Performance, allegedly. Apart from that, nothing would stop a userspace implementation from doing just as good a job with TUN/TAP. In fact, that's how wireguard-go works.
This Tweet was deleted by the Tweet author. Learn more
Conversation
This Tweet was deleted by the Tweet author. Learn more
You need to do all the same rigamarole with routes/firewalls when you use the kernel Wireguard implementation. That's why scripts like wg-quick exist (git.zx2c4.com/wireguard-tool). This is no different from a userspace TUN/TAP VPN.
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
"Biggest motivation for a kernel implementation is political" could not be further from the truth. The politics involved with getting WireGuard upstreamed were absolutely miserable, and I'd be a much happier camper right now had I never had to experience that.
3
This Tweet was deleted by the Tweet author. Learn more
I disagree with that assessment. Getting a userspace app into tons of Linux distros is a piece of cake. WireGuard's wg(8) utility _already_ has to be added to distros anyway, too. I'd much rather package userspace apps for distros any day than deal with kernel politics.
1
1
I think I did a better job of explaining my thoughts in this sub-thread of 5 tweets: twitter.com/DanielMicay/st.
Quote Tweet
Replying to @BRIAN_____
> Why did Wireguard require so much of its code to be put into the Linux kernel?
It didn't require it. Android has a VPN service API for implementing userspace VPNs and there's an official WireGuard app with a userspace implementation. The kernel module isn't a mandatory thing.