[Patch net] wireguard: preserve skb->mark on ingress side
Cong Wang
xiyou.wangcong at gmail.com
Tue Sep 28 03:27:55 UTC 2021
On Mon, Sep 27, 2021 at 8:22 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> Hi Cong,
>
> I'm not so sure this makes sense, as the inner packet is in fact
> totally different. If you want to distinguish the ingress interface,
The contents are definitely different, but skb itself is the same.
Please also take a look at other tunnels, they all preserve this
in similar ways, that is, comparing net namespaces. Any reason
why wireguard is so different from other tunnels?
> can't you just use `iptables -i wg0` or `ip rule add ... iif wg0`?
>
My bad, I forgot to mention we run eBPF on egress side, where
skb->dev is already set to egress device (a non-wireguard device),
and of course skb_iif has been cleared even earlier.
Thanks.
More information about the WireGuard
mailing list