| ▲ | zx2c4 8 hours ago |
| I likewise wonder from time to time whether I should replace WireGuard's allowedips.c trie with something better: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... |
|
| ▲ | Sesse__ 7 hours ago | parent [-] |
| I use Wireguard rarely enough that the AllowedIPs concept gets me every time. It gets easier when I replace it mentally with “Route=” :-) |
| |
| ▲ | zx2c4 6 hours ago | parent [-] | | It's like a routing table on the way out and an ACL on the way in. Maybe an easier way to think of it. | | |
| ▲ | Sesse__ 5 hours ago | parent [-] | | Sure, but how does this differ from a routing table with RPF (which is default in Linux already)? | | |
| ▲ | zx2c4 5 hours ago | parent [-] | | It's associated per-peer, so it assures a cryptographic mapping between src ip and public key. |
|
|
|
