Date: Tue, 30 Mar 2021 14:42:46 -0400 (EDT) From: Doug Denault <doug@safeport.com> To: Dewayne Geraghty <dewayne@heuristicsystems.com.au> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Wire Guard and FreeBSD Message-ID: <alpine.BSF.2.00.2103301442100.15810@bucksport.safeport.com> In-Reply-To: <7aeba139-7eac-a8b2-05a9-d716c6272d6f@heuristicsystems.com.au> References: <alpine.BSF.2.00.2103301329460.15810@bucksport.safeport.com> <7aeba139-7eac-a8b2-05a9-d716c6272d6f@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 31 Mar 2021, Dewayne Geraghty wrote: > On 31/03/2021 4:42 am, Doug Denault wrote: >> On Mon, 29 Mar 2021, Christos Chatzaras wrote: >> >>>> On 29 Mar 2021, at 23:34, Jerry <jerry@seibercom.net> wrote: >>>> >>>> I just found this story regarding Wire Guard and FreeBSD. I thought >>>> it was >>>> rather interesting. >>>> >> https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ >> >>> >>> There are some discussions in the forum: >> >> I did not interpret the arsTechnica article the way the first poster in >> the forum did. My take, Netgate sponsored a guy named Matthew Macy to >> write the FreeBSD kernel code to implement WireGuard. This he did >> apparently starting from scratch and (my interpretation) ignored >> suggestions and/or the offer of help from Jason Donenfeld who is clearly >> (if not original author of) the main contributor to WireGuard. That >> Macy's code was horribly flawed is not in dispute and that was not what >> I took from the article. The issue for us as FreeBSD users is that >> because of size, complexity, and Marcy's credentials, the code got >> little or no review almost making it into the 13.0-RELEASE. It didn't so >> cool. That it got as close as the article states, not so cool. Anyone >> interested should read the arsTechnica article, YMMV. >> >> That was not what I really wanted to ask and did not know how. WireGuard >> would seem to be a really easy to use and high performance VPN. It has >> been a port for some time apparently. My questions: (1) does adding it >> to the kernel make it that much better? (2) was it going into the >> generic kernel? (3) and lastly other that looking a the kernel source is >> there a way of telling what's in the generic kernel? >> > > 1) Adding to the kernel avoids context switching between kernel and > userland. That's why network "stuff" (eg firewalling) is in the kernel. > 2) ? > 3) kldstat -v (will tell you what's in kernel and what kernel modules > have been loaded), though better to read /usr/src/sys/amd64/conf/GENERIC > (replace amd64 with your machine architecture) :) Thank you _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.2103301442100.15810>