Wire Guard and FreeBSD
Doug Denault
doug at safeport.com
Tue Mar 30 18:42:45 UTC 2021
On Wed, 31 Mar 2021, Dewayne Geraghty wrote:
> On 31/03/2021 4:42 am, Doug Denault wrote:
>> On Mon, 29 Mar 2021, Christos Chatzaras wrote:
>>
>>>> On 29 Mar 2021, at 23:34, Jerry <jerry at seibercom.net> wrote:
>>>>
>>>> I just found this story regarding Wire Guard and FreeBSD. I thought
>>>> it was
>>>> rather interesting.
>>>>
>> https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
>>
>>>
>>> There are some discussions in the forum:
>>
>> I did not interpret the arsTechnica article the way the first poster in
>> the forum did. My take, Netgate sponsored a guy named Matthew Macy to
>> write the FreeBSD kernel code to implement WireGuard. This he did
>> apparently starting from scratch and (my interpretation) ignored
>> suggestions and/or the offer of help from Jason Donenfeld who is clearly
>> (if not original author of) the main contributor to WireGuard. That
>> Macy's code was horribly flawed is not in dispute and that was not what
>> I took from the article. The issue for us as FreeBSD users is that
>> because of size, complexity, and Marcy's credentials, the code got
>> little or no review almost making it into the 13.0-RELEASE. It didn't so
>> cool. That it got as close as the article states, not so cool. Anyone
>> interested should read the arsTechnica article, YMMV.
>>
>> That was not what I really wanted to ask and did not know how. WireGuard
>> would seem to be a really easy to use and high performance VPN. It has
>> been a port for some time apparently. My questions: (1) does adding it
>> to the kernel make it that much better? (2) was it going into the
>> generic kernel? (3) and lastly other that looking a the kernel source is
>> there a way of telling what's in the generic kernel?
>>
>
> 1) Adding to the kernel avoids context switching between kernel and
> userland. That's why network "stuff" (eg firewalling) is in the kernel.
> 2) ?
> 3) kldstat -v (will tell you what's in kernel and what kernel modules
> have been loaded), though better to read /usr/src/sys/amd64/conf/GENERIC
> (replace amd64 with your machine architecture) :)
Thank you
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
Voice: 301-217-9220
Fax: 301-217-9277
More information about the freebsd-questions
mailing list