From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Brad Spencer <bspencer@blackberry.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Wintun NeighborDiscoverySupported
Date: Thu, 9 Sep 2021 19:42:45 +0200 [thread overview]
Message-ID: <CAHmME9qXieNWU_Y5rz1eDM9Bh=YjBPaeQFTrsXr4PKHyh1ePRA@mail.gmail.com> (raw)
In-Reply-To: <00042bf6-4e8c-8638-380d-6774b37f96c2@blackberry.com>
Hi Brad,
That sure is interesting. Indeed UseNeighborUnreachabilityDetection
and SupportsNeighborDiscovery can't be set with SetIpInterfaceEntry. I
haven't (yet?) found any way for the driver itself to indicate that
these should be false, either, via OIDs or similar. This might require
some frustrating reverse engineering. I remember noticing this a long
time ago, but I deemed it "annoying but harmless". However, you now
mention:
On Thu, Sep 9, 2021 at 4:33 PM Brad Spencer <bspencer@blackberry.com> wrote:
> but the ARP table fills up with addresses. For example:
>
> $ arp -a -N 10.0.0.100 |wc -l
> 387
If that grows indefinitely, that sounds... bad. So this might be worth
looking into again. One thing about your message, though, raised a
question in my mind, but I'm not sure whether its an artifact of your
wording or a real thing you observed:
> We have noticed that Windows seems to try to send ARP requests over
> Wintun interfaces. In our configurations, these don't go anywhere and
> get no responses,
Indeed the ARP table fills up, as shown above, but I'm wondering how
you're observing ARP requests exactly. ARP is a layer 2 protocol, and
Wintun (and WireGuardNT) are layer 3 devices that should, in theory at
least, not have anything to do with ARP packets. So how exactly were
you "seeing" the ARP requests on the Wintun interface? Did wireshark
show it? Or did you read from the Wintun ring and actually see an ARP
frame? Or something else? Or was this just a manner of speaking and
you didn't actually observe ARP frames themselves?
Another small question:
> We _think_ that the NeighborDiscoverySupported property being Yes means
> that Windows issues ARP requests for addresses on the Wintun interface.
That seems like a good intuition. I'm wondering whether that's
something you're assuming or something you read on a Microsoft
website. I ask because this might provide a good entry point for
whatever reverse engineering I wind up doing to fix this.
Regards,
Jason
next prev parent reply other threads:[~2021-09-09 17:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 14:32 Brad Spencer
2021-09-09 17:42 ` Jason A. Donenfeld [this message]
2021-09-09 18:15 ` Brad Spencer
2021-09-09 20:23 ` Alan Graham
2021-09-10 17:19 ` Brad Spencer
2021-09-10 20:56 ` Alan Graham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9qXieNWU_Y5rz1eDM9Bh=YjBPaeQFTrsXr4PKHyh1ePRA@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=bspencer@blackberry.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).