diff options
| author | Florent Daigniere <nextgens@freenetproject.org> | 2019-02-23 14:14:09 +0100 |
|---|---|---|
| committer | Florent Daigniere <nextgens@freenetproject.org> | 2019-02-23 14:14:09 +0100 |
| commit | 9e686cd714a371ad5f35f356fe88f018fa5e92e6 (patch) | |
| tree | 334ca9bac98f8af1c2d30b102c88c3530faf0418 /conn_linux.go | |
| parent | 42c6d0e2614414590361123344b7918c9bcc6430 (diff) | |
| download | wireguard-go-9e686cd714a371ad5f35f356fe88f018fa5e92e6.tar.gz wireguard-go-9e686cd714a371ad5f35f356fe88f018fa5e92e6.zip | |
send: propagate DSCP bits to the outer tunnel
Like many, I am using WiFi a lot and often on congested networks.
Without this, Wireguard strips the DSCP bits, preventing WME from
kicking in and improving the audio/video experience.
Yes, it's technically an information leak. Who cares? It's not like if
traffic analysis based on packet sizes or timings wasn't a thing.
This is the first patch of the serie, more work has to happen on ECN
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Diffstat (limited to 'conn_linux.go')
| -rw-r--r-- | conn_linux.go | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/conn_linux.go b/conn_linux.go index 9ebbeb1..83cf1a2 100644 --- a/conn_linux.go +++ b/conn_linux.go @@ -258,18 +258,18 @@ func (bind *NativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { return n, &end, err } -func (bind *NativeBind) Send(buff []byte, end Endpoint) error { +func (bind *NativeBind) Send(buff []byte, end Endpoint, tos byte) error { nend := end.(*NativeEndpoint) if !nend.isV6 { if bind.sock4 == -1 { return syscall.EAFNOSUPPORT } - return send4(bind.sock4, nend, buff) + return send4(bind.sock4, nend, buff, tos) } else { if bind.sock6 == -1 { return syscall.EAFNOSUPPORT } - return send6(bind.sock6, nend, buff) + return send6(bind.sock6, nend, buff, tos) } } @@ -452,13 +452,18 @@ func create6(port uint16) (int, uint16, error) { return fd, uint16(addr.Port), err } -func send4(sock int, end *NativeEndpoint, buff []byte) error { +func send4(sock int, end *NativeEndpoint, buff []byte, tos byte) error { // construct message header + type ipTos struct { + tos byte + } cmsg := struct { cmsghdr unix.Cmsghdr pktinfo unix.Inet4Pktinfo + cmsghdr2 unix.Cmsghdr + iptos ipTos }{ unix.Cmsghdr{ Level: unix.IPPROTO_IP, @@ -469,6 +474,15 @@ func send4(sock int, end *NativeEndpoint, buff []byte) error { Spec_dst: end.src4().src, Ifindex: end.src4().ifindex, }, + unix.Cmsghdr{ + Level: unix.IPPROTO_IP, + Type: unix.IP_TOS, + Len: 1 + unix.SizeofCmsghdr, + }, + ipTos{ + tos: tos, + }, + } _, err := unix.SendmsgN(sock, buff, (*[unsafe.Sizeof(cmsg)]byte)(unsafe.Pointer(&cmsg))[:], end.dst4(), 0) @@ -488,13 +502,18 @@ func send4(sock int, end *NativeEndpoint, buff []byte) error { return err } -func send6(sock int, end *NativeEndpoint, buff []byte) error { +func send6(sock int, end *NativeEndpoint, buff []byte, tos byte) error { // construct message header + type ipTos struct { + tos byte + } cmsg := struct { cmsghdr unix.Cmsghdr pktinfo unix.Inet6Pktinfo + cmsghdr2 unix.Cmsghdr + tclass ipTos }{ unix.Cmsghdr{ Level: unix.IPPROTO_IPV6, @@ -505,6 +524,14 @@ func send6(sock int, end *NativeEndpoint, buff []byte) error { Addr: end.src6().src, Ifindex: end.dst6().ZoneId, }, + unix.Cmsghdr{ + Level: unix.IPPROTO_IPV6, + Type: unix.IPV6_TCLASS, + Len: 1 + unix.SizeofCmsghdr, + }, + ipTos{ + tos: tos, + }, } if cmsg.pktinfo.Addr == [16]byte{} { |