Hey, In fact, it's not needed if it's not needed. How to explain this apparent tautology?
If conntracking is compiled into the kernel, then for ICMP, I need to ask conntracking if it's possibly mangled the src IP of the packet before giving it to the wireguard device. If conntracking isn't compiled into the kernel, then there's nobody to ask and probably the packet wasn't mangled, in which case, I don't need to do anything. So, the following patch makes conntrack optional: https://git.zx2c4.com/WireGuard/commit/?id=c90fba009d70eedac614d77ad3494ed450b2995e This will be included in the next snapshot. Jason _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard