Date: Wed, 31 Mar 2021 05:33:42 +1100 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: Doug Denault <doug@safeport.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Wire Guard and FreeBSD Message-ID: <7aeba139-7eac-a8b2-05a9-d716c6272d6f@heuristicsystems.com.au> In-Reply-To: <alpine.BSF.2.00.2103301329460.15810@bucksport.safeport.com> References: <alpine.BSF.2.00.2103301329460.15810@bucksport.safeport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31/03/2021 4:42 am, Doug Denault wrote: > On Mon, 29 Mar 2021, Christos Chatzaras wrote: > >>> On 29 Mar 2021, at 23:34, Jerry <jerry@seibercom.net> wrote: >>> >>> I just found this story regarding Wire Guard and FreeBSD. I thought >>> it was >>> rather interesting. >>> > https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ > >> >> There are some discussions in the forum: > > I did not interpret the arsTechnica article the way the first poster in > the forum did. My take, Netgate sponsored a guy named Matthew Macy to > write the FreeBSD kernel code to implement WireGuard. This he did > apparently starting from scratch and (my interpretation) ignored > suggestions and/or the offer of help from Jason Donenfeld who is clearly > (if not original author of) the main contributor to WireGuard. That > Macy's code was horribly flawed is not in dispute and that was not what > I took from the article. The issue for us as FreeBSD users is that > because of size, complexity, and Marcy's credentials, the code got > little or no review almost making it into the 13.0-RELEASE. It didn't so > cool. That it got as close as the article states, not so cool. Anyone > interested should read the arsTechnica article, YMMV. > > That was not what I really wanted to ask and did not know how. WireGuard > would seem to be a really easy to use and high performance VPN. It has > been a port for some time apparently. My questions: (1) does adding it > to the kernel make it that much better? (2) was it going into the > generic kernel? (3) and lastly other that looking a the kernel source is > there a way of telling what's in the generic kernel? > > _____ > Douglas Denault > http://www.safeport.com > doug@safeport.com > Voice: 301-217-9220 > Fax: 301-217-9277 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" 1) Adding to the kernel avoids context switching between kernel and userland. That's why network "stuff" (eg firewalling) is in the kernel. 2) ? 3) kldstat -v (will tell you what's in kernel and what kernel modules have been loaded), though better to read /usr/src/sys/amd64/conf/GENERIC (replace amd64 with your machine architecture) :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7aeba139-7eac-a8b2-05a9-d716c6272d6f>