On Mon, Sep 27, 2021 at 8:22 PM Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > Hi Cong, > > I'm not so sure this makes sense, as the inner packet is in fact > totally different. If you want to distinguish the ingress interface,
The contents are definitely different, but skb itself is the same. Please also take a look at other tunnels, they all preserve this in similar ways, that is, comparing net namespaces. Any reason why wireguard is so different from other tunnels? > can't you just use `iptables -i wg0` or `ip rule add ... iif wg0`? > My bad, I forgot to mention we run eBPF on egress side, where skb->dev is already set to egress device (a non-wireguard device), and of course skb_iif has been cleared even earlier. Thanks.