[ANNOUNCE] WireGuard Snapshot `0.0.20170918` Available

Jason A. Donenfeld Jason at zx2c4.com
Mon Sep 18 17:52:29 CEST 2017

Hash: SHA256


A new snapshot, `0.0.20170918`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * queue: entirely rework parallel system
  This is one of the most significant changes in WireGuard's codebase
  in a long time, so I'd appreciate some thorough testing of this
  snapshot. Work here began as part of Samuel Holland (smaeul)'s project
  for Google Summer of Code, and then I gradually morphed it into its
  present design.
  It's a rewrite of the entire multicore processing algorithm of WireGuard.
  No longer are we relying on padata, an inefficient kernel library that
  weighs a whopping 1000 lines of code alone. Instead, we've implemented
  parallel processing using algorithms specifically tailored for WireGuard's
  structures and ordering concerns. In spite of having to provide ourselves
  what this library priorly provided, this snapshot actually weighs in
  _shorter_ than the previous one, which goes to show how cumbersome even
  using padata's APIs were and how much leaner we can make things.
  The result is a big improvement in performance on most systems. On my laptop,
  I'm seeing about 1.4x performance as before, which is quite nice. We're
  still working on the best way to scale this to systems with absurd quantities
  of cores, but overall it's working quite well. Future work also involves
  using the DQL and qdisc systems.
  In the process, the entire project's code was significantly cleaned up and
  Samuel was extremely instrumental in kickstarting these efforts, and his
  GSoC was most certainly valuable for getting this project started. He knows
  large parts of the WireGuard codebase well, and I expect for him to be
  a valuable colleague moving forward.
  * device: IFF_NO_QUEUE is a private flag, not a public one
  This will prevent the weird "20000" flag from showing up in
  ip-link when the device is down.
  * socket: satisfy sparse
  * routingtable: satisfy sparse
  * timers: style
  * compat: ensure we can build without compat.h
  * send: no need to check for NULL since ref is valid
  Style and correctness fixes.
  * qemu: enable debug info for debug qemu
  A welcome improvement for all those trying to debug things.
  * compat: support RHEL 7.4
  This snapshot drops support for RHEL 7.3, moving on instead
  to RHEL 7.4.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: e083f18596574fb7050167090bfb4db4df09a1a99f3c1adc77f820c166368881
  BLAKE2b-256: 9035708a21cb7df8cfc11bdde26bcb2fbc0b3165b6ec913ebb92f336a7d69b76

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list