From nobody Sun Sep 21 16:02:24 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cV9xG1RGSz68Jh8; Sun, 21 Sep 2025 16:02:26 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cV9xG0ghXz43NQ; Sun, 21 Sep 2025 16:02:26 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758470546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=ra1sMyGz3LF8Mlkb4KnP25hfrxGzmkzAAs+MOdUb58U=; b=XYyhT8H1Z2t3bfn3O4r4Nw/WCIoYIk1+wqHmjjh5tYgFWDAZLmwCThaQXWe2GpEV3kRN3y 1b207uJ4Izw35tUVYGHNrSrGON8E1Eo8N7URzuoWG7y2cHJX+3qJ06Duy0qWd2Ev7NFf2Z OtkEC1Iad+cHq4jatbhCblzXCLDgz37a1IJirJ8VlanpALvA9xPBMh7oBHg/n6YhZtPlOl 6YcPiR5IHe6sDeZj8UeNTcnWJtRf73DqMf6x1xxUzd9cFohCDB22vg19vL3MCjcn0CidjH HsGh75ClzAeQo/QHHb0yaIDTrbzsPqGS0GzhcIVtiFXbCeqXSWLUsRzKeEzn5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758470546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=ra1sMyGz3LF8Mlkb4KnP25hfrxGzmkzAAs+MOdUb58U=; b=YwPvGInrLnpCe1g6B9dxzVQmhN5bkohOMCMbdlpfrPl7X4OCkmox5jhjm3sxXswNysEi3D aWznZHwnQiX3EBabCJxRgQKRz/U5QcZnJyEVPynUbPA2E1ex6mgfE1uFsOOPzc5Lj+EF9g 5poDdnFFr1sgMDsbp9P+04EJbgGZoodBLXXoGT2LpZURX/FDjB+jNlTKljh4EPdIQ52C0c bhftx/9FxEI4iBFRZjN1XWmHxJctefkqcDRXl8eXDNTPZpE7PZAzMyRqkPO3A8doYGLClN ao2pe7IYJ/jkFTWF7HMlcGHg59KKmyKHGmLABljE1S8R98clxzMnGzpy2YyXfA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758470546; a=rsa-sha256; cv=none; b=TM/14l1wmOHCashTFlhsIPz2FRIMoEvVXvwsgFmKmsRxuGsKZwb6KbrsvESslduT8fz76p vT84zpU/IdCpqhTg0ivWQwnpQpfrrHXX+m2mKZF8j4yV5faFeLEgULBvedE65f5aBjpiTs lVHqK5nezO2vDKild3M1g2V+xgA/Nte4Nlds5R9YzJ9F3zwtFAuM7CsRhg1JJSxW5H54na lxxH+a4Un6YVo7KxPPgYAImeQVkaP0S7jRMakqEncoF+VFO4DjgYkyLkWD7MMy6HQ1EU1G WZ+ch/GmbxeJY8DuR2v9/j1de778vkuKBEJl6qf3Te+tD01jfoPozYaUoJlTxw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from [IPV6:2a01:e11:2002:4280::13:1] (unknown [IPv6:2a01:e11:2002:4280::13:1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cV9xF3dVpz80y; Sun, 21 Sep 2025 16:02:25 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Content-Type: multipart/mixed; boundary="------------VYB7agHpWOC16P85CAHYiZYR" Message-ID: <31da7dd5-ae67-4fb4-aa47-81e57f460c9d@FreeBSD.org> Date: Sun, 21 Sep 2025 18:02:24 +0200 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217 To: "Herbert J. Skuhra" Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202509201231.58KCVqBC047480@gitrepo.freebsd.org> <874iswhip4.wl-herbert@gojira.at> <07503de1-785e-4e4d-b4e4-0524aeb064e1@FreeBSD.org> <87jz1sc9fr.wl-herbert@gojira.at> Content-Language: en-US, it, en-GB Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: <87jz1sc9fr.wl-herbert@gojira.at> This is a multi-part message in MIME format. --------------VYB7agHpWOC16P85CAHYiZYR Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 9/21/25 13:49, Herbert J. Skuhra wrote: > On Sun, 21 Sep 2025 12:44:42 +0200, Guido Falsi wrote: >> >> On 9/21/25 11:58, Guido Falsi wrote: >>> On 9/21/25 00:17, Herbert J. Skuhra wrote: >>>> On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote: >>>>> >>>>> The branch main has been updated by madpilot: >>>>> >>>>> URL: https://cgit.FreeBSD.org/src/commit/? >>>>> id=31ec8b6407fdd5a87d70265762457c67ce618283 >>>>> >>>>> commit 31ec8b6407fdd5a87d70265762457c67ce618283 >>>>> Author:     Guido Falsi >>>>> AuthorDate: 2025-09-20 12:26:41 +0000 >>>>> Commit:     Guido Falsi >>>>> CommitDate: 2025-09-20 12:31:44 +0000 >>>>> >>>>>      sys/netinet6: Implement RFC 7217 >>>>>      Implement RFC 7217 (A Method for Generating Semantically Opaque >>>>>      Interface Identifiers with IPv6 Stateless Address Autoconfiguration >>>>>      (SLAAC)) in our IPv6 stack. >>>>>      A new ifconfig `stableaddr` flag is added to enable the feature on >>>>>      interfaces, which defaults to on or off for new interfaces based >>>>>      on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so >>>>>      this commit causes no change in behavior with default settings). >>>>>      The algorithm follows the RFC in its logic, using SHA256-HMAC as >>>>>      the algorithm to derive addresses so as to provide code that can >>>>>      be leveraged by future implentations of RFC 8981, leveraging the >>>>>      `hostuuid` as the secret. >>>>>      The source of the hostidentifier can be configured using the sysctl >>>>>      `net.inet6.ip6.stableaddr_netifsource`, while the number of retries >>>>>      generating a new address in case of collision can be configured >>>>>      using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3). >>>>>      Documentation about all these flags is added to the ifconfig(8) man >>>>>      page. >>>>>      Reviewed by:            cognet, glebius, hrs >>>>>      Tested by:              zarychtam@plan-b.pwste.edu.pl >>>>>      Approved by:            cognet, glebius >>>>>      Relnotes:               yes >>>>>      Differential Revision:  https://reviews.freebsd.org/D49681 >>>>> --- >>>>>   sbin/ifconfig/af_inet6.c    |   2 + >>>>>   sbin/ifconfig/af_nd6.c      |   1 + >>>>>   sbin/ifconfig/ifconfig.8    |  30 +++++ >>>>>   sys/netinet6/in6.h          |   3 + >>>>>   sys/netinet6/in6_ifattach.c | 275 >>>>> +++++++++++++++++++++++++++++++++ ++++------- >>>>>   sys/netinet6/in6_ifattach.h |   2 + >>>>>   sys/netinet6/in6_proto.c    |  10 ++ >>>>>   sys/netinet6/ip6_input.c    |   1 + >>>>>   sys/netinet6/ip6_var.h      |  12 ++ >>>>>   sys/netinet6/nd6.c          |   9 ++ >>>>>   sys/netinet6/nd6.h          |   2 + >>>>>   sys/netinet6/nd6_nbr.c      |  35 +++++- >>>>>   sys/netinet6/nd6_rtr.c      | 128 +++++++++++++-------- >>>>>   usr.sbin/ndp/ndp.c          |   7 ++ >>>>>   14 files changed, 423 insertions(+), 94 deletions(-) >>>> >>>> This commit breaks security/netbird: >>>> >>>> Management: Disconnected, reason: create wg interface: error >>>> creating tun device: unable to get nd6 flags for tun0: invalid >>>> argument >>>> Signal: Disconnected, reason: create wg interface: error creating >>>> tun device: unable to get nd6 flags for tun0: invalid argument >>>> >>> >>> Thanks for reporting this, >>> >>> I'm going to take a look shortly, although I'm not sure why, since >>> the functionality is disabled by default. >>> >>> >> >> Hi again, >> >> I'm going to try to reproduce this, but in the while, looking at the >> source code, the error comes from the wireguard-go package that is >> being used by netbird (we also have that in a port of its own BTW). >> >> The code there is manipulating the interface flags at a low level, but >> my commit modified that structure. There is some chance that simply >> forcing a rebuild and reinstall of the package will "fix" it. >> >> Have you tried that? >> >> If you already have, I'll go on and reproduce locally, if I can. > > Yes, I've already rebuilt both go124 and netbird. Sorry I didn't > mention this before. > Yes, I now see recompiling would not have helped in this case. A C program would have included the system include and noticed the change, but this software has hardcoded the struct in go code and requires patching. I'm attaching a simple patch for the ports tree for this port, it compiles but I've not tested it at runtime, could you try applying this patch to the ports tree and recompile the port, and report back? Please note this is not a proper patch for the ports tree, it just fixes the problem, but would break it for anyone else, I'll produce a proper patch for the ports tree once I have confirmed the approach woks. Thanks in advance! -- Guido Falsi --------------VYB7agHpWOC16P85CAHYiZYR Content-Type: text/x-patch; charset=UTF-8; name="0001-security-netbird-Test-fix.patch" Content-Disposition: attachment; filename="0001-security-netbird-Test-fix.patch" Content-Transfer-Encoding: base64 RnJvbSA1NDcwZjhlM2YwNWMyMWJiMDgxMmVlMDEwMGNhMzM3MmUyZjc1ZWRlIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHdWlkbyBGYWxzaSA8bWFkcGlsb3RARnJlZUJTRC5v cmc+CkRhdGU6IFN1biwgMjEgU2VwIDIwMjUgMTc6NDc6MDggKzAyMDAKU3ViamVjdDogW1BB VENIXSBzZWN1cml0eS9uZXRiaXJkOiBUZXN0IGZpeAoKLS0tCiAuLi5uZG9yX2dvbGFuZy56 eDJjNC5jb21fd2lyZWd1YXJkX3R1bl90dW5fX2ZyZWVic2QuZ28gfCAxMCArKysrKysrKysr CiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0aW9ucygrKQogY3JlYXRlIG1vZGUgMTAwNjQ0 IHNlY3VyaXR5L25ldGJpcmQvZmlsZXMvcGF0Y2gtdmVuZG9yX2dvbGFuZy56eDJjNC5jb21f d2lyZWd1YXJkX3R1bl90dW5fX2ZyZWVic2QuZ28KCmRpZmYgLS1naXQgYS9zZWN1cml0eS9u ZXRiaXJkL2ZpbGVzL3BhdGNoLXZlbmRvcl9nb2xhbmcuengyYzQuY29tX3dpcmVndWFyZF90 dW5fdHVuX19mcmVlYnNkLmdvIGIvc2VjdXJpdHkvbmV0YmlyZC9maWxlcy9wYXRjaC12ZW5k b3JfZ29sYW5nLnp4MmM0LmNvbV93aXJlZ3VhcmRfdHVuX3R1bl9fZnJlZWJzZC5nbwpuZXcg ZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAuLjUxM2IxMjE3ZmEyYwotLS0g L2Rldi9udWxsCisrKyBiL3NlY3VyaXR5L25ldGJpcmQvZmlsZXMvcGF0Y2gtdmVuZG9yX2dv bGFuZy56eDJjNC5jb21fd2lyZWd1YXJkX3R1bl90dW5fX2ZyZWVic2QuZ28KQEAgLTAsMCAr MSwxMCBAQAorLS0tIHZlbmRvci9nb2xhbmcuengyYzQuY29tL3dpcmVndWFyZC90dW4vdHVu X2ZyZWVic2QuZ28ub3JpZwkyMDI1LTA5LTIxIDExOjA0OjE3IFVUQworKysrIHZlbmRvci9n b2xhbmcuengyYzQuY29tL3dpcmVndWFyZC90dW4vdHVuX2ZyZWVic2QuZ28KK0BAIC02NSw2 ICs2NSw3IEBAIHR5cGUgbmQ2UmVxIHN0cnVjdCB7CisgCVJhbmRvbXNlZWQwICAgWzhdYnl0 ZQorIAlSYW5kb21zZWVkMSAgIFs4XWJ5dGUKKyAJUmFuZG9taWQgICAgICBbOF1ieXRlCisr CURhZF9mYWlsdXJlcyAgKnVpbnQ2NAorIH0KKyAKKyB0eXBlIE5hdGl2ZVR1biBzdHJ1Y3Qg ewotLSAKMi41MS4wCgo= --------------VYB7agHpWOC16P85CAHYiZYR--