WireGuard, on the contrary, is around 4000 lines of core code. This is super short, and allows for a single individual to audit it. By focusing on simplicity and ease-of-auditability, I hope to achieve something that can be considered secure.
Compare this to the massive codebase of OpenVPN/OpenSSL and the various other userspace (read: slow as mollasses) VPNs. WireGuard is considerably shorter and simpler than those too.
Also, keep in mind that on Linux, jumping from userspace to ring0 execution isn't exactly difficult. So in practice I'm not sure it matters.
I make a living by exploiting kernels. This makes me very aware of the questions associated with running this in the kernel. I've tried to write WireGuard using my experience breaking similar codebases; WireGuard is short enough that it should receive the thorough attention that this sort of software deserves. By focusing on simplicity, I think we can in time achieve something quite trustworthy.
Finally, there will be a (necessarily lower speed) cross platform implementation released that's written in Rust. At the end of the day I suspect that all parties will find themselves pleased.
This is simply not true  .
 - http://dpdk.org/
 - http://info.iet.unipi.it/~luigi/netmap/
 - http://dpdk.org/doc/guides-16.04/prog_guide/kernel_nic_inter...
For a VPN that intends end-user device deployment it's kind of silly to require specific hardware.
And if you're savvy and want to get involved with development, we need all the help we can find!
edit: Just read a little bit of its source, apparently you have to disable std, and he replaces it with his own linux_std that at this point has only printf implemented. So yeah it'd be a pretty intense project if one would attempt it :)
(disabling std is standard in environments like this; and you still get libcore, which is a lot of stuff!)
I know and I don't much care to see this crappy tradition carried on with this new protocol. :(