On Wed, Aug 12, 2015 at 1:09 PM, Ralph Schmieder <ralph.schmieder at gmail.com> wrote: > I've created this little patch that copies the original ToS field to > the encapsulated UDP packets. This helps with VoIP applications to > mark the encrypted packets accordingly. Works for me, tested using > DTLS against ASA headends. YMMV etc. That can be seen as a vulnerability too. There will be more information available in the wire for an adversary. Not only the size of the packets, but also their type of service. Wouldn't it be better if that was set using an option? regards, Nikos
