From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [WireGuard] Header / MTU sizes for Wireguard
Date: Mon, 11 Dec 2017 02:36:27 +0100 [thread overview]
Message-ID: <CAHmME9pwMy=O+ZXJKFzosZmNxbjK+5dadnMQ7AX7wGggwO0N6Q@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9owfe25ER4kS_jEOgMZO+eD5CZJnUqx1dz73k_z8VYYDg@mail.gmail.com>
Many people ask about the packet breakdown of WireGuard, and though
this is explained in [1] and [2], many find this ancient mailing list
thread, which now contains out of date information. So this email is
to bring the thread up to date, for folks who stumble upon it.
The overhead of WireGuard breaks down as follows:
- 20-byte IPv4 header or 40 byte IPv6 header
- 8-byte UDP header
- 4-byte type
- 4-byte key index
- 8-byte nonce
- N-byte encrypted data
- 16-byte authentication tag
So, if you assume 1500 byte ethernet frames, the worst case (IPv6)
winds up being 1500-(40+8+4+4+8+16), leaving N=1420 bytes. However, if
you know ahead of time that you're going to be using IPv4 exclusively,
then you could get away with N=1440 bytes.
[1] https://www.wireguard.com/protocol/
[2] https://www.wireguard.com/papers/wireguard.pdf
next prev parent reply other threads:[~2017-12-11 1:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 19:42 jens
2016-07-26 23:41 ` Jason A. Donenfeld
2017-12-11 1:36 ` Jason A. Donenfeld [this message]
2023-08-17 20:14 blurt_overkill882
2023-08-23 16:15 ` Roman Mamedov
[not found] ` <CAC9cSOA4-NDcVNs6s_mMT8kp3J8apnCMEXFGx4_XokipABhmAQ@mail.gmail.com>
2023-08-24 13:21 ` Roman Mamedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9pwMy=O+ZXJKFzosZmNxbjK+5dadnMQ7AX7wGggwO0N6Q@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).