Source IP incorrect on multi homed systems
Nico Schottelius
nico.schottelius at ungleich.ch
Sun Feb 19 20:18:34 UTC 2023
tlhackque <tlhackque at yahoo.com> writes:
>> [...]
>> 4.1 <https://www.rfc-editor.org/rfc/rfc2181.html#section-4.1>. UDP
>> Source Address Selection
>>
>> ***To avoid these problems, servers when responding to queries
>> using UDP _must _cause the reply to be sent with the source address
>> field in the IP header set to the address that was in the
>> destination address field of the IP header of the packet containing
>> the query causing the response.** *
OMG, we really have seen everything already, haven't we?
Jason, what do you think about adopting the RFC2181 Source Address
Selection algorithm for wireguard?
If I am not mistaken that would mean in practice:
if orignal_pkg.ip_dst == one_of_my_ips then
return_pkg.ip.src = orignal_pkg.ip_dst
return_pkg.ip.dst = orignal_pkg.ip_src
fi
For me that sounds like a sane approach (aside from
my very simplified algorithm).
Best regards,
Nico
--
Sustainable and modern Infrastructures by ungleich.ch
More information about the WireGuard
mailing list