Patch to apply QoS for DTLS
David Woodhouse
dwmw2 at infradead.org
Thu Aug 13 09:04:33 PDT 2015
This looks good, thanks!
Please could you include a Signed-off-by: tag as discussed at
http://www.infradead.org/openconnect/contribute.html ?
On Thu, 2015-08-13 at 17:31 +0200, Ralph Schmieder wrote:
> diff -rupN openconnect-7.06/dtls.c openconnect-7.06-rschmied/dtls.c
> --- openconnect-7.06/dtls.c> > 2015-02-27 10:56:03.000000000 +0000
> +++ openconnect-7.06-rschmied/dtls.c> > 2015-08-13 15:05:46.400228058 +0000
> @@ -25,6 +25,8 @@
> #include
> #include
> #include
> +#include
> +#include
>
> #include "openconnect-internal.h"
>
> @@ -901,7 +903,38 @@ int dtls_mainloop(struct openconnect_inf
> > > while (vpninfo->outgoing_queue.head) {
> > > > struct pkt *this = dequeue_packet(&vpninfo->outgoing_queue);
> > > > struct pkt *send_pkt = this;
> -> > > int ret;
> +> > > int ret, valid=1;
> +> > > struct ip *iph;
> +> > > struct ip6_hdr *ip6h;
> +> > > uint8_t tos;
> +
> +> > > /* Unless no-tos-copy is set we want to copy the TOS/TCLASS header */
> +> > > /* to the outer UDP packet */
> +> > > if (!vpninfo->dtls_no_tos_copy) {
qv.
> + /* get the TOS / TCLASS value of the original frame */
> +> > > > iph = (struct ip *)this->data;
> +> > > > if (iph->ip_v == 6 && this->len > sizeof(struct ip6_hdr)) {
> +> > > > > /* AF_INET6 */
> +> > > > > ip6h = (struct ip6_hdr *)this->data;
> +> > > > > tos = (ntohl(0x0FF00000) & ip6h->ip6_flow) >> 20;
> +> > > > } else if (iph->ip_v == 4 && this->len > sizeof(struct iphdr)) {
> +> > > > > /* AF_INET */
> +> > > > > tos = iph->ip_tos;
> +> > > > } else {
This is the right thing to do. However, it's painful. The definitions
of IPv6 and Legacy IP headers are in different places on different
systems. In oncp.c you'll see I eventually bailed on doing it 'nicely'
and just did it manually — see the code which gets 'iplen' at around
line 997.
Please could you do the same here for the TOS/TCLASS bits? It's not so
nice, but you can console yourself with the fact that the IPv4 and IPv6
header structures *aren't* going to change...
> --- openconnect-7.06/ssl.c> > 2015-03-17 13:29:49.000000000 +0000
> +++ openconnect-7.06-rschmied/ssl.c> > 2015-08-13 14:43:38.848221182 +0000
> @@ -810,9 +810,13 @@ int udp_sockaddr(struct openconnect_info
> > > if (vpninfo->peer_addr->sa_family == AF_INET) {
> > > > struct sockaddr_in *sin = (void *)vpninfo->dtls_addr;
> > > > sin->sin_port = htons(port);
#ifdef IP_TOS
if (!vpninfo->dtls_no_tos_copy) {
> + vpninfo->dtls_tos_level = IPPROTO_IP;
> +> > > vpninfo->dtls_tos_optname = IP_TOS;
}
#endif
> } else if (vpninfo->peer_addr->sa_family == AF_INET6) {
> > > > struct sockaddr_in6 *sin = (void *)vpninfo->dtls_addr;
> > > > sin->sin6_port = htons(port);
#ifdef IPV6_TCLASS
if (vpninfo->dtls_no_tos_copy) {
> + vpninfo->dtls_tos_level = IPPROTO_IPV6;
> +> > > vpninfo->dtls_tos_optname = IPV6_TCLASS;
}
> } else {
> > > > vpn_progress(vpninfo, PRG_ERR,
> > > > > _("Unknown protocol family %d. Cannot create UDP server address\n"),
You can probably get away without a configure check, iuf you do what I
showed above. And then up there where I said 'qv' to your
'if (!vpninfo->dtls_no_tos_copy)', make that
'if (vpninfo->dtls_tos_optname)' instead.
Which will make it happen if it's not disabled *and* if the system
we're running on supports it for the IP protocol that we happen to be
connected over.
Does that make sense?
You'll want to reset vpninfo->dtls_tos_optname when the connection is
reset, to prevent it being inappropriately reused.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150813/ad3b7fd6/attachment.bin>
More information about the openconnect-devel
mailing list