[ANNOUNCE] wireguard-freebsd snapshot v0.0.20210415 is available
Jason A. Donenfeld
Jason at zx2c4.com
Fri Apr 16 05:21:14 UTC 2021
-----BEGIN PGP SIGNED MESSAGE-----
An experimental snapshot, v0.0.20210415, of WireGuard for FreeBSD has been
been tagged in the git repository.
At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.
== Changes ==
* if_wg: remove peer marshalling from get request
This is a pretty massive code cleanup that decreases memory usage on `wg show`
and also simplifies the code considerably, replacing 312 lines with 94.
* if_wg: allow debugging with `ifconfig wg0 debug`
Users can now run `ifconfig wg0 debug` to see the usual debugging messages in
dmesg, just like on Linux with dynamic_debug.
* if_wg: don't check return value of WAITOK
* if_wg: do not allow ioctl to race with clone_destroy
This works around some bugs in the core FreeBSD kernel networking stack, where
clone_destroy races with ioctls and sometimes even packet transmission. There
are upstream patches pending to fix this, but for now it looks like every
driver works around it in its own way, so for now we go with an approach most
similar to the if_tuntap.c driver.
* if_wg: set multicast flag
Following extensive discussion  with Stefan Haller and Toke Høiland-
Jørgensen, the IFF_MULTICAST option is now set on the interface, so that bird
can send packets using babel. It turns out that FreeBSD forbids v6 multicast
address destinations, even when used in a unicast context, if this flag isn't
set, which differs from Linux semantics. This patch combined with  from
Toke to upstream bird will allow WireGuard to work with bird as it did when we
previously used IFF_POINTTOPOINT (which had its own problems). I sent a patch
to the FreeBSD port of bird here  so that hopefully if_wg is functional
with bird and babel not before too long.
This snapshot contains commits from: Jason A. Donenfeld.
The source repository is available at the usual location:
git clone https://git.zx2c4.com/wireguard-freebsd
This snapshot is available in compressed tarball form:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard