Linux kernel 5 different behavior

Vasili Pupkin diggest at
Sun Aug 25 18:59:32 CEST 2019

In the newest kernel version, Wireguard encrypted packets are sent
from the same user credentials as the user that created original
packets. I have a firewall setup that limits programs run from a
particular user to wireguard tun interface, it worked in kernel 4.18
and is broken in kernel 5.0. In the new kernel encrypted packets are
also marked as owned by this user and routed to the tun interface
generating a recursion.

More information about the WireGuard mailing list