From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"<netdev@vger.kernel.org>" <netdev@vger.kernel.org>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel
Date: Wed, 3 Oct 2018 13:15:38 +0200 [thread overview]
Message-ID: <CAKv+Gu-oCH4D_otvMk+R_6z_p73Le90PkdQUUPnT6q0kWVL4Jw@mail.gmail.com> (raw)
In-Reply-To: <20180925145622.29959-24-Jason@zx2c4.com>
On 25 September 2018 at 16:56, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> WireGuard is a layer 3 secure networking tunnel made specifically for
> the kernel, that aims to be much simpler and easier to audit than IPsec.
...
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Cc: David Miller <davem@davemloft.net>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> ---
> MAINTAINERS | 8 +
> drivers/net/Kconfig | 30 +
> drivers/net/Makefile | 1 +
> drivers/net/wireguard/Makefile | 18 +
> drivers/net/wireguard/allowedips.c | 404 ++++++++++
> drivers/net/wireguard/allowedips.h | 55 ++
> drivers/net/wireguard/cookie.c | 234 ++++++
> drivers/net/wireguard/cookie.h | 59 ++
> drivers/net/wireguard/device.c | 438 +++++++++++
> drivers/net/wireguard/device.h | 65 ++
> drivers/net/wireguard/hashtables.c | 209 +++++
> drivers/net/wireguard/hashtables.h | 63 ++
> drivers/net/wireguard/main.c | 65 ++
> drivers/net/wireguard/messages.h | 128 +++
> drivers/net/wireguard/netlink.c | 606 ++++++++++++++
> drivers/net/wireguard/netlink.h | 12 +
> drivers/net/wireguard/noise.c | 784 +++++++++++++++++++
> drivers/net/wireguard/noise.h | 129 +++
> drivers/net/wireguard/peer.c | 191 +++++
> drivers/net/wireguard/peer.h | 87 ++
> drivers/net/wireguard/queueing.c | 52 ++
> drivers/net/wireguard/queueing.h | 193 +++++
> drivers/net/wireguard/ratelimiter.c | 220 ++++++
> drivers/net/wireguard/ratelimiter.h | 19 +
> drivers/net/wireguard/receive.c | 595 ++++++++++++++
> drivers/net/wireguard/selftest/allowedips.h | 663 ++++++++++++++++
> drivers/net/wireguard/selftest/counter.h | 103 +++
> drivers/net/wireguard/selftest/ratelimiter.h | 178 +++++
> drivers/net/wireguard/send.c | 420 ++++++++++
> drivers/net/wireguard/socket.c | 432 ++++++++++
> drivers/net/wireguard/socket.h | 44 ++
> drivers/net/wireguard/timers.c | 256 ++++++
> drivers/net/wireguard/timers.h | 30 +
> drivers/net/wireguard/version.h | 1 +
> include/uapi/linux/wireguard.h | 190 +++++
> tools/testing/selftests/wireguard/netns.sh | 499 ++++++++++++
> 36 files changed, 7481 insertions(+)
> create mode 100644 drivers/net/wireguard/Makefile
> create mode 100644 drivers/net/wireguard/allowedips.c
> create mode 100644 drivers/net/wireguard/allowedips.h
> create mode 100644 drivers/net/wireguard/cookie.c
> create mode 100644 drivers/net/wireguard/cookie.h
> create mode 100644 drivers/net/wireguard/device.c
> create mode 100644 drivers/net/wireguard/device.h
> create mode 100644 drivers/net/wireguard/hashtables.c
> create mode 100644 drivers/net/wireguard/hashtables.h
> create mode 100644 drivers/net/wireguard/main.c
> create mode 100644 drivers/net/wireguard/messages.h
> create mode 100644 drivers/net/wireguard/netlink.c
> create mode 100644 drivers/net/wireguard/netlink.h
> create mode 100644 drivers/net/wireguard/noise.c
> create mode 100644 drivers/net/wireguard/noise.h
> create mode 100644 drivers/net/wireguard/peer.c
> create mode 100644 drivers/net/wireguard/peer.h
> create mode 100644 drivers/net/wireguard/queueing.c
> create mode 100644 drivers/net/wireguard/queueing.h
> create mode 100644 drivers/net/wireguard/ratelimiter.c
> create mode 100644 drivers/net/wireguard/ratelimiter.h
> create mode 100644 drivers/net/wireguard/receive.c
> create mode 100644 drivers/net/wireguard/selftest/allowedips.h
> create mode 100644 drivers/net/wireguard/selftest/counter.h
> create mode 100644 drivers/net/wireguard/selftest/ratelimiter.h
> create mode 100644 drivers/net/wireguard/send.c
> create mode 100644 drivers/net/wireguard/socket.c
> create mode 100644 drivers/net/wireguard/socket.h
> create mode 100644 drivers/net/wireguard/timers.c
> create mode 100644 drivers/net/wireguard/timers.h
> create mode 100644 drivers/net/wireguard/version.h
> create mode 100644 include/uapi/linux/wireguard.h
> create mode 100755 tools/testing/selftests/wireguard/netns.sh
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 5967c737f3ce..32db7ebad86e 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -15823,6 +15823,14 @@ L: linux-gpio@vger.kernel.org
> S: Maintained
> F: drivers/gpio/gpio-ws16c48.c
>
> +WIREGUARD SECURE NETWORK TUNNEL
> +M: Jason A. Donenfeld <Jason@zx2c4.com>
> +S: Maintained
> +F: drivers/net/wireguard/
> +F: tools/testing/selftests/wireguard/
> +L: wireguard@lists.zx2c4.com
> +L: netdev@vger.kernel.org
> +
> WISTRON LAPTOP BUTTON DRIVER
> M: Miloslav Trmac <mitr@volny.cz>
> S: Maintained
> diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
> index d03775100f7d..aa631fe3b395 100644
> --- a/drivers/net/Kconfig
> +++ b/drivers/net/Kconfig
> @@ -70,6 +70,36 @@ config DUMMY
> To compile this driver as a module, choose M here: the module
> will be called dummy.
>
> +config WIREGUARD
> + tristate "WireGuard secure network tunnel"
> + depends on NET && INET
I think you need to add IPV6 here
> + select NET_UDP_TUNNEL
> + select DST_CACHE
> + select ZINC_CHACHA20POLY1305
> + select ZINC_BLAKE2S
> + select ZINC_CURVE25519
> + default m
Please drop this - we usually leave it up to the defconfigs or distro
configs to enable stuff like this.
> + help
> + WireGuard is a secure, fast, and easy to use replacement for IPSec
> + that uses modern cryptography and clever networking tricks. It's
> + designed to be fairly general purpose and abstract enough to fit most
> + use cases, while at the same time remaining extremely simple to
> + configure. See www.wireguard.com for more info.
> +
> + It's safe to say Y or M here, as the driver is very lightweight and
> + is only in use when an administrator chooses to add an interface.
> +
> +config WIREGUARD_DEBUG
> + bool "Debugging checks and verbose messages"
> + depends on WIREGUARD
> + help
> + This will write log messages for handshake and other events
> + that occur for a WireGuard interface. It will also perform some
> + extra validation checks and unit tests at various points. This is
> + only useful for debugging.
> +
> + Say N here unless you know what you're doing.
> +
> config EQUALIZER
> tristate "EQL (serial line load balancing) support"
> ---help---
...
next prev parent reply other threads:[~2018-10-03 11:15 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-25 14:55 [PATCH net-next v6 00/23] WireGuard: Secure Network Tunnel Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 01/23] asm: simd context helper API Jason A. Donenfeld
2018-09-28 8:28 ` Ard Biesheuvel
2018-09-28 8:49 ` Ard Biesheuvel
2018-09-28 13:47 ` Jason A. Donenfeld
2018-09-28 13:52 ` Ard Biesheuvel
2018-09-28 13:59 ` Jason A. Donenfeld
2018-09-28 14:00 ` Ard Biesheuvel
2018-09-28 14:01 ` Jason A. Donenfeld
2018-09-30 4:20 ` Joe Perches
2018-09-30 5:35 ` Andy Lutomirski
2018-10-01 1:43 ` Jason A. Donenfeld
2018-10-02 7:18 ` Ard Biesheuvel
2018-09-28 13:45 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 02/23] zinc: introduce minimal cryptography library Jason A. Donenfeld
2018-09-25 18:33 ` Joe Perches
2018-09-25 19:43 ` Jason A. Donenfeld
2018-09-25 20:00 ` Andy Lutomirski
2018-09-25 20:02 ` Jason A. Donenfeld
2018-09-25 20:05 ` Joe Perches
2018-09-25 20:12 ` Jason A. Donenfeld
2018-09-25 20:21 ` Joe Perches
2018-09-25 20:54 ` Jason A. Donenfeld
2018-09-25 21:02 ` Joe Perches
2018-09-25 21:03 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 03/23] zinc: ChaCha20 generic C implementation and selftest Jason A. Donenfeld
2018-09-28 15:40 ` Ard Biesheuvel
2018-09-29 1:53 ` Jason A. Donenfeld
2018-10-02 3:15 ` Herbert Xu
2018-10-02 3:18 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 04/23] zinc: ChaCha20 x86_64 implementation Jason A. Donenfeld
2018-09-28 15:47 ` Ard Biesheuvel
2018-09-29 2:01 ` Jason A. Donenfeld
2018-09-29 7:56 ` Borislav Petkov
2018-09-29 8:00 ` Ard Biesheuvel
2018-09-29 8:11 ` Borislav Petkov
2018-09-29 8:27 ` Abel Vesa
2018-10-02 1:09 ` Jason A. Donenfeld
2018-10-02 1:07 ` Jason A. Donenfeld
2018-10-02 3:18 ` Herbert Xu
2018-10-02 3:20 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 05/23] zinc: import Andy Polyakov's ChaCha20 ARM and ARM64 implementations Jason A. Donenfeld
2018-09-28 15:49 ` Ard Biesheuvel
2018-09-28 15:51 ` Ard Biesheuvel
2018-09-28 15:57 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 06/23] zinc: port " Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 07/23] zinc: " Jason A. Donenfeld
2018-09-26 8:59 ` Ard Biesheuvel
2018-09-26 13:32 ` Jason A. Donenfeld
2018-09-26 14:02 ` Ard Biesheuvel
2018-09-26 15:41 ` Jason A. Donenfeld
2018-09-26 16:54 ` Ard Biesheuvel
2018-09-26 17:07 ` Jason A. Donenfeld
2018-09-26 17:37 ` Eric Biggers
2018-09-26 17:46 ` Jason A. Donenfeld
2018-09-26 15:41 ` Ard Biesheuvel
2018-09-26 15:45 ` Jason A. Donenfeld
2018-09-26 15:49 ` Jason A. Donenfeld
2018-09-26 15:51 ` Ard Biesheuvel
2018-09-26 15:58 ` Jason A. Donenfeld
2018-09-27 0:04 ` Jason A. Donenfeld
2018-09-27 13:26 ` Jason A. Donenfeld
2018-09-27 15:19 ` Jason A. Donenfeld
2018-09-27 16:26 ` Andy Lutomirski
2018-09-27 17:06 ` Jason A. Donenfeld
2018-09-26 16:21 ` Andy Lutomirski
2018-09-26 17:03 ` Jason A. Donenfeld
2018-09-26 17:08 ` Ard Biesheuvel
2018-09-26 17:23 ` Andy Lutomirski
2018-09-26 14:36 ` Andrew Lunn
2018-09-26 15:25 ` Jason A. Donenfeld
2018-09-28 16:01 ` Ard Biesheuvel
2018-09-29 2:20 ` Jason A. Donenfeld
2018-09-29 6:16 ` Ard Biesheuvel
2018-09-30 2:33 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 08/23] zinc: ChaCha20 MIPS32r2 implementation Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 09/23] zinc: Poly1305 generic C implementations and selftest Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 10/23] zinc: Poly1305 x86_64 implementation Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 11/23] zinc: import Andy Polyakov's Poly1305 ARM and ARM64 implementations Jason A. Donenfeld
2018-10-03 6:12 ` Eric Biggers
2018-10-03 7:58 ` Ard Biesheuvel
2018-10-03 14:08 ` Jason A. Donenfeld
2018-10-03 14:45 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 12/23] zinc: " Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 13/23] zinc: Poly1305 MIPS32r2 and MIPS64 implementations Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 14/23] zinc: ChaCha20Poly1305 construction and selftest Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 15/23] zinc: BLAKE2s generic C implementation " Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 16/23] zinc: BLAKE2s x86_64 implementation Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 17/23] zinc: Curve25519 generic C implementations and selftest Jason A. Donenfeld
2018-09-25 18:38 ` Joe Perches
2018-09-25 14:56 ` [PATCH net-next v6 18/23] zinc: Curve25519 x86_64 implementation Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 19/23] zinc: Curve25519 ARM implementation Jason A. Donenfeld
2018-10-02 16:59 ` Ard Biesheuvel
2018-10-02 21:35 ` Richard Weinberger
2018-10-03 1:03 ` Jason A. Donenfeld
2018-10-05 15:05 ` D. J. Bernstein
2018-10-05 15:16 ` Ard Biesheuvel
2018-10-05 18:40 ` Jason A. Donenfeld
2018-10-03 3:10 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 20/23] crypto: port Poly1305 to Zinc Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 21/23] crypto: port ChaCha20 " Jason A. Donenfeld
2018-10-02 3:26 ` Herbert Xu
2018-10-02 3:31 ` Jason A. Donenfeld
2018-10-03 5:56 ` Eric Biggers
2018-10-03 14:01 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 22/23] security/keys: rewrite big_key crypto to use Zinc Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 23/23] net: WireGuard secure network tunnel Jason A. Donenfeld
2018-09-26 16:00 ` Ivan Labáth
2018-09-26 16:04 ` Jason A. Donenfeld
2018-11-05 13:06 ` Ivan Labáth
2018-11-12 23:53 ` Jason A. Donenfeld
2018-11-13 0:10 ` Dave Taht
2018-11-13 0:13 ` Jason A. Donenfeld
2018-09-27 1:15 ` Andrew Lunn
2018-09-27 22:37 ` Jason A. Donenfeld
2018-09-28 1:09 ` Jason A. Donenfeld
2018-09-28 15:01 ` Andrew Lunn
2018-09-28 15:04 ` Jason A. Donenfeld
2018-10-03 11:15 ` Ard Biesheuvel [this message]
2018-10-03 14:12 ` Jason A. Donenfeld
2018-10-03 14:13 ` Ard Biesheuvel
2018-10-03 14:25 ` Ard Biesheuvel
2018-10-03 14:28 ` Jason A. Donenfeld
2018-09-27 18:29 ` [PATCH net-next v6 00/23] WireGuard: Secure Network Tunnel Eric Biggers
2018-09-27 21:35 ` Jason A. Donenfeld
2018-09-28 1:17 ` Eric Biggers
2018-09-28 2:35 ` Jason A. Donenfeld
2018-09-28 4:55 ` Eric Biggers
2018-09-28 5:46 ` Jason A. Donenfeld
2018-09-28 7:52 ` Ard Biesheuvel
2018-09-28 13:40 ` Jason A. Donenfeld
2018-10-02 3:39 ` Herbert Xu
2018-10-02 3:45 ` Jason A. Donenfeld
2018-10-02 3:49 ` Herbert Xu
2018-10-02 6:04 ` Ard Biesheuvel
2018-10-02 6:43 ` Richard Weinberger
2018-10-02 12:22 ` Jason A. Donenfeld
2018-10-03 6:49 ` Eric Biggers
2018-10-05 13:13 ` Jason A. Donenfeld
2018-10-05 13:37 ` Richard Weinberger
2018-10-05 13:46 ` Jason A. Donenfeld
2018-10-05 13:53 ` Richard Weinberger
2018-10-05 17:50 ` David Miller
2018-09-28 17:47 ` Ard Biesheuvel
2018-09-29 2:40 ` Jason A. Donenfeld
2018-09-29 5:35 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKv+Gu-oCH4D_otvMk+R_6z_p73Le90PkdQUUPnT6q0kWVL4Jw@mail.gmail.com \
--to=ard.biesheuvel@linaro.org \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).