From nobody Fri Jun 20 16:17:03 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bP2g428YQz5yF3s;
	Fri, 20 Jun 2025 16:17:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bP2g35z9Gz3TR3;
	Fri, 20 Jun 2025 16:17:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750436223;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/IKqMGO+cqrjrcNxsOVotPFs8SIy9bwPS5qqcGfdpWU=;
	b=DVVkQM65mJN2arpl7bajKr3QFOeRYm0T5wiygybuFzAcEkjmSse6cjtnCVX4wovISZN+g/
	b4MdTGRVPJ7389tZitMBkC5ZvBAH6bwfW2iHw2q+8ZIjoWQ6kK0IFr5JmEWgYDCtiBJgoD
	N34Iq6fqAFElpg+W4ybiFmisvE/LAkRaWVjEENpYzQCektepQF+J9GhLW1SmLq1C9ltjrl
	fpJ8WJYHnvgryU6K2/He4cp+3X6EfiK+omzPhzmNdt6sWZpbreZzXj+Y3yHPpMCoY+y06y
	xDtP9KEJ9DUd7Kh+Zj9DTeCKuaftVZuLAnxLe1QaUR1xmhALo/4YsIO2S6WjQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750436223;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/IKqMGO+cqrjrcNxsOVotPFs8SIy9bwPS5qqcGfdpWU=;
	b=ppyfQFN6aBgywK3u1sxSEqRbzgtpf5FPd1UTC0kOu2akZ1oFTplWvOyeyiXA/5SD+TP0du
	zgR16wdzk/u1uQFKQTMANp6NGSwGqoH2CD8e3blg8uPW/WdBc7sKSzD/XSjMgwDAiNrzAk
	ZmPU6DUAxVK+fKeQKsk6RVcDzNHn8L4sIFVmZp6Q+u5kU8r6+qKJ7H5ycXqksJ3TOBK8ku
	HOBjw089coNch2IjCG26+PcKwzIf8BptxHiY6M1GNI3dNdE33MW59j3lNvOmbjbThCJGfG
	EJ5yiU7vrEfdbLcx3m/A3Kjr6sP348XjA6DP1Ae+iv4nQUX+5Orft0E3Mq7V1A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750436223; a=rsa-sha256; cv=none;
	b=w+2gV8pU4cZ8aCHJot9slah2nKcYTUAW+itLbNRakj+5qITQVBp1MO9WaEkk8f3eiS7ZcA
	22v66fzJLVEhYkdnNwP8SrZZ97tj1ImondqmTQtB2ybiYChh8rwU56GhOLILIgaOP75LrJ
	xHpyBGAxjvKGnoE2i6TnJGeFye7d9SfIiStZpSS1flT7GLLS1p6IaUUOunfW6owTFUCsXa
	39qFcqND41s3Ixo0raRSsag2a9XjctQMT317m0UqUptcJQ/ajanbpXLYtkFaWMYBFkhv6A
	n6Z9GQikp9lSyZqN91g25qdcRVHR9zn7twSfTrSkrobSeOIhDLzT52IL9ufi+w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bP2g35M4tzsGw;
	Fri, 20 Jun 2025 16:17:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55KGH3ma024830;
	Fri, 20 Jun 2025 16:17:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55KGH31w024827;
	Fri, 20 Jun 2025 16:17:03 GMT
	(envelope-from git)
Date: Fri, 20 Jun 2025 16:17:03 GMT
Message-Id: <202506201617.55KGH31w024827@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 41399ce61bcc - main - inet6: RFC 8981 SLAAC Temporary
  Address Extensions
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 41399ce61bcc56711cba3fed1ab5b4e72c937576
Auto-Submitted: auto-generated

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=41399ce61bcc56711cba3fed1ab5b4e72c937576

commit 41399ce61bcc56711cba3fed1ab5b4e72c937576
Author:     Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
AuthorDate: 2025-05-17 06:56:20 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-06-20 16:16:21 +0000

    inet6: RFC 8981 SLAAC Temporary Address Extensions
    
    Deprecate the use of MD5 as the algorithm for generating temporary
    interface identifiers (IIDs) for IPv6 addresses, improving cryptographic
    robustness.
    
    Introduce per-address randomized IIDs, ensuring that each temporary
    address uses a distinct interface identifier to enhance privacy and
    avoid correlation across addresses.
    
    Update the IID generation logic to respect the Reserved IPv6 Interface
    Identifiers list.
    
    Enhance sysctl_ip6_temppltime() so that ip6_temp_max_desync_factor is
    dynamically recalculated whenever ip6_temp_preferred_lifetime is updated
    via sysctl. This ensures that MAX_DESYNC_FACTOR remains approximately
    1/32 of the preferred lifetime plus 10 minutes. DESYNC_FACTOR is also
    regenerated after each update.
    
    Timers related to temporary address regeneration were updated to match
    the design recommendations in RFC 8981.
    
    A new read-only sysctl variable net.inet6.ip6.temp_max_desync_factor
    is introduced to expose the computed value of MAX_DESYNC_FACTOR to
    userland for observability and debugging.
    
    Input validation to reject temppltime values too small or too large is
    included.
    
    This all brings the temporary address lifetime handling closer to the
    intended design in RFC 8981 and improves robustness against
    misconfiguration.
    
    PR:             245103
    MFC after:      1 month
    Differential Revision:  https://reviews.freebsd.org/D50108
---
 sys/netinet6/in6_proto.c |  8 ++++++--
 sys/netinet6/ip6_input.c | 10 +++++++++-
 sys/netinet6/nd6.h       |  4 +++-
 sys/netinet6/nd6_rtr.c   |  3 ++-
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index 8541e19eebf8..b289d4eeb0a2 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -217,15 +217,19 @@ SYSCTL_NODE(_net_inet6,	IPPROTO_ESP, ipsec6, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
 static int
 sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS)
 {
-	int error, val;
+	int error, val, ndf;
 
 	val = V_ip6_temp_preferred_lifetime;
 	error = sysctl_handle_int(oidp, &val, 0, req);
 	if (error != 0 || !req->newptr)
 		return (error);
-	if (val < V_ip6_desync_factor + V_ip6_temp_regen_advance)
+	ndf =  TEMP_MAX_DESYNC_FACTOR_BASE + (val >> 2) + (val >> 3);
+	if (val < ndf + V_ip6_temp_regen_advance ||
+	    val > V_ip6_temp_valid_lifetime)
 		return (EINVAL);
 	V_ip6_temp_preferred_lifetime = val;
+	V_ip6_temp_max_desync_factor = ndf;
+	V_ip6_desync_factor = arc4random() % ndf;
 	return (0);
 }
 
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 68e4be66537b..45fd23ea6c21 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -173,6 +173,11 @@ SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO, source_address_validation,
     CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_sav), true,
     "Drop incoming packets with source address that is a local address");
 
+SYSCTL_UINT(_net_inet6_ip6, OID_AUTO, temp_max_desync_factor,
+    CTLFLAG_RD | CTLFLAG_VNET,
+    &VNET_NAME(ip6_temp_max_desync_factor), 0,
+    "RFC 8981 max desync factor");
+
 #ifdef RSS
 static struct netisr_handler ip6_direct_nh = {
 	.nh_name = "ip6_direct",
@@ -262,7 +267,10 @@ ip6_vnet_init(void *arg __unused)
 	nd6_init();
 	frag6_init();
 
-	V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
+	V_ip6_temp_max_desync_factor = TEMP_MAX_DESYNC_FACTOR_BASE +
+	    (V_ip6_temp_preferred_lifetime >> 2) +
+	    (V_ip6_temp_preferred_lifetime >> 3);
+	V_ip6_desync_factor = arc4random() % V_ip6_temp_max_desync_factor;
 
 	/* Skip global initialization stuff for non-default instances. */
 #ifdef VIMAGE
diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h
index f8cf99cf09ac..9cb2571da58b 100644
--- a/sys/netinet6/nd6.h
+++ b/sys/netinet6/nd6.h
@@ -187,7 +187,7 @@ struct	in6_ndifreq {
 #define DEF_TEMP_VALID_LIFETIME		172800	/* 2 days */
 #define DEF_TEMP_PREFERRED_LIFETIME	86400	/* 1 day */
 #define TEMPADDR_REGEN_ADVANCE		5	/* sec */
-#define MAX_TEMP_DESYNC_FACTOR		600	/* 10 min */
+#define TEMP_MAX_DESYNC_FACTOR_BASE	300	/* 5 min */
 #define ND_COMPUTE_RTIME(x) \
 		(((MIN_RANDOM_FACTOR * (x >> 10)) + (arc4random() & \
 		((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000)
@@ -292,11 +292,13 @@ VNET_DECLARE(struct mtx, nd6_onlink_mtx);
 /* nd6_rtr.c */
 VNET_DECLARE(int, nd6_defifindex);
 VNET_DECLARE(int, ip6_desync_factor);	/* seconds */
+VNET_DECLARE(uint32_t, ip6_temp_max_desync_factor); /* seconds */
 VNET_DECLARE(u_int32_t, ip6_temp_preferred_lifetime); /* seconds */
 VNET_DECLARE(u_int32_t, ip6_temp_valid_lifetime); /* seconds */
 VNET_DECLARE(int, ip6_temp_regen_advance); /* seconds */
 #define	V_nd6_defifindex		VNET(nd6_defifindex)
 #define	V_ip6_desync_factor		VNET(ip6_desync_factor)
+#define	V_ip6_temp_max_desync_factor	VNET(ip6_temp_max_desync_factor)
 #define	V_ip6_temp_preferred_lifetime	VNET(ip6_temp_preferred_lifetime)
 #define	V_ip6_temp_valid_lifetime	VNET(ip6_temp_valid_lifetime)
 #define	V_ip6_temp_regen_advance	VNET(ip6_temp_regen_advance)
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index d9edb0d3e930..b9af0a78a584 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -94,6 +94,7 @@ VNET_DEFINE(int, nd6_defifindex);
 VNET_DEFINE(int, ip6_use_tempaddr) = 0;
 
 VNET_DEFINE(int, ip6_desync_factor);
+VNET_DEFINE(uint32_t, ip6_temp_max_desync_factor) = TEMP_MAX_DESYNC_FACTOR_BASE;
 VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME;
 VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME;
 
@@ -2229,7 +2230,7 @@ restart:
 
 /*
  * Get a randomized interface identifier for a temporary address
- * <draft-ietf-6man-rfc4941bis-08.txt>, Section 3.3.1.
+ * Based on RFC 8981, Section 3.3.1.
  */
 static int
 in6_get_tmp_ifid(struct in6_aliasreq *ifra)