From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Hans Wippel <ndev@hwipl.net>,
WireGuard mailing list <wireguard@lists.zx2c4.com>,
Netdev <netdev@vger.kernel.org>
Subject: Re: wireguard: problem sending via libpcap's packet socket
Date: Wed, 1 Jul 2020 12:28:13 -0400 [thread overview]
Message-ID: <CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9rZieNAYeeK90HLoaoeKJEv5vE9MHfn-q5zFY8_ebNqxw@mail.gmail.com>
> > header_ops looks like the best approach to me, too. The protocol field
> > needs to reflect the protocol of the *outer* packet, of course, but if
> > I read wg_allowedips_lookup_dst correctly, wireguard maintains the
> > same outer protocol as the inner protocol, no sit (6-in-4) and such.
>
> WireGuard does allow 6-in-4 and 4-in-6 actually. But parse_protocol is
> only ever called on the inner packet. The only code paths leading to
> it are af_packet-->ndo_start_xmit, and ndo_start_xmit examines
> skb->protocol of that inner packet, which means it entirely concerns
> the inner packet.
Of course, you are right. This inspects the packet before passing to
the device ndo_start_xmit, so before any encapsulation would take
place.
> And generally, for wireguard, userspace only ever
> deals with the inner packet. That inner packet then gets encrypted and
> poked at in strange ways, and then the encrypted blob of sludge gets
> put into a udp packet and sent some place. So I'm quite sure that the
> behavior just committed is right.
>
> And from writing a few libpcap examples, things seem to be working
> very well, including Hans' example.
Definitely. Thanks again.
prev parent reply other threads:[~2020-07-01 16:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200626201330.325840-1-ndev@hwipl.net>
2020-06-26 20:41 ` wireguard: problem sending via libpcap's packet socket Jason A. Donenfeld
2020-06-26 20:42 ` Jason A. Donenfeld
2020-06-27 0:22 ` Jason A. Donenfeld
2020-06-27 5:58 ` Jason A. Donenfeld
2020-06-28 20:04 ` Willem de Bruijn
2020-07-01 3:05 ` Jason A. Donenfeld
2020-07-01 12:19 ` Hans Wippel
2020-07-01 16:28 ` Willem de Bruijn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com' \
--to=willemdebruijn.kernel@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ndev@hwipl.net \
--cc=netdev@vger.kernel.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).