WireGuard Archive on lore.kernel.org
 help / Atom feed
* Is udp data corruption over wireguard possible?
@ 2018-12-23  3:37 Matt Avery
  2019-01-02 19:46 ` David Anderson
  0 siblings, 1 reply; 2+ messages in thread
From: Matt Avery @ 2018-12-23  3:37 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 348 bytes --]

It dawned to me today that if I write an application that sends udp
datagrams through the wireguard interface that corruption of the data
within the datagram is not possible even if I decide to zero-out my
datagram checksums (assuming the datagram doesn't get intentionally
corrupted within the kernel.)

Is that assumption correct?

Thanks,
-Matt

[-- Attachment #1.2: Type: text/html, Size: 694 bytes --]

<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:#000000">It dawned to me today that if I write an application that sends udp datagrams through the wireguard interface that corruption of the data within the datagram is not possible even if I decide to zero-out my datagram checksums (assuming the datagram doesn&#39;t get intentionally corrupted within the kernel.)</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:#000000">Is that assumption correct?<br><br>Thanks,<br>-Matt</div></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Is udp data corruption over wireguard possible?
  2018-12-23  3:37 Is udp data corruption over wireguard possible? Matt Avery
@ 2019-01-02 19:46 ` David Anderson
  0 siblings, 0 replies; 2+ messages in thread
From: David Anderson @ 2019-01-02 19:46 UTC (permalink / raw)
  To: Matt Avery; +Cc: WireGuard mailing list

[-- Attachment #1.1: Type: text/plain, Size: 1530 bytes --]

It's not possible within the tunnel, but it's still possible anywhere else
in the path.

That said, you should never rely on the IP/TCP/UDP checksums at the
application layer. Most modern router ASICs unconditionally recalculate the
checksum right before transmission (to account for any packet mangling that
happened in the ASIC pipeline), so it's very common for routers with faulty
RAM or a faulty ASIC to corrupt a packet and then recalculate all the L3/L4
checksums to be "correct" before transmitting the broken packet.

If you need to verify traffic integrity, you need your own integrity check
at L7 - ideally bound to a cryptographic exchange so you can be certain
that it's an e2e integrity check that cannot be tampered with even by
"smart" proxies. Wireguard can provide you some "integrity by proxy" if
you're not routing traffic on either end of the tunnel, but that won't save
you in any other cases :)

- Dave

On Wed, Jan 2, 2019 at 11:37 AM Matt Avery <matthewaveryusa@gmail.com>
wrote:

> It dawned to me today that if I write an application that sends udp
> datagrams through the wireguard interface that corruption of the data
> within the datagram is not possible even if I decide to zero-out my
> datagram checksums (assuming the datagram doesn't get intentionally
> corrupted within the kernel.)
>
> Is that assumption correct?
>
> Thanks,
> -Matt
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 2430 bytes --]

<div dir="ltr">It&#39;s not possible within the tunnel, but it&#39;s still possible anywhere else in the path.<div><br></div><div>That said, you should never rely on the IP/TCP/UDP checksums at the application layer. Most modern router ASICs unconditionally recalculate the checksum right before transmission (to account for any packet mangling that happened in the ASIC pipeline), so it&#39;s very common for routers with faulty RAM or a faulty ASIC to corrupt a packet and then recalculate all the L3/L4 checksums to be &quot;correct&quot; before transmitting the broken packet.</div><div><br></div><div>If you need to verify traffic integrity, you need your own integrity check at L7 - ideally bound to a cryptographic exchange so you can be certain that it&#39;s an e2e integrity check that cannot be tampered with even by &quot;smart&quot; proxies. Wireguard can provide you some &quot;integrity by proxy&quot; if you&#39;re not routing traffic on either end of the tunnel, but that won&#39;t save you in any other cases :)</div><div><br></div><div>- Dave</div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Jan 2, 2019 at 11:37 AM Matt Avery &lt;<a href="mailto:matthewaveryusa@gmail.com">matthewaveryusa@gmail.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:rgb(0,0,0)">It dawned to me today that if I write an application that sends udp datagrams through the wireguard interface that corruption of the data within the datagram is not possible even if I decide to zero-out my datagram checksums (assuming the datagram doesn&#39;t get intentionally corrupted within the kernel.)</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small;color:rgb(0,0,0)">Is that assumption correct?<br><br>Thanks,<br>-Matt</div></div>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-23  3:37 Is udp data corruption over wireguard possible? Matt Avery
2019-01-02 19:46 ` David Anderson

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox