Multihomed server issue

Wang Jian larkwang at gmail.com
Sat Aug 12 18:08:37 CEST 2017


2017-08-10 22:29 GMT+08:00 Jason A. Donenfeld <Jason at zx2c4.com>:
> Hi Wang,
>
> Did you have any luck reproducing this with the netns.sh script?

I managed to test with dummy interface but things are not as expected.
I think it's because my test case patch is not equvalent to my real setup.

I was building a more complex test case that mimics my real setup, but
got stuck on other things and got no progress by now.

It seems that you have figured out what the scenario is and how to deal
with it.

IMHO, you have several options
1. Use request's destination address as reply source address, inject
the packet, then let kernel routing code do the left work, because a
policy route is installed anyway
2. like 1, but your code lookup routing table and search best route for
reply source address
3. provide config option that ListenAddress can be specified. You just
use it/them to check against request packet's dest address, and inject
the reply packet.

(Disclaimer: I haven't looked into your code related to routing due to
time constraint, so my opinions may be totally wrong)

I understand that you prefer 0.0.0.0 for most flexible, thus option 3
is not convicing.

BTW: finished test case is attached anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netns.dummy.patch
Type: application/octet-stream
Size: 4053 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170813/acc6c77b/attachment.obj>


More information about the WireGuard mailing list