Hi Alexander, On Thu, Nov 09, 2023 at 12:57:26PM +0100, Alexander Zubkov wrote: > I heard recently about the lightweight tunnel infrastructure in Linux > kernel (ip route ... encap ...). And I think this might be helpful in > the context of this thread.
I hadn't seen that yet, thanks for pointing it out. > Linux kernel allows already to add encapsulation parameters to the route > entry in its table. So you do not need to create tunnel devices for > that. And wireguard encapsulation and destination might be added there > too. Right, I think ultimately it's going to come down to either technical constraints or in the absence of that, maintainer preference whether via-wgpeer or "encap wg" is the way. The idea is very similar anyway. > But as I understood the technology, it works only in one way (for > outgoing packets) and the decapsulation should be processed separately, > for example in case of VXLAN and MPLS they have their own tables. That would be a problem as I specifically want to tie the source address filtering to this too. I'll have a look at the internals (if and) when I get around to starting work on this. Thanks, --Daniel
signature.asc
Description: PGP signature
