc2396E" href="mailto:madpilot@FreeBSD.org"><madpilot@FreeBSD.org></a><br> </div> <hr></div> </blockquote> <br> </blockquote> </body> </html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df0edc1f-3d45-42e3-8c6a-66518c05fa33>