From nobody Sun May 11 08:45:27 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZwGXc4FW9z5wXpt; Sun, 11 May 2025 08:45:36 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "plan-b.pwste.edu.pl", Issuer "GEANT OV RSA CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZwGXc1vQ6z3nmT; Sun, 11 May 2025 08:45:36 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=EPmIxHNF; spf=pass (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl designates 2001:678:618::40 as permitted sender) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl; dmarc=pass (policy=quarantine) header.from=plan-b.pwste.edu.pl Received: from [192.168.7.70] (dom.potoki.eu [62.133.140.50]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.18.1/8.17.2) with ESMTPSA id 54B8jSH8087319 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Sun, 11 May 2025 10:45:28 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1746953129; bh=wIq4JHjPcBjJV9J5pOCdGcum1qlX5IesL/sJ3rx92X8=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=EPmIxHNFGhT0Pw6Odbb9yl22vp1kB0xQ/44u+e8u1AmZxto65Wm4fMjhOSjy5pxDd RX4bGgQ8mFz5QA8X7U7qxqDm4eeiaeoyGpIefoXFVsATeOmyaWan8Ag0uLsxq06s54 cQXLBLvTfjw0HXN5Uq8ZGl6c8eal+5e9REv1dC/cnBinsSOYhJZbtkAfZmTeRuYStq XlmrFD+70t4hF4+4InKw7bcXVouLKQASJ3lyPvqhHLeKYc1kTCJIPgGMYf2wdYq13q gPayepP7FEloxYoiZZFI+wx9I7SzZIYUS/F1IWX/aFbeYmJ+bxDSwND/GX1KSEvUuI 0Kru5+lr2acqg== X-Authentication-Warning: plan-b.pwste.edu.pl: Host dom.potoki.eu [62.133.140.50] claimed to be [192.168.7.70] Content-Type: multipart/alternative; boundary="------------DXZkO9hGmrQKNq0rfiBEIQbF" Message-ID: Date: Sun, 11 May 2025 10:45:27 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: RFC: Implementation of RFC 7217 [A Method for Generating Semantically Opaque Interface Identifiers, with IPv6 Stateless Address Autoconfiguration (SLAAC)] To: Ronald Klop , Guido Falsi Cc: FreeBSD Current , net@FreeBSD.org References: <45b17684-75ef-4953-b59a-3c3b483ba21b@FreeBSD.org> <61dfdcac-4893-4c4b-b7e2-48164f1f0c80@plan-b.pwste.edu.pl> <1b9603d8-7128-4809-9926-048426db122e@FreeBSD.org> <1699210246.52160.1744195886991@localhost> Content-Language: en-US From: Marek Zarychta Autocrypt: addr=zarychtam@plan-b.pwste.edu.pl; keydata= xsBNBFfi3cMBCADLecMTFXad4uDXqv3eRuB4qJJ8G9tzzFezeRnnwxOsPdytW5ES2z1ibSrR IsiImx6+PTqrAmXpTInxAi7yiZGdSiONRI4CCxKY9d1YFiNYT/2WyNXCekm9x29YeIU7x0JB Llbz0f/9HC+styBIu2H+PY/X98Clzm110CS+n/b9l1AtiGxTiVFj7/uavYAKxH6LNWnbkuc5 v8EVNc7NkEcl5h7Z9X5NEtzDxTOiBIFQ/kOT7LAtkYUPo1lqLeOM2DtWSXTXQgXl0zJI4iP1 OAu4qQYm2nXwq4b2AH9peknelvnt1mpfgDCGSKnhc26q6ibTfMwydp+tvUtQIQYpA6b9ABEB AAHNN01hcmVrIFphcnljaHRhIChQbGFuLWIpIDx6YXJ5Y2h0YW1AcGxhbi1iLnB3c3RlLmVk dS5wbD7CwHcEEwEIACEFAlfi4LkCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQHZW8 vIFppoJXdgf8D9X3VRFSNaR9lthSx/+uqas17J3FJKBo1xMQsC2a+44vzNvYJSuPGLLJ+LW2 HPVazjP/BWZJbxOYpliY4zxNRU0YCp0BLIVLibc//yax+mE42FND/+NiIZhqJscl6MLPrSwo sIwXec4XYkldkyqW/xBbBYXoIkBqdKB9j5j42Npy1IV/RizOSdmvTWY27ir8e/yGMR1RLr4F 8P5K3OWTdlGy2H2F/3J8bIPBLG6FpaIyLQw4dHSx8V02PYqDxK1cNo2kAOnU8PnZL/AGuMOH iv3MN1VYL8ehcmpBBsrZGebQJxrjY2/5IaTSgp9xHYT70kshuU6Qb97vk1mOjNZxgc7ATQRX 4t3DAQgA10h6RCXuBLMHxq5B8X/ZIlj9sgLoeyfRdDZEc9rT2KUeUJVHDsbvOFf4/7F1ovWY hJbA6GK/LUZeHHTjnbZcH1uDYQeHly4UOLxeEvhGoz4JhS2C7JzN/uRnwbdOAUbJr8rUj/IY a7gk906rktsc/Ldrxrxh7O6WO0JCh2XO/p4pDfEwwB37g4xHprSab28ECYJ9JMbtA8Sy4M55 g3+GQ28FvSlGnx48OoGXU2BZdc1vZKSQmNOlikB+9/hDX8zdYWVfDaX1TLQ8Ib4+xTUmapza mV/bxIsaZRBw+jFjLQHhTbIMfPEU+4mxFDvTdbKPruKPqVf1ydgMnPZWngowdwARAQABwsBf BBgBCAAJBQJX4t3DAhsMAAoJEB2VvLyBaaaC6qkIAJs9sDPqrqW0bYoRfzY6XjDWQ59p9tJi v8aogxacQNCfAu+WkJ8PNVUtC1dlVcG5NnZ80gXzd1rc8ueIvXlvdanUt/jZd8jbb3gaDbK3 wh1yMCGBl/1fOJTyEGYv1CRojv97KK89KP5+r8x1P1iHcSrunlDNqGxTMydNCwBH23QcOM+m u4spKnJ/s0VRBkw3xoKBZfZza6fTQ4gTpAipjyk7ldOGBV+PvkKATdhK2yLwuWXhKbg/GRlD 1r5P0gxzSqfV4My+KJuc2EDcrqp1y0wOpE1m9iZqCcd0fup5f7HDsYlLWshr7NQl28f6+fQb sylq/j672BHXsdeqf/Ip9V4= In-Reply-To: <1699210246.52160.1744195886991@localhost> X-Rspamd-Queue-Id: 4ZwGXc1vQ6z3nmT X-Spamd-Bar: ++ X-Spamd-Result: default: False [2.03 / 15.00]; RSPAMD_URIBL(4.50)[pwste.edu.pl:email]; DWL_DNSWL_MED(-2.00)[pwste.edu.pl:dkim]; NEURAL_SPAM_LONG(1.00)[1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; NEURAL_SPAM_MEDIUM(0.23)[0.231]; RCVD_IN_DNSWL_MED(-0.20)[2001:678:618::40:from]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; BAD_REP_POLICIES(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[net@FreeBSD.org,freebsd-current@freebsd.org]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(0.00)[+mx:c]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_POLICY_ALLOW(0.00)[plan-b.pwste.edu.pl,quarantine]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; TO_MATCH_ENVRCPT_SOME(0.00)[]; HAS_XAW(0.00)[] This is a multi-part message in MIME format. --------------DXZkO9hGmrQKNq0rfiBEIQbF Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit W dniu 9.04.2025 o 12:51, Ronald Klop pisze: > Hi, > > Next to hostuuid you could add a jailname in the mix. > > That is what ether_gen_addr(9) does to make it easier to prevent > collisions while copying jails around or run a jail on a readonly > shared base filesystem. > > Regards, > Ronald. I ran several tests in VNET jails to evaluate the combined behavior of D49681 and D50108. Based on the results, I concluded that since the logic is implemented entirely in the kernel, only the host system’s |hostid| has an effect. This means that cloned or copied jails using interfaces with different names will not interfere with each other. However, if multiple jails are running on the same host and use the same internal interface names, they will be affected by this behavior. Cheers Marek > > *Van:* Guido Falsi > *Datum:* woensdag, 9 april 2025 12:17 > *Aan:* Marek Zarychta , FreeBSD Current > , net@FreeBSD.org > *Onderwerp:* Re: RFC: Implementation of RFC 7217 [A Method for > Generating Semantically Opaque Interface Identifiers, with IPv6 > Stateless Address Autoconfiguration (SLAAC)] > > On 4/6/25 23:38, Marek Zarychta wrote: > > W dniu 6.04.2025 o 16:49, Guido Falsi pisze: > >> Hi! > >> > >> I have recently implemented and tested the patch at [1], which > >> implements RFC 7217, about generating IPv6 addresses that are > constant >> through reboots, but do not expose the MAC address of > the machine, not >> being in any way derived by those. > >> > >> I'd like to get comments, testing and review for this patch, > with the >> objective of getting approval to commit it to head > once it is >> streamlined enough. > >> > >> BTW I'd like to thank cognet for his suggestions and help with > the >> patch, in particular his help in finding the correct way to > implement >> the dad_failures counter. > >> > >> > >> And thanks in advance to anyone willing to give feedback! > >> > >> > >> [1] https://reviews.freebsd.org/D49681 > >> > > This is great news for the community ! > > > > I've already started testing it on both a desktop and a laptop - > which > is probably even more valuable, especially since the > laptop will be > connecting to various networks. If I encounter > any issues, I will post > comments in the review. > > I posted an updated patch, addressing feedback and containing some > more improvements. > > If testing this new patch, the flag needs to be activated per > interface with ifconfig(8) now, or via tunable in loader.conf. > > Should generate the same addresses it was generating before, with > the only exception of the (relatively improbable) case that the > previous patch was generating a reserved IPv6 address, which is > now checked for and another one generated in such a case. > > -- > Guido Falsi > ------------------------------------------------------------------------ > > --------------DXZkO9hGmrQKNq0rfiBEIQbF Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
W dniu 9.04.2025 o 12:51, Ronald Klop pisze:
Hi,

Next to hostuuid you could add a jailname in the mix.

That is what ether_gen_addr(9) does to make it easier to prevent collisions while copying jails around or run a jail on a readonly shared base filesystem.

Regards,
Ronald.

I ran several tests in VNET jails to evaluate the combined behavior of D49681 and D50108. Based on the results, I concluded that since the logic is implemented entirely in the kernel, only the host system’s hostid has an effect. This means that cloned or copied jails using interfaces with different names will not interfere with each other. However, if multiple jails are running on the same host and use the same internal interface names, they will be affected by this behavior.

Cheers

Marek


 

Van: Guido Falsi <madpilot@FreeBSD.org>
Datum: woensdag, 9 april 2025 12:17
Aan: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>, FreeBSD Current <freebsd-current@freebsd.org>, net@FreeBSD.org
Onderwerp: Re: RFC: Implementation of RFC 7217 [A Method for Generating Semantically Opaque Interface Identifiers, with IPv6 Stateless Address Autoconfiguration (SLAAC)]

On 4/6/25 23:38, Marek Zarychta wrote:
> W dniu 6.04.2025 o 16:49, Guido Falsi pisze:
>> Hi!
>>
>> I have recently implemented and tested the patch at [1], which >> implements RFC 7217, about generating IPv6 addresses that are constant >> through reboots, but do not expose the MAC address of the machine, not >> being in any way derived by those.
>>
>> I'd like to get comments, testing and review for this patch, with the >> objective of getting approval to commit it to head once it is >> streamlined enough.
>>
>> BTW I'd like to thank cognet for his suggestions and help with the >> patch, in particular his help in finding the correct way to implement >> the dad_failures counter.
>>
>>
>> And thanks in advance to anyone willing to give feedback!
>>
>>
>> [1] https://reviews.freebsd.org/D49681
>>
> This is great news for the community !
>
> I've already started testing it on both a desktop and a laptop - which > is probably even more valuable, especially since the laptop will be > connecting to various networks. If I encounter any issues, I will post > comments in the review.

I posted an updated patch, addressing feedback and containing some more improvements.

If testing this new patch, the flag needs to be activated per interface with ifconfig(8) now, or via tunable in loader.conf.

Should generate the same addresses it was generating before, with the only exception of the (relatively improbable) case that the previous patch was generating a reserved IPv6 address, which is now checked for and another one generated in such a case.

-- 
Guido Falsi <madpilot@FreeBSD.org>
 

 
--------------DXZkO9hGmrQKNq0rfiBEIQbF--