Wire Guard and FreeBSD
Doug Denault
doug at safeport.com
Tue Mar 30 17:42:12 UTC 2021
On Mon, 29 Mar 2021, Christos Chatzaras wrote:
>> On 29 Mar 2021, at 23:34, Jerry <jerry at seibercom.net> wrote:
>>
>> I just found this story regarding Wire Guard and FreeBSD. I thought it was
>> rather interesting.
>>
https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
>
> There are some discussions in the forum:
I did not interpret the arsTechnica article the way the first poster in the
forum did. My take, Netgate sponsored a guy named Matthew Macy to write the
FreeBSD kernel code to implement WireGuard. This he did apparently starting
from scratch and (my interpretation) ignored suggestions and/or the offer
of help from Jason Donenfeld who is clearly (if not original author of) the
main contributor to WireGuard. That Macy's code was horribly flawed is
not in dispute and that was not what I took from the article. The issue for
us as FreeBSD users is that because of size, complexity, and Marcy's
credentials, the code got little or no review almost making it into the
13.0-RELEASE. It didn't so cool. That it got as close as the article
states, not so cool. Anyone interested should read the arsTechnica article,
YMMV.
That was not what I really wanted to ask and did not know how. WireGuard
would seem to be a really easy to use and high performance VPN. It has been
a port for some time apparently. My questions: (1) does adding it to the
kernel make it that much better? (2) was it going into the generic kernel?
(3) and lastly other that looking a the kernel source is there a way of
telling what's in the generic kernel?
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
Voice: 301-217-9220
Fax: 301-217-9277
More information about the freebsd-questions
mailing list