diff options
| author |   Florent Daigniere <nextgens@freenetproject.org> | 2019-02-22 20:02:33 +0100 |
|---|---|---|
| committer | Florent Daigniere <nextgens@freenetproject.org> | 2019-02-22 21:43:06 +0100 |
| commit | cc207d14946174b322646b583ad30ac4fa3d7b61 (patch) | |
| tree | d5ab5eef836c5023e97a8f62f2c342329924cb08 | |
| parent | Makefile: make the depmod path configurable (diff) | |
| download | wireguard-monolithic-historical-cc207d14946174b322646b583ad30ac4fa3d7b61.tar.xz wireguard-monolithic-historical-cc207d14946174b322646b583ad30ac4fa3d7b61.zip | |
send: propagate DSCP bits to the outer tunnel
Like many, I am using WiFi a lot and often on congested networks.
Without this, Wireguard strips the DSCP bits, preventing WME from
kicking in and improving the audio/video experience.
Yes, it's technically an information leak. Who cares? It's not like if
traffic analysis based on packet sizes or timings wasn't a thing.
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
| -rw-r--r-- | src/send.c | 5 |
1 files changed, 1 insertions, 4 deletions
@@ -389,10 +389,7 @@ void wg_packet_send_staged_packets(struct wg_peer *peer) * handshake. */ skb_queue_walk(&packets, skb) { - /* 0 for no outer TOS: no leak. TODO: at some later point, we - * might consider using flowi->tos as outer instead. - */ - PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb); + PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(ip_tunnel_get_dsfield(ip_hdr(skb), skb), ip_hdr(skb), skb); PACKET_CB(skb)->nonce = atomic64_inc_return(&key->counter.counter) - 1; if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES)) |