Hello,
in some circumstances it is important to set the TOS field in tunnel
packet equivalent to payload packet TOS.
for example, our provider supports three different SLAs, depending on
packet TOS field, with different jitter,
packet loss and service availability. In current release wireguard
always set tos to 0.
This patch solves that problem.
--- send.c.orig 2017-10-17 20:26:29.000000000 +0300
+++ send.c 2018-01-08 15:10:25.364428109 +0300
@@ -302,7 +302,7 @@
* all of the packets in the queue. If we can't assign nonces
for all of them,
* we just consider it a failure and wait for the next handshake. */
skb_queue_walk (&packets, skb) {
- PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0 /* No outer
TOS: no leak. TODO: should we use flowi->tos as outer? */, ip_hdr(skb),
skb);
+ PACKET_CB(skb)->ds =
ip_tunnel_ecn_encap(ipv4_get_dsfield(ip_hdr(skb)) & ~INET_ECN_MASK,
ip_hdr(skb), skb);
PACKET_CB(skb)->nonce =
atomic64_inc_return(&key->counter.counter) - 1;
if (unlikely(PACKET_CB(skb)->nonce >=
REJECT_AFTER_MESSAGES))
goto out_invalid;
--- send.c.orig 2017-10-17 20:26:29.000000000 +0300
+++ send.c 2018-01-08 15:10:25.364428109 +0300
@@ -302,7 +302,7 @@
* all of the packets in the queue. If we can't assign nonces for all of them,
* we just consider it a failure and wait for the next handshake. */
skb_queue_walk (&packets, skb) {
- PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0 /* No outer TOS: no leak. TODO: should we use flowi->tos as outer? */, ip_hdr(skb), skb);
+ PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(ipv4_get_dsfield(ip_hdr(skb)) & ~INET_ECN_MASK, ip_hdr(skb), skb);
PACKET_CB(skb)->nonce = atomic64_inc_return(&key->counter.counter) - 1;
if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
goto out_invalid;
_______________________________________________
WireGuard mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/wireguard
