passing-through TOS/DSCP marking

Luiz Angelo Daros de Luca luizluca at
Tue Jul 6 20:08:00 UTC 2021

I see talented people spending resources trying to go around a
wireguard design decision. I understand that wireguard try to keep it
as safe as possible and as simple as possible. However, passing some
traffic information to the encrypted packet is a requirement for some
setups. Wouldn't it be better to have it provided by wireguard but
disabled by default? If the change don't kill a kitty, it will not
harm the security as users are already doing the same but through a
much harder way.

My 2 cents.

     Luiz Angelo Daros de Luca
            luizluca at

More information about the WireGuard mailing list