[ANNOUNCE] WireGuard Snapshot `0.0.20170918` Available
Jason A. Donenfeld
Jason at zx2c4.com
Mon Sep 18 17:52:29 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20170918`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* queue: entirely rework parallel system
This is one of the most significant changes in WireGuard's codebase
in a long time, so I'd appreciate some thorough testing of this
snapshot. Work here began as part of Samuel Holland (smaeul)'s project
for Google Summer of Code, and then I gradually morphed it into its
It's a rewrite of the entire multicore processing algorithm of WireGuard.
No longer are we relying on padata, an inefficient kernel library that
weighs a whopping 1000 lines of code alone. Instead, we've implemented
parallel processing using algorithms specifically tailored for WireGuard's
structures and ordering concerns. In spite of having to provide ourselves
what this library priorly provided, this snapshot actually weighs in
_shorter_ than the previous one, which goes to show how cumbersome even
using padata's APIs were and how much leaner we can make things.
The result is a big improvement in performance on most systems. On my laptop,
I'm seeing about 1.4x performance as before, which is quite nice. We're
still working on the best way to scale this to systems with absurd quantities
of cores, but overall it's working quite well. Future work also involves
using the DQL and qdisc systems.
In the process, the entire project's code was significantly cleaned up and
Samuel was extremely instrumental in kickstarting these efforts, and his
GSoC was most certainly valuable for getting this project started. He knows
large parts of the WireGuard codebase well, and I expect for him to be
a valuable colleague moving forward.
* device: IFF_NO_QUEUE is a private flag, not a public one
This will prevent the weird "20000" flag from showing up in
ip-link when the device is down.
* socket: satisfy sparse
* routingtable: satisfy sparse
* timers: style
* compat: ensure we can build without compat.h
* send: no need to check for NULL since ref is valid
Style and correctness fixes.
* qemu: enable debug info for debug qemu
A welcome improvement for all those trying to debug things.
* compat: support RHEL 7.4
This snapshot drops support for RHEL 7.3, moving on instead
to RHEL 7.4.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard