Hey folks, [resending, as my original reply was to Matt's message that got killed by the graylist, so he resent with a new msgid.]
Just wanted to chime in here to mention how thrilled I am about this. Matt has been at this for a long time, came to visit Paris last summer to work with me on this, and I think the end result is a very high quality implementation. I expect all sorts of useful feedback on network driver APIs and at the very least a v2 to be posted, but I think we've got a solid foundation here. Meanwhile, we're fully committed to getting the rest of the WireGuard project's tooling in sync with first class OpenBSD support. On a personal note, I've kind of gazed enviously at OpenBSD for years, and gladly devoured its general philosophy of programming simple and secure systems. In many ways, WireGuard itself was inspired by the simplicity of approaches found in OpenBSD and the elegance of those interfaces so fastidiously documented in the man pages. So, you might regard it as just a weird historical accident of my own kernel development that this was on Linux, because the influence of the project has clearly been from OpenBSD. (You might have noticed some similar wackiness last year when I described on misc@ how I'm using signify(1) with the Windows client... oh my.) To confirm something particular from Matt's email: > Lessons that were learned from developing Linux have been carried > over, however all the code has been ISC licensed and integrated into > OpenBSD's networking stack. To the extent that there is any similarity > in the code, I expect for Jason (CC'd) to reply here confirming that > ISC is good to go. Any code similarities are fine with me, and the patches Matt submitted that bare my copyright line I gladly co-license with Matt under ISC. Those patches are also hosted on my git server: https://git.zx2c4.com/wireguard-openbsd/ where you can fetch exactly the same content directly from my box containing the same ISC license. IOW, we're all good in this department. Anyway, I'm looking forward to hearing some feedback on this and getting this polished and shipped during the 6.8 cycle. After jasper@ pushes the ports update for the tools, I plan to publish some easy one-click scripts for users to mess around with the kernel support while we're working through it here on the list. I'm also happy to answer any questions on both WireGuard design principles as well as implementation strategies. Regards, Jason
