Re: [WireGuard] Header / MTU sizes for Wireguard

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: jens <jens@viisauksena.de>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [WireGuard] Header / MTU sizes for Wireguard
Date: Wed, 27 Jul 2016 01:41:48 +0200	[thread overview]
Message-ID: <CAHmME9owfe25ER4kS_jEOgMZO+eD5CZJnUqx1dz73k_z8VYYDg@mail.gmail.com> (raw)
In-Reply-To: <62f0dc7c-4eb4-523a-c548-ee2b2a6ec038@viisauksena.de>

Hi Jens,

I assume it was you asking in the IRC channel about this same thing
before signing out? Sorry I wasn't there when you were; I only just
now arrived home.

There actually is some optimization potential for you with regards to
the MTU. The overhead of WireGuard breaks down as follows:

- 20 byte IPv4 header or 40 byte IPv6 header
- 8 byte UDP header
- 1 byte type
- 4 byte key index
- 8 byte nonce
- N byte encrypted data
- 16 byte poly1305 authentication tag

So, if you assume 1500 byte ethernet frames, the worst case (IPv6)
winds up being 1500-(40+8+1+4+8+16), leaving N=1423 bytes. However, if
you know ahead of time that you're going to be using IPv4 exclusively,
then you could get away with 1443 bytes.

Hope that helps,
Jason

next prev parent reply	other threads:[~2016-07-26 23:39 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-26 19:42 jens
2016-07-26 23:41 ` Jason A. Donenfeld [this message]
2017-12-11  1:36   ` Jason A. Donenfeld
2023-08-17 20:14 blurt_overkill882
2023-08-23 16:15 ` Roman Mamedov
     [not found]   ` <CAC9cSOA4-NDcVNs6s_mMT8kp3J8apnCMEXFGx4_XokipABhmAQ@mail.gmail.com>
2023-08-24 13:21     ` Roman Mamedov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHmME9owfe25ER4kS_jEOgMZO+eD5CZJnUqx1dz73k_z8VYYDg@mail.gmail.com \
    --to=jason@zx2c4.com \
    --cc=jens@viisauksena.de \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).