From 5ebd3d986b40148bd9a17993da6f40439314d2ad Mon Sep 17 00:00:00 2001
From: Riccardo Manfrin <riccardomanfrin@gmail.com>
Date: Wed, 13 May 2026 19:42:46 +0200
Subject: [PATCH] Adds reminder to reason about rosenpass surface area

---
 client/internal/rosenpass/manager.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/internal/rosenpass/manager.go b/client/internal/rosenpass/manager.go
index f846540f7..d5d919588 100644
--- a/client/internal/rosenpass/manager.go
+++ b/client/internal/rosenpass/manager.go
@@ -119,6 +119,7 @@ func (m *Manager) addPeer(rosenpassPubKey []byte, rosenpassAddr string, wireGuar
 		// 4-byte IPv4 for IPv4 hosts, which the kernel rejects (EDESTADDRREQ) when
 		// sent from an AF_INET6 socket. Normalize the remote endpoint to IPv4-mapped
 		// IPv6 so its address family matches our listening socket.
+		// TODO: maybe bind the Rosenpass UDP server to the peer wg IP addr
 		if v4 := pcfg.Endpoint.IP.To4(); v4 != nil {
 			pcfg.Endpoint.IP = v4.To16()
 		}