From nobody Sun Sep 21 10:44:42 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cV2tj07YFz67vV7; Sun, 21 Sep 2025 10:44:45 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cV2th4n2nz3Whm; Sun, 21 Sep 2025 10:44:44 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758451484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=IOlaG6KiU5AWVv7NJrV2quv26Glr8zTJnOVRdgCwU7Q=; b=SOBe6m8+LD2TS2cuihuzfDgg6mDXfF55zhcB/8/toyeoadGUVvb+zzJ0TRRLe0Aejw44Xc pD658+w9/1Z/I/g+svPSu2DbZrgRBa4Cl9LVtqSkAFoY359GmAuSqa8zkIhA2VbgZF5slY u/dZaPJQWHwPFBb9sfyEyRwBVWTO+81IqMVbLuev5y7tuuH0mIe9oaDjsiuoHxTTmFttMK nhLnmc4OZKCCQnb1Bh9fjeUEgKwmwe0OMr1xWZIXR4/10Pm21YI4ZpfRoOEWAPfuJ5ARJe OijbCEzfLCGl21yBA44ftsXGDIk41gDUlgFYc6HNuBsONfsdeSI1z6f4ZkxjTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758451484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=IOlaG6KiU5AWVv7NJrV2quv26Glr8zTJnOVRdgCwU7Q=; b=V2CjlLJa5269qckr56/mPUVluufSqGgpMl7aqLFZ7X0ZcLbTGvG8z0FOnCd2KmAY3IObrB VCE66EYIR/iiapsfqAOoH6YMBg2Vna2bCKFwjgV1eoHj2xAbl+r0G9FT2PCr7eyQodOFej 7c0+eLGBlo0regZUEKle/2l7j6MLNm5xVPBrEVOzlUvkUpt7P4AfcLrjG2qGGun45DJtlx nWQA+b29YQU2gTERdQ5kh+2vnsjuueAl0l/QaGxlOSOjk/Uwy1I0LHlXa5ulfmzZBVnQ14 NyAOXVsmTmQQWlLhQKBtkRJBjgAdgWtzjl0WVumjxrDtcimM34kiraDUFuEvCw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758451484; a=rsa-sha256; cv=none; b=SQAXsF+Uzv6J/LXOhmXyfXyJxlMj4Xtfo8UCSyh+VGeiIEPKYB7uIqQvVBP8Jv9xXPYayX 7jGSF8CPOmH8WiY4aGkR43zNZy99Cj5uOxrNFCokMxVjw4f8r4X6z1r3tV7cM4P73T+oCf 1J0fNiQfKMbnTwrJwhY2/pBOkwSKfmP2RIriKtg4S7Qq6+3KyQciESNT2RDLKzWK7ZE1ir YVVkQ7zJeGdlhBQFnv9X1lfLoJxE9FQ4SJyNXoEeMkiHnYPxtXHxWRaLW8cvdle3NEJ+Vh 7mnpaFEQvciTK5YzeLWPb7mesyez2VDiX9IQGrVqsfWQhOwBmsAIclhl1y0ysA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from [IPV6:2a01:e11:2002:4280::13:1] (unknown [IPv6:2a01:e11:2002:4280::13:1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cV2th0XzWz1yK; Sun, 21 Sep 2025 10:44:43 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org> Date: Sun, 21 Sep 2025 12:44:42 +0200 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 To: "Herbert J. Skuhra" Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at> Content-Language: en-US, it, en-GB Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 9/21/25 11:58, Guido Falsi wrote: > On 9/21/25 00:17, Herbert J. Skuhra wrote: >> On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: >>> >>> The branch main has been updated by madpilot: >>> >>> URL: https://cgit.FreeBSD.org/src/commit/? >>> id=31ec8b6407fdd5a87d70265762457c67ce618283 >>> >>> commit 31ec8b6407fdd5a87d70265762457c67ce618283 >>> Author:     Guido Falsi >>> AuthorDate: 2025-09-20 12:26:41 +0000 >>> Commit:     Guido Falsi >>> CommitDate: 2025-09-20 12:31:44 +0000 >>> >>>      sys/netinet6: Implement RFC 7217 >>>      Implement RFC 7217 (A Method for Generating Semantically Opaque >>>      Interface Identifiers with IPv6 Stateless Address Autoconfiguration >>>      (SLAAC)) in our IPv6 stack. >>>      A new ifconfig `stableaddr` flag is added to enable the feature on >>>      interfaces, which defaults to on or off for new interfaces based >>>      on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so >>>      this commit causes no change in behavior with default settings). >>>      The algorithm follows the RFC in its logic, using SHA256-HMAC as >>>      the algorithm to derive addresses so as to provide code that can >>>      be leveraged by future implentations of RFC 8981, leveraging the >>>      `hostuuid` as the secret. >>>      The source of the hostidentifier can be configured using the sysctl >>>      `net.inet6.ip6.stableaddr_netifsource`, while the number of retries >>>      generating a new address in case of collision can be configured >>>      using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). >>>      Documentation about all these flags is added to the ifconfig(8) man >>>      page. >>>      Reviewed by:            cognet, glebius, hrs >>>      Tested by:              zarychtam@plan-b.pwste.edu.pl >>>      Approved by:            cognet, glebius >>>      Relnotes:               yes >>>      Differential Revision:  https://reviews.freebsd.org/D49681 >>> --- >>>   sbin/ifconfig/af_inet6.c    |   2 + >>>   sbin/ifconfig/af_nd6.c      |   1 + >>>   sbin/ifconfig/ifconfig.8    |  30 +++++ >>>   sys/netinet6/in6.h          |   3 + >>>   sys/netinet6/in6_ifattach.c | 275 +++++++++++++++++++++++++++++++++ >>> ++++------- >>>   sys/netinet6/in6_ifattach.h |   2 + >>>   sys/netinet6/in6_proto.c    |  10 ++ >>>   sys/netinet6/ip6_input.c    |   1 + >>>   sys/netinet6/ip6_var.h      |  12 ++ >>>   sys/netinet6/nd6.c          |   9 ++ >>>   sys/netinet6/nd6.h          |   2 + >>>   sys/netinet6/nd6_nbr.c      |  35 +++++- >>>   sys/netinet6/nd6_rtr.c      | 128 +++++++++++++-------- >>>   usr.sbin/ndp/ndp.c          |   7 ++ >>>   14 files changed, 423 insertions(+), 94 deletions(-) >> >> This commit breaks security/netbird: >> >> Management: Disconnected, reason: create wg interface: error creating >> tun device: unable to get nd6 flags for tun0: invalid argument >> Signal: Disconnected, reason: create wg interface: error creating tun >> device: unable to get nd6 flags for tun0: invalid argument >> > > Thanks for reporting this, > > I'm going to take a look shortly, although I'm not sure why, since the > functionality is disabled by default. > > Hi again, I'm going to try to reproduce this, but in the while, looking at the source code, the error comes from the wireguard-go package that is being used by netbird (we also have that in a port of its own BTW). The code there is manipulating the interface flags at a low level, but my commit modified that structure. There is some chance that simply forcing a rebuild and reinstall of the package will "fix" it. Have you tried that? If you already have, I'll go on and reproduce locally, if I can. -- Guido Falsi