Development discussion of WireGuard
 help / color / mirror / Atom feed
* WireGuard Implementation for LwIP Stack
@ 2021-03-15 16:55 Daniel Hope
  0 siblings, 0 replies; only message in thread
From: Daniel Hope @ 2021-03-15 16:55 UTC (permalink / raw)
  To: wireguard

I have developed a WireGuard implementation for an embedded project we are working on that uses LwIP as the IP stack. The implementation has been released here: 

LwIP is an open source TCP/IP stack that is used mainly in embedded systems, often those with very tight memory requirements for code/data size, and normally not running Linux / BSD or even any operating system at all.

The project contains a pure C, malloc free implementation of the WireGuard protocol, some glue in the form of a lwIP netif implementation and some crypto elements that end users will probably want to optimise for their specific embedded platform. I wish I’d seen the single file crypto.c file that Jason just announced in the FreeBSD code as that would have been useful… although the x25519 probably would still use too much stack for us.

In terms of size we can run a couple of WireGuard peers as well as our main application on an STM32F10x board that has just 64K RAM - the goal here being secure connectivity rather than raw packet throughput.

I’d welcome any feedback to improve the code!

In terms of other ideas I think this code could be adapted to run as a static C library to link against to enable per-application WireGuard support. Whilst there are other methods that already exist to do this - e.g. containerisation, or via the library here:, etc these tend to require either operating system tunnel/network interface support or Linux in particular.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-03-15 19:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-15 16:55 WireGuard Implementation for LwIP Stack Daniel Hope

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ \
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone