From owner-freebsd-arch@freebsd.org Tue Mar 16 16:49:10 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2EB2E5B4AE5; Tue, 16 Mar 2021 16:49:10 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0K4k0v0Yz4nbQ; Tue, 16 Mar 2021 16:49:10 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qv1-f52.google.com (mail-qv1-f52.google.com [209.85.219.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 0CD3E76DE; Tue, 16 Mar 2021 16:49:10 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qv1-f52.google.com with SMTP id l15so9844785qvl.4; Tue, 16 Mar 2021 09:49:10 -0700 (PDT) X-Gm-Message-State: AOAM5336BUCy+ANTqn3eYq34bB2695SlBERXsBJl201bh50jE1MQiFW8 4ezh3gOGtXQIsxeonttLR8Lx1TRKnMv43K4stDA= X-Google-Smtp-Source: ABdhPJzi34QeuuOVEse/PFA41MQ0sLEBCfcjPCZtF6MJIU4MAD2F43d8XcxVIJylISCEjKpVOi7ZU5MBwDx/aFIZSqM= X-Received: by 2002:ad4:51c1:: with SMTP id p1mr582860qvq.39.1615913349559; Tue, 16 Mar 2021 09:49:09 -0700 (PDT) MIME-Version: 1.0 From: Kyle Evans Date: Tue, 16 Mar 2021 11:48:56 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Removing WireGuard Support From FreeBSD Base To: freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2021 16:49:10 -0000 Hi, You may have recently noticed some chatter around the internet about FreeBSD's in-kernel WireGuard implementation, and the work we've done on it in the last week. You may have also noticed additional chatter afterwards with regards to the original implementation. I'd like to give some context and information with regards to the current situation, as well as provide some insight into the future as one of the developers involved. With regard to the original implementation, this will be my only commentary on the matter. I'm a developer, and I'm passionate about the work that I do- often to a fault. I've said some things that I regret; the accusations that Scott Long alluded to in an e-mail on FreeBSD mailing lists were indeed made by me, and his phrasing of what I said was much kinder than it could have been. These were mistakes, and I'm going to own that. However, my personal belief is that neither Netgate, pfSense, nor the original developer deserved the level of scorn and criticism that they've received in the past days from both the press and the community at large. In the next day or so, I will be committing a removal of all WireGuard related bits from our 'main' branch, including the work that I recently committed. It will be followed up by a removal of the implementation from stable/13, and we will seek appropriate approval to remove it from releng/13.0 as well. Please, do not be concerned by any of this; this is being done with mutual support from all parties. Did the original implementation have issues? Yes, it did. Are we certain that our new version -doesn't- have issues? I believe it doesn't, but it hasn't been through thorough enough review. We hacked on this for a week, and we all reviewed each others' work in the process. The problem is that this work, in particular, is a driver with fairly severe security implications. Review by "three developers working and beating on it" is not the higher bar that we should be holding this to. While I believed I was doing what's right for the community, it's become clear that what's right for the community is to take a step back and do this the right way. Note that we're not dropping this effort. We will continue iterating on this out-of-tree, and we will go through the proper review channels. Folks will be unhappy in the interim because we're removing it right now, but in the end we will have a better FreeBSD because of it. There will be a kernel module available in ports at some point, but not before it's ready. Moving forward, myself, members of Netgate, and members of the larger community *are* working together on strictly technical details. I urge anyone with an interest in reviewing the driver to also get in touch with me. Please, let's move forward as a community on this. Thank you, Kyle Evans From owner-freebsd-arch@freebsd.org Tue Mar 16 17:13:49 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7CA205B5F32; Tue, 16 Mar 2021 17:13:49 +0000 (UTC) (envelope-from noloader@gmail.com) Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0Kd92zJzz4qTr; Tue, 16 Mar 2021 17:13:49 +0000 (UTC) (envelope-from noloader@gmail.com) Received: by mail-io1-xd32.google.com with SMTP id k2so38028522ioh.5; Tue, 16 Mar 2021 10:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=LdTU8JNN19De/6YG0m9exoj67s4UkjHWivqTBVMyxSY=; b=lzupkKG+FvaRp0PjWDQE//WskdEXBwWGqjcfk0s3qNm0UhClL6rVvkKbYnbLuxwXbd gDhgWWnxI4uVg5n8zu6/s1wIen+WkfDRi7lOvwHuYFsVHtRw+KRv3cURfwdleRQ83Bhx 2TKY6MWBMA9WJg/OxsHWWwg4TRtSM19KAD/tYsvN159YiEtQex3UrpAAl8E0K19O+rVg XhGrHTNbF8dMfILdUwqqcHEDUD3/UoNG+fkzH1b9utonmDzBBehfXCzoUdD3MbVy1nxM ASvQLQfXvBd7Qs5LSU/5ZheMUcm6UPj8c6vmNxT+JgN1FNc2Vk7my1vW+/3/MnaWxAhN D8ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=LdTU8JNN19De/6YG0m9exoj67s4UkjHWivqTBVMyxSY=; b=AEzpK4atKHaU+zbederG490Wa0bO1/jn9g22xqopqyi4zRUXw7oOTBUbjgkt4QMV3Q VY81878N0tdV7Van0lvv7Ab/BC1+ESHpL1xV4eeT0EX3ExN+1J2/F2pk9184nnr2IUFa 7kMCiQi69Np/UzNHhAHXV7PHKpkzvlzFM+dcGu3jVqAEG8AKnGyh+IZaUW0wxrHRf6/r BadijlgDR7MA0+GCca8MUSQRBAR4c+E104iF63O6P6P8Khzj/IXJaOtZmE+ER6vhN81W WfuVpUaADmAmmCY0TEX22BcsRYMg3u0Rit+vASDDY8YrcZwz4JCfKyKYsd2i5IrNbumv wfgQ== X-Gm-Message-State: AOAM533WWmTyE3HRMF7fLOZOnvIcUAFCRfxo0VJrbnESnRxYi06suhA6 3lUEDzMQl388sirJRz53JdMU94bKnDIJWzPPuLlnHaIu3fxg6w== X-Google-Smtp-Source: ABdhPJxgZRgSO4zUBdqu3fymybt0U9uYN1cRmYhzSIgpDyYUk/THlqMVFC+AkJMlND6puMJWfIfum+GKTxRS9BPmCZY= X-Received: by 2002:a5d:8552:: with SMTP id b18mr4169939ios.124.1615914827889; Tue, 16 Mar 2021 10:13:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Reply-To: noloader@gmail.com From: Jeffrey Walton Date: Tue, 16 Mar 2021 13:13:36 -0400 Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: Kyle Evans Cc: freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4F0Kd92zJzz4qTr X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Mailman-Approved-At: Tue, 16 Mar 2021 20:34:02 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2021 17:13:49 -0000 Hi Kyle, I'm going to top post because there's only two points to raise. Sorry about that. I don't have a dog in this fight, so take this with a grain of salt... > Netgate, pfSense, nor the original developer deserved the level of > scorn and criticism that they've received in the past days from both the > press and the community at large. I have not really seen any scorn or criticism by the press or community. But maybe my feeds are missing something... > In the next day or so, I will be committing a removal of all WireGuard > related bits from our 'main' branch, including the work that I recently > committed. It will be followed up by a removal of the implementation > from stable/13, and we will seek appropriate approval to remove it > from releng/13.0 as well. Please, do not be concerned by any of this; > this is being done with mutual support from all parties. The thing I find unusual is, the move appears to lack technical justification. The best I can tell, the reasons seem to be political. But like I said, maybe my feeds are missing something... As a naive outsider, if you are going to yank it, then the technical reasons for the action should be clearly enumerated. Everything else is just chatter or noise. The move just looks like a bunch of bruised egos and sour grapes. Maybe a good middle ground would be to take the existing code and put it in a Wireguard branch. Those who wish to keep Wireguard out of FreeBSD mainline have done so. FreeBSD users who wish to use Wireguard can build the Wireguard branch. And those who wish to improve Wireguard have a working branch for patches. Later, the branch can be re-merged back to master. Jeff On Tue, Mar 16, 2021 at 12:51 PM Kyle Evans wrote: > > You may have recently noticed some chatter around the internet about > FreeBSD's in-kernel WireGuard implementation, and the work we've done > on it in the last week. You may have also noticed additional chatter > afterwards with regards to the original implementation. I'd like to give > some context and information with regards to the current situation, as > well as provide some insight into the future as one of the developers > involved. > > With regard to the original implementation, this will be my only > commentary on the matter. I'm a developer, and I'm passionate > about the work that I do- often to a fault. I've said some things that > I regret; the accusations that Scott Long alluded to in an e-mail on FreeBSD > mailing lists were indeed made by me, and his phrasing of what I > said was much kinder than it could have been. These were mistakes, > and I'm going to own that. However, my personal belief is that neither > Netgate, pfSense, nor the original developer deserved the level of > scorn and criticism that they've received in the past days from both the > press and the community at large. > > In the next day or so, I will be committing a removal of all WireGuard > related bits from our 'main' branch, including the work that I recently > committed. It will be followed up by a removal of the implementation > from stable/13, and we will seek appropriate approval to remove it > from releng/13.0 as well. Please, do not be concerned by any of this; > this is being done with mutual support from all parties. > > Did the original implementation have issues? Yes, it did. Are we > certain that our new version -doesn't- have issues? I believe it > doesn't, but it hasn't been through thorough enough review. We hacked > on this for a week, and we all reviewed each others' work in the > process. The problem is that this work, in particular, is a driver with fairly > severe security implications. Review by "three developers working > and beating on it" is not the higher bar that we should be > holding this to. While I believed I was doing what's right for the > community, it's become clear that what's right for the community is > to take a step back and do this the right way. > > Note that we're not dropping this effort. We will continue iterating > on this out-of-tree, and we will go through the proper review > channels. Folks will be unhappy in the interim because we're removing > it right now, but in the end we will have a better FreeBSD because of > it. There will be a kernel module available in ports at some point, > but not before it's ready. > > Moving forward, myself, members of Netgate, and members of the larger > community *are* working together on strictly technical details. I urge > anyone with an interest in reviewing the driver to also get in touch with me. > Please, let's move forward as a community on this. From owner-freebsd-arch@freebsd.org Tue Mar 16 17:30:27 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB36D5B6616; Tue, 16 Mar 2021 17:30:27 +0000 (UTC) (envelope-from Jason@zx2c4.com) Received: from mail.zx2c4.com (mail.zx2c4.com [104.131.123.232]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.zx2c4.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0L0M5Jxyz4rnt; Tue, 16 Mar 2021 17:30:27 +0000 (UTC) (envelope-from Jason@zx2c4.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1615915825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8Wql75Z38d6yNM6r69wKmE/MYWRMTbeRnNhGgBKT7nM=; b=A6Eb3I+/qXEu/jpCGkI4PTjZFnGw2KGdlbf0sZ9kHFvz9D+kwFjJcSUDKPl6bDHFgv3IIh zFvFGTu69uMdnT13l2+0M/RLW/DTGF+CirBiuQGkrANd9LO7Ri8zjW0HQO+2WZEk67gZbE pM9NlFOmC3nH6GM/o6IWe8amyYCI6bE= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c993a653 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 16 Mar 2021 17:30:25 +0000 (UTC) Received: by mail-yb1-f177.google.com with SMTP id h82so37596744ybc.13; Tue, 16 Mar 2021 10:30:25 -0700 (PDT) X-Gm-Message-State: AOAM533H8mvBxleCT29it9TyxcuxWx1hvS8t0JBAxc4tdd5mvGCI/RuF TmA/IAIwJyke3sGLFeRuhilCOz7otuaut+l+/BM= X-Google-Smtp-Source: ABdhPJwN7MNuNHax0zFW1DWekEcylejoa77+qtpE8iuS9EQjfWrdbqCePH/cC5IzdVuU02rBjvP6STFdhowug1s8yT0= X-Received: by 2002:a25:4d02:: with SMTP id a2mr7623914ybb.49.1615915824259; Tue, 16 Mar 2021 10:30:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Jason A. Donenfeld" Date: Tue, 16 Mar 2021 11:30:13 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: Kyle Evans Cc: freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4F0L0M5Jxyz4rnt X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Mailman-Approved-At: Tue, 16 Mar 2021 20:35:16 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2021 17:30:27 -0000 Hi Kyle, I think what you describe is a great plan. I think everybody realizes at this point that the original code base from the original author never should have been merged. We went head first in trying to fix it in a week because we thought that was our only choice. But knowing now that we can simply remove it, and get back to coding it carefully and deliberately, is just a huge relief. So that's great. And while it's under development, we can have an out-of-tree repo for folks to test out intermediate snapshots and provide feedback, just like the WireGuard project has always done. In other words, we'll follow the tried and true formulation of: slow, careful coding + regular snapshots to receive testing and feedback. So, I'm quite happy there. And when it is ready, I'm confident it'll get a thorough review from FreeBSD core developers, which is terrific. More review ==> better code. I also want to thank you for your words about Netgate and the various parties involved. I think nobody wants animosity and tension, and I imagine your email has helped to calm the tone quite a bit. That's just the type of reset we need, so that we can get back to what we do best: writing and refining code. To others reading, with regards to actual project logistics, I think what I wrote in the original announcement still stands: we'll have instructions for module building and such online and we'll announce it here. And for developers interested, Kyle, MattD, and I have been coordinating code writing on IRC; if you'd like to join in, ping one of us there and we'll get you up to speed on repos and ssh keys whatnot. Regards, Jason From owner-freebsd-arch@freebsd.org Tue Mar 16 17:38:14 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 44C145B67C5; Tue, 16 Mar 2021 17:38:14 +0000 (UTC) (envelope-from Jason@zx2c4.com) Received: from mail.zx2c4.com (mail.zx2c4.com [104.131.123.232]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.zx2c4.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0L9L1NZ3z4sB4; Tue, 16 Mar 2021 17:38:14 +0000 (UTC) (envelope-from Jason@zx2c4.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1615916291; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0oGACFIL8J9SZamsqvs/X4H69lOZwPL2+iMeFK6MhcE=; b=U3OaT/czT4X0h5JSLTEeA5233hCkKp/L81RA06SAksefFKwouujUwmgm49X/j0npJ72idh nF71cIOzgE/24EIk93U7b9/Vu9cOe3mOQT2dYXt9DnxXYdHNxQdfFG6v7Tc3aB1+hSIV/k NlRQICD37KEVksvolRO/p/4ijUwLOx4= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id aa3de340 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 16 Mar 2021 17:38:11 +0000 (UTC) Received: by mail-yb1-f176.google.com with SMTP id 133so37700501ybd.5; Tue, 16 Mar 2021 10:38:11 -0700 (PDT) X-Gm-Message-State: AOAM532IDmvqj+eIrL2X3NPwGasnGAxXf0b4+qPjMohZNLEejH/fvd2S 0kV5uPfRvGFP2nBVF1tnHq7UMnIIQ2DB1HFFpaM= X-Google-Smtp-Source: ABdhPJxi6Gau0FW2aWBjmPa2EXeZj1hs6B3t0fqJoDRxJLyS+8ZCrqyEFQdLeEpMKWsTelmANlJarC3SMiZ/7Zs/l1Y= X-Received: by 2002:a25:1442:: with SMTP id 63mr13125ybu.123.1615916290654; Tue, 16 Mar 2021 10:38:10 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Jason A. Donenfeld" Date: Tue, 16 Mar 2021 11:37:59 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: Jeffrey Walton Cc: Kyle Evans , freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4F0L9L1NZ3z4sB4 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Mailman-Approved-At: Tue, 16 Mar 2021 20:35:33 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2021 17:38:14 -0000 Hi Jeffrey, On Tue, Mar 16, 2021 at 11:16 AM Jeffrey Walton wrote: > > In the next day or so, I will be committing a removal of all WireGuard > > related bits from our 'main' branch, including the work that I recently > > committed. It will be followed up by a removal of the implementation > > from stable/13, and we will seek appropriate approval to remove it > > from releng/13.0 as well. Please, do not be concerned by any of this; > > this is being done with mutual support from all parties. > > The thing I find unusual is, the move appears to lack technical > justification. The best I can tell, the reasons seem to be political. > But like I said, maybe my feeds are missing something... > > As a naive outsider, if you are going to yank it, then the technical > reasons for the action should be clearly enumerated. Everything else > is just chatter or noise. The move just looks like a bunch of bruised > egos and sour grapes. I'd just like to chime in and point out that although this is happening in a political context as you've pointed out, this is in my opinion the *best possible technical situation*, and the one I would have preferred in the beginning anyway if it were presented as a choice. Here's the technical background you asked for: - We found tons of issues with the original code base. - We spent a week rewriting that codebase. So here's the rationale: - Merging a week-old codebase into an operating system kernel is a bad idea. It's really not more complicated than that. I'm *sure* we'll find more things to fix. That's just the nature of it. And from a practical perspective, it's a lot easier for me, anyway, to casually push fixes as I code to a normal repo on git.zx2c4.com. When there's a lot of potential code churn, sometimes it's easiest to be able to move fast at first. When we get it to a place where we feel extra good about it, then we can do the full review process on what we've got, which has the added benefit of even more eyeballs and ways of looking at things. I think the code will benefit from this type of process. > Maybe a good middle ground would be to take the existing code and put > it in a Wireguard branch. Those who wish to keep Wireguard out of > FreeBSD mainline have done so. FreeBSD users who wish to use Wireguard > can build the Wireguard branch. And those who wish to improve > Wireguard have a working branch for patches. Later, the branch can be > re-merged back to master. We're actually going to do something like that already. We'll have it as an out-of-tree module, since it's fairly standalone anyway. And then when it's ready, we'll send that for merging back into the FreeBSD main branch. Also, from a technical perspective, dealing with out of tree modules on FreeBSD seems way, way easier than on Linux. There's not nearly as much API churn, as far as I can see. We probably can even offer prebuilts at some point for people who want to test out snapshots. So I'm really not very worried (at least at the moment; I'm still new to FreeBSD kernel development). Jason From owner-freebsd-arch@freebsd.org Wed Mar 17 12:53:32 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D4C6A5ADE92; Wed, 17 Mar 2021 12:53:32 +0000 (UTC) (envelope-from gbe@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0qpN5jL3z3kSW; Wed, 17 Mar 2021 12:53:32 +0000 (UTC) (envelope-from gbe@freebsd.org) Received: from localhost (p200300d5d740b9c039e609000b7e9f1f.dip0.t-ipconnect.de [IPv6:2003:d5:d740:b9c0:39e6:900:b7e:9f1f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: gbe) by smtp.freebsd.org (Postfix) with ESMTPSA id 41861206B3; Wed, 17 Mar 2021 12:53:32 +0000 (UTC) (envelope-from gbe@freebsd.org) Date: Wed, 17 Mar 2021 13:53:28 +0100 From: Gordon Bergling To: Kyle Evans Cc: freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Subject: Re: Removing WireGuard Support From FreeBSD Base Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RTChV5aF75eiVAKG" Content-Disposition: inline In-Reply-To: X-Url: X-Operating-System: FreeBSD 12.2-STABLE amd64 X-Host-Uptime: 1:47PM up 2 days, 19:32, 4 users, load averages: 0.26, 0.27, 0.25 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2021 12:53:32 -0000 --RTChV5aF75eiVAKG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I am not sure, if the removal is a great idea, a removal from releng/13 and stable/13 - possibly yes, but from main? This is still -CURRENT and -CURRENT should be central place for development, even if we have phabricator for review. If the complete backout is happening, please don't forget the manual page. I have spend a lot of time on it, while OpenBSD made a good template. --Gordon On Tue, Mar 16, 2021 at 11:48:56AM -0500, Kyle Evans wrote: > Hi, >=20 > You may have recently noticed some chatter around the internet about > FreeBSD's in-kernel WireGuard implementation, and the work we've done > on it in the last week. You may have also noticed additional chatter > afterwards with regards to the original implementation. I'd like to give > some context and information with regards to the current situation, as > well as provide some insight into the future as one of the developers > involved. >=20 > With regard to the original implementation, this will be my only > commentary on the matter. I'm a developer, and I'm passionate > about the work that I do- often to a fault. I've said some things that > I regret; the accusations that Scott Long alluded to in an e-mail on Free= BSD > mailing lists were indeed made by me, and his phrasing of what I > said was much kinder than it could have been. These were mistakes, > and I'm going to own that. However, my personal belief is that neither > Netgate, pfSense, nor the original developer deserved the level of > scorn and criticism that they've received in the past days from both the > press and the community at large. >=20 > In the next day or so, I will be committing a removal of all WireGuard > related bits from our 'main' branch, including the work that I recently > committed. It will be followed up by a removal of the implementation > from stable/13, and we will seek appropriate approval to remove it > from releng/13.0 as well. Please, do not be concerned by any of this; > this is being done with mutual support from all parties. >=20 > Did the original implementation have issues? Yes, it did. Are we > certain that our new version -doesn't- have issues? I believe it > doesn't, but it hasn't been through thorough enough review. We hacked > on this for a week, and we all reviewed each others' work in the > process. The problem is that this work, in particular, is a driver with f= airly > severe security implications. Review by "three developers working > and beating on it" is not the higher bar that we should be > holding this to. While I believed I was doing what's right for the > community, it's become clear that what's right for the community is > to take a step back and do this the right way. >=20 > Note that we're not dropping this effort. We will continue iterating > on this out-of-tree, and we will go through the proper review > channels. Folks will be unhappy in the interim because we're removing > it right now, but in the end we will have a better FreeBSD because of > it. There will be a kernel module available in ports at some point, > but not before it's ready. >=20 > Moving forward, myself, members of Netgate, and members of the larger > community *are* working together on strictly technical details. I urge > anyone with an interest in reviewing the driver to also get in touch with= me. > Please, let's move forward as a community on this. >=20 > Thank you, >=20 > Kyle Evans > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" --=20 --RTChV5aF75eiVAKG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYbWI0KY5X7yH/Fy4OQX2V8rP09wFAmBR+8hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYx QjU4OEQwQTYzOTVGQkM4N0ZDNUNCODM5MDVGNjU3Q0FDRkQzREMACgkQOQX2V8rP 09zmrQgAnsfgJ6vHWxHkAKQMmjsBu+/D0Zn9h3riJZmY79pC53/kEcfFIm4n45Gv XDvbP5b4wrNSKYtLBJJuskJXY0OPHlNxDESoduEN2FIUy1ffxTj7eQKdP9FtdPj4 PRMtAcF/95IfGc/wUNRQcOsMW5LZq1md0uLqBM6YqKYCIILPfvBFxtOPUMsifWNK hdfK8pHu0qUwAZUKLtKKF86SA67a/L874n2roKZazzNFzT0rqVNIxdr1T5qAtpk3 GkXaVDEVF25wo8IX4jIRvCXs6tjHqw9KdWc4bxX6WmsB0eelaJuuok4j4KN+oEkE cz+huqPlxvOOWm+QOO4DKRrwAOwxWQ== =2JqR -----END PGP SIGNATURE----- --RTChV5aF75eiVAKG-- From owner-freebsd-arch@freebsd.org Wed Mar 17 18:34:16 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6F70B574D73; Wed, 17 Mar 2021 18:34:16 +0000 (UTC) (envelope-from Jason@zx2c4.com) Received: from mail.zx2c4.com (mail.zx2c4.com [104.131.123.232]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.zx2c4.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F0zMX2c8Zz4sDW; Wed, 17 Mar 2021 18:34:16 +0000 (UTC) (envelope-from Jason@zx2c4.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1616006053; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cjjMrT2xYrXsJqkFDsqRf8ReOoXS7j5fb6T1uzcyYzo=; b=qD+wxZr0oG+EVJ2pLqjWPun4ZHqCcYx9K2kTdzstNi342qoMRUPGHsGRYue6lNccWvzWG7 sVJcgyoi0wI6jl9YpkSb+aWvz1LV/QkaTmD/9zp/D05mZw2h9JCmUZWDgdN4vWwlM8V/mC bPWxTnP+Oxda7A2CdgnDExyQXIR39S4= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f3f78777 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 17 Mar 2021 18:34:13 +0000 (UTC) Received: by mail-yb1-f176.google.com with SMTP id h82so41485672ybc.13; Wed, 17 Mar 2021 11:34:13 -0700 (PDT) X-Gm-Message-State: AOAM530/q3UxALIk/RcH71gF1lM+m/Qf3CG6NdZPJVgEfQzy6kzgqxrv iVe5kU3bQqJFWNH6PX3lVfKzcoGj0ion3dZns/o= X-Google-Smtp-Source: ABdhPJy2yTWXhL8i2ug5YvbJreL+NPFVFbQolWZ4rFVa1KmLQtXZ777TJ9LzTUGPdsAGPYCcn4aUXuX9ypsIt4lCZ5k= X-Received: by 2002:a25:38c5:: with SMTP id f188mr6186822yba.178.1616006052690; Wed, 17 Mar 2021 11:34:12 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Jason A. Donenfeld" Date: Wed, 17 Mar 2021 12:34:02 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: Gordon Bergling Cc: Kyle Evans , freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4F0zMX2c8Zz4sDW X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Mailman-Approved-At: Thu, 18 Mar 2021 08:50:33 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2021 18:34:16 -0000 Hi Gordon, On Wed, Mar 17, 2021 at 6:53 AM Gordon Bergling wrote: > I am not sure, if the removal is a great idea, a removal from > releng/13 and stable/13 - possibly yes, but from main? > > This is still -CURRENT and -CURRENT should be central place for development, > even if we have phabricator for review. It looks like Kyle has gone ahead with the revert anyway, so development is now happening at: https://git.zx2c4.com/wireguard-freebsd/ And there are now regular snapshot releases: https://lists.zx2c4.com/pipermail/wireguard/2021-March/006518.html As for your objections, and the question of what -CURRENT should or shouldn't be used for, I really have no idea as a community outsider. But I do look forward to submitting it for proper inclusion in -CURRENT after a few more cycles of development and refinement. There's also the crypto question that I'd welcome some feedback on: https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057076.html > If the complete backout is happening, please don't forget the manual > page. I have spend a lot of time on it, while OpenBSD made a good > template. Thanks for bringing this up; I had actually forgotten about that. Do you want to re-add it and keep that current as we develop? If you email me your SSH key, you can just commit it directly. Jason From owner-freebsd-arch@freebsd.org Thu Mar 18 16:52:35 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6234557C9B3; Thu, 18 Mar 2021 16:52:35 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1Y3l2LrHz4RdV; Thu, 18 Mar 2021 16:52:35 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qv1-f47.google.com (mail-qv1-f47.google.com [209.85.219.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 425272DFF3; Thu, 18 Mar 2021 16:52:35 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qv1-f47.google.com with SMTP id t5so3527224qvs.5; Thu, 18 Mar 2021 09:52:35 -0700 (PDT) X-Gm-Message-State: AOAM533S0C+HtrFqnIlOqcWTyqa2tEfE4q5UoC7AxCz3y5R2wWxGZn1i +42XKkQlmM/k9EU798QRLMIphEABIl6IEC5/JuY= X-Google-Smtp-Source: ABdhPJwqB8n/oSCRMe6UElGKb44MIyrUyblGSO1L5kLm8AruHbr6Y7r82awrKU8to5GzYn3Ga0MHFLxIZHFoosrnyM8= X-Received: by 2002:ad4:4aa8:: with SMTP id i8mr5364279qvx.22.1616086354927; Thu, 18 Mar 2021 09:52:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Kyle Evans Date: Thu, 18 Mar 2021 11:52:21 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: freebsd-arch@freebsd.org, FreeBSD Hackers Cc: WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2021 16:52:35 -0000 On Tue, Mar 16, 2021 at 11:48 AM Kyle Evans wrote: > > Hi, > > You may have recently noticed some chatter around the internet about > FreeBSD's in-kernel WireGuard implementation, and the work we've done > on it in the last week. You may have also noticed additional chatter > afterwards with regards to the original implementation. I'd like to give > some context and information with regards to the current situation, as > well as provide some insight into the future as one of the developers > involved. > I'm afraid I must follow this one up with an announcement that I'm stepping back from the wireguard-freebsd efforts. You'll likely hear some things about me in the coming days. I'm sure I've said more things in the past week and a half in anger that I regret, and I'll have to live with that. I'd like to set the record straight. Netgate personnel were involved in part with my announcement of removal. I did not take a number of suggestions, because I wrote what I believed in and I continue to do so. Netgate is in no way involved with this announcement that I'm leaving it for now. There's been too much press surrounding this, and it's distracting me from the work that I like to do and what I'm typically known for. The wireguard-freebsd project will need a new maintainer. Thanks, Kyle Evans From owner-freebsd-arch@freebsd.org Thu Mar 18 16:57:50 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BF21D57CF2F; Thu, 18 Mar 2021 16:57:50 +0000 (UTC) (envelope-from Jason@zx2c4.com) Received: from mail.zx2c4.com (mail.zx2c4.com [104.131.123.232]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.zx2c4.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1Y9p4rgcz4S5P; Thu, 18 Mar 2021 16:57:50 +0000 (UTC) (envelope-from Jason@zx2c4.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1616086666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2raz3xmxfaPvFu2pSkiE0EI0DosoVDw0Ftn7W7ndbM0=; b=G49iC/h9XZzWfbd8iIBN/bQGFIOeXsLj0SCifwI7k/KhD4qBYK4KvlL7vAhVkJef+YY7Kv RSy3IvLOzCjmOHMIbqFJE8jlY5iwq7FpTVgrTrYkWnonrbfdSm0btwGfnHn6f9HXcF7oSm mo4o5llqL5PS6dmuiPOKoCTpbVf7Gaw= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 636e2484 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 18 Mar 2021 16:57:46 +0000 (UTC) Received: by mail-yb1-f171.google.com with SMTP id c131so3273507ybf.7; Thu, 18 Mar 2021 09:57:46 -0700 (PDT) X-Gm-Message-State: AOAM530rE5S9Ry9lmVYwPHbxPO32KZBCCYkVChcLqaN6ZIcs50pPvKPP Ja40/3osowgZBq3HPJMVJCvFDQRufkmZ8m54XeM= X-Google-Smtp-Source: ABdhPJxFM6kd6HuLbn+LMLeN2oasfNlFJ4GEB8305Y+awsyvETsE2BtF0cpEEadrVskddctTGK/rSn2K74KfISljNSY= X-Received: by 2002:a25:9bc5:: with SMTP id w5mr309584ybo.279.1616086666065; Thu, 18 Mar 2021 09:57:46 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 18 Mar 2021 10:57:35 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Removing WireGuard Support From FreeBSD Base To: Kyle Evans Cc: freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4F1Y9p4rgcz4S5P X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Mailman-Approved-At: Thu, 18 Mar 2021 18:35:04 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2021 16:57:50 -0000 Hi Kyle, On Thu, Mar 18, 2021 at 10:53 AM Kyle Evans wrote: > involved with this announcement that I'm leaving it for now. There's > been too much press surrounding this, and it's distracting me from the > work that I like to do and what I'm typically known for. Makes sense and is understandable. It's been pretty miserable for all of us. It looks like we'll eventually find somebody on the FreeBSD side of things to take over where you left off, but hopefully for now in the coming weeks things can just level out to some tranquility, so we can get back to distraction-free coding without all the drama. Jason From owner-freebsd-arch@freebsd.org Fri Mar 19 07:47:23 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BEFE65BAB5E; Fri, 19 Mar 2021 07:47:23 +0000 (UTC) (envelope-from gbe@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1wwC50gbz3sRP; Fri, 19 Mar 2021 07:47:23 +0000 (UTC) (envelope-from gbe@freebsd.org) Received: from localhost (p200300d5d740b9b371f8e2bb23215a26.dip0.t-ipconnect.de [IPv6:2003:d5:d740:b9b3:71f8:e2bb:2321:5a26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: gbe) by smtp.freebsd.org (Postfix) with ESMTPSA id 24DF85077; Fri, 19 Mar 2021 07:47:23 +0000 (UTC) (envelope-from gbe@freebsd.org) Date: Fri, 19 Mar 2021 08:47:19 +0100 From: Gordon Bergling To: "Jason A. Donenfeld" Cc: Kyle Evans , freebsd-arch@freebsd.org, FreeBSD Hackers , WireGuard mailing list Subject: Re: Removing WireGuard Support From FreeBSD Base Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="22oXUrEG2gqMUdDC" Content-Disposition: inline In-Reply-To: X-Url: X-Operating-System: FreeBSD 12.2-STABLE amd64 X-Host-Uptime: 8:41AM up 4 days, 14:25, 4 users, load averages: 0.97, 2.84, 3.53 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2021 07:47:23 -0000 --22oXUrEG2gqMUdDC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 17, 2021 at 12:34:02PM -0600, Jason A. Donenfeld wrote: > Hi Gordon, >=20 > On Wed, Mar 17, 2021 at 6:53 AM Gordon Bergling wrote: > > I am not sure, if the removal is a great idea, a removal from > > releng/13 and stable/13 - possibly yes, but from main? > > > > This is still -CURRENT and -CURRENT should be central place for develop= ment, > > even if we have phabricator for review. >=20 > It looks like Kyle has gone ahead with the revert anyway, so > development is now happening at: >=20 > https://git.zx2c4.com/wireguard-freebsd/ >=20 > And there are now regular snapshot releases: >=20 > https://lists.zx2c4.com/pipermail/wireguard/2021-March/006518.html >=20 > As for your objections, and the question of what -CURRENT should or > shouldn't be used for, I really have no idea as a community outsider. > But I do look forward to submitting it for proper inclusion in > -CURRENT after a few more cycles of development and refinement. > There's also the crypto question that I'd welcome some feedback on: >=20 > https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057076.html >=20 > > If the complete backout is happening, please don't forget the manual > > page. I have spend a lot of time on it, while OpenBSD made a good > > template. >=20 > Thanks for bringing this up; I had actually forgotten about that. Do > you want to re-add it and keep that current as we develop? If you > email me your SSH key, you can just commit it directly. >=20 > Jason Thanks for the reply. I still think that the removal from main was a mistak= e, but it has happened. I'll create a port for WireGuard tomorrow so that FreeBSD isn't losing Wire= Guard support at all, for whatever reason. --Gordon --22oXUrEG2gqMUdDC Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYbWI0KY5X7yH/Fy4OQX2V8rP09wFAmBUVwdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYx QjU4OEQwQTYzOTVGQkM4N0ZDNUNCODM5MDVGNjU3Q0FDRkQzREMACgkQOQX2V8rP 09xcSwf7B8S5DymZnYOFWwh3KiWUgE8XICI3PSEGkQ+306lbVNn+6UIsPStiYop1 RHHBLMae1n3B+f6TGKg9zQOeViIYGZyYzHwcCY1FpO1WYuKP7MseI/iSWXh/VC5L TSUkbcoDLYMqUuI/Z8s8dSFgZ72+ZrFuh0K8kkYSebOZ20ZhHAZvwH6iYzOn3QRy WuznUc4ynH1I9IOuddzgpODptMCAoeRYB6BDxnOqLG8uPIKoJTGHTVUKYt3Ubv7R Qc/RktLFF2nGiWFi1S6p8A44ClVHVk1SlpoLSGFY9UGmLp8M+6hfKPSEZVZ/LGmX fU3KRYZtzwjSucPCOdkndFTTLjwKrw== =l1RP -----END PGP SIGNATURE----- --22oXUrEG2gqMUdDC-- From owner-freebsd-arch@freebsd.org Fri Mar 19 10:43:30 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E10425BE54B; Fri, 19 Mar 2021 10:43:30 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (yggdrasil.evilham.com [46.19.33.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F20qP1sDQz4YMJ; Fri, 19 Mar 2021 10:43:28 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (localhost [IPv6:::1]) by yggdrasil.evilham.com (Postfix) with ESMTP id 4F20qF20lGzHrf; Fri, 19 Mar 2021 11:43:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=evilham.com; h=from:to:cc :subject:references:in-reply-to:date:message-id:mime-version :content-type:content-transfer-encoding; s=mail; bh=ka3N9SKhV0Zn Mpyq9STNXBwWdm8=; b=ZBmSVnYnfLzUSqWfP7QZQSylJj/8qVoBJ/pFrL3EtBf6 dz1qui7G3usNp1IbWBAhxYwsXWa/j2LqxomTzHBZMluUXXcZ/sXp5sH0oQmQ4CeI BC6daLxzGCzaddNGDqy6ILAEec0SD/ZvYaJY+rlQXFOjxsyzJwEKmqfRBcQqpkA= Received: from yggdrasil.evilham.com (unknown [IPv6:2a0a:e5c1:121:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by yggdrasil.evilham.com (Postfix) with ESMTPSA id 4F20qD3VtlzHrd; Fri, 19 Mar 2021 11:43:20 +0100 (CET) From: Evilham To: wireguard@lists.zx2c4.com Cc: freebsd-arch@freebsd.org, FreeBSD Hackers Subject: Re: Removing WireGuard Support From FreeBSD Base References: In-reply-to: Date: Fri, 19 Mar 2021 11:43:19 +0100 Message-ID: <5980672e-2c67-4c46-9e31-733515d70a41@yggdrasil.evilham.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4F20qP1sDQz4YMJ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=evilham.com header.s=mail header.b=ZBmSVnYn; dmarc=pass (policy=none) header.from=evilham.com; spf=pass (mx1.freebsd.org: domain of contact@evilham.com designates 46.19.33.155 as permitted sender) smtp.mailfrom=contact@evilham.com X-Spamd-Result: default: False [-2.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[46.19.33.155:from]; R_DKIM_ALLOW(-0.20)[evilham.com:s=mail]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; NEURAL_SPAM_SHORT(1.00)[0.997]; NEURAL_HAM_LONG(-1.00)[-1.000]; SPAMHAUS_ZRD(0.00)[46.19.33.155:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[evilham.com:+]; DMARC_POLICY_ALLOW(-0.50)[evilham.com,none]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:196752, ipnet:46.19.32.0/21, country:NL]; MAILMAN_DEST(0.00)[freebsd-arch,freebsd-hackers] X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2021 10:43:30 -0000 On dv., mar=C3=A7 19 2021, Gordon Bergling wrote: > On Wed, Mar 17, 2021 at 12:34:02PM -0600, Jason A. Donenfeld=20 > wrote: >> Hi Gordon, >> >> On Wed, Mar 17, 2021 at 6:53 AM Gordon Bergling=20 >> wrote: >> > I am not sure, if the removal is a great idea, a removal from >> > releng/13 and stable/13 - possibly yes, but from main? >> > >> > This is still -CURRENT and -CURRENT should be central place=20 >> > for development, >> > even if we have phabricator for review. >> >> It looks like Kyle has gone ahead with the revert anyway, so >> development is now happening at: >> >> https://git.zx2c4.com/wireguard-freebsd/ >> >> And there are now regular snapshot releases: >> >> https://lists.zx2c4.com/pipermail/wireguard/2021-March/006518.html >> >> As for your objections, and the question of what -CURRENT=20 >> should or >> shouldn't be used for, I really have no idea as a community=20 >> outsider. >> But I do look forward to submitting it for proper inclusion in >> -CURRENT after a few more cycles of development and refinement. >> There's also the crypto question that I'd welcome some feedback=20 >> on: >> >> https://lists.freebsd.org/pipermail/freebsd-hackers/2021-March/057076.ht= ml >> >> > If the complete backout is happening, please don't forget the=20 >> > manual >> > page. I have spend a lot of time on it, while OpenBSD made a=20 >> > good >> > template. >> >> Thanks for bringing this up; I had actually forgotten about=20 >> that. Do >> you want to re-add it and keep that current as we develop? If=20 >> you >> email me your SSH key, you can just commit it directly. >> >> Jason > > Thanks for the reply. I still think that the removal from main=20 > was a mistake, > but it has happened. > > I'll create a port for WireGuard tomorrow so that FreeBSD isn't=20 > losing WireGuard > support at all, for whatever reason. > > --Gordon If you do that, please take following tiny patch into account=20 (missing from the git repo @zx2c4, posted to the WG ML awaiting=20 moderation): This is due to the removal commit form stable/13 and, from what I=20 saw, didn't affect CURRENT or 12. --- src/compat.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/compat.h b/src/compat.h index 6126e26..bc29c01 100644 --- a/src/compat.h +++ b/src/compat.h @@ -7,6 +7,9 @@ */ #include +#if __FreeBSD_version < 1400000 +#include +#include #if __FreeBSD_version < 1300000 #define VIMAGE @@ -18,8 +21,6 @@ #include #include #include -#include -#include #include #include #include @@ -39,6 +40,7 @@ #undef atomic_load_ptr #define atomic_load_ptr(p) (*(volatile __typeof(*p) *)(p)) +#endif /* __FreeBSD_version < 1300000 */ struct taskqgroup_cpu { LIST_HEAD(, grouptask) tgc_tasks; @@ -67,7 +69,7 @@ static inline void taskqgroup_drain_all(struct=20 taskqgroup *tqg) gtaskqueue_drain_all(q); } } -#endif +#endif /* __FreeBSD_version < 1400000 */ #if __FreeBSD_version < 1202000 static inline uint32_t arc4random_uniform(uint32_t bound) -- 2.30.1