On Aug 12, 2015, at 1:45 PM GMT+2, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: > On Wed, Aug 12, 2015 at 1:09 PM, Ralph Schmieder > <ralph.schmieder at gmail.com> wrote: >> I've created this little patch that copies the original ToS field to >> the encapsulated UDP packets. This helps with VoIP applications to >> mark the encrypted packets accordingly. Works for me, tested using >> DTLS against ASA headends. YMMV etc. > > That can be seen as a vulnerability too. There will be more > information available in the wire for an adversary. Not only the size > of the packets, but also their type of service. Wouldn't it be better > if that was set using an option? I wouldn't overemphasize, sending packets per se is dangerous :) For me, having them show the right ToS markers is mandatory. Most SPs will discard them anyway (e.g. set them to 0) but it is important for my gateway to see the packets so that it can queue / discard / prioritize etc. accordingly. I did not bother to make it an option -- but it could certainly be one if folks think it should be optional. -ralph