From nobody Mon Feb 9 23:21:25 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f910q5hhLz6Qj7H for ; Mon, 09 Feb 2026 23:21:31 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4f910q1lgqz428X; Mon, 09 Feb 2026 23:21:29 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; none Received: from delta.joker.local (124-18-6-240.area1c.commufa.jp [124.18.6.240]) (authenticated bits=0) by www121.sakura.ne.jp (8.18.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 619NLQOY051921; Tue, 10 Feb 2026 08:21:26 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dec.sakura.ne.jp; s=s2405; t=1770679286; bh=QPZUh0/CYrc/HrVvXxdAK2lx8p3CBmP0jqRQY3MCZm4=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=JZW534pXR7+nVA+MSSVSAwRqJpWcSaL/PBoL7Huka9gpT8ufpMgmsU1JTB9Su4j+0 D7JWwnqfJW5Grt2k7DJ4DY78WTaPg6oKx1juzj18gr25j+iLrG37gkJWiwdJF7cMG/ 8iWAN/MEfPqNBYW5mbL15I9MNiRyZE5G6c7Ft0F8= Date: Tue, 10 Feb 2026 08:21:25 +0900 From: Tomoaki AOKI To: Brooks Davis Cc: Guido Falsi , Pouria Mousavizadeh Tehrani , freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-Id: <20260210082125.dd7bea38970bd9b635655eb4@dec.sakura.ne.jp> In-Reply-To: References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <7521210e-1348-40b8-85ed-8e7a0d3b290a@FreeBSD.org> <2593e290-77ec-41d1-801a-79a6eff3dc93@FreeBSD.org> Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP] X-Rspamd-Queue-Id: 4f910q1lgqz428X X-Spamd-Bar: ---- On Mon, 9 Feb 2026 21:48:50 +0000 Brooks Davis wrote: > On Mon, Feb 09, 2026 at 10:09:04PM +0100, Guido Falsi wrote: > > On 2/9/26 21:49, Guido Falsi wrote: > > > On 1/28/26 11:00, Brooks Davis wrote: > > > > On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani > > > > wrote: > > > > > Hi everyone, > > > > > > > > > > With `net.inet6.ip6.use_stableaddr` now available, I believe we > > > > > should enable > > > > > it by default in CURRENT at least. > > > > > As you may already know, we currently use the EUI64 method for > > > > > generating > > > > > stable IPv6 addresses, which has serious privacy issues. > > > > > > > > > > IMHO, trying to maintain backward compatibility defeats the purpose of a > > > > > privacy RFC. > > > > > > > > > > To be clear, we don't want to change the ip addresses of existing > > > > > servers. > > > > > However, it's reasonable for users to expect changes during a > > > > > major upgrade > > > > > (15 -> 16), a fresh install of a new major release, or living on > > > > > CURRENT. > > > > > So, for obvious reasons, changing the default value would not be MFCed. > > > > > > > > > > What do you think? > > > > > > > > I wonder if we should ship an update to 15 (landing in 15.1) explicitly > > > > adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to > > > > /etc/sysctl.conf so people who later upgrade to 16 aren't painfully > > > > surprised when their server disappears.?? New installs of 16 would get > > > > the new default, but upgrades would keep the old default.?? The downside > > > > would be that people who have edited sysctl.conf would have a merge > > > > conflict to resolve, but that's a fairly normal thing. > > > > > > > > -- Brooks > > > > > > > > > > > > > Hi all, I just committed the change in the default (thanks to zlei for > > > approving it, and all the reviewers). [1] > > > > > > > > > I'll also send an heads up to current@ and net@ just in case. > > > > > > > > > I am replying t this specific message in the thread because I do like > > > brooks' idea on how to introduce this on stable. > > > > > > Once I get the MFC approved and committed [2], I could send a further PR > > > implementing such a change on stable/15 sysctl.conf. > > > > While writing my heads up message I just noticed this plan cannot work, > > unluckily. > > > > Due to the nature of the sysctl, enabling it via /etc/sysctl.conf would cause > > the change to only affect interfaces created after sourcing the file. This > > means that for most machines the default interface would be unaffected and > > keep the default to the in kernel one. > > > > To achieve the effect Brooks suggests would require the "soft switch" to > > happen via loader.conf. Not sure if this is a good idea though. > > I think all my reasoning still applies to loader.conf. IMO, people are > going to be really upset if they miss a release note that causes their > system to be inaccessable via IP. Even with proper remote access, it's > super annoying to fix (having done this to myself many times by many > means). > > -- Brooks Looking into the diff, use_stableaddr is defined as CTLFLAG_RWTUN in sys/netinet6/in6_proto.c. So (not tried though, as I cannot obtain RA from my local ISP, thus, not configured for IPv6) /boot/loader.conf should work as it's tunable, too. To avoid race conditions, /boot/loader.conf should be preferred and RELNOTE (and UPDATING, too?) for this should be based on /boot/loader.conf case. Regards. -- Tomoaki AOKI