WireGuard - Next-Generation Secure Kernel Network Tunnel

Explore the inner workings and ecosystem integration of WireGuard, a cutting-edge network tunneling mechanism for Linux, in this 46-minute conference talk from the Linux Plumbers Conference. Delve into the formally proven cryptographic protocol, custom-designed for the Linux kernel, and its widespread adoption across various platforms. Examine the novel timer mechanism that hides state from userspace, presenting a "stateless" and "declarative" system for secure tunnel establishment. Discover the compact codebase's defense-in-depth techniques and its ongoing integration with systemd and NetworkManager. Learn about WireGuard's integration into the netdev subsystem, its unique use of network namespaces, and the challenges of designing a kernel-specific cryptographic protocol. Gain insights into practical formal verification approaches, continuous integration testing across multiple kernel architectures, and performance optimization techniques for high-throughput CPU-bound computations in kernel space. Explore power efficiency strategies for both implementation and protocol design, particularly in the context of Android kernels and smartphone suspend cycles. Finally, examine the WireGuard userspace API and its applications in various daemons and managers, providing a comprehensive overview of this next-generation secure kernel network tunnel.

LPC2018 - WireGuard: Next-Generation Secure Kernel Network Tunnel