Wire Guard and FreeBSD

Dewayne Geraghty dewayne at heuristicsystems.com.au
Tue Mar 30 18:36:03 UTC 2021

On 31/03/2021 4:42 am, Doug Denault wrote:
> On Mon, 29 Mar 2021, Christos Chatzaras wrote:
>>> On 29 Mar 2021, at 23:34, Jerry <jerry at seibercom.net> wrote:
>>> I just found this story regarding Wire Guard and FreeBSD. I thought
>>> it was
>>> rather interesting.
> https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
>> There are some discussions in the forum:
> I did not interpret the arsTechnica article the way the first poster in
> the forum did. My take, Netgate sponsored a guy named Matthew Macy to
> write the FreeBSD kernel code to implement WireGuard. This he did
> apparently starting from scratch and (my interpretation) ignored
> suggestions and/or the offer of help from Jason Donenfeld who is clearly
> (if not original author of) the main contributor to WireGuard. That
> Macy's code was horribly flawed is not in dispute and that was not what
> I took from the article. The issue for us as FreeBSD users is that
> because of size, complexity, and Marcy's credentials, the code got
> little or no review almost making it into the 13.0-RELEASE. It didn't so
> cool. That it got as close as the article states, not so cool. Anyone
> interested should read the arsTechnica article, YMMV.
> That was not what I really wanted to ask and did not know how. WireGuard
> would seem to be a really easy to use and high performance VPN. It has
> been a port for some time apparently. My questions: (1) does adding it
> to the kernel make it that much better? (2) was it going into the
> generic kernel? (3) and lastly other that looking a the kernel source is
> there a way of telling what's in the generic kernel?
> _____
> Douglas Denault
> http://www.safeport.com
> doug at safeport.com
> Voice: 301-217-9220
>   Fax: 301-217-9277
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

1) Adding to the kernel avoids context switching between kernel and
userland.  That's why network "stuff" (eg firewalling) is in the kernel.
2) ?
3) kldstat -v (will tell you what's in kernel and what kernel modules
have been loaded), though better to read /usr/src/sys/amd64/conf/GENERIC
(replace amd64 with your machine architecture) :)

More information about the freebsd-questions mailing list