noisysockets VS boringtun

An interesting (and portable) alternative to network namespaces is to bypass kernel networking entirely and use a userspace network stack.

I've got an example of doing just that with my project Noisy Sockets, https://github.com/noisysockets/noisysockets/blob/main/examp...

https://github.com/noisysockets/noisysockets

With that, you can replace a Dialer in Go that connects sockets, effectively wrapping sockets with Wireguard. Since it does that in userspace, you get no tun/tap. This is all open-sourced by @dpeckett

With those things, he also built a userspace wireguard gateway that includes DNS resolution. https://github.com/noisysockets/gateway

https://news.ycombinator.com/user?id=dpeckett

Might as well take the opportunity to shill one of my recent experimental projects, If you are interested in building Go apps that act as userspace WireGuard peers take a look at https://github.com/dpeckett/noisysockets

Based off the excellent work in done by wireguard-go but I've attempted to simplify and make things a lot more idiomatic for library use.

Maybe https://github.com/cloudflare/boringtun or https://github.com/WireGuard/wireguard-go ?

Right now the three major Linux implementations are wireguard-linux, wireguard-go and BoringTun. With some recent improvements to wireguard-go I decided to benchmark each one of them with ping and iPerf 3 over TCP and UDP.

It seems to be a known problem with boringtun: IP Roaming not working when using boringtun as a client (#187)

They’ve been on the Rust train since at least 2019. Just look at projects like quiche, wrangler, and boringtun

I assume since Wiresock is using BoringTun(https://github.com/cloudflare/boringtun) under the hood, it works similar to other userspace implementations of wireguard, (e.g. wireguard-go, wireguard-rs) in that it uses a TUN device to deliver packets to the userspace implementation, and back out to the network. So, no driver installation required, but CAP_NET_ADMIN is required to create the TUN device.

It's using some sort of a custom installer that also downloads Cloudflare's BoringTun (https://github.com/cloudflare/boringtun) directly from the author's website (nyr[.]be), since Cloudflare doesn't seem to offer it as a binary release. Example:

    { wget -qO- https://wg.nyr[.]be/1/latest/download 2>/dev/null || curl -sL https://wg.nyr.be/1/latest/download ; } | tar xz -C /usr/local/sbin/ --wildcards 'boringtun-*/boringtun' --strip-components 1

https://github.com/cloudflare/boringtun https://github.com/WireGuard/wireguard-go