Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Daniel Lenski <dlenski@gmail.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Allowing space for packet headers in Wintun Tx/Rx
Date: Thu, 8 Apr 2021 10:37:38 -0700	[thread overview]
Message-ID: <CAOw_LSHKf6wfPNFh=T0x5nz0PnBpd9kWYWvirvPnP+go2qayXQ@mail.gmail.com> (raw)
In-Reply-To: <1f5dfe333c4e8d228773241cffadc9913d7829c7.camel@infradead.org>

On Thu, Apr 8, 2021 at 10:10 AM David Woodhouse <dwmw2@infradead.org> wrote:
> On Thu, 2021-04-08 at 09:42 -0700, Daniel Lenski wrote:
> > On Thu, Apr 8, 2021 at 7:37 AM David Woodhouse <dwmw2@infradead.org> wrote:
> > > If we do need a header larger than 4 bytes, then we are forced to do
> > > things properly by adding support in the kernel driver instead of just
> > > abusing the existing header while we know the kernel isn't looking at
> > > it.
> >
> > This is probably too much "inside baseball" for the non-(OpenConnect
> > developers) here, but I *have* confirmed that the PPP-over-DTLS
> > encapsulation is identical to the PPP-over-TLS encapsulation for the 2
> > PPP-based protocols that we support already. Both F5 and Fortinet
> > essentially opted for the thinnest veneer of UDP-ization possible for
> > their protocols.
>
> Ok, so that's the PPP header plus either 6 bytes for Fortinet or 4
> bytes for F5? The important part for the purpose of this conversation
> is "more than four".

Correct. We need >4 bytes to support PPP-over-DTLS headers without copying.

And we will undoubtedly find more examples in the ongoing quest to
make OpenConnect serve as The One Client For Your Crappy Proprietary
Corporate VPN to Rule Them All.

  reply	other threads:[~2021-04-10 14:30 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-07 11:49 David Woodhouse
2021-04-07 23:15 ` Daniel Lenski
2021-04-08 14:37   ` David Woodhouse
2021-04-08 16:42     ` Daniel Lenski
2021-04-08 17:10       ` David Woodhouse
2021-04-08 17:37         ` Daniel Lenski [this message]
2021-04-10 13:38         ` Simon Rozman
2021-04-10 14:35           ` David Woodhouse
2021-04-10 18:32             ` Daniel Lenski
2021-04-12 11:38               ` Simon Rozman
2021-04-12 13:00                 ` David Woodhouse
2021-04-12 17:03                   ` Jason A. Donenfeld
2021-04-13 22:09                     ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAOw_LSHKf6wfPNFh=T0x5nz0PnBpd9kWYWvirvPnP+go2qayXQ@mail.gmail.com' \
    --to=dlenski@gmail.com \
    --cc=dwmw2@infradead.org \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).