In-kernel WireGuard is ready on DragonFly

Aaron LI aly at aaronly.me
Tue Feb 20 21:25:36 PST 2024 

Hi all,

I'm pleased to announce that in-kernel WireGuard is ready on DragonFly (master branch) now :D

The work mainly includes the followings:
- the 'if_wg.ko' kernel module code in sys/net/wg [0]
- required crypto code, including blake2s, chachapoly, siphash, curve25519
- the ifconfig(8) support to manage the wg interfaces [1]
- the wg rc script [2] to easily setup wg

The wg code is ported from FreeBSD [3] but has many significant changes.  The major changes are:
- replaced the nvlist-based ioctl code with OpenBSD's, and thus ported OpenBSD's ifconfig(8) support as well
- used taskqueue(9) API directly instead of gtaskqueue(9)
- used locks instead of epoch(9)
- made the code much more readable and understandable: added many useful comments, renamed some confusing functions, refactored some logic flows, simplify the return values, etc...
- add selftest code from the upstream wireguard-freebsd repo [4]
- unified the code style, and performed various code cleanups
- fixed a few bugs

The wg rc script [2] is written from scratch as a replacement for wg-quick.  Please read the following wg.conf(5) man page for the configuration file format and examples:
https://www.dragonflybsd.org/cgi/web-man?command=wg.conf&section=5

For example, write a wg configuration file and place it at '/etc/wireguard/wg0.conf', and then put the following lines in '/etc/rc.conf':

wg_enable="YES"
wg_interfaces="wg0"

Now the wg0 interface will be auto configured from next startup.

To get it running immediately, do: service wg start wg0


Cheers,
Aaron


[0] sys/net/wg: https://gitweb.dragonflybsd.org/dragonfly.git/tree/HEAD:/sys/net/wg
[1] sbin/ifconfig/ifwg.c: https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/sbin/ifconfig/ifwg.c
[2] etc/rc.d/wg: https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/etc/rc.d/wg
[3] FreeBSD wireguard code: https://cgit.freebsd.org/src/tree/sys/dev/wg
[4] wireguard-freebsd selftest: https://git.zx2c4.com/wireguard-freebsd/tree/src/selftest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20240221/837d903c/attachment.htm>

More information about the Users mailing list