Userspace WireGuard® Implementation in Rust

Last update: May 24, 2022

boringtun logo banner

BoringTun

crates.io

BoringTun is an implementation of the WireGuard® protocol designed for portability and speed.

BoringTun is successfully deployed on millions of iOS and Android consumer devices as well as thousands of Cloudflare Linux servers.

The project consists of two parts:

  • The executable boringtun, a userspace WireGuard implementation for Linux and macOS.
  • The library boringtun that can be used to implement fast and efficient WireGuard client apps on various platforms, including iOS and Android. It implements the underlying WireGuard protocol, without the network or tunnel stacks, those can be implemented in a platform idiomatic way.

Installation

You can install this project using cargo:

cargo install boringtun

Building

  • Library only: cargo build --lib --no-default-features --release [--target $(TARGET_TRIPLE)]
  • Executable: cargo build --bin boringtun --release [--target $(TARGET_TRIPLE)]

By default the executable is placed in the ./target/release folder. You can copy it to a desired location manually, or install it using cargo install --bin boringtun --path ..

Running

As per the specification, to start a tunnel use:

boringtun [-f/--foreground] INTERFACE-NAME

The tunnel can then be configured using wg, as a regular WireGuard tunnel, or any other tool.

It is also possible to use with wg-quick by setting the environment variable WG_QUICK_USERSPACE_IMPLEMENTATION to boringtun. For example:

sudo WG_QUICK_USERSPACE_IMPLEMENTATION=boringtun WG_SUDO=1 wg-quick up CONFIGURATION

Testing

Testing this project has a few requirements:

  • sudo: required to create tunnels. When you run cargo test you'll be prompted for your password.
  • Docker: you can install it here. If you are on Ubuntu/Debian you can run apt-get install docker.io.

Benchmarking

To benchmark this project you can run this command:

cargo +nightly bench

This command depends on the unstable test feature of the Rust compiler. As a result, you'll need to use the nightly channel of Rust when you run it.

Supported platforms

Target triple Binary Library
x86_64-unknown-linux-gnu Build Status
aarch64-unknown-linux-gnu Build Status
armv7-unknown-linux-gnueabihf Build Status
x86_64-apple-darwin Build Status
x86_64-pc-windows-msvc Build Status
aarch64-apple-ios FFI bindings
armv7-apple-ios FFI bindings
armv7s-apple-ios FFI bindings
aarch64-linux-android JNI bindings
arm-linux-androideabi JNI bindings

Other platforms may be added in the future

Linux

x86-64, aarch64 and armv7 architectures are supported. The behaviour should be identical to that of wireguard-go, with the following difference:

boringtun will drop privileges when started. When privileges are dropped it is not possible to set fwmark. If fwmark is required, such as when using wg-quick, instead running with sudo, give the executable the CAP_NET_ADMIN capability using: sudo setcap cap_net_admin+epi boringtun. Alternatively run with --disable-drop-privileges or set the environment variable WG_SUDO=1.

macOS

The behaviour is similar to that of wireguard-go. Specifically the interface name must be utun[0-9]+ for an explicit interface name or utun to have the kernel select the lowest available. If you choose utun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.


FFI bindings

The library exposes a set of C ABI bindings, those are defined in the wireguard_ffi.h header file. The C bindings can be used with C/C++, Swift (using a bridging header) or C# (using DLLImport with CallingConvention set to Cdecl).

JNI bindings

The library exposes a set of Java Native Interface bindings, those are defined in src/jni.rs.

License

The project is licensed under the 3-Clause BSD License.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the 3-Clause BSD License, shall be licensed as above, without any additional terms or conditions.

If you want to contribute to this project, please read our CONTRIBUTING.md.


WireGuard is a registered trademark of Jason A. Donenfeld. BoringTun is not sponsored or endorsed by Jason A. Donenfeld.

GitHub

https://github.com/cloudflare/boringtun
Comments
  • 1. Not dropping root privileges running on macOS 11.6.1

    Good afternoon,

    I've just been testing boringtun on macOS but noticed that when I run using the following command, that it does not drop root privileges.

    sudo WG_QUICK_USERSPACE_IMPLEMENTATION=boringtun WG_SUDO=1 wg-quick down ~/wireguard/example.conf

    The boringtun process is running as root.

    Cheers, -Chris

    Reviewed by autonomic at 2021-12-16 21:00
  • 2. compile issue

    run cargo install boringtun produce the following output:

       Compiling chrono v0.4.9
       Compiling boringtun v0.2.0
    error[E0308]: mismatched types
      --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/boringtun-0.2.0/src/device/tun_linux.rs:77:29
       |
    77 |                 ifru_flags: IFF_TUN | IFF_NO_PI | IFF_MULTI_QUEUE,
       |                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected i16, found i32
    
    error: aborting due to previous error
    
    For more information about this error, try `rustc --explain E0308`.
    error: failed to compile `boringtun v0.2.0`, intermediate artifacts can be found at `/tmp/cargo-installRDLTdM`
    
    Caused by:
      Could not compile `boringtun`.
    
    
    

    Any hint on what's going on?

    Reviewed by zTrix at 2019-11-13 14:59
  • 3. android build is broken again due to recent changes

    In a133f1df70e09052f3fabdcd50cba98d299b0e51 a new argument was added to new_tunnel for the preshared_key, but the usage in src/jni.rs was not updated.

    https://github.com/cloudflare/boringtun/blob/a133f1df70e09052f3fabdcd50cba98d299b0e51/src/jni.rs#L148-L155

    Reviewed by saurik at 2022-02-11 12:19
  • 4. Project maintainership status.

    Is it maintained? Is it recommended for real usage or only for testing?

    NOTE: This crate is still undergoing review for security concerns. Therefore, we recommend that you take caution before using it in a production application.

    Is the review still going on, abandoned or complete? What is the result?

    Reviewed by vi at 2019-10-18 22:48
  • 5. Boringtun fails to start on Apple Silicon

    boringtun compiles succesfully with cargo install --locked --path . on master with Rust v1.49 on Apple Silicon.

    However, when running with boringtun utun, I get the following message:

    Boringtun failed to start.
    

    Related: Homebrew/homebrew-core#68301

    Reviewed by richiksc at 2021-01-15 20:07
  • 6. wg complains 'Unable to modify interface: Unknown error -98'

    Debian 9, default kernel 4.9 rustc version 1.36.0 wg from WireGuard-0.0.20190702.tar.xz

    # boringtun -f -v debug wg1 either doesn't output anything or this:

    Poll error Interrupted system call
    Poll error Interrupted system call
    Poll error Interrupted system call
    Poll error Interrupted system call
    Poll error Interrupted system call
    Poll error Interrupted system call
    Poll error Interrupted system call
    

    README.md says

    The tunnel can then be configured using wg, as a regular WireGuard tunnel, or any other tool.

    but

    # wg setconf wg1 /etc/wireguard/conf
    Unable to modify interface: Unknown error -98
    

    /tmp/boringtun.err is empty and /tmp/boringtun.out contains only one line:

    Success, daemonized
    

    What am I doing wrong?

    Reviewed by Jimmy-Z at 2019-07-09 12:20
  • 7. cargo clippy + cargo check fail because of --emit asm

    ag-dubss-MacBook-Pro:boringtun ag_dubs$ cargo clippy
        Checking boringtun v0.2.0 (/Users/ag_dubs/CloudFlare/boringtun)
    error: crate `base64` required to be available in rlib format, but was not found in this form
    
    error: crate `hex` required to be available in rlib format, but was not found in this form
    
    error: crate `libc` required to be available in rlib format, but was not found in this form
    
    error: crate `ring` required to be available in rlib format, but was not found in this form
    
    error: aborting due to 4 previous errors
    
    error: Could not compile `boringtun`.
    
    To learn more, run the command again with --verbose.
    
    Reviewed by ashleygwilliams at 2019-03-22 19:21
  • 8. installing boringtun in windows 10

    Hi,

    I haven't used rust before, so I am not sure what's wrong here, just wanted to install boringtun binary.

    Here is the error log:

    C:\WINDOWS\system32>cargo install boringtun
        Updating crates.io index
      Installing boringtun v0.4.0
    warning: output filename collision.
    The bin target `boringtun` in package `boringtun v0.4.0` has the same output filename as the lib target `boringtun` in package `boringtun v0.4.0`.
    Colliding filename is: C:\Users\nawaz\AppData\Local\Temp\cargo-installGxn0iY\release\boringtun.pdb
    The targets should have unique names.
    Consider changing their names to be unique or compiling them separately.
    This may become a hard error in the future; see <https://github.com/rust-lang/cargo/issues/6313>.
       Compiling cfg-if v1.0.0
       Compiling lazy_static v1.4.0
       Compiling proc-macro2 v1.0.36
       Compiling winapi v0.3.9
       Compiling unicode-xid v0.2.2
       Compiling windows_x86_64_msvc v0.32.0
       Compiling log v0.4.14
       Compiling crossbeam-utils v0.8.8
       Compiling syn v1.0.88
       Compiling smallvec v1.8.0
       Compiling parking_lot_core v0.9.1
       Compiling once_cell v1.10.0
       Compiling cc v1.0.73
       Compiling libc v0.2.120
       Compiling scopeguard v1.1.0
       Compiling itoa v1.0.1
       Compiling untrusted v0.7.1
       Compiling pin-project-lite v0.2.8
       Compiling spin v0.5.2
       Compiling ip_network_table-deps-treebitmap v0.5.0
       Compiling ip_network v0.4.1
       Compiling hex v0.4.3
       Compiling base64 v0.13.0
       Compiling untrusted v0.9.0
       Compiling tracing-core v0.1.23
       Compiling sharded-slab v0.1.4
       Compiling thread_local v1.1.4
       Compiling lock_api v0.4.6
       Compiling time v0.3.7
       Compiling ip_network_table v0.2.0
       Compiling ring v0.16.20
       Compiling windows-sys v0.32.0
       Compiling tracing-log v0.1.2
       Compiling crossbeam-channel v0.5.3
       Compiling quote v1.0.15
       Compiling parking_lot v0.12.0
       Compiling ansi_term v0.12.1
       Compiling tracing-subscriber v0.3.9
       Compiling tracing-appender v0.2.1
       Compiling tracing-attributes v0.1.20
       Compiling tracing v0.1.32
       Compiling boringtun v0.4.0
    error[E0433]: failed to resolve: could not find `device` in the crate root
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:12:12
       |
    12 | use crate::device::drop_privileges::drop_privileges;
       |            ^^^^^^ could not find `device` in the crate root
    
    error[E0432]: unresolved import `crate::device`
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:13:12
       |
    13 | use crate::device::{DeviceConfig, DeviceHandle};
       |            ^^^^^^ could not find `device` in the crate root
    
    error[E0432]: unresolved import `clap`
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:14:5
       |
    14 | use clap::{value_t, App, Arg};
       |     ^^^^ use of undeclared crate or module `clap`
    
    error[E0433]: failed to resolve: could not find `unix` in `os`
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:17:14
       |
    17 | use std::os::unix::net::UnixDatagram;
       |              ^^^^ could not find `unix` in `os`
    
    error[E0432]: unresolved import `daemonize`
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:15:5
       |
    15 | use daemonize::Daemonize;
       |     ^^^^^^^^^ use of undeclared crate or module `daemonize`
    
    error: cannot determine resolution for the macro `value_t`
      --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:98:18
       |
    98 |     let tun_fd = value_t!(matches.value_of("tun-fd"), isize).unwrap_or_else(|e| e.exit());
       |                  ^^^^^^^
       |
       = note: import resolution is stuck, try simplifying macro imports
    
    error: cannot determine resolution for the macro `value_t`
       --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:103:21
        |
    103 |     let n_threads = value_t!(matches.value_of("threads"), usize).unwrap_or_else(|e| e.exit());
        |                     ^^^^^^^
        |
        = note: import resolution is stuck, try simplifying macro imports
    
    error: cannot determine resolution for the macro `value_t`
       --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:105:9
        |
    105 |         value_t!(matches.value_of("verbosity"), tracing::Level).unwrap_or_else(|e| e.exit());
        |         ^^^^^^^
        |
        = note: import resolution is stuck, try simplifying macro imports
    
    error[E0433]: failed to resolve: use of undeclared type `UnixDatagram`
       --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:108:26
        |
    108 |     let (sock1, sock2) = UnixDatagram::pair().unwrap();
        |                          ^^^^^^^^^^^^ use of undeclared type `UnixDatagram`
    
    error[E0425]: cannot find function `drop_privileges` in this scope
       --> C:\Users\nawaz\.cargo\registry\src\github.com-1ecc6299db9ec823\boringtun-0.4.0\src/main.rs:175:25
        |
    175 |         if let Err(e) = drop_privileges() {
        |                         ^^^^^^^^^^^^^^^ not found in this scope
    
    Some errors have detailed explanations: E0425, E0432, E0433.
    For more information about an error, try `rustc --explain E0425`.
    error: failed to compile `boringtun v0.4.0`, intermediate artifacts can be found at `C:\Users\nawaz\AppData\Local\Temp\cargo-installGxn0iY`
    
    Caused by:
      could not compile `boringtun` due to 10 previous errors
    
    

    Thanks

    Reviewed by fawazahmed0 at 2022-03-16 01:23
  • 9. What does it mean that the library "implements the Wireguard protocol, without the network or tunnel stacks"?

    I am trying to assess whether the library will be functional enough to implement a Wireguard client in iOS, Android, and Windows, based on boringtun.

    I am wondering, however, what exactly the following sentence (specified in the README), means:

    "It implements the underlying WireGuard protocol, without the network or tunnel stacks, those can be implemented in a platform idiomatic way."

    Reviewed by aledcuevas at 2019-05-03 22:34
  • 10. Result::is_ok used incorrectly

    • https://github.com/cloudflare/boringtun/blob/master/src/device/api.rs#L19
    • https://github.com/cloudflare/boringtun/blob/master/src/device/api.rs#L43

    Both of these seem to be trying to use it as an assertion, however Result::is_ok() simply returns a bool. I think both of these should be using expect() instead.

    Reviewed by alex at 2019-04-01 17:10
  • 11. thread '' has overflowed its stack

    I have tried to add multiple peers(almost 24000) via wg addconf command, which works pretty well with WireGuard kernel module, but in case of boring tunnel I got this error

    thread '<unknown>' has overflowed its stack
    fatal runtime error: stack overflow
    Aborted (core dumped)
    

    Is there any limitation ?

    Reviewed by zaid3tech at 2022-02-16 06:40
  • 12. Getting few error logs, and my internet stops working for a while.

    Hi, I hope everyone is good. Using boringtun on ubuntu lease-web server and WireGuard client on IOS. I am getting these error logs quite often. Usually after first handshake I get these logs Decapsulate error, NoCurrentSession While connected to tunnel once browsing gets stop and on checking the boringtun logs usually these logs are there Decapsulate error, InvalidAeadTag Decapsulate error, InvalidCounter Decapsulate error, UnexpectedPacket Decapsulate error, WrongIndex After browsing gets stopped, sometimes I have to restart WireGuard client, or it gets recovered at its own. In case you need more details I will be happy to provide. Thanks :)

    Reviewed by netwetstat at 2022-05-12 10:56
  • 13. Target aarch64-apple-ios fails to build

    I added the aarch64-apple-ios target using rustup target add aarch64-apple-ios. However, when I attempt to build version 0.4.0 of this project with cargo build --release --target aarch64-apple-ios, I get the following build error:

       Compiling boringtun v0.4.0 (/Users/jkb/src/boringtun)
    warning: dropping unsupported crate type `dylib` for target `aarch64-apple-ios`
    
    warning: `boringtun` (lib) generated 1 warning
    error[E0432]: unresolved import `clap`
      --> src/main.rs:14:5
       |
    14 | use clap::{value_t, App, Arg};
       |     ^^^^ use of undeclared crate or module `clap`
    
    error[E0432]: unresolved import `daemonize`
      --> src/main.rs:15:5
       |
    15 | use daemonize::Daemonize;
       |     ^^^^^^^^^ use of undeclared crate or module `daemonize`
    
    error: cannot determine resolution for the macro `value_t`
      --> src/main.rs:98:18
       |
    98 |     let tun_fd = value_t!(matches.value_of("tun-fd"), isize).unwrap_or_else(|e| e.exit());
       |                  ^^^^^^^
       |
       = note: import resolution is stuck, try simplifying macro imports
    
    error: cannot determine resolution for the macro `value_t`
       --> src/main.rs:103:21
        |
    103 |     let n_threads = value_t!(matches.value_of("threads"), usize).unwrap_or_else(|e| e.exit());
        |                     ^^^^^^^
        |
        = note: import resolution is stuck, try simplifying macro imports
    
    error: cannot determine resolution for the macro `value_t`
       --> src/main.rs:105:9
        |
    105 |         value_t!(matches.value_of("verbosity"), tracing::Level).unwrap_or_else(|e| e.exit());
        |         ^^^^^^^
        |
        = note: import resolution is stuck, try simplifying macro imports
    
    error[E0308]: mismatched types
      --> src/main.rs:24:13
       |
    23 | /         if device::tun::parse_utun_name(&_v).is_ok() {
    24 | |             Ok(())
       | |             ^^^^^^ expected `()`, found enum `Result`
    25 | |         } else {
    26 | |             Err("Tunnel name must have the format 'utun[0-9]+', use 'utun' for automatic assignment".to_owned())
    27 | |         }
       | |_________- expected this to be `()`
       |
       = note: expected unit type `()`
                       found enum `Result<(), _>`
    help: consider using a semicolon here
       |
    24 |             Ok(());
       |                   +
    help: consider using a semicolon here
       |
    27 |         };
       |          +
    help: you might have meant to return this value
       |
    24 |             return Ok(());
       |             ++++++       +
    
    error[E0308]: mismatched types
      --> src/main.rs:26:13
       |
    23 | /         if device::tun::parse_utun_name(&_v).is_ok() {
    24 | |             Ok(())
    25 | |         } else {
    26 | |             Err("Tunnel name must have the format 'utun[0-9]+', use 'utun' for automatic assignment".to_owned())
       | |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected `()`, found enum `Result`
    27 | |         }
       | |_________- expected this to be `()`
       |
       = note: expected unit type `()`
                       found enum `Result<_, String>`
    help: consider using a semicolon here
       |
    26 |             Err("Tunnel name must have the format 'utun[0-9]+', use 'utun' for automatic assignment".to_owned());
       |                                                                                                                 +
    help: consider using a semicolon here
       |
    27 |         };
       |          +
    help: you might have meant to return this value
       |
    26 |             return Err("Tunnel name must have the format 'utun[0-9]+', use 'utun' for automatic assignment".to_owned());
       |             ++++++                                                                                                     +
    
    error[E0277]: the size for values of type `str` cannot be known at compilation time
       --> src/main.rs:101:9
        |
    101 |         tun_name = matches.value_of("tun-fd").unwrap();
        |         ^^^^^^^^ doesn't have a size known at compile-time
        |
        = help: the trait `Sized` is not implemented for `str`
        = note: the left-hand-side of an assignment must have a statically known size
    
    Reviewed by protonjohn at 2022-04-27 08:23
  • 14. error: failed to run custom build command for `ring v0.16.20` while cross compiling

    I cross compiled BoringTun on amd64 linux.

    I have run rustup target add x86_64-apple-darwin before.

    It was successful to compile "x86_64-unknown-linux-gnu" on AMD64 machine and " x86_64-apple-darwin" on MacBook macOS.

    However. It was failed to compile " x86_64-apple-darwin" on AMD64.

    It means static compilation is OK on each system. But could not be cross compiled.

    image

    [email protected]:~/boringtun# $HOME/.cargo/bin/cargo build --bin boringtun-cli --release --target x86_64-apple-darwin
       Compiling cfg-if v1.0.0
       Compiling lazy_static v1.4.0
       Compiling smallvec v1.8.0
       Compiling autocfg v1.1.0
       Compiling once_cell v1.9.0
       Compiling scopeguard v1.1.0
       Compiling bitflags v1.3.2
       Compiling ansi_term v0.12.1
       Compiling spin v0.5.2
       Compiling pin-project-lite v0.2.8
       Compiling unicode-width v0.1.9
       Compiling ip_network v0.4.1
       Compiling itoa v1.0.1
       Compiling untrusted v0.7.1
       Compiling ip_network_table-deps-treebitmap v0.5.0
       Compiling hex v0.4.3
       Compiling untrusted v0.9.0
       Compiling boxfnonce v0.1.1
       Compiling strsim v0.8.0
       Compiling vec_map v0.8.2
       Compiling base64 v0.13.0
       Compiling libc v0.2.117
       Compiling tracing-core v0.1.22
       Compiling sharded-slab v0.1.4
       Compiling memoffset v0.6.5
       Compiling log v0.4.14
       Compiling crossbeam-utils v0.8.7
       Compiling parking_lot_core v0.9.1
       Compiling thread_local v1.1.4
       Compiling lock_api v0.4.6
       Compiling textwrap v0.11.0
       Compiling ip_network_table v0.2.0
       Compiling ring v0.16.20
    error: failed to run custom build command for `ring v0.16.20`
    
    Caused by:
      process didn't exit successfully: `/root/boringtun/target/release/build/ring-660027d888985dc6/build-script-build` (exit status: 101)
      --- stdout
      OPT_LEVEL = Some("3")
      TARGET = Some("x86_64-apple-darwin")
      HOST = Some("x86_64-unknown-linux-gnu")
      CC_x86_64-apple-darwin = None
      CC_x86_64_apple_darwin = None
      TARGET_CC = None
      CC = None
      CROSS_COMPILE = None
      CFLAGS_x86_64-apple-darwin = None
      CFLAGS_x86_64_apple_darwin = None
      TARGET_CFLAGS = None
      CFLAGS = None
      CRATE_CC_NO_DEFAULTS = None
      DEBUG = Some("false")
      CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2,sse3,ssse3")
    
      --- stderr
      running "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-arch" "x86_64" "-I" "include" "-Wall" "-Wextra" "-pedantic" "-pedantic-errors" "-Wall" "-Wextra" "-Wcast-align" "-Wcast-qual" "-Wconversion" "-Wenum-compare" "-Wfloat-equal" "-Wformat=2" "-Winline" "-Winvalid-pch" "-Wmissing-field-initializers" "-Wmissing-include-dirs" "-Wredundant-decls" "-Wshadow" "-Wsign-compare" "-Wsign-conversion" "-Wundef" "-Wuninitialized" "-Wwrite-strings" "-fno-strict-aliasing" "-fvisibility=hidden" "-fstack-protector" "-gfull" "-DNDEBUG" "-c" "-o/root/boringtun/target/x86_64-apple-darwin/release/build/ring-1ed844cb9f4b9d8e/out/aesni-x86_64-macosx.o" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.16.20/pregenerated/aesni-x86_64-macosx.S"
      cc: error: x86_64: No such file or directory
      cc: error: unrecognized debug output level ‘full’
      cc: error: unrecognized command line option ‘-arch’
      thread 'main' panicked at 'execution failed', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.16.20/build.rs:656:9
      note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    
    Reviewed by fscarmen at 2022-04-23 02:38
  • 15. device: Allow modifying peers

    Currently, updating peers without replacing them is not implemented, which can mess up state tracking, especially when the last handshake time stops being a thing all of a sudden. This commit introduces API changes to Peer to allow modifying specific fields and replaces the panic macro with actual setting of said fields.

    Fixes https://github.com/cloudflare/boringtun/issues/40

    Reviewed by ernestask at 2022-04-20 08:11
  • 16. Tools other than `wg(8)` to configure BoringTun

    It's being hinted at the readme that we can configure the tunnel using wg(8) or any other tool.

    My problem is that I want to use BoringTun on a network which blocks the WireGuard header for handshake and transport data which, if I understand correctly, is constructed by wg(8).

    Looking at the packet capture, WARP doesn't seem to use wg(8) to configure BoringTun as Wireshark doesn't see the WireGuard header on the UDP packets. Therefore, it works on my network. (The WARP server [engage.cloudflareclient.com] still listens to WireGuard handshake packets for some reason.)

    I'm not aware of any other tools I can use to configure the BoringTun interface. Is the one for WARP open source?

    Reviewed by arinc9 at 2022-04-19 00:23
Lightweight slowloris (HTTP DoS) implementation in Rust.
Lightweight slowloris (HTTP DoS) implementation in Rust.

slowlorust Lightweight slowloris (HTTP DoS) implementation in Rust. Slowloris is a denial-of-service attack program which allows an attacker to overwh

Mar 11, 2022
A paseto implementation in rust.

Paseto Rust Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This is d

May 12, 2022
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application. We intend to bring a ful

May 21, 2022
Rust implementation of The Update Framework (TUF)

rust-tuf A Rust implementation of The Update Framework (TUF). Full documentation is hosted at docs.rs. Warning: Beta Software This is under active dev

May 23, 2022
A pure-Rust implementation of various threshold secret sharing schemes

Threshold Secret Sharing Efficient pure-Rust library for secret sharing, offering efficient share generation and reconstruction for both traditional S

Apr 6, 2022
A Rust implementation of the Message Layer Security group messaging protocol

Molasses An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol s

Apr 11, 2022
An implementation of webauthn components for Rustlang servers

Webauthn-rs Webauthn is a modern approach to hardware based authentication, consisting of a user with an authenticator device, a browser or client tha

May 18, 2022
Detects usage of unsafe Rust in a Rust crate and its dependencies.
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ Looking for maintainer: https://github.com/rust-secure-code/cargo-geiger/issues/210 A program that lists statistics related to the usa

May 18, 2022
An esoteric language/compiler written with Rust and Rust LLVM bindings

MeidoLang (メイドラング) A not so useful and esoteric language. The goal of this project was to contain some quirky or novel syntax in a stack-style program

Dec 24, 2021
Rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.

Rust verification tools This is a collection of tools/libraries to support both static and dynamic verification of Rust programs. We see static verifi

May 19, 2022
Rust bindings for libinjection

libinjection-rs Rust bindings for libinjection. How to use Add libinjection to dependencies of Cargo.toml: libinjection = "0.2" Import crate: extern c

May 16, 2022
A simple password manager written in Rust
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

May 20, 2022
tcp connection hijacker, rust rewrite of shijack
tcp connection hijacker, rust rewrite of shijack

rshijack tcp connection hijacker, rust rewrite of shijack from 2001. This was written for TAMUctf 2018, brick house 100. The target was a telnet serve

Apr 30, 2022
A fast, simple, recursive content discovery tool written in Rust.
A fast, simple, recursive content discovery tool written in Rust.

A simple, fast, recursive content discovery tool written in Rust ?? Releases ✨ Example Usage ✨ Contributing ✨ Documentation ?? ?? What the heck is a f

May 22, 2022
link is a command and control framework written in rust
link is a command and control framework written in rust

link link is a command and control framework written in rust. Currently in alpha. Table of Contents Introduction Features Feedback Build Process Ackno

May 20, 2022
CVEs for the Rust standard library

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

May 21, 2022
Rust bindings for VirusTotal/Yara

yara-rust Bindings for the Yara library from VirusTotal. More documentation can be found on the Yara's documentation. Example The implementation is in

Apr 14, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

May 23, 2022
Rust library for developing safe canisters.

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

May 4, 2022