Patch to apply QoS for DTLS
Ralph Schmieder
ralph.schmieder at gmail.com
Thu Aug 13 08:31:55 PDT 2015
On Aug 12, 2015, at 1:53 PM GMT+2, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Wed, 2015-08-12 at 13:45 +0200, Nikos Mavrogiannopoulos wrote:
>> On Wed, Aug 12, 2015 at 1:09 PM, Ralph Schmieder
>> <ralph.schmieder at gmail.com> wrote:
>>> I've created this little patch that copies the original ToS field to
>>> the encapsulated UDP packets. This helps with VoIP applications to
>>> mark the encrypted packets accordingly. Works for me, tested using
>>> DTLS against ASA headends. YMMV etc.
> [...]
> However, it *definitely* needs to be made dependant on a configure-time
> check for IP_TOS (and IPV6_TCLASS), so it doesn't break on lots of non
> -Linux systems. And it also needs to stop assuming that *everyone* is
> stuck in the 20th century and using only Legacy IP. It needs to cope
> with the case where IPv6 is being transported within the tunnel, *and*
> the case where the connection to the VPN server is IPv6. And both.
>
OK, please find attached a slightly improved version. I am not very familiar with configure-time checks so I haven't done anything in that area. However:
- code should be AF agnostic now, in all permutations (v4 in v4, v6 in v6, v4 in v6 and v6 in v4)
- added command line switch to turn it off (default is on)
- tested for the v4 in v4 use case, that's what I have easy access to.
If you guys can spare a minute and eyeball the code (especially the code paths that I can't easily test) that would be super.
-ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oc-qos-v2.patch
Type: application/octet-stream
Size: 5248 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150813/08a99933/attachment-0001.obj>
More information about the openconnect-devel
mailing list