Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

[Andy Lemin]

On 19 Sep 2023, at 20:07, Janne Johansson <icepic...@gmail.com> wrote:  Den sön 17 sep. 2023 kl 09:19 skrev Andrew Lemin <andrew.le...@gmail.com>: Hi, I have been testing the Wireguard implementation on OpenBSD and noticed that the ToS field is not being copied from the inner unencrypted header to the outer Wireguard header, resulting in ALL packets going into the same PF Prio / Queue. I think the original wireguard implementation defines it as a feature: You can see the lines at  https://github.com/WireGuard/wireguard-linux/blob/stable/drivers/net/wireguard/send.c#L373 they skip bringing it along to not leak that information to the outside. Hi, Yes totally agree that copying to the outer IP header should be configurable, so users have the choice to hide priority packets if required. For my use case I _would_ like to have it in the IP header as well, as I am not trying to achieve extreme privacy, but a high performance tunnel between sites over the internet. Allowing OpenBSD to prioritise internally makes sense to always be on however, as the ISP link is nearly always a lower speed. -- May the most significant bit of your life be positive.