From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: z@zenit.ru Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 467d2e2f for ; Thu, 18 Jan 2018 11:26:54 +0000 (UTC) Received: from xenia.zenit.ru (xenia.zenit.ru [194.186.83.3]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 8e9beb3e for ; Thu, 18 Jan 2018 11:26:53 +0000 (UTC) Received: from [172.20.100.100] (agbar.zenit.ru [172.20.100.100]) by xenia.zenit.ru (Postfix) with ESMTPSA id 5C5688223C for ; Thu, 18 Jan 2018 14:30:19 +0300 (MSK) To: WireGuard mailing list From: Vadim Zotov Subject: passtos patch Message-ID: <4dc5f671-790e-88df-5483-ee00716d570e@zenit.ru> Date: Thu, 18 Jan 2018 14:30:18 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------CEED63D73E59CC3CCEF14EBA" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , This is a multi-part message in MIME format. --------------CEED63D73E59CC3CCEF14EBA Content-Type: multipart/alternative; boundary="------------5C6FA63CC362ED6C3541296B" --------------5C6FA63CC362ED6C3541296B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 SGVsbG8sCgppbiBzb21lIGNpcmN1bXN0YW5jZXMgaXQgaXMgaW1wb3J0YW50IHRvIHNldCB0 aGUgVE9TIGZpZWxkIGluIHR1bm5lbApwYWNrZXQgZXF1aXZhbGVudCB0byBwYXlsb2FkIHBh Y2tldCBUT1MuCgpmb3IgZXhhbXBsZSwgb3VyIHByb3ZpZGVyIHN1cHBvcnRzIHRocmVlIGRp ZmZlcmVudCBTTEFzLCBkZXBlbmRpbmcgb24KcGFja2V0IFRPUyBmaWVsZCwgd2l0aCBkaWZm ZXJlbnQgaml0dGVyLAoKcGFja2V0IGxvc3MgYW5kIHNlcnZpY2UgYXZhaWxhYmlsaXR5LiBJ biBjdXJyZW50IHJlbGVhc2Ugd2lyZWd1YXJkCmFsd2F5cyBzZXQgdG9zIHRvIDAuCgpUaGlz IHBhdGNoIHNvbHZlcyB0aGF0IHByb2JsZW0uCgoKLS0tIHNlbmQuYy5vcmlnIDIwMTctMTAt MTcgMjA6MjY6MjkuMDAwMDAwMDAwICswMzAwCisrKyBzZW5kLmPCoMKgwqDCoMKgIDIwMTgt MDEtMDggMTU6MTA6MjUuMzY0NDI4MTA5ICswMzAwCkBAIC0zMDIsNyArMzAyLDcgQEAKwqDC oMKgwqDCoMKgwqDCoCAqIGFsbCBvZiB0aGUgcGFja2V0cyBpbiB0aGUgcXVldWUuIElmIHdl IGNhbid0IGFzc2lnbiBub25jZXMKZm9yIGFsbCBvZiB0aGVtLArCoMKgwqDCoMKgwqDCoMKg ICogd2UganVzdCBjb25zaWRlciBpdCBhIGZhaWx1cmUgYW5kIHdhaXQgZm9yIHRoZSBuZXh0 IGhhbmRzaGFrZS4gKi8KwqDCoMKgwqDCoMKgwqAgc2tiX3F1ZXVlX3dhbGsgKCZwYWNrZXRz LCBza2IpIHsKLcKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgUEFDS0VUX0NCKHNrYikt PmRzID0gaXBfdHVubmVsX2Vjbl9lbmNhcCgwIC8qIE5vIG91dGVyClRPUzogbm8gbGVhay4g VE9ETzogc2hvdWxkIHdlIHVzZSBmbG93aS0+dG9zIGFzIG91dGVyPyAqLywgaXBfaGRyKHNr YiksCnNrYik7CivCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIFBBQ0tFVF9DQihza2Ip LT5kcyA9CmlwX3R1bm5lbF9lY25fZW5jYXAoaXB2NF9nZXRfZHNmaWVsZChpcF9oZHIoc2ti KSkgJiB+SU5FVF9FQ05fTUFTSywKaXBfaGRyKHNrYiksIHNrYik7CsKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoCBQQUNLRVRfQ0Ioc2tiKS0+bm9uY2UgPQphdG9taWM2NF9pbmNf cmV0dXJuKCZrZXktPmNvdW50ZXIuY291bnRlcikgLSAxOwrCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqAgaWYgKHVubGlrZWx5KFBBQ0tFVF9DQihza2IpLT5ub25jZSA+PQpSRUpF Q1RfQUZURVJfTUVTU0FHRVMpKQrCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgIGdvdG8gb3V0X2ludmFsaWQ7Cgo= --------------5C6FA63CC362ED6C3541296B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Hello,

in some circumstances it is important to set the TOS field in tunnel packet equivalent to payload packet TOS.

for example, our provider supports three different SLAs, depending on packet TOS field, with different jitter,

packet loss and service availability. In current release wireguard always set tos to 0.

This patch solves that problem.


--- send.c.orig 2017-10-17 20:26:29.000000000 +0300
+++ send.c      2018-01-08 15:10:25.364428109 +0300
@@ -302,7 +302,7 @@
         * all of the packets in the queue. If we can't assign nonces for all of them,
         * we just consider it a failure and wait for the next handshake. */
        skb_queue_walk (&packets, skb) {
-               PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0 /* No outer TOS: no leak. TODO: should we use flowi->tos as outer? */, ip_hdr(skb), skb);
+               PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(ipv4_get_dsfield(ip_hdr(skb)) & ~INET_ECN_MASK, ip_hdr(skb), skb);
                PACKET_CB(skb)->nonce = atomic64_inc_return(&key->counter.counter) - 1;
                if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
                        goto out_invalid;

--------------5C6FA63CC362ED6C3541296B-- --------------CEED63D73E59CC3CCEF14EBA Content-Type: text/x-patch; name="passtos.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="passtos.patch" --- send.c.orig 2017-10-17 20:26:29.000000000 +0300 +++ send.c 2018-01-08 15:10:25.364428109 +0300 @@ -302,7 +302,7 @@ * all of the packets in the queue. If we can't assign nonces for all o= f them, * we just consider it a failure and wait for the next handshake. */ skb_queue_walk (&packets, skb) { - PACKET_CB(skb)->ds =3D ip_tunnel_ecn_encap(0 /* No outer TOS: no leak.= TODO: should we use flowi->tos as outer? */, ip_hdr(skb), skb); + PACKET_CB(skb)->ds =3D ip_tunnel_ecn_encap(ipv4_get_dsfield(ip_hdr(skb= )) & ~INET_ECN_MASK, ip_hdr(skb), skb); PACKET_CB(skb)->nonce =3D atomic64_inc_return(&key->counter.counter) -= 1; if (unlikely(PACKET_CB(skb)->nonce >=3D REJECT_AFTER_MESSAGES)) goto out_invalid; --------------CEED63D73E59CC3CCEF14EBA--