limitations

Jason A. Donenfeld Jason at zx2c4.com
Sat Jan 14 21:52:19 CET 2017


On Sat, Jan 14, 2017 at 8:11 PM, Wasa Bee <wasabee18 at gmail.com> wrote:
> - it is only over UDP. If so, is there ever going to be a TCP version? A lot
> of applications that could benefit from WG use TCP. It does not seem wise to
> expect programmers to implement a TCP-like layer (eg retransmission, ack,
> etc) in userspace, is it? This would increase complexity unnecessarily and
> would lead to vuln in practice...

I think you misunderstand. WireGuard is a layer 3 tunnel. Yes it uses
UDP and no it won't use TCP, but obviously you can use TCP sockets
over a layer 3 interface, just like you can with GRE or OpenVPN or
whatever else.

> - WG is implemented as a patch to the kernel or a kernel module? The reason
> I ask is that when an update is available for WG, it would be good not to
> have to replace the whole kernel, but only reload a patched WG module. Also:
> if there are ongoing sessions with some clients, how would sessions be
> re-established (afaik, the current design is to simply ignore irrelevant
> messages)?

Kernel module.


More information about the WireGuard mailing list