Jason A. Donenfeld, Author of VPN WireGuard, о into the core OpenBSD kernel driver "wg" for the WireGuard protocol, specific network interface and toolkit running in user space. OpenBSD became the second operating system after with full and integrated support for WireGuard. WireGuard is expected to be included in the OpenBSD 6.8 release.
The patches include a driver for the OpenBSD kernel, changes to the ifconfig and tcpdump utilities to support WireGuard functionality, documentation, and minor changes to integrate WireGuard with the rest of the system. The driver uses its own implementation of algorithms , и , as well as the implementation of SipHash already present in the OpenBSD kernel.
The implementation is compatible with all official WireGuard clients for Linux, Windows, macOS, *BSD, iOS and Android. Performance testing on the developer's laptop (Lenovo x230) showed throughput at 750mbit/s. For comparison, isakmpd with base settings ike psk provides 380mbit/s throughput.
While developing the driver for the OpenBSD kernel, some architectural decisions were chosen similar to the driver for Linux, but the driver was primarily developed for OpenBSD, keeping in mind the specifics of this system and taking into account the experience gained in creating the driver for Linux. With the consent of the original author of WireGuard, the entire code for the new driver is distributed under the free ISC license.
The driver integrates tightly with the OpenBSD networking stack and uses existing subsystems to keep the code very compact (about 3000 lines of code). Of the differences, there is also a different separation of driver components than for Linux: interfaces specific to OpenBSD are moved to the “if_wg.*” files, the code for DoS protection is in “wg_cookie.*”, and the connection negotiation and encryption logic is in “wg_noise.* ".
Source: opennet.ru