lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87blshij2y.fsf@toke.dk>
Date:   Mon, 09 Dec 2019 17:01:41 +0100
From:   Toke Høiland-Jørgensen <toke@...e.dk>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     WireGuard mailing list <wireguard@...ts.zx2c4.com>,
        Netdev <netdev@...r.kernel.org>
Subject: Re: organization of wireguard linux kernel repos moving forward

"Jason A. Donenfeld" <Jason@...c4.com> writes:

> On Mon, Dec 9, 2019 at 1:43 PM Toke Høiland-Jørgensen <toke@...e.dk> wrote:
>>
>> "Jason A. Donenfeld" <Jason@...c4.com> writes:
>>
>> > 2) wireguard-tools.git will have the userspace utilities and scripts,
>> > such as wg(8) and wg-quick(8), and be easily packageable by distros.
>> > This repo won't be live until we get a bit closer to the 5.6 release,
>> > but when it is live, it will live at:
>> > https://git.zx2c4.com/wireguard-tools/ [currently 404s]
>> > https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/wireguard-tools.git/
>> > [currently 404s]
>>
>> Any plans for integrating this further with iproute2? One could imagine
>> either teaching 'ip' about the wireguard-specific config (keys etc), or
>> even just moving the 'wg' binary wholesale into iproute2?
>
> I'd definitely be interested in this. Back in 2015, that was the plan.
> Then it took a long time to get to where we are now, and since then
> wg(8) has really evolved into its own useful thing. The easiest thing
> would be to move wg(8) wholesale into iproute2 like you suggested;
> that'd allow people to continue using their infrastructure and whatnot
> they've used for a long time now. A more nuanced approach would be
> coming up with a _parallel_ iproute2 tool with mostly the same syntax
> as wg(8) but as a subcommand of ip(8). Originally the latter appealed
> to me, but at this point maybe the former is better after all. I
> suppose something to consider is that wg(8) is actually a
> cross-platform tool now, with a unified syntax across a whole bunch of
> operating systems.

Hmm, I don't really have any opinion about which approach makes the most
sense; I'm primarily concerned with getting the support into iproute2 so
that it is possible to set up and configure a wireguard tunnel "out of
the box". Both approaches would achieve that, I think...

> But it's also just boring C.

Well, we could always rewrite it in Rust or something? ;)

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ