sys/netinet6: switch net.inet6.ip6.use_stableaddr to on by default

This change switches to using RFC 7217 algorithm as the default to
generate SLAAC addresses for IPv6 interfaces configured with
accept_rtadv.

Reviewed by:		pouria, glebius, zlei
Approved by:		zlei
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D55138

2 files changed, 10 insertions, 1 deletions

diff --git a/UPDATING b/UPDATING
index 5029bf086bdd..d4a6e486aed0 100644
--- a/UPDATING
+++ b/UPDATING
@@ -27,6 +27,15 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 16.x IS SLOW:
 	world, or to merely disable the most expensive debugging functionality
 	at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20260129:
+	The "net.inet6.ip6.use_stableaddr" sysctl is now on by default.
+	This changes the default algorithm to choose IPv6 SLAAC autogenerated
+	addresses from embedding the interface hardware address to using
+	SHA256-HMAC hash as described in RFC 7217 to derive an opaque but
+	stable Address.  If you are using autoconfigured IPv6 addresses at
+	reboot they will be different after this change, but constant
+	thereafter, please update your DNS records if any.
+
 20260106:
 	Zstd has moved to the new "zstd" package.  If you have set-minimal
 	installed, this package will be installed automatically, otherwise
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 0ca97125110c..8f557ba77af5 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -95,7 +95,7 @@ VNET_DEFINE(int, nd6_defifindex);
 #define	V_nd6_defifp			VNET(nd6_defifp)
 
 VNET_DEFINE(int, ip6_use_tempaddr) = 0;
-VNET_DEFINE(bool, ip6_use_stableaddr) = 0;
+VNET_DEFINE(bool, ip6_use_stableaddr) = 1;
 
 VNET_DEFINE(int, ip6_desync_factor);
 VNET_DEFINE(uint32_t, ip6_temp_max_desync_factor) = TEMP_MAX_DESYNC_FACTOR_BASE;