On 07.05.2018 10:41, Jordan Glover wrote:
> Pointing to go and rust implementations which are being
> worked on will be much better.
They still run in userspace.

That being said, I still don't see any reason for doing something in WG
for which (a) there's no threat model, (b) a perfectly adequate and
well-tested solution already exists, no matter whether the
implementation is userspace, kernelspace, or inside a network card's
firmware (well …).

Yes, ssh has a config option for that, but ssh runs on systems without
kernel-level IP filters. Using WG on a machine that will forward IP
packets but cannot do any firewalling is not a credible use case.

-- 
-- Matthias Urlichs