W dniu 7.05.2025 o 08:48, Guido Falsi pisze:
Hello!
I have polished the patch and it did get further testing.
I've been asked to get one more approval from someone more
knowledgeable about the IPv6 stack before being able to commit this code.
It works fine and I'd like to commit it soon so it can get proper
testing and avoid rotting as a patch.
Since I am not src committer I'll need explicit approval to commit to
the src tree.
Thanks in advance!
Thank you for working on this implementation. It looks like complete and
ready to ship, but I am only FreeBSD user, so I can't support you much.
There is probably concern if your contribution breaks something for the
user XY running XXX year old code someone will have to fix it. This fear
prevents pushing things further.
That's the tradeoff. Please let me note that we are still in pair with
NetBSD and DFflyBSD - the cherished implementation from WIDE and KAME
projects was left almost untouched. There is no need to modify or
rewrite this code; it's decent code, a model implementation, and it will
not be a trivial task, but maybe adding enhancements, only tested ones,
one by one, is the way to go.
It seems that some people have already given up on IPv6 in FreeBSD and
do not consider FreeBSD to be a popular OS anymore. Let me cite a 2 and
1/2 years old post from RIPE ipv6-wg mailing list: "After over 10 (yes,
*ten*) years, we have finally addressed security/privacy issues in the
generation of IPv6 stable addresses in most popular operating systems.
(...) Over time, popular operating systems and packages adopted the
proposed algorithm: the Linux kernel, NetworkManager, OpenBSD's slaacd,
MacOS, etc. Eventually, virtually every popular OS had adopted the
scheme.... except Windows (...)"[1].
[1]
https://mailman.ripe.net/archives/list/ipv6...@ripe.net/thread/IV46DM2TD4XUTMJITSF3T43OUC3V3RND/
Cheers
Marek
On 4/6/25 16:49, Guido Falsi wrote:
Hi!
I have recently implemented and tested the patch at [1], which
implements RFC 7217, about generating IPv6 addresses that are
constant through reboots, but do not expose the MAC address of the
machine, not being in any way derived by those.
I'd like to get comments, testing and review for this patch, with the
objective of getting approval to commit it to head once it is
streamlined enough.
BTW I'd like to thank cognet for his suggestions and help with the
patch, in particular his help in finding the correct way to implement
the dad_failures counter.
And thanks in advance to anyone willing to give feedback!
[1] https://reviews.freebsd.org/D49681
