[LEDE-DEV] [PATCH] firewall3: Enable TCP_ECN by default.
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Tue Oct 3 01:03:55 PDT 2017
On 03/10/17 08:16, Rosen Penev wrote:
> ECN is used by fq_codel and other AQMs. Kernel 4.2 added a fallback in case of failure, so adjust to kernel default.
The kernel default is 2, which is what you've set the firewall3 default
to be now as well. 2 accepts ECN on incoming connections but does NOT
request it on outbound connections. Therefore the fallback mechanism
you mention doesn't actually come in to play at all.
Setting the value to '1' permits linux to attempt ECN on both incoming
and outgoing connections to/from the router itself (and uses the
fallback mechanism)
It's tempting to set it to 1 (like I have for the past year+) and be
damned :-)
>
> Signed-off-by: Rosen Penev <rosenp at gmail.com>
> ---
> defaults.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/defaults.c b/defaults.c
> index 85a3750..68e40f5 100644
> --- a/defaults.c
> +++ b/defaults.c
> @@ -90,6 +90,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
>
> defs->syn_flood_rate.rate = 25;
> defs->syn_flood_rate.burst = 50;
> + defs->tcp_ecn = 2;
> defs->tcp_syncookies = true;
> defs->tcp_window_scaling = true;
> defs->custom_chains = true;
>
More information about the Lede-dev
mailing list