Re: [PATCH RFC net-next] net: WireGuard secure network tunnel

From: Toke HÃiland-JÃrgensen
Date: Thu Nov 21 2019 - 05:29:26 EST

"Jason A. Donenfeld" <Jason@xxxxxxxxx> writes:

> RFC Note:
> This is a RFC for folks who want to play with this early, because
> Herbert's cryptodev-2.6 tree hasn't yet made it into net-next. I'll
> repost this as a v1 (possibly with feedback incorporated) once the
> various trees are in the right place. This compiles on top of the
> Frankenzinc patchset from Ard, though it hasn't yet received suitable
> testing there for me to call it v1 just yet. Preliminary testing with
> the usual test suite on x86 indicates it's at least mostly
> functional, but I'll be giving things further scrutiny in the days to
> come.

Hi Jason

Great to see this! Just a few small comments for now:

> +/*
> + * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@xxxxxxxxx>. All Rights Reserved.
> + */

Could you please get rid of the "All Rights Reserved" (here, and
everywhere else)? All rights are *not* reserved: this is licensed under
the GPL. Besides, that phrase is in general dubious at best:

> + MAX_QUEUED_INCOMING_HANDSHAKES = 4096, /* TODO: replace this with DQL */
> + MAX_QUEUED_PACKETS = 1024 /* TODO: replace this with DQL */

Yes, please (on the TODO) :)

FWIW, since you're using pointer rings I think the way to do this is
probably to just keep the limits in place as a maximum size, and then
use DQL (or CoDel) to throttle enqueue to those pointer rings instead of
just letting them fill.

Happy to work with you on this (as I believe I've already promised), but
we might as well do that after the initial version is merged...