Re: "wireguard" implementation improperly merged and needs revert

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

[followups to tech-net to reduce cross-posting noise]

Hi, Jason!

Sorry about not reaching out.  The history is that the code has been
kicking around the NetBSD world since Ozaki-san first wrote it in
2018, without getting merged into src.  It felt a shame to let it
wallow in that state indefinitely, and it seemed to be in pretty good
shape when I reviewed it this year, with a few small issues I saw, so
I dusted it off and merged it.

I would be happy to hear specific criticism of the code and its
implementation flaws and violations, and/or pointers to documentation
of the certain set of behaviours and security criteria that you expect
implementations to adhere to.  Also happy to help answer questions
about and navigate the NetBSD network stack if you want to review it
yourself.

As far as I know, Ozaki-san wrote the code following the WireGuard
protocol paper.  There are a few XXX comments in the code that should
be addressed, and there are some issues I know of that I have a small
TODO list for but didn't seem critical enough to block committing the
initial work:

[ ] self-tests for crypto
[ ] fix libssh dependency
[ ] dtrace probes
[ ] lockless radix tree lookups for peers
[ ] take advantage of sys/crypto/chacha &c.
[ ] modularize
[ ] split sliding window out
[ ] rename wgconfig(8) -> wg(8) and make interface compatible

For now, users have to go out of their way to enable the experimental
wg(4) interface, and I didn't have any specific timeline planned for
enabling it in GENERIC kernels -- wasn't likely to have been before
September 1st anyway and I'm happy to commit to holding off on that
until we've had a chance to discuss further in September.  Does that
work?

Thanks,
-Riastradh