On 12-02-18, Baptiste Jonglez wrote:
> Hi Jason,
> 
> On 12-02-18, Jason A. Donenfeld wrote:
> > Secondly, I'm wondering if you tend to do, "anything strange". For
> > example -- are you setting up and taking down the device often in an
> > automated way? Or reconfiguring the interface (via wg(8), for example)
> > often in an automated way? Or is the sustained day-in-day-out workload
> > that leads to this graph simply forwarding and encrypting/decrypting
> > packets as usual? If it's the latter, does this device tend to encrypt
> > or decrypt more, or both equally?
> 
> It's the latter "day-in-day-out" option: the system has a single wireguard
> interface, which is configured once at boot-time, and then used
> extensively to forward traffic.  It tends to encrypt more than it
> decrypts.

Actually, now that I talk about it, it's not 100% true: on this system,
there is a second wireguard interface that is not currently used (it's
provisionned to connect a future router that is not yet deployed).

The interesting part: this interface has a single peer which has no
endpoint but a persistent keepalive.  It looks like this:

    interface: wg-router2
      public key: XXXXXXXXXXXXXXXXXX
      private key: (hidden)
      listening port: 56008

    peer: YYYYYYYYYYY
      allowed ips: 0.0.0.0/0, ::/0
      persistent keepalive: every 25 seconds

Maybe wireguard allocates something to send the persistent keepalive, then
bails out because we don't know the endpoint of the peer?

I have taken this second interface down, but it has not released any
memory.  I am now leaving it up without the persistent keepalive, just in
case something interesting happens.

Baptiste