From: Matthias Urlichs <matthias.urlichs@noris.de>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Feature request: tag incoming packets
Date: Sun, 31 Jan 2021 14:07:33 +0000 [thread overview]
Message-ID: <cc0a6bc9-5450-c30b-b3e9-8bb248b8c07d@noris.de> (raw)
In-Reply-To: <mailman.0.1612101211.63283.wireguard@lists.zx2c4.com>
[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]
Hello,
the problem: given a wireguard interface with many peers, all with
different network addresses and whatnot. I want to do ingress traffic
accounting and some special filtering.
Adding an incoming filter that re-classifies all incoming packets to its
customer account seems like a lot of superfluous work, and the whole
thing seems somewhat fragile.
It'd be way nicer if wireguard had a per-peer netfilter tag which it
would simply set on all incoming packets from that peer. Examining that
in my netfilter tables would then cause no superfluous CPU load, and
updates to peer status would be atomic and not risk colliding with other
processes' update of nftables.
--
-- Matthias Urlichs
--
Matthias Urlichs
Executive Principal Solution Architect (Linux)
noris network AG
Thomas-Mann-Straße 16-20
90471 Nürnberg
Deutschland
Tel +49 911 9352 1717
Fax +49 911 9352 100
Email matthias.urlichs@noris.de
noris network AG - Mehr Leistung als Standard
Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Stefan Keller, Florian Sippel
Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 2816 bytes --]
next parent reply other threads:[~2021-02-20 14:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.0.1612101211.63283.wireguard@lists.zx2c4.com>
2021-01-31 14:07 ` Matthias Urlichs [this message]
2021-02-20 14:33 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cc0a6bc9-5450-c30b-b3e9-8bb248b8c07d@noris.de \
--to=matthias.urlichs@noris.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).