Hi Taylor/Ozaki-san/NetBSD developers, I'm very excited that NetBSD is enthusiastic about WireGuard. Having more deployment of WireGuard is always great to hear. And NetBSD is really a terrific project. I've been enthusiastic about using it for rump kernels for many years, and adding WireGuard capability there sounds great. WireGuard is not just a protocol; the project also comprises a set of implementations that meet a certain set of behaviors and security criteria. I would be very happy to have a proper WireGuard implementation inside of NetBSD.
However, I think you've gravely jumped the gun attempting to add "wireguard" support to NetBSD. It's with great sadness that I ask you to revert those commits from yesterday that added it, until we can actually work on this together to make a real WireGuard implementation. I've had no communication with Taylor/Ozaki-san or other NetBSD developers about this, and can't find any record of anyone reaching out to me, which is a bummer. But now that we're in touch, I'd like to offer full support of these efforts, from myself and from the project in general. In about a week (~Sept 1), I'll be back at my desk full time, and will have tons of energy to throw at this, in order to get this code up to snuff. In its current form, there are implementation flaws and violations that I do not consider acceptable, and deploying this kind of thing is highly irresponsible and harmful to your users. Rather than playing never ending whack-a-mole misery with this -- which is not a path I'm willing to go down here -- I'd like to re-examine how this is built from the ground-up and do some serious code study. Some background: recently, as I'm sure you're aware, WireGuard shipped for OpenBSD. This was a year+ effort, with Matt and I working closely together to get a high quality WireGuard implementation. And actually, we wrote that to be as reusable by other BSDs as possible. It seems like it might be possible to inherit a lot of that code, which has already been refined and debugged, for NetBSD. This is, for example, what we're currently working on for the upcoming FreeBSD implementation. On the other hand, if Ozaki-san is wedded to his codebase, and believes there are distinct and important advantages to its structure, I have no objection to working with him on that as a starting point. In other words, I have no desire to impose anything unwanted on NetBSD engineering trajectory in this, but if you're going to land a WireGuard implementation, it needs to be done right, and I gladly volunteer my time and energy into helping to make that happen. So, it's a bit of a shame that this is my "hello, <wave>" email to the NetBSD community -- I would have liked to meet you all more jovally -- but I feel very strongly about not ruining WireGuard. And what you committed yesterday simply is not a WireGuard implementation. Could you please move ahead with reverting that, and starting on Sept 1, I'll make myself available to work with you on actually getting things rolling properly? I can be available as much as is needed on IRC or video chat or whatever other form works best for working together. I would really appreciate that, and it would get us off on the right foot, instead of the current rocky road we're staring down. Thanks, Jason