Some questions about the protocol
Jason A. Donenfeld
Jason at zx2c4.com
Mon Mar 20 16:18:09 CET 2017
On Mon, Mar 20, 2017 at 6:06 AM, sopium <sopium at mysterious.site> wrote:
> Do we send back keep-alive packets in response to keep-alive packets?
> [No?] If so, they will ping-pong indefinitely, and persistent
> keep-alive seems unnecessary. If not, do we send keep-alive packets in
> response to persistent keep-alive packets? [Yes?] Then we need to
> distinguish these two different types of keep-alive?
You do _not_ send a keepalive to a keepalive.
You do _not_ need to distinguish the two different types of keepalives.
You do _not_ send keepalive packets in response to persistent
keepalive packets. They are the same and indistinguishable.
The rule is:
If a non-keepalive data packet has been received from a given peer,
but we have not
sent either a non-keepalive data packet nor a keepalive data packet
to the given peer
within the last KEEPALIVE ms, then we send a keepalive data packet.
When persistent keepalive is enabled, we simply send a keepalive every
X ms, which satisfies the condition above, and thus no additional
keepalives need to be sent, if persistent keepalive interval is >
>> WireGuard currently doesn't do per-peer-endpoint PMTU, but I'm working
>> on this, and I'll update you when this is worked out.
> Since a WireGuard interface can have multiple peers, some may have
> a smaller MTU than the interface MTU?
Yes. Per-peer PMTU discovery is currently a TODO item, but currently
is not worked out. Right now the best we can do is per-interface. This
will change at some point in the future, but not now.
More information about the WireGuard