TCP Wireguard with socat

Matthias Urlichs matthias at
Tue Mar 13 14:43:48 CET 2018

On 13.03.2018 10:19, Gianluca Gabrielli wrote:
> I'm wondering why we should prepend a length to each datagram. On the datagram's header the payload length is already present, should not be enough to reconstruct the original datagram after the stream has been unwrapped?
Not really, because the datagram's payload length doesn't have to
correspond to the frame length. Think malicious malformed packets, or
networks with a minimum packet length, or protocols other than wireguard
– you shouldn't assume that no other data is transmitted on that link.

Even if all that were true, or if you enfore that on the sending side,
you'd still need a specialized unpacker on the receiving end. Easier to
just use a tool that doesn't have any of these problems.

-- Matthias Urlichs

More information about the WireGuard mailing list