Patch to apply QoS for DTLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Oct 21 22:51:35 PDT 2015
On Sat, 2015-10-17 at 17:34 +0200, Ralph Schmieder wrote:
> > On Fri, 2015-08-14 at 18:59 +0200, Ralph Schmieder wrote:
> > > Here we go again. Thanks for the comments, hope that I got
> > > everything
> > > right. For getting the TCLASS I could have used the word instead
> > > of
> > > the longword, too. But I guess there's no penalty for doing it
> > > this
> > > way, or is there? And it could use some testing beyond the simple
> > > IPv4 in IPv4 use case of mine :)
> >
> > Thanks again for working on this, and apologies again for the
> > delay.
> >
> > I'm still slightly nervous about the whole concept — we are
> > deliberately leaking information from the inner packet into the
> > outer
> > packet. So people will be able to *see* that we're doing VoIP
> > traffic.... which in practice they could have inferred quite
> > trivially
> > from the packet size and regularity anyway.
> >
> > But now I look harder, I see that OpenVPN does already have this
> > facility, at least for Legacy IP, with the --passtos option. It's
> > disabled by default though, and I wonder if we should do the same.
> > And
> > make the option have the same name too?
>
> changed the option to --passtos and given the name it's therefore
> also disabled by default
This patch will currently modify the packets from the client to server
only. Wouldn't it be more efficient if that included a header to server
(e.g., X-DTLS-PassTOS = true), so that these packets include the tos as
well? That of course would only work with ocserv.
regards,
Nikos
More information about the openconnect-devel
mailing list