Re: git: 31ec8b6407fd - main - sys/netinet6: Implement RFC 7217

Sun, 21 Sep 2025 03:38:17 -0700 

On 9/21/25 00:17, Herbert J. Skuhra wrote:

On Sat, 20 Sep 2025 14:31:52 +0200, Guido Falsi wrote:


The branch main has been updated by madpilot:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=31ec8b6407fdd5a87d70265762457c67ce618283

commit 31ec8b6407fdd5a87d70265762457c67ce618283
Author:     Guido Falsi <[email protected]>
AuthorDate: 2025-09-20 12:26:41 +0000
Commit:     Guido Falsi <[email protected]>
CommitDate: 2025-09-20 12:31:44 +0000

     sys/netinet6: Implement RFC 7217

     
     Implement RFC 7217 (A Method for Generating Semantically Opaque

     Interface Identifiers with IPv6 Stateless Address Autoconfiguration
     (SLAAC)) in our IPv6 stack.

     
     A new ifconfig `stableaddr` flag is added to enable the feature on

     interfaces, which defaults to on or off for new interfaces based
     on the sysctl `net.inet6.ip6.use_stableaddr` (off by default, so
     this commit causes no change in behavior with default settings).

     
     The algorithm follows the RFC in its logic, using SHA256-HMAC as

     the algorithm to derive addresses so as to provide code that can
     be leveraged by future implentations of RFC 8981, leveraging the
     `hostuuid` as the secret.

     
     The source of the hostidentifier can be configured using the sysctl

     `net.inet6.ip6.stableaddr_netifsource`, while the number of retries
     generating a new address in case of collision can be configured
     using the `net.inet6.ip6.stableaddr_maxretries` sysctl (default 3).

     
     Documentation about all these flags is added to the ifconfig(8) man

     page.

     
     Reviewed by:            cognet, glebius, hrs

     Tested by:              [email protected]
     Approved by:            cognet, glebius
     Relnotes:               yes
     Differential Revision:  https://reviews.freebsd.org/D49681
---
  sbin/ifconfig/af_inet6.c    |   2 +
  sbin/ifconfig/af_nd6.c      |   1 +
  sbin/ifconfig/ifconfig.8    |  30 +++++
  sys/netinet6/in6.h          |   3 +
  sys/netinet6/in6_ifattach.c | 275 +++++++++++++++++++++++++++++++++++++-------
  sys/netinet6/in6_ifattach.h |   2 +
  sys/netinet6/in6_proto.c    |  10 ++
  sys/netinet6/ip6_input.c    |   1 +
  sys/netinet6/ip6_var.h      |  12 ++
  sys/netinet6/nd6.c          |   9 ++
  sys/netinet6/nd6.h          |   2 +
  sys/netinet6/nd6_nbr.c      |  35 +++++-
  sys/netinet6/nd6_rtr.c      | 128 +++++++++++++--------
  usr.sbin/ndp/ndp.c          |   7 ++
  14 files changed, 423 insertions(+), 94 deletions(-)


This commit breaks security/netbird:

Management: Disconnected, reason: create wg interface: error creating tun 
device: unable to get nd6 flags for tun0: invalid argument
Signal: Disconnected, reason: create wg interface: error creating tun device: 
unable to get nd6 flags for tun0: invalid argument



Thanks for reporting this,


I'm going to take a look shortly, although I'm not sure why, since the 
functionality is disabled by default.



--
Guido Falsi <[email protected]>
























					Reply via email to