Hey again, It turns out that our new semantics -- of rejecting only if the src IP doesn't belong to _any_ interface, as opposed to the specific interface -- nicely map to Linux's PKTINFO interface for userspace. In working with Mathias on the Go implementation, I produced the following code snippet that shows this sticky-socket technique using pure-userspace facilities:
https://git.zx2c4.com/WireGuard/tree/contrib/examples/sticky-sockets/sticky-sockets.c Just FYI, if anybody is curious. Jason _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
