On 2023/09/19 19:36, Andrew Lemin wrote: > > Awesome! Thank you so much Stuart :D > I will test this weekend..
btw if I'm not mistaken I think this will only copy the priority to the mbuf header rather than to the IP header, so will be used internally in OpenBSD but not on the rest of the network path. I think that's a sane thing to do by default without config options. Exposing it in the IP header could be useful in some cases, but would be a more contentious change as some might not want to expose the priority of the encrypted packets to the internet (as you'll note, doing this is a non-default option in OpenVPN). So if _that_ was done I think it might need to be configurable. > > Index: if_wg.c > =================================================================== > RCS file: /cvs/src/sys/net/if_wg.c,v > retrieving revision 1.29 > diff -u -p -r1.29 if_wg.c > --- if_wg.c 3 Aug 2023 09:49:08 -0000 1.29 > +++ if_wg.c 18 Sep 2023 12:47:02 -0000 > @@ -1525,6 +1525,8 @@ wg_encap(struct wg_softc *sc, struct mbu > */ > mc->m_pkthdr.ph_flowid = m->m_pkthdr.ph_flowid; > > + mc->m_pkthdr.pf.prio = m->m_pkthdr.pf.prio; > + > res = noise_remote_encrypt(&peer->p_remote, &data->r_idx, &nonce, > data->buf, plaintext_len); > nonce = htole64(nonce); /* Wire format is little endian. */ > > >
