passing-through TOS/DSCP marking
Toke Høiland-Jørgensen
toke at toke.dk
Thu Jun 17 20:54:55 UTC 2021
Reid Rankin <reidrankin at gmail.com> writes:
> It can also be done in a shell script with nftables (maybe iptables too,
> haven't tried) by taking advantage of fwmark passthrough. You can have one
> rule that matches incoming outgoing packets (heh) with a certain dscp value
> and marks them, and another rule that matches outgoing outgoing packets
> with that mark and sets the DSCP bits back.
The fwmark is not passed through wireguard, though, it's cleared during
skb scrubbing:
https://elixir.bootlin.com/linux/latest/source/net/core/skbuff.c#L5344
There's an fwmark config that you can set which will make wireguard
apply a certain mark to all outgoing packets, but that has nothing to
do with what was set on the inner packet...
-Toke
More information about the WireGuard
mailing list