Y
Hacker News
new
|
ask
|
show
|
jobs
by
zx2c4
63 days ago
I likewise wonder from time to time whether I should replace WireGuard's allowedips.c trie with something better:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
1 comments
Sesse__
63 days ago
I use Wireguard rarely enough that the AllowedIPs concept gets me every time. It gets easier when I replace it mentally with “Route=” :-)
link
zx2c4
63 days ago
It's like a routing table on the way out and an ACL on the way in. Maybe an easier way to think of it.
link
Sesse__
63 days ago
Sure, but how does this differ from a routing table with RPF (which is default in Linux already)?
link
zx2c4
63 days ago
It's associated per-peer, so it assures a cryptographic mapping between src ip and public key.
link