Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel
From: Ard Biesheuvel <hidden>
Date: 2018-10-03 11:15:44
Also in:
linux-crypto, lkml
On 25 September 2018 at 16:56, Jason A. Donenfeld [off-list ref] wrote:
WireGuard is a layer 3 secure networking tunnel made specifically for the kernel, that aims to be much simpler and easier to audit than IPsec.
...
quoted hunk ↗ jump to hunk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Cc: David Miller <davem@davemloft.net> Cc: Greg KH <gregkh@linuxfoundation.org> --- MAINTAINERS | 8 + drivers/net/Kconfig | 30 + drivers/net/Makefile | 1 + drivers/net/wireguard/Makefile | 18 + drivers/net/wireguard/allowedips.c | 404 ++++++++++ drivers/net/wireguard/allowedips.h | 55 ++ drivers/net/wireguard/cookie.c | 234 ++++++ drivers/net/wireguard/cookie.h | 59 ++ drivers/net/wireguard/device.c | 438 +++++++++++ drivers/net/wireguard/device.h | 65 ++ drivers/net/wireguard/hashtables.c | 209 +++++ drivers/net/wireguard/hashtables.h | 63 ++ drivers/net/wireguard/main.c | 65 ++ drivers/net/wireguard/messages.h | 128 +++ drivers/net/wireguard/netlink.c | 606 ++++++++++++++ drivers/net/wireguard/netlink.h | 12 + drivers/net/wireguard/noise.c | 784 +++++++++++++++++++ drivers/net/wireguard/noise.h | 129 +++ drivers/net/wireguard/peer.c | 191 +++++ drivers/net/wireguard/peer.h | 87 ++ drivers/net/wireguard/queueing.c | 52 ++ drivers/net/wireguard/queueing.h | 193 +++++ drivers/net/wireguard/ratelimiter.c | 220 ++++++ drivers/net/wireguard/ratelimiter.h | 19 + drivers/net/wireguard/receive.c | 595 ++++++++++++++ drivers/net/wireguard/selftest/allowedips.h | 663 ++++++++++++++++ drivers/net/wireguard/selftest/counter.h | 103 +++ drivers/net/wireguard/selftest/ratelimiter.h | 178 +++++ drivers/net/wireguard/send.c | 420 ++++++++++ drivers/net/wireguard/socket.c | 432 ++++++++++ drivers/net/wireguard/socket.h | 44 ++ drivers/net/wireguard/timers.c | 256 ++++++ drivers/net/wireguard/timers.h | 30 + drivers/net/wireguard/version.h | 1 + include/uapi/linux/wireguard.h | 190 +++++ tools/testing/selftests/wireguard/netns.sh | 499 ++++++++++++ 36 files changed, 7481 insertions(+) create mode 100644 drivers/net/wireguard/Makefile create mode 100644 drivers/net/wireguard/allowedips.c create mode 100644 drivers/net/wireguard/allowedips.h create mode 100644 drivers/net/wireguard/cookie.c create mode 100644 drivers/net/wireguard/cookie.h create mode 100644 drivers/net/wireguard/device.c create mode 100644 drivers/net/wireguard/device.h create mode 100644 drivers/net/wireguard/hashtables.c create mode 100644 drivers/net/wireguard/hashtables.h create mode 100644 drivers/net/wireguard/main.c create mode 100644 drivers/net/wireguard/messages.h create mode 100644 drivers/net/wireguard/netlink.c create mode 100644 drivers/net/wireguard/netlink.h create mode 100644 drivers/net/wireguard/noise.c create mode 100644 drivers/net/wireguard/noise.h create mode 100644 drivers/net/wireguard/peer.c create mode 100644 drivers/net/wireguard/peer.h create mode 100644 drivers/net/wireguard/queueing.c create mode 100644 drivers/net/wireguard/queueing.h create mode 100644 drivers/net/wireguard/ratelimiter.c create mode 100644 drivers/net/wireguard/ratelimiter.h create mode 100644 drivers/net/wireguard/receive.c create mode 100644 drivers/net/wireguard/selftest/allowedips.h create mode 100644 drivers/net/wireguard/selftest/counter.h create mode 100644 drivers/net/wireguard/selftest/ratelimiter.h create mode 100644 drivers/net/wireguard/send.c create mode 100644 drivers/net/wireguard/socket.c create mode 100644 drivers/net/wireguard/socket.h create mode 100644 drivers/net/wireguard/timers.c create mode 100644 drivers/net/wireguard/timers.h create mode 100644 drivers/net/wireguard/version.h create mode 100644 include/uapi/linux/wireguard.h create mode 100755 tools/testing/selftests/wireguard/netns.shdiff --git a/MAINTAINERS b/MAINTAINERS index 5967c737f3ce..32db7ebad86e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS@@ -15823,6 +15823,14 @@ L: linux-gpio@vger.kernel.org S: Maintained F: drivers/gpio/gpio-ws16c48.c +WIREGUARD SECURE NETWORK TUNNEL +M: Jason A. Donenfeld <Jason@zx2c4.com> +S: Maintained +F: drivers/net/wireguard/ +F: tools/testing/selftests/wireguard/ +L: wireguard@lists.zx2c4.com +L: netdev@vger.kernel.org + WISTRON LAPTOP BUTTON DRIVER M: Miloslav Trmac <mitr@volny.cz> S: Maintaineddiff --git a/drivers/net/Kconfig b/drivers/net/Kconfig index d03775100f7d..aa631fe3b395 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig@@ -70,6 +70,36 @@ config DUMMY To compile this driver as a module, choose M here: the module will be called dummy. +config WIREGUARD + tristate "WireGuard secure network tunnel" + depends on NET && INET
I think you need to add IPV6 here
+ select NET_UDP_TUNNEL + select DST_CACHE + select ZINC_CHACHA20POLY1305 + select ZINC_BLAKE2S + select ZINC_CURVE25519 + default m
Please drop this - we usually leave it up to the defconfigs or distro configs to enable stuff like this.
+ help
+ WireGuard is a secure, fast, and easy to use replacement for IPSec
+ that uses modern cryptography and clever networking tricks. It's
+ designed to be fairly general purpose and abstract enough to fit most
+ use cases, while at the same time remaining extremely simple to
+ configure. See www.wireguard.com for more info.
+
+ It's safe to say Y or M here, as the driver is very lightweight and
+ is only in use when an administrator chooses to add an interface.
+
+config WIREGUARD_DEBUG
+ bool "Debugging checks and verbose messages"
+ depends on WIREGUARD
+ help
+ This will write log messages for handshake and other events
+ that occur for a WireGuard interface. It will also perform some
+ extra validation checks and unit tests at various points. This is
+ only useful for debugging.
+
+ Say N here unless you know what you're doing.
+
config EQUALIZER
tristate "EQL (serial line load balancing) support"
---help---...