On Aug 12, 2015, at 1:53 PM GMT+2, David Woodhouse <dwmw2 at infradead.org> wrote: > On Wed, 2015-08-12 at 13:45 +0200, Nikos Mavrogiannopoulos wrote: >> On Wed, Aug 12, 2015 at 1:09 PM, Ralph Schmieder >> <ralph.schmieder at gmail.com> wrote: >>> I've created this little patch that copies the original ToS field to >>> the encapsulated UDP packets. This helps with VoIP applications to >>> mark the encrypted packets accordingly. Works for me, tested using >>> DTLS against ASA headends. YMMV etc. > [...] > However, it *definitely* needs to be made dependant on a configure-time > check for IP_TOS (and IPV6_TCLASS), so it doesn't break on lots of non > -Linux systems. And it also needs to stop assuming that *everyone* is > stuck in the 20th century and using only Legacy IP. It needs to cope > with the case where IPv6 is being transported within the tunnel, *and* > the case where the connection to the VPN server is IPv6. And both. > OK, please find attached a slightly improved version. I am not very familiar with configure-time checks so I haven't done anything in that area. However: - code should be AF agnostic now, in all permutations (v4 in v4, v6 in v6, v4 in v6 and v6 in v4) - added command line switch to turn it off (default is on) - tested for the v4 in v4 use case, that's what I have easy access to. If you guys can spare a minute and eyeball the code (especially the code paths that I can't easily test) that would be super. -ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: oc-qos-v2.patch Type: application/octet-stream Size: 5248 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150813/08a99933/attachment-0001.obj>
