From owner-freebsd-questions@freebsd.org Tue Mar 30 17:42:12 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B339D57EFF4 for ; Tue, 30 Mar 2021 17:42:12 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F8xbR4G7gz53SV for ; Tue, 30 Mar 2021 17:42:11 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) by bucksport.safeport.com (8.14.5/8.14.5) with ESMTP id 12UHg7ip075435 for ; Tue, 30 Mar 2021 13:42:07 -0400 (EDT) (envelope-from doug@safeport.com) Date: Tue, 30 Mar 2021 13:42:07 -0400 (EDT) From: Doug Denault To: freebsd-questions@FreeBSD.ORG Subject: Re: Wire Guard and FreeBSD Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (bucksport.safeport.com [198.74.231.101]); Tue, 30 Mar 2021 13:42:07 -0400 (EDT) X-Rspamd-Queue-Id: 4F8xbR4G7gz53SV X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of doug@safeport.com designates 198.74.231.101 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [-2.10 / 15.00]; FAKE_REPLY(1.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.74.231.101:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:198.74.231.101]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[198.74.231.101:from:127.0.2.255]; DMARC_NA(0.00)[safeport.com]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; RCVD_COUNT_ONE(0.00)[1]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11288, ipnet:198.74.228.0/22, country:US]; MAILMAN_DEST(0.00)[freebsd-questions]; ONCE_RECEIVED(0.10)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2021 17:42:12 -0000 On Mon, 29 Mar 2021, Christos Chatzaras wrote: >> On 29 Mar 2021, at 23:34, Jerry wrote: >> >> I just found this story regarding Wire Guard and FreeBSD. I thought it was >> rather interesting. >> https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ > > There are some discussions in the forum: I did not interpret the arsTechnica article the way the first poster in the forum did. My take, Netgate sponsored a guy named Matthew Macy to write the FreeBSD kernel code to implement WireGuard. This he did apparently starting from scratch and (my interpretation) ignored suggestions and/or the offer of help from Jason Donenfeld who is clearly (if not original author of) the main contributor to WireGuard. That Macy's code was horribly flawed is not in dispute and that was not what I took from the article. The issue for us as FreeBSD users is that because of size, complexity, and Marcy's credentials, the code got little or no review almost making it into the 13.0-RELEASE. It didn't so cool. That it got as close as the article states, not so cool. Anyone interested should read the arsTechnica article, YMMV. That was not what I really wanted to ask and did not know how. WireGuard would seem to be a really easy to use and high performance VPN. It has been a port for some time apparently. My questions: (1) does adding it to the kernel make it that much better? (2) was it going into the generic kernel? (3) and lastly other that looking a the kernel source is there a way of telling what's in the generic kernel? _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277