From: Peter Wu <peter@lekensteyn.nl>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: James Wilson <ehdot795@gmail.com>, wireguard@lists.zx2c4.com
Subject: Re: Encapsulation
Date: Thu, 2 Mar 2017 17:58:17 +0100 [thread overview]
Message-ID: <20170302165817.GA23695@al> (raw)
In-Reply-To: <871sugpifa.fsf@alice.fifthhorseman.net>
On Wed, Mar 01, 2017 at 05:38:01PM -0800, Daniel Kahn Gillmor wrote:
> On Wed 2017-03-01 16:38:05 -0800, James Wilson wrote:
> > Hi,
> >
> > Just out of curiosity, how does a "wireguard packet' look like on the wire
> > ??
> >
> > I'm guessing:
> >
> > Ethernet
> > IP
> > UDP
> > |------------------|
> > | IP |
> > | WG payload |
> > |------------------|
> >
> >
> > What's in the box is encrypted
> >
> > Is that right ?? If not, what does it look like?
>
> I believe the cleartext (after decryption) is an actual IP packet, so
> everything from layer3 up the stack.
It is more like:
Ethernet
IP (to WireGuard peer)
UDP (UDP payload is as follows:)
WireGuard header (type, counter)
Packet (encrypted, decrypted contents are as follows:)
IP (original)
(IP payload like ICMP, TCP, etc.)
If it helps, see this picture of the packet dissection for an ICMP
packet tunneled over WireGuard: https://i.imgur.com/MzubvX3.png
> If anyone wants to document this sort of thing explicitly in a useful
> way, you might consider writing a wireshark dissector:
As you can see above I have already been working on one and will publish
it soon after adding some documentation. :-)
--
Kind regards,
Peter Wu
https://lekensteyn.nl
prev parent reply other threads:[~2017-03-02 16:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 0:38 Encapsulation James Wilson
2017-03-02 1:09 ` Encapsulation Jason A. Donenfeld
2017-03-02 1:38 ` Encapsulation Daniel Kahn Gillmor
2017-03-02 13:37 ` Encapsulation James Wilson
2017-03-02 15:19 ` Encapsulation Jason A. Donenfeld
2017-03-02 16:58 ` Peter Wu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170302165817.GA23695@al \
--to=peter@lekensteyn.nl \
--cc=dkg@fifthhorseman.net \
--cc=ehdot795@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).