services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp
Whether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode. The value
out only copies the field from the inner to the outer
header, the value in does the opposite and only
copies the field from the outer to the inner header when decapsulating,
the value yes copies the field in both directions,
and the value no disables copying the field
altogether. Setting this to yes or
in could allow an attacker to adversely affect other
traffic at the receiver, which is why the default is
out. Controlling this behavior is not supported by
all kernel interfaces.
StrongSwan default: "out"
- Type
null or one of "out", "in", "yes", "no"- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>