RE: gutd — WireGuard traffic obfuscator via TC/XDP eBPF (no kernel patches)

[sh0rch]

Hi Jason,

Thanks a lot for the kind words, really means a lot.

I’m very happy the approach makes sense from your perspective. The whole idea was to keep it simple to deploy on top of existing WireGuard setups, without touching the kernel, while still getting the benefits of eBPF.

And also huge thanks to you for WireGuard itself. It’s honestly an amazing protocol: simple, secure, fast, and so cleanly designed that sometimes it feels like even the whole world isn’t enough for it :)

If you do find time to investigate the internals, I’d really appreciate any thoughts or feedback you might have.

Thanks again!

With best wishes,
Danila Makeev

-----Original Message-----
From: Jason A. Donenfeld <Jason at zx2c4.com> 
Sent: 23 March 2026 20:44
To: sh0rch <sh0rch at iwl.dev>
Cc: wireguard at lists.zx2c4.com
Subject: Re: gutd — WireGuard traffic obfuscator via TC/XDP eBPF (no kernel patches)

Hi sh0rch,

This is an awesome project! It seems like doing this with eBPF and TC/XDP is exactly the right way to do this, and lets you just drop it in on top of an existing configuration. I really like this architecture.

I'll try to find some time to look at the internals in proper detail.
But I think this is basically the right direction. Thank you for implementing it!

Jason