diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-03-26 20:03:28 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-03-31 16:12:37 -0600 |
commit | a62c0f787d25d285bba4b1224879c2e004b52bc9 (patch) | |
tree | 4ea10a3660a919b1e6802868b2e5c61d2fd044de | |
parent | if_wg: allow getting tunnelfib to race (diff) | |
download | wireguard-freebsd-a62c0f787d25d285bba4b1224879c2e004b52bc9.tar.xz wireguard-freebsd-a62c0f787d25d285bba4b1224879c2e004b52bc9.zip |
TODO: initial dump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | TODO.md | 36 |
1 files changed, 36 insertions, 0 deletions
@@ -0,0 +1,36 @@ +### Primary systems TODO + +- Finish porting [this script](https://git.zx2c4.com/wireguard-linux/tree/tools/testing/selftests/wireguard/netns.sh) + to `./tests/netns.sh` using vnets and epairs. +- Marshall peers directly to nvlists without going through intermediate + structures (`wg_peer_export`) and the like. This means grappling with the use + of epoch there, and either making nvl allocations not sleep, or doing nvl + allocations outside of epoch critical sections, or possibly deciding epoch + doesn't actually matter there because we're holding an sx. +- Rework locking and epoch lifetimes; come up with consistent set of rules. +- Chop off padding on rx after verifying lengths, so that tcpdump doesn't see + zeros. +- Shore up vnet support and races/locking around moving between vnets. +- Work out `priv_check` from vnet perspective. (There's no `ns_capable()` on + FreeBSD, just `capable()`, which makes it a bit weird for one jail to have + permissions in another.) +- Resize mbufs once at the beginning, and then encrypt/decrypt in place, rather + than making a new mbuf and copying. (Remember to clear the tags and other + pieces of metadata before passing it off to udp sending or netisr receiving.) +- Check nonces in serial, rather than in parallel. (This requires taking a + keypair reference; ncon is working on it.) +- Audit allowedips / radix tree checks, and make sure it's actually behaving as + expected. (It might be useful to port [this selftest](https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/selftest/allowedips.c).) +- Make code style consistent with one FreeBSD way, rather than a mix of styles. + +### Crypto TODO + +- Do packet encryption using opencrypto/ with sg lists on the mbuf, so that we don't need to linearize mbufs. +- Send 25519 upstream to sys/crypto, and port to it. +- Send simple chapoly upstream to sys/crypto, and port to it. +- Port to sys/crypto's blake2s implementation. + +### Tooling TODO + +- Relicense wg(8) as MIT and integrate into upstream build system. +- Examine possibility of a non-bash wg-quick(8) for sending upstream. |