[Top] [All Lists]

Re: CONFIG_INET_ECN creates problems

To: jamal <hadi@xxxxxxxxxx>
Subject: Re: CONFIG_INET_ECN creates problems
From: Rusty Russell <rusty@xxxxxxxxxxxxxxxx>
Date: Tue, 07 Nov 2000 13:03:16 +1100
Cc: netdev@xxxxxxxxxxx
In-reply-to: Your message of "Sun, 05 Nov 2000 20:33:33 EDT." <>
Sender: owner-netdev@xxxxxxxxxxx
In message <Pine.GSO.4.20.0011051948220.2665-100000@xxxxxxxxxxxxxxxx> you write
> 4) According to Sally's web page:
> AIX, IRIX 6.2- 6.5, Solaris 2.6 - 2.7, 
> or Linux 2.1.122 - 2.2.14 of possible systems (as id-ed by nmap) that
> might be causing this.
> I know that old netfilter/ipchains has these problems. I doubt if it was
> anywhere around Linux 2.1.122 - 2.2.14; maybe someone could clarify.

I know Andi claimed that netfilter's (EXPERIMENTAL) `unclean' match
used to dislike this, but I couldn't see (and checking again, still
can't see) anywhere in the code where that was ever the case.

I can't see anything like this in 2.2; I think someone said we used to
blindly echo the ECN bits, though.

> Summary3: We have to do something about this if ECN is to be deployed. 
> So far there is a proposal by Sally Floyd and company which neither Alexey
> nor Davem are thrilled about. I know i am not. 

Penalizes first SYN failures (quite common from .au) and doesn't solve
the Cisco-sends-RST problem.  We could generalize the Floyd solution
to N transmits (I suggest N >= 2, rather than one, but it's just a
inverse of the ECN sysctl), and use two bits in the route cache: one
to indicate that we've spoken to the host with ECN flags set, and one
to indicate that we've received a RST for an ECN packet.

        #define IPECN_RT_OK  0x01
        #define IPECN_RT_RST 0x02

        if (sysctl_ecn_disable &&
            (trans(rt) > sysctl_ecn_disable || IPECN_RT(rt) == IPECN_RT_RST)) {
                ... no ECN ...
        } else {
                ... ECN ...

Horrible?  Yes.  But it would allow us to ship ECN by default (good),
and still communicate with the world (which is the highest priority).

Hacking time.

<Prev in Thread] Current Thread [Next in Thread>