[RFC] Handling multiple endpoints for a single peer
Jason A. Donenfeld
Jason at zx2c4.com
Sun Jan 15 11:06:33 CET 2017
On Mon, Jan 9, 2017 at 10:47 AM, Baptiste Jonglez
<baptiste at bitsofnetworks.org> wrote:
> This is not what I proposed. Endpoints do not need to be ordered, and you
Sorry, I read too fast evidently. That's a nice suggestion, indeed, of
sending multiple handshakes and seeing which one arrives first. If the
same exact handshake packet is sent to multiple IP, only the first one
to arrive will actually be replied to, due to the anti-replay attack
prevention rejecting the ones that arrive later. This, then, makes
implementation quite simple. Wonderful. So then, as you wrote, the
symmetric session would use the IP from the handshake for the
duration.
I'm still struggling to come up with a satisfactory solution for how
to manage "learned" new IPs from the roaming, to prevent the list from
getting too large. Fixed size LRU cycling perhaps?
More information about the WireGuard
mailing list