[ANNOUNCE] wireguard-freebsd snapshot v0.0.20210415 is available

Jason A. Donenfeld Jason at zx2c4.com
Fri Apr 16 05:21:14 UTC 2021 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

An experimental snapshot, v0.0.20210415, of WireGuard for FreeBSD has been
been tagged in the git repository.

At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.

== Changes ==

  * if_wg: remove peer marshalling from get request
  
  This is a pretty massive code cleanup that decreases memory usage on `wg show`
  and also simplifies the code considerably, replacing 312 lines with 94.
  
  * if_wg: allow debugging with `ifconfig wg0 debug`
  
  Users can now run `ifconfig wg0 debug` to see the usual debugging messages in
  dmesg, just like on Linux with dynamic_debug.
  
  * if_wg: don't check return value of WAITOK
  
  Tiny cleanup.
  
  * if_wg: do not allow ioctl to race with clone_destroy
  
  This works around some bugs in the core FreeBSD kernel networking stack, where
  clone_destroy races with ioctls and sometimes even packet transmission. There
  are upstream patches pending to fix this, but for now it looks like every
  driver works around it in its own way, so for now we go with an approach most
  similar to the if_tuntap.c driver.
  
  * if_wg: set multicast flag
  
  Following extensive discussion [1] with Stefan Haller and Toke Høiland-
  Jørgensen, the IFF_MULTICAST option is now set on the interface, so that bird
  can send packets using babel. It turns out that FreeBSD forbids v6 multicast
  address destinations, even when used in a unicast context, if this flag isn't
  set, which differs from Linux semantics. This patch combined with [2] from
  Toke to upstream bird will allow WireGuard to work with bird as it did when we
  previously used IFF_POINTTOPOINT (which had its own problems). I sent a patch
  to the FreeBSD port of bird here [3] so that hopefully if_wg is functional
  with bird and babel not before too long.
  
  [1] https://lore.kernel.org/wireguard/CAHmME9qerb3LhuJfQ2L=J9gz=vGXV47qUAwC3-LYMTWVWnn62Q@mail.gmail.com/T/
  [2] https://bird.network.cz/pipermail/bird-users/2021-April/015415.html
  [3] https://lists.freebsd.org/pipermail/freebsd-ports/2021-April/120867.html

This snapshot contains commits from: Jason A. Donenfeld.

The source repository is available at the usual location:
  git clone https://git.zx2c4.com/wireguard-freebsd

This snapshot is available in compressed tarball form:
  https://git.zx2c4.com/wireguard-freebsd/snapshot/wireguard-freebsd-0.0.20210415.tar.xz
  SHA2-256: 40dae82e27b37e236f761a2e84f892fe10ee183227287e7affdd5be571a1e612

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAmB5HrUQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrhkhEACgF5svIroYhrH23L9/XU9ndBmOqM9kc+ke
nx7w0x+jWdfOOvCRMbuS9LFLLTBfP+/y4igPpDVYi6Njl20YamcfmTa6mqNizpIg
TA5OCYKqOZSPEQynPz4pNtqFhT+ZqxquDgnNQB6RL9PfmVzDT4Jvk4/8IFF5f3ls
hjLa14cpL2MkrGvYbM5WPUo/3zXkHA6Ai1uzAAa8HmxZI8Dl3/L4EEoUXO6VeUK7
KI+EyelH7N8ZLZNKBTT7j0CcTtA26zbMY8VtNlAJBiYaSpktSaox3JcTtS9nRFU8
HOoherDDP4weHMcrr9En2VVkMGHK5F9EvgbpDGPGObLcXY8u/AU9xZTBxn7es7Go
AYtkOcr6q1QvIEtnzQT8hYr8umhq31QnGUuA50LhuSCl5WOPJWAU0+Y9CnszNeyO
KPgou/8zAE7VdUk4js3MXKXm5PbEEFMotqkluXHXYg8SRqyD+lYAi5G+wfc3iFgo
U//8HkAPOr81O32Y+clLsTkmM270QRiQ90UTOBAZPDBjHR+ScUzUa6uZ8GKWasjO
U8xMPw2t1DR1gYvPFQZ6O7VxVp4dL34GNmgrPFr9+pfsNyZ5nEMCYr2IBrHNwN2H
zSWDYyw8ySs053IWZOMIlXGDvKp4xqI0AK8ioHQk3kY87UtNrM1BN1kvQAz7CIhS
vvsCQq6Tdg==
=bgfK
-----END PGP SIGNATURE-----

More information about the WireGuard mailing list