WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Hans Wippel <ndev@hwipl.net>,
	WireGuard mailing list <wireguard@lists.zx2c4.com>,
	 Netdev <netdev@vger.kernel.org>
Subject: Re: wireguard: problem sending via libpcap's packet socket
Date: Wed, 1 Jul 2020 12:28:13 -0400
Message-ID: <CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9rZieNAYeeK90HLoaoeKJEv5vE9MHfn-q5zFY8_ebNqxw@mail.gmail.com>

> > header_ops looks like the best approach to me, too. The protocol field
> > needs to reflect the protocol of the *outer* packet, of course, but if
> > I read wg_allowedips_lookup_dst correctly, wireguard maintains the
> > same outer protocol as the inner protocol, no sit (6-in-4) and such.
> WireGuard does allow 6-in-4 and 4-in-6 actually. But parse_protocol is
> only ever called on the inner packet. The only code paths leading to
> it are af_packet-->ndo_start_xmit, and ndo_start_xmit examines
> skb->protocol of that inner packet, which means it entirely concerns
> the inner packet.

Of course, you are right. This inspects the packet before passing to
the device ndo_start_xmit, so before any encapsulation would take

> And generally, for wireguard, userspace only ever
> deals with the inner packet. That inner packet then gets encrypted and
> poked at in strange ways, and then the encrypted blob of sludge gets
> put into a udp packet and sent some place. So I'm quite sure that the
> behavior just committed is right.
> And from writing a few libpcap examples, things seem to be working
> very well, including Hans' example.

Definitely. Thanks again.

      parent reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20200626201330.325840-1-ndev@hwipl.net>
2020-06-26 20:41 ` Jason A. Donenfeld
2020-06-26 20:42   ` Jason A. Donenfeld
2020-06-27  0:22   ` Jason A. Donenfeld
2020-06-27  5:58     ` Jason A. Donenfeld
2020-06-28 20:04       ` Willem de Bruijn
2020-07-01  3:05         ` Jason A. Donenfeld
2020-07-01 12:19           ` Hans Wippel
2020-07-01 16:28           ` Willem de Bruijn [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com' \
    --to=willemdebruijn.kernel@gmail.com \
    --cc=Jason@zx2c4.com \
    --cc=ndev@hwipl.net \
    --cc=netdev@vger.kernel.org \
    --cc=wireguard@lists.zx2c4.com \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git