From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: jens@viisauksena.de Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id fb086951 for ; Sat, 14 Jan 2017 20:46:08 +0000 (UTC) Received: from viisauksena.de (v32412.1blu.de [178.254.39.111]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 56608603 for ; Sat, 14 Jan 2017 20:46:08 +0000 (UTC) Subject: Re: limitations To: WireGuard mailing list References: From: jens Message-ID: <8e7bd349-31ba-9893-b1b6-b69a1b4ff385@viisauksena.de> Date: Sat, 14 Jan 2017 21:55:15 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------1F9947BA64D5D2FEF7D77DB2" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , This is a multi-part message in MIME format. --------------1F9947BA64D5D2FEF7D77DB2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable UDP is used for the connection between 2 wireguard instances .. using of the tunnel itself is done with the wg0 interface, which is "normal" Interface (layer3) - of cause you cannot do layer 2 (ethernet based) stuf= f. (but i do actually some tests with gretap tunnel on top of wireguard (to use batman-adv) - which works fine so far) Wireguard can be compiled and is then loaded as kernel module, so its easy to unload the module and load another one. But unloading the module will drop all tunnel for that time, and they have tobe restored afterwards - which is fine , since the tunnel is mainly stateless just my simple insight (which may wrong or over simplyfied) jens ( the freifunk WG with gretap and batman-adv if you interested https://forum.freifunk.net/t/wireguard-0-0-20161230-mit-linux-3-18-kernel= -und-damit-gluon-v2016-2-2/14122/7=20 ) On 14.01.2017 20:11, Wasa Bee wrote: > Hi > > i've got 2 simple questions about WireGuard, correct me if I'm wrong: > > - it is only over UDP. If so, is there ever going to be a TCP version? > A lot of applications that could benefit from WG use TCP. It does not > seem wise to expect programmers to implement a TCP-like layer (eg > retransmission, ack, etc) in userspace, is it? This would increase > complexity unnecessarily and would lead to vuln in practice... > > - WG is implemented as a patch to the kernel or a kernel module? The > reason I ask is that when an update is available for WG, it would be > good not to have to replace the whole kernel, but only reload a > patched WG module. Also: if there are ongoing sessions with some > clients, how would sessions be re-established (afaik, the current > design is to simply ignore irrelevant messages)? > > Thanks > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard --=20 make the world nicer, please use PGP encryption --------------1F9947BA64D5D2FEF7D77DB2 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit

UDP is used for the connection between 2 wireguard instances .. using of the tunnel itself is done with the wg0 interface, which is "normal" Interface (layer3) - of cause you cannot do layer 2 (ethernet based) stuff.
(but i do actually some tests with gretap tunnel on top of wireguard (to use batman-adv) - which works fine so far)

Wireguard can be compiled and is then loaded as kernel module, so its easy to unload the module and load another one. But unloading the module will drop all tunnel for that time, and they have tobe restored afterwards - which is fine , since the tunnel is mainly stateless

just my simple insight (which may wrong or over simplyfied)

jens

( the freifunk WG with gretap and batman-adv if you interested
https://forum.freifunk.net/t/wireguard-0-0-20161230-mit-linux-3-18-kernel-und-damit-gluon-v2016-2-2/14122/7  )



On 14.01.2017 20:11, Wasa Bee wrote:
Hi

i've got 2 simple questions about WireGuard, correct me if I'm wrong:

- it is only over UDP. If so, is there ever going to be a TCP version? A lot of applications that could benefit from WG use TCP. It does not seem wise to expect programmers to implement a TCP-like layer (eg retransmission, ack, etc) in userspace, is it? This would increase complexity unnecessarily and would lead to vuln in practice...

- WG is implemented as a patch to the kernel or a kernel module? The reason I ask is that when an update is available for WG, it would be good not to have to replace the whole kernel, but only reload a patched WG module. Also: if there are ongoing sessions with some clients, how would sessions be re-established (afaik, the current design is to simply ignore irrelevant messages)?

Thanks


_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard


-- 
make the world nicer, please use PGP encryption
--------------1F9947BA64D5D2FEF7D77DB2--