[LEDE-DEV] [PATCH] firewall3: Enable TCP_ECN by default.

Rosen Penev rosenp at gmail.com
Tue Dec 12 10:36:02 PST 2017 

resent since gmail sucks.

On Tue, Dec 12, 2017 at 10:34 AM, Rosen Penev <rosenp at gmail.com> wrote:
> On Tue, Dec 12, 2017 at 6:07 AM, John Crispin <john at phrozen.org> wrote:
>>
>>
>> On 03/10/17 09:16, Rosen Penev wrote:
>>>
>>> ECN is used by fq_codel and other AQMs. Kernel 4.2 added a fallback in
>>> case of failure, so adjust to kernel default.
>>>
>>> Signed-off-by: Rosen Penev <rosenp at gmail.com>
>>> ---
>>>   defaults.c | 1 +
>>>   1 file changed, 1 insertion(+)
>>>
>>> diff --git a/defaults.c b/defaults.c
>>> index 85a3750..68e40f5 100644
>>> --- a/defaults.c
>>> +++ b/defaults.c
>>> @@ -90,6 +90,7 @@ fw3_load_defaults(struct fw3_state *state, struct
>>> uci_package *p)
>>>         defs->syn_flood_rate.rate  = 25;
>>>         defs->syn_flood_rate.burst = 50;
>>> +       defs->tcp_ecn              = 2;
>>>         defs->tcp_syncookies       = true;
>>>         defs->tcp_window_scaling   = true;
>>>         defs->custom_chains        = true;
>>
>>
>> from kevins reply i gather that this is a no-op setting the default which is
>> already set and that the description is incorrect as there is no fallback
>> when setting 2 as a value. please rework the patch if you still want it
>> applied.
so here's an excerpt from the kernel documentation:

tcp_ecn - INTEGER
Control use of Explicit Congestion Notification (ECN) by TCP.
ECN is used only when both ends of the TCP connection indicate
support for it.  This feature is useful in avoiding losses due
to congestion by allowing supporting routers to signal
congestion before having to drop packets.
Possible values are:
0 Disable ECN.  Neither initiate nor accept ECN.
1 Enable ECN when requested by incoming connections and
 also request ECN on outgoing connection attempts.
2 Enable ECN when requested by incoming connections
 but do not request ECN on outgoing connections.
Default: 2

tcp_ecn_fallback - BOOLEAN
If the kernel detects that ECN connection misbehaves, enable fall
back to non-ECN. Currently, this knob implements the fallback
from RFC3168, section 6.1.1.1., but we reserve that in future,
additional detection mechanisms could be implemented under this
knob. The value is not used, if tcp_ecn or per route (or congestion
control) ECN settings are disabled.
Default: 1 (fallback enabled)


For tcp_ecn, I use a value of 1 which causes issues for me when
visiting specific websites (I'm looking at you phoronix). This is
because ECN is being used on outbound connections. The fallback
mechanism (which is enabled by default) only works some of the time.
That's why I changed my patch to use a value of 2 which happens to be
default. Home connections usually don't go through faulty firewalls or
load balancers so this should be fine.

>
>>
>>     John

More information about the Lede-dev mailing list