Development discussion of WireGuard
 help / color / mirror / Atom feed
* [ANNOUNCE] wireguard-freebsd snapshot v0.0.20210415 is available
@ 2021-04-16  5:21 Jason A. Donenfeld
  0 siblings, 0 replies; only message in thread
From: Jason A. Donenfeld @ 2021-04-16  5:21 UTC (permalink / raw)
  To: WireGuard mailing list

Hash: SHA256


An experimental snapshot, v0.0.20210415, of WireGuard for FreeBSD has been
been tagged in the git repository.

At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.

== Changes ==

  * if_wg: remove peer marshalling from get request
  This is a pretty massive code cleanup that decreases memory usage on `wg show`
  and also simplifies the code considerably, replacing 312 lines with 94.
  * if_wg: allow debugging with `ifconfig wg0 debug`
  Users can now run `ifconfig wg0 debug` to see the usual debugging messages in
  dmesg, just like on Linux with dynamic_debug.
  * if_wg: don't check return value of WAITOK
  Tiny cleanup.
  * if_wg: do not allow ioctl to race with clone_destroy
  This works around some bugs in the core FreeBSD kernel networking stack, where
  clone_destroy races with ioctls and sometimes even packet transmission. There
  are upstream patches pending to fix this, but for now it looks like every
  driver works around it in its own way, so for now we go with an approach most
  similar to the if_tuntap.c driver.
  * if_wg: set multicast flag
  Following extensive discussion [1] with Stefan Haller and Toke Høiland-
  Jørgensen, the IFF_MULTICAST option is now set on the interface, so that bird
  can send packets using babel. It turns out that FreeBSD forbids v6 multicast
  address destinations, even when used in a unicast context, if this flag isn't
  set, which differs from Linux semantics. This patch combined with [2] from
  Toke to upstream bird will allow WireGuard to work with bird as it did when we
  previously used IFF_POINTTOPOINT (which had its own problems). I sent a patch
  to the FreeBSD port of bird here [3] so that hopefully if_wg is functional
  with bird and babel not before too long.

This snapshot contains commits from: Jason A. Donenfeld.

The source repository is available at the usual location:
  git clone

This snapshot is available in compressed tarball form:
  SHA2-256: 40dae82e27b37e236f761a2e84f892fe10ee183227287e7affdd5be571a1e612

Thank you,
Jason Donenfeld



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-04-16  5:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-16  5:21 [ANNOUNCE] wireguard-freebsd snapshot v0.0.20210415 is available Jason A. Donenfeld

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ \
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone