From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: James Wilson <ehdot795@gmail.com>, wireguard@lists.zx2c4.com
Subject: Re: Encapsulation
Date: Wed, 01 Mar 2017 17:38:01 -0800 [thread overview]
Message-ID: <871sugpifa.fsf@alice.fifthhorseman.net> (raw)
In-Reply-To: <CACCLhZQtterheuB9NF4ppEAYbLKXtsPzCEnMGdtAS5KKVfPEjQ@mail.gmail.com>
On Wed 2017-03-01 16:38:05 -0800, James Wilson wrote:
> Hi,
>
> Just out of curiosity, how does a "wireguard packet' look like on the wire
> ??
>
> I'm guessing:
>
> Ethernet
> IP
> UDP
> |------------------|
> | IP |
> | WG payload |
> |------------------|
>
>
> What's in the box is encrypted
>
> Is that right ?? If not, what does it look like?
I believe the cleartext (after decryption) is an actual IP packet, so
everything from layer3 up the stack.
If anyone wants to document this sort of thing explicitly in a useful
way, you might consider writing a wireshark dissector:
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
and you can clone wireshark's source with:
git clone https://code.wireshark.org/review/wireshark
The simplest thing would be to start with a dissector for the ciphertext
itself, for the few pieces of metadata that are outside the encrypted
packet (see e.g. §5.4.2 of
https://www.wireguard.io/papers/wireguard.pdf)
If you want to get more clever, you could add a mechanism to the
wireguard module to extract session keys, and then make a decryptor
plugin to wireshark. But start with just the ciphertext ;)
--dkg
next prev parent reply other threads:[~2017-03-02 1:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 0:38 Encapsulation James Wilson
2017-03-02 1:09 ` Encapsulation Jason A. Donenfeld
2017-03-02 1:38 ` Daniel Kahn Gillmor [this message]
2017-03-02 13:37 ` Encapsulation James Wilson
2017-03-02 15:19 ` Encapsulation Jason A. Donenfeld
2017-03-02 16:58 ` Encapsulation Peter Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871sugpifa.fsf@alice.fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=ehdot795@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).