alt Hacker NewsThis is almost true, but not quite. WireGuard is a protocol, but it's also the Linux kernel implementation of that protocol; there are design decisions in the protocol that specifically support software security goals of the kernel implementation. For instance, it's designed to be possible to implement WireGuard without demand dynamic allocation.
Replies
Cyphase • today at 6:11 AM
This is why WireGuard has continued to work even when a peer is otherwise unusable from low free memory. :)
Minor nitpick: dynamic memory allocation is not used when processing packets, but is when adding/removing clients via netlink.