Skip to content

Experiment: Update MacOS daemon to use boringtun #10460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 24 commits into
base: main
Choose a base branch
from
Draft

Experiment: Update MacOS daemon to use boringtun #10460

wants to merge 24 commits into from

Conversation

@oskirby
Copy link
Collaborator

@oskirby oskirby commented Apr 28, 2025
edited
Loading

Description

This is a bit of an experiment to try out Wireguard tunneling on MacOS using boringtun, which seems to have a couple of benefits:

  • It's a rust crate, meaning we can drop the use of Golang entirely for MacOS.
  • The daemon can become a monolithic binary as the wireguard-go tool no longer exists. Allowing daemon management via SMJobBless (future work).
  • Multihop happens entirely in-process, so we can simplify the routing table management.
  • Better MTU handling.

Reference

i.e Jira or Github issue URL

Checklist

  • My code follows the style guidelines for this project
  • I have not added any packages that contain high risk or unknown licenses (GPL, LGPL, MPL, etc. consult with DevOps if in question)
  • I have performed a self review of my own code
  • I have commented my code PARTICULARLY in hard to understand areas
  • I have added thorough tests where needed

@oskirby oskirby mentioned this pull request Jun 26, 2025
Merged
5 tasks
@oskirby oskirby force-pushed the macos-boringtun-experiment branch from 009c17a to 878d1ff Compare July 18, 2025 16:36
oskirby and others added 24 commits July 21, 2025 07:42
@oskirby
Add boringtun submodule
b485933
@oskirby
Enable ffi-bindings feature in boringtun
5e489f1
@oskirby
Re-implement WireguardUtilsMacos with boringtun
f8047f8
@oskirby
Rename WireguardPeerMacos to WgSessionMacos
acc2a78
@oskirby
Initial attempt at multihop
9fae4b8
@oskirby
Rename WireguardUtilsMacos to WgUtilsMacos
f139c06
@oskirby
Implement IPv4 defragmentation support
700db85
@oskirby
Fix panic in boringtun if MTU exceeded
9611a4d
@oskirby
Fix padding bug leading to packet drops
7b0b12a
@oskirby
Set MTU dynamically from the routing table
2cf3a2d
@oskirby
Remove the wireguard-go tunnel binary
fa73dca
@oskirby
Remove wireguard-go submodule
a3bad39
@oskirby
Set boringtun module to shallow checkout
3543268
@oskirby
Fix some lint
71ea3ae
@oskirby
Tidy up timeout and rengotiate handling
5c0b137
@oskirby
Fix some rebase breakage
5bf8378
@oskirby
Move socket data handling into WgSessionMacos
4e2e8ba
@oskirby
Oops - multihop was turned off at the controller
31cb53b
@oskirby
A bunch of hacking to get mutlihop working again
238e340
@oskirby
Lets go mutlithreaded and use a QThreadPool for the encryption
749afb0
@oskirby
Move the tunnel receive loop into its own thread
8217427
@oskirby
Move decryption workers into their own thread
84e3071
@oskirby
Fix worker shutdown bugs
a65333c
@oskirby
Tweak handshake time calculation
5d16026
@oskirby oskirby force-pushed the macos-boringtun-experiment branch from 20055c8 to 5d16026 Compare July 21, 2025 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oskirby