From owner-freebsd-questions@freebsd.org Tue Mar 30 18:36:03 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B0155A91F2 for ; Tue, 30 Mar 2021 18:36:03 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2560 bits) client-digest SHA256) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F8ynZ3GZKz57Ky for ; Tue, 30 Mar 2021 18:36:01 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from [10.0.5.3] (noddy.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id 12UIZ6pg032391 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Wed, 31 Mar 2021 05:35:07 +1100 (AEDT) (envelope-from dewayne@heuristicsystems.com.au) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=heuristicsystems.com.au; s=hsa; t=1617129307; x=1617734108; bh=iZgS3xu0f2dwDdObWuzSqaW5KqlcXVuBvJvllcx94/4=; h=Subject:To:From:Message-ID:Date; b=Ef0fn+crVw4KAtUmcFS+j5gza1brwOxg8ydlOwJXbxQZKvPd5Spl1MwOxCrFllk9A 575cZIuWTumhe1YQGTUeoGQljjQahW7rfXfhYjHfkeArMDg+sROl8CYyLRr2qOCcbx TEQjZLJQKOZydFABeTgy9w45Ee7Zr5upEMSnxzB1FXHwb4xp+9uqL X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be [10.0.5.3] Subject: Re: Wire Guard and FreeBSD To: Doug Denault , freebsd-questions@FreeBSD.ORG References: From: Dewayne Geraghty Message-ID: <7aeba139-7eac-a8b2-05a9-d716c6272d6f@heuristicsystems.com.au> Date: Wed, 31 Mar 2021 05:33:42 +1100 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4F8ynZ3GZKz57Ky X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=heuristicsystems.com.au header.s=hsa header.b=Ef0fn+cr; dmarc=none; spf=pass (mx1.freebsd.org: domain of dewayne@heuristicsystems.com.au designates 203.41.22.115 as permitted sender) smtp.mailfrom=dewayne@heuristicsystems.com.au X-Spamd-Result: default: False [-6.20 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[heuristicsystems.com.au:s=hsa]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DWL_DNSWL_MED(-2.00)[heuristicsystems.com.au:dkim]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; ARC_NA(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_NA(0.00)[heuristicsystems.com.au]; NEURAL_HAM_LONG(-1.00)[-1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[heuristicsystems.com.au:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_MED(-0.20)[203.41.22.115:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2021 18:36:03 -0000 On 31/03/2021 4:42 am, Doug Denault wrote: > On Mon, 29 Mar 2021, Christos Chatzaras wrote: > >>> On 29 Mar 2021, at 23:34, Jerry wrote: >>> >>> I just found this story regarding Wire Guard and FreeBSD. I thought >>> it was >>> rather interesting. >>> > https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ > >> >> There are some discussions in the forum: > > I did not interpret the arsTechnica article the way the first poster in > the forum did. My take, Netgate sponsored a guy named Matthew Macy to > write the FreeBSD kernel code to implement WireGuard. This he did > apparently starting from scratch and (my interpretation) ignored > suggestions and/or the offer of help from Jason Donenfeld who is clearly > (if not original author of) the main contributor to WireGuard. That > Macy's code was horribly flawed is not in dispute and that was not what > I took from the article. The issue for us as FreeBSD users is that > because of size, complexity, and Marcy's credentials, the code got > little or no review almost making it into the 13.0-RELEASE. It didn't so > cool. That it got as close as the article states, not so cool. Anyone > interested should read the arsTechnica article, YMMV. > > That was not what I really wanted to ask and did not know how. WireGuard > would seem to be a really easy to use and high performance VPN. It has > been a port for some time apparently. My questions: (1) does adding it > to the kernel make it that much better? (2) was it going into the > generic kernel? (3) and lastly other that looking a the kernel source is > there a way of telling what's in the generic kernel? > > _____ > Douglas Denault > http://www.safeport.com > doug@safeport.com > Voice: 301-217-9220 >   Fax: 301-217-9277 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" 1) Adding to the kernel avoids context switching between kernel and userland. That's why network "stuff" (eg firewalling) is in the kernel. 2) ? 3) kldstat -v (will tell you what's in kernel and what kernel modules have been loaded), though better to read /usr/src/sys/amd64/conf/GENERIC (replace amd64 with your machine architecture) :)