From: Willem de Bruijn <email@example.com> To: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Hans Wippel <firstname.lastname@example.org>, WireGuard mailing list <email@example.com>, Netdev <firstname.lastname@example.org> Subject: Re: wireguard: problem sending via libpcap's packet socket Date: Wed, 1 Jul 2020 12:28:13 -0400 Message-ID: <CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com> (raw) In-Reply-To: <CAHmME9rZieNAYeeK90HLoaoeKJEv5vE9MHfn-q5zFY8_ebNqxw@mail.gmail.com> > > header_ops looks like the best approach to me, too. The protocol field > > needs to reflect the protocol of the *outer* packet, of course, but if > > I read wg_allowedips_lookup_dst correctly, wireguard maintains the > > same outer protocol as the inner protocol, no sit (6-in-4) and such. > > WireGuard does allow 6-in-4 and 4-in-6 actually. But parse_protocol is > only ever called on the inner packet. The only code paths leading to > it are af_packet-->ndo_start_xmit, and ndo_start_xmit examines > skb->protocol of that inner packet, which means it entirely concerns > the inner packet. Of course, you are right. This inspects the packet before passing to the device ndo_start_xmit, so before any encapsulation would take place. > And generally, for wireguard, userspace only ever > deals with the inner packet. That inner packet then gets encrypted and > poked at in strange ways, and then the encrypted blob of sludge gets > put into a udp packet and sent some place. So I'm quite sure that the > behavior just committed is right. > > And from writing a few libpcap examples, things seem to be working > very well, including Hans' example. Definitely. Thanks again.
prev parent reply index Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <email@example.com> 2020-06-26 20:41 ` Jason A. Donenfeld 2020-06-26 20:42 ` Jason A. Donenfeld 2020-06-27 0:22 ` Jason A. Donenfeld 2020-06-27 5:58 ` Jason A. Donenfeld 2020-06-28 20:04 ` Willem de Bruijn 2020-07-01 3:05 ` Jason A. Donenfeld 2020-07-01 12:19 ` Hans Wippel 2020-07-01 16:28 ` Willem de Bruijn [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAF=yD-KaG=SS5ujdYyeYXh6528SawgNBHteVf1ywDhMugV64Og@mail.gmail.com' \ --firstname.lastname@example.org \ --cc=Jason@zx2c4.com \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
WireGuard Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \ firstname.lastname@example.org public-inbox-index wireguard Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard AGPL code for this site: git clone https://public-inbox.org/public-inbox.git