Source IP incorrect on multi homed systems

Nico Schottelius nico.schottelius at ungleich.ch
Sun Feb 19 20:18:34 UTC 2023


tlhackque <tlhackque at yahoo.com> writes:
>> [...]
>> 4.1 <https://www.rfc-editor.org/rfc/rfc2181.html#section-4.1>. UDP
>> Source Address Selection
>>
>>     ***To avoid these problems, servers when responding to queries
>> using UDP _must _cause the reply to be sent with the source address
>> field in the IP header set to the address that was in the
>> destination address field of the IP header of the packet containing
>> the query causing the response.** *

OMG, we really have seen everything already, haven't we?

Jason, what do you think about adopting the RFC2181 Source Address
Selection algorithm for wireguard?

If I am not mistaken that would mean in practice:

   if orignal_pkg.ip_dst == one_of_my_ips then
      return_pkg.ip.src = orignal_pkg.ip_dst
      return_pkg.ip.dst = orignal_pkg.ip_src
   fi

For me that sounds like a sane approach (aside from
my very simplified algorithm).

Best regards,

Nico

--
Sustainable and modern Infrastructures by ungleich.ch


More information about the WireGuard mailing list