Re: [PATCH] net/bird2: add multicast patch from bird mailing list

2021-04-17 Thread Jason A. Donenfeld 
Hi Olivier,

Great! Thanks for doing that.

Now just waiting for Bernhard to bump wireguard-kmod to the latest,
and we'll have working babel-over-wg again:
https://lists.zx2c4.com/pipermail/wireguard/2021-April/006634.html

Jason
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

[PATCH] net/bird2: add multicast patch from bird mailing list

2021-04-15 Thread Jason A. Donenfeld 
This patch was made in response to a FreeBSD networking discussion and
is important in enabling babel support on interfaces that are neither
pointtopoint nor broadcast.

The upstream patch submission is:
https://bird.network.cz/pipermail/bird-users/2021-April/015415.html
---
 net/bird2/files/patch-babel.c | 55 +++
 1 file changed, 55 insertions(+)
 create mode 100644 net/bird2/files/patch-babel.c

diff --git a/net/bird2/files/patch-babel.c b/net/bird2/files/patch-babel.c
new file mode 100644
index ..67181656fa07
--- /dev/null
+++ b/net/bird2/files/patch-babel.c
@@ -0,0 +1,55 @@
+From 70bb0dc8e041212fd9ee03e79c7b3301abf782ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= 
+Date: Thu, 15 Apr 2021 15:44:50 +0200
+Subject: [PATCH] babel: Drop check for IF_MULTICAST interface flag
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The babel protocol code was checking interfaces for the IF_MULTICAST flag
+and refusing to run if this isn't present. However, there are cases where
+this flag doesn't correspond to the actual capability of sending multicast
+packets. For instance, Wireguard interfaces on FreeBSD doesn't set the
+required flags, but Babel will run just fine over such an interface given
+the right configuration.
+
+Since we're also checking for the presence of a link-local addresses right
+below the flag check, we don't really need it. So let's just drop the check
+and trust that users will only configure Babel on interfaces that can
+handle the traffic.
+
+Reported-by: Stefan Haller 
+Signed-off-by: Toke Høiland-Jørgensen 
+---
+ proto/babel/babel.c | 8 
+ 1 file changed, 8 deletions(-)
+
+diff --git a/proto/babel/babel.c b/proto/babel/babel.c
+index 4b6b9d7f..297b86b0 100644
+--- a/proto/babel/babel.c
 b/proto/babel/babel.c
+@@ -1658,10 +1658,6 @@ babel_if_notify(struct proto *P, unsigned flags, struct 
iface *iface)
+ if (!(iface->flags & IF_UP))
+   return;
+ 
+-/* We only speak multicast */
+-if (!(iface->flags & IF_MULTICAST))
+-  return;
+-
+ /* Ignore ifaces without link-local address */
+ if (!iface->llv6)
+   return;
+@@ -1736,10 +1732,6 @@ babel_reconfigure_ifaces(struct babel_proto *p, struct 
babel_config *cf)
+ if (!(iface->flags & IF_UP))
+   continue;
+ 
+-/* Ignore non-multicast ifaces */
+-if (!(iface->flags & IF_MULTICAST))
+-  continue;
+-
+ /* Ignore ifaces without link-local address */
+ if (!iface->llv6)
+   continue;
+-- 
+2.31.1
+
-- 
2.31.1

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-24 Thread Jason A. Donenfeld 
On Thu, May 24, 2018 at 12:43 PM, Jan Bramkamp  wrote:
> Did I understand correctly that both these ports are userspace
> implementations and have a similar per packet overhead to OpenVPN and fastd?

Indeed they're userspace ports. Maybe down the line this will be
ported to the FreeBSD kernel like we have on Linux.
However, performance wise, even the userspace implementation seems to
have better performance than OpenVPN in my testing.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-23 Thread Jason A. Donenfeld 
We now have a release, so the full instructions for the packages are:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180524.tar.xz

2. wireguard-go
Runtime dependencies: libc
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20180524.tar.xz

I believe decke is already working on a port in his repository.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-23 Thread Jason A. Donenfeld 
On Mon, May 21, 2018 at 11:35 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote:
> 2. wireguard-go
> Runtime dependencies: none
> Buildtime dependencies: gmake, go
> Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
> Install: gmake PREFIX=/usr/local install
> URL template: 
> https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

This has now been simplified slightly and uses proper vendoring of dependencies:

Runtime dependencies: none
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL template: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-22 Thread Jason A. Donenfeld 
Hi Bernhard,

Thanks for this. Hopefully this will be good inspiration for Chris'
research in making the official package.

Chris -- one thing to note is that Bernhard used the "-master"
tarballs, which aren't real tarballs and have changing unstable
checksums, so you'll of course want to swap this out with real
tarballs once released.

Jason
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-21 Thread Jason A. Donenfeld 
On Tue, May 22, 2018 at 2:33 AM, Outback Dingo  wrote:
> to be honest, while it sounds nice, i for one would prefer to see a
> kernel module ported to FreeBSD instead of userland
> second to that, building a freebsd port of it is not all that hard,
> however that being said, it also needs to be accepted
> upstream and committed by a ports maintainer, while i can help with
> creating it, i still feel a kernel module is a better fit

I too would prefer this, and maybe at some point down the line I'll
put some real time and effort into porting WireGuard from the Linux
kernel to kFreeBSD. But it's not the case that it's "not that hard";
doing so will be a pretty serious undertaking. That's going to take a
lot of time. Until that day arrives, what you speak of doesn't exist.
What we have instead today is tons of hard work that's gone into
bringing a userspace implementation.

So please, don't derail the current efforts in favor of an effort that
doesn't even exist at the moment.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

2018-05-21 Thread Jason A. Donenfeld 
Hi Chris,

Wonderful! Feel free to poke me on IRC -- I'm zx2c4 in #wireguard on
Freenode -- if you need any pointers in real time.

Some odds and ends that might help: to have a tarball of the latest
git master, you can use these links:

https://git.zx2c4.com/WireGuard/snapshot/WireGuard-master.tar.xz
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-master.tar.xz

In a few days these will be released:

https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.201805XX.tar.xz
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.201805XX.tar.xz

If you want to try setting up a quick tunnel using `wg-quick(8)`, you
can use the demo server -- for testing purposes only; please don't use
this for anything real -- via this simple script:

https://git.zx2c4.com/WireGuard/plain/contrib/examples/ncat-client-server/client-quick.sh

After it's up, you can try pinging 192.168.4.1 or visiting that in your browser.

Looking forward,
Jason
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

WireGuard for FreeBSD

2018-05-21 Thread Jason A. Donenfeld 
[cross-posted to the WireGuard mailing list]

Hello FreeBSD Ports List,

I'm the author of WireGuard [1], a secure network tunnel protocol [2]
and a set of implementations of it. It was originally designed for the
Linux kernel, but we're now beginning to have implementations for
other platforms. Recently, parts of the Internet got excited [3] when
we put a Darwin version in Homebrew. The last few days Brian (CC'd)
and I have been working on getting an implementation running on
FreeBSD, and things are coming along pretty smoothly.

I'm not entirely familiar with the ports/pkg adding process, and so I
was hoping to find somebody who is part of the FreeBSD community to
adopt WireGuard and help maintain packages for it. We currently have
packages for many Linux distros [4], but FreeBSD will be the first
open source BSD project. There are two packages to add:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL template: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-VERSION.tar.xz

2. wireguard-go
Runtime dependencies: none
Buildtime dependencies: gmake, go
Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
Install: gmake PREFIX=/usr/local install
URL template: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

For reference, these two packages in Homebrew look like this:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-tools.rb
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-go.rb

And for your horror, I've made a please-dont-pipe-like-that
copy-and-paste install script:
# curl https://xn--4db.cc/0BwTeeYe | sh

That script won't work as-is at the moment, since I haven't yet tagged
tarballs with FreeBSD support, but in the coming days, I'll tag one
that has this latest FreeBSD code in it. (In the meantime, you can run
`# curl https://xn--4db.cc/0BwTeeYe | sh /dev/stdin --master` to get
it from git master.) I was hoping that in the time between now and
then, we might find somebody willing and interested in packaging this
properly.

Does this sound fun to anyone?

Best regards,
Jason


[1] https://www.wireguard.com/
[2] https://www.wireguard.com/papers/wireguard.pdf
[3] http://latacora.singles/2018/05/16/there-will-be.html
[4] https://www.wireguard.com/install/
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"