[WireGuard] Allowing out-of-band communication with peers

Jason A. Donenfeld Jason at zx2c4.com
Thu Jun 30 22:25:29 CEST 2016


Hey Guus,

I'm thrilled to receive your feedback on WireGuard. As the author of
tinc, you've certainly thought about a lot of these issues before, and
your input is most welcomed.

I had thought about this exact thing a bit ago, and decided to hold
off on it until the core of WireGuard was stabilized. But I suspect
this kind of generic OOB message is something could certainly be
incorporated down the line.

The idea, more specifically, would be that we introduce another packet
type. The format and fields are identical to the ordinary data packets
-- they have a nonce, chacha20 encryption, and the poly1305
authentication tag -- except rather than pass the decrypted payload
off to the rest of the networking stack as an skb, it's passed up to
userspace via a netlink socket. Then, others could build whatever they
wanted on top of WireGuard. I'll certainly consider implementing
something like this. Of course this isn't the sort of thing that
should be added hastily or designed willy-nilly, so I plan to let the
various use cases of WireGuard organically develop first, and then
analyze those.

As for notifications... right now we use ioctl rather than netlink,
for reasons described in [1]. If at some point we move to using
netlink, then we could use the netlink notification infrastructure for
this sort of thing.

Regards,
Jason


[1] lkml.iu.edu/hypermail/linux/kernel/1606.3/02833.html


More information about the WireGuard mailing list