On Thu, Jan 18, 2018 at 12:30 PM, Vadim Zotov <[email protected]> wrote: > in some circumstances it is important to set the TOS field in tunnel packet > equivalent to payload packet TOS. > for example, our provider supports three different SLAs, depending on packet > TOS field, with different jitter, > packet loss and service availability. In current release wireguard always set > tos to 0. > Yep, I completely agree to "in some circumstances" :-D
I am not sure how copying the TOS field can be exploited, I guess it is one of those things "potential hazard, use KISS, avoid till needed AND assessment can be made"... Copying the field straight (in plain-text in a way), will provide some see-through-the-tunnel, which WG is designed NOT to allow, AFAIK. There are no optional parameters/options in wireguard (well, except fwmark), but I guess that one should be implemented as an option, at least at first. But again, that contradict KISS principle... Since this is not a common scenario, IMHO, and there are only a handful TOS worth doing something, a workaround would be to bunch a few wg tunnels (even bridge them at both ends?), use fwmark and mangle the TOS with iptables/ift... Just a suggestion, not tried obviously. Regards, Kalin. _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
