Sefate sa mohloli oa FreeBSD se ntlafalitsoe ka ts'ebetsong e ncha ea VPN WireGuard, e thehiloeng ho khoutu ea kernel module e kopantsoeng ke lihlopha tsa mantlha tsa FreeBSD le WireGuard tse nang le menehelo e tsoang ho Jason A. Donenfeld, mongoli oa VPN WireGuard, le John H. Baldwin ), moqapi ea tsebahalang oa GDB le FreeBSD, ea sebelisitseng ts'ehetso ea SMP le NUMA ho FreeBSD kernel mathoasong a lilemo tsa bo-2000. Kamora hore mokhanni a amoheloe ho FreeBSD (sys/dev/wg), nts'etsopele le tlhokomelo ea eona ho tloha joale ho ea pele li tla etsoa sebakeng sa polokelo ea FreeBSD.
Pele khoutu e amoheloa, tlhahlobo e felletseng ea liphetoho e ile ea etsoa ka tšehetso ea FreeBSD Foundation, nakong eo tšebelisano ea mokhanni le likarolo tse ling tsa kernel e ile ea hlahlojoa le monyetla oa ho sebelisa li-primitives tsa cryptographic tse fanoeng ke kernel. e hlahlobiloe.
Ho sebelisa li-algorithms tsa cryptographic tse hlokoang ke mokhanni, API ea FreeBSD kernel crypto-subsystem e ile ea atolosoa, eo ho ile ha eketsoa lehare le lumellang tšebeliso ea li-algorithms tse sa tšehetsoeng ho FreeBSD ka crypto-API e tloaelehileng, ho sebelisoa ts'ebetsong ea li-algorithms tse hlokahalang ho tsoa laebraring ea libsodium. Har'a li-algorithms tse hahiloeng ho mokhanni, ho setse khoutu feela ea ho bala li-hashes tsa Blake2, kaha ts'ebetsong ea algorithm ena e fanoeng ho FreeBSD e tlameletsoe ho boholo bo tsitsitseng ba hashi.
Ntle le moo, nakong ea ts'ebetso ea tlhahlobo, ho ile ha etsoa ntlafatso ea khoutu, e ileng ea etsa hore ho khonehe ho eketsa katleho ea kabo ea mojaro ho li-CPU tse ngata tsa mantlha (ho netefalitsoe ho leka-lekanya ho lekana ha kabelo ea pakete ea encryption le decryption ho li-cores tsa CPU ho netefalitsoe). Ka lebaka leo, holimo ha ho sebetsa lipakete li ne li le haufi le tsa ts'ebetsong ea mokhanni oa Linux. Khoutu e boetse e fana ka bokhoni ba ho sebelisa mokhanni oa ossl ho potlakisa ts'ebetso ea encryption.
Ho fapana le teko e fetileng ea ho kenyelletsa WireGuard ho FreeBSD, ts'ebetsong e ncha e sebelisa ts'ebeliso e tloaelehileng ea wg, ho fapana le mofuta o fetotsoeng oa ifconfig, e etsang hore ho khonehe ho kopanya tlhophiso ho Linux le FreeBSD. Ts'ebeliso ea wg, hammoho le mokhanni, e kenyelelitsoe ho khoutu ea mohloli oa FreeBSD, e ileng ea khoneha ka ho fetola laesense ea khoutu ea wg (khoutu e se e fumaneha tlas'a laesense ea MIT le GPL). Boiteko ba ho qetela ba ho kenyelletsa WireGuard ho FreeBSD bo entsoe ka 2020, empa bo ile ba qetella ka sekhobo, ka lebaka leo khoutu e seng e kentsoe e ile ea tlosoa ka lebaka la boleng bo tlase, mosebetsi o sa tsotelleng o nang le li-buffers, ts'ebeliso ea li-stubs sebakeng sa licheke, ts'ebetsong e sa phethahalang. ea protocol le tlōlo ea laesense ea GPL.
A re u hopotse hore VPN WireGuard e kenngoa ts'ebetsong motheong oa mekhoa ea morao-rao ea ho kenyelletsa, e fana ka ts'ebetso e phahameng haholo, e bonolo ho e sebelisa, ha e na mathata 'me e iponahalitse ka palo ea lisebelisoa tse kholo tse sebetsanang le palo e kholo ea sephethephethe. Morero ona esale o nts'etsapele ho tloha ka 2015, 'me o entsoe tlhahlobo le netefatso ea semmuso ea mekhoa e sebelisitsoeng ea ho khoasolla. WireGuard e sebelisa mohopolo oa li-encryption key routing, tse kenyelletsang ho hokela senotlolo sa lekunutu ho sehokelo se seng le se seng sa marang-rang le ho se sebelisa ho tlama linotlolo tsa sechaba.
Linotlolo tsa sechaba lia fapanyetsanoa ho theha khokahano ka tsela e ts'oanang le SSH. Ho buisana le linotlolo le ho hokela ntle le ho sebelisa daemon e arohaneng sebakeng sa mosebelisi, ho sebelisoa mochini oa Noise Protocol Framework's Noise_IK, o ts'oanang le ho boloka authorized_keys ho SSH. Phetiso ea data e etsoa ka ho kenyelletsa lipakete tsa UDP. E ts'ehetsa ho fetola aterese ea IP ea seva sa VPN (ho solla) ntle le ho hakolla khokahano ka tokiso ea othomathike ea moreki.
Encryption e sebelisa ChaCha20 stream cipher le Poly1305 molaetsa oa netefatso algorithm (MAC), e entsoeng ke Daniel J. Bernstein, Tanja Lange le Peter Schwabe. ChaCha20 le Poly1305 li behiloe e le li-analogue tse potlakileng le tse sireletsehileng tsa AES-256-CTR le HMAC, ts'ebetsong ea software e lumellang ho fihlela nako e tsitsitseng ea ts'ebetso ntle le ts'ehetso e khethehileng ea lisebelisoa. Ho hlahisa senotlolo se arolelanoang sa lekunutu, protocol ea elliptic curve Diffie-Hellman e sebelisoa ts'ebetsong ea Curve25519, hape e hlahisitsoeng ke Daniel Bernstein. BLAKE2s algorithm (RFC7693) e sebelisetsoa hashing.
Source: opennet.ru