wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: [ANNOUNCE] wireguard-freebsd snapshot v0.0.20210415 is available
Date: Thu, 15 Apr 2021 23:21:14 -0600	[thread overview]
Message-ID: <ef9b2fb320ad392f@lists.zx2c4.com> (raw)

Hash: SHA256


An experimental snapshot, v0.0.20210415, of WireGuard for FreeBSD has been
been tagged in the git repository.

At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.

== Changes ==

  * if_wg: remove peer marshalling from get request
  This is a pretty massive code cleanup that decreases memory usage on `wg show`
  and also simplifies the code considerably, replacing 312 lines with 94.
  * if_wg: allow debugging with `ifconfig wg0 debug`
  Users can now run `ifconfig wg0 debug` to see the usual debugging messages in
  dmesg, just like on Linux with dynamic_debug.
  * if_wg: don't check return value of WAITOK
  Tiny cleanup.
  * if_wg: do not allow ioctl to race with clone_destroy
  This works around some bugs in the core FreeBSD kernel networking stack, where
  clone_destroy races with ioctls and sometimes even packet transmission. There
  are upstream patches pending to fix this, but for now it looks like every
  driver works around it in its own way, so for now we go with an approach most
  similar to the if_tuntap.c driver.
  * if_wg: set multicast flag
  Following extensive discussion [1] with Stefan Haller and Toke Høiland-
  Jørgensen, the IFF_MULTICAST option is now set on the interface, so that bird
  can send packets using babel. It turns out that FreeBSD forbids v6 multicast
  address destinations, even when used in a unicast context, if this flag isn't
  set, which differs from Linux semantics. This patch combined with [2] from
  Toke to upstream bird will allow WireGuard to work with bird as it did when we
  previously used IFF_POINTTOPOINT (which had its own problems). I sent a patch
  to the FreeBSD port of bird here [3] so that hopefully if_wg is functional
  with bird and babel not before too long.
  [1] https://lore.kernel.org/wireguard/CAHmME9qerb3LhuJfQ2L=J9gz=vGXV47qUAwC3-LYMTWVWnn62Q@mail.gmail.com/T/
  [2] https://bird.network.cz/pipermail/bird-users/2021-April/015415.html
  [3] https://lists.freebsd.org/pipermail/freebsd-ports/2021-April/120867.html

This snapshot contains commits from: Jason A. Donenfeld.

The source repository is available at the usual location:
  git clone https://git.zx2c4.com/wireguard-freebsd

This snapshot is available in compressed tarball form:
  SHA2-256: 40dae82e27b37e236f761a2e84f892fe10ee183227287e7affdd5be571a1e612

Thank you,
Jason Donenfeld



                 reply	other threads:[~2021-04-16  5:21 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ef9b2fb320ad392f@lists.zx2c4.com \
    --to=jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).