WG interface to ipv4

Matthias Urlichs matthias at urlichs.de
Mon May 7 11:37:25 CEST 2018


On 07.05.2018 10:41, Jordan Glover wrote:
> Pointing to go and rust implementations which are being
> worked on will be much better.
They still run in userspace.

That being said, I still don't see any reason for doing something in WG
for which (a) there's no threat model, (b) a perfectly adequate and
well-tested solution already exists, no matter whether the
implementation is userspace, kernelspace, or inside a network card's
firmware (well …).

Yes, ssh has a config option for that, but ssh runs on systems without
kernel-level IP filters. Using WG on a machine that will forward IP
packets but cannot do any firewalling is not a credible use case.

-- 
-- Matthias Urlichs


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180507/eccdc3aa/attachment.asc>


More information about the WireGuard mailing list