Currently, nylon sends all traffic through a WireGuard tunnel.
It would be useful if nylon can send packets over specified interfaces without going through a tunnel. We can send over layer 2, and layer 3 (tun).
We can do this using gvisor's netstack.
This would allow:
- Higher performance for links over trusted networks (avoid encryption overhead)
- The use of other tunnels, like V2Ray, AmneziaWG, etc.
- (Advanced) subnet routing, we can send nylon IP packets directly over the physical interface.
Some implications I thought of so far:
- We would have to use raw sockets, so there would be new plumbing inside of polyamide
- We would need an alternative method of monitoring tunnel health (with polyamide, we have a custom header)
- Need to investigate netstack performance.
Currently, nylon sends all traffic through a WireGuard tunnel.
It would be useful if nylon can send packets over specified interfaces without going through a tunnel. We can send over layer 2, and layer 3 (tun).
We can do this using gvisor's netstack.
This would allow:
Some implications I thought of so far: