Change Details

When in netmap (emulated) mode, wireguard interfaces prepend or strip a dummy ethernet header when interfacing with netmap. The netmap application thus sees unencrypted, de-encapsulated frames with a fixed header. In this mode, netmap hooks the if_input and if_transmit routines of the ifnet. Thus, when handling decrypted packets in wg_deliver_in(), we prepend an ethernet header and call if_input() rather than passing the packet to netisr. Conversely, when netmap calls the "native" if_input implementation, wg_if_input(), we strip the ethernet header and dispatch the packet to the network stack. In the transmit path, wg_output(), the if_output implementation, will prepend an ethernet header and pass the packet to netmap by calling if_transmit(). wg_transmit() inverts this by stripping the header. (I believe that the existing implementation of wg_transmit() was effectively dead code previously, as nothing should be calling a wg interface's if_transmit implementation, ignoring netmap itself.) Sponsored by: Klara, Inc. Sponsored by: Zenarmor

When in netmap (emulated) mode, wireguard interfaces prepend or strip a dummy ethernet header when interfacing with netmap. The netmap application thus sees unencrypted, de-encapsulated frames with a fixed header. In this mode, netmap hooks the if_input and if_transmit routines of the ifnet. Packets from the host TX ring are handled by wg_if_input(), which simply hands them to the netisr layer; packets which would otherwise be tunneled are intercepted in wg_output() and placed in the host RX ring. The "physical" TX ring is processed by wg_transmit(), which behaves identically to wg_output() when netmap is not enabled, and packets appear in the "physical" RX ring by hooking wg_deliver_in(). Sponsored by: Klara, Inc. Sponsored by: Zenarmor

When in netmap (emulated) mode, wireguard interfaces prepend or strip a dummy ethernet header when interfacing with netmap. The netmap application thus sees unencrypted, de-encapsulated frames with a fixed header. In this mode, netmap hooks the if_input and if_transmit routines of the ifnet. Thus, when handling decrypted packets in wg_deliver_in(), we prepend an ethernet header and call if_input() rather than passing the packet to netisr. Conversely, when netmap calls the "native" if_input implementation, wg_if_input(),Packets from the host TX ring are handled by wg_if_input(), which simply hands them to the netisr layer; we strip the ethernet header and dispatch the packet to the network stack. In the transmit path, wg_output(), the if_output implementationpackets which would otherwise be tunneled are intercepted in wg_output() and placed in the host RX ring. The "physical" TX ring is processed by wg_transmit(), will prepend an ethernet header and pass the packet to netmap by calling if_transmit(). wg_transmit() inverts this by stripping the header. (I believe that the existing implementation of wg_transmit() was effectively dead code previouslyhich behaves identically to wg_output() when netmap is not enabled, as nothing should be calling a wg interface's if_transmit implementation, ignoring netmap itself.)nd packets appear in the "physical" RX ring by hooking wg_deliver_in(). Sponsored by: Klara, Inc. Sponsored by: Zenarmor