lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAA93jw7e61mbbLMoDwshxpWWK+oGUz71pGrsUYVX8uWM-s5Krg@mail.gmail.com>
Date:   Mon, 12 Nov 2018 16:10:36 -0800
From:   Dave Taht <dave.taht@...il.com>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     labokml@...o.rs, linux-kernel@...r.kernel.org,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        linux-crypto@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel

On Mon, Nov 12, 2018 at 3:54 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> Hey Ivan,
>
> Sorry for not getting back to you sooner.
>
> On Mon, Nov 5, 2018 at 8:06 AM Ivan Labáth <labokml@...o.rs> wrote:
> > Any news on this?
> >
> > To be clear, question is not about an insignificant documentation
> > oversight. It is about copying bits from inner packets to outer packets
>
> The short answer is RFC6040 with DSCP fixed to 0 so as not to leak
> anything. I've added a description of this to
> <wireguard.com/protocol/>.

you have a speling error (ECM). :)

side note:

I have to say that wireguard works really well with ecn and non-ecn marked flows
against codel and fq_codel on the bottleneck router.

I'd still rather like it if wireguard focused a bit more on
interleaving multiple flows better
rather than on single stream benchmarks, one day.

In this case, codel is managing things not fq and we could possibly
shave a few ms of induced latency off of it in this particular test series:

http://tun.taht.net/~d/wireguard/rrul_-_comcast_v6.png

vs wireguard (doing it ivp6 over that ipv6)

http://tun.taht.net/~d/wireguard/rrul_-_wireguard.png

That said, I've been deploying wireguard widely in replacement of my
old tinc network particularly on machines that were formerly cpu
bottlenecked
and am insanely pleased with it. what's a few extra ms of latency
between friends?

>
> Regards,
> Jason



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ