Patch to apply QoS for DTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 23 07:29:38 PDT 2015


On Fri, Oct 23, 2015 at 10:24 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> > This patch will currently modify the packets from the client to server
>> > only. Wouldn't it be more efficient if that included a header to server
>> > (e.g., X-DTLS-PassTOS = true), so that these packets include the tos as
>> > well? That of course would only work with ocserv.
>> >
>>
>> Could be an option. Both directions are totally independent, however.
>> Since QoS is controlled also independently on both ends (and, more
>> importantly, independent on everything in between, e.g. the WAN/ISP)
>> it does not make a lot of sense to signal this setting to the server
>> as the client has no control whatsoever on the server side.
>>
>> E.g. it can signal 'pass TOS, please" but even if the server then
>> marks the packets it could have no effect at all since it might not
>> be implemented on the server's network.
>
> I think it makes sense. This option is really an indication of paranoia
> level.
> The only people who really want it off would be the people who are
> really worried about information leakage.

Better safe than sorry. That is the kind of feature that can under
some circumstances reveal more information than intended (in real or
constructed scenarios). So let the admins and users that need it
explicitly enable it.

regards,
Nikos



More information about the openconnect-devel mailing list