Allowing space for packet headers in Wintun Tx/Rx

Simon Rozman simon at
Mon Apr 12 11:38:30 UTC 2021


> > Looks good to me; thanks. Just need to work out how to cross-build it
> > (I can muster up a Windows VM for testing, but *building* on it is
> > beyond my tolerance of Windows for now).
> +1 to all that.

Don't worry. Once Jason is back, reviews and (hopefully) approves the changes, we shall prepare an official release for you.

> > We'll also need to be able to WintunAllocateSendPacket() of the full
> > possible MTU, then receive and decrypt into that, and send only the
> > actual size of the packet we received.

How about this:

Should be backward compatible. Tested with the existing stable wireguard-windows release 0.3.10.

> There are two cases worth considering where the packet size could
> actually *expand*:
> 1) Some VPN protocols support compression of the tunneled packets. It
> would be bad behavior to use this to stuff a packet of >(advertised
> MTU) bytes in <(advertised MTU) bytes, but it wouldn't surprise me if it
> exists in the wild. We now deal with receipt of larger-than-expected-MTU
> packets in OpenConnect in a relatively uniform way: allocate MAX(mtu,
> 16384) bytes for packets coming from the VPN (if using TLS transport) or
> MAX(mtu, 2048) if using DTLS.
> 2) Some VPN protocols concatenate multiple packets into a single
> aggregate on the wire. On Linux we can decrypt, truncate, and send to
> the tunnel interface without further copying.
> Case (1) can be handled with overallocate-and-shrink. Case (2) is pretty
> rare among the protocols that OpenConnect supports, so fallback to
> memcpy seems fine.

Phew! Thanks. :)


More information about the WireGuard mailing list