On Mon, Feb 25, 2002 at 10:47:21PM +0100, Sebastian wrote:
> So this target is doing what is described in section 18.1.13 of RFC 3168.
Mh, I should have read the full RFC :(.
> You might run into a problem when an upstream router marked the packet
> instead of dropping it. By setting the codepoint to 0, you will remove the
> congestion indication. This will not be a problem if you only use this target
> on outgoing packets and if you don't have a marking router in the inner
> network. Otherwise it will be one.
Ok. Well, we could restrict the usage of the iptables target to the
LOCAL_OUT hook, but this would limit its possibilities.
> Since you don't know what people will do with this target and if they really
> understand what it does, I fear that it might become a problem.
>
> Instead, I suggest to only clear the ECE and CWR TCP flags on SYN-packets.
I don't need to clear the ECT codepoint in the IP header as well? Is it valid
to receive an IP packet which has an ECT codepoint set in the IP header, but no
ECE/CWR bits in the TCP headee?
> Sebastian
--
Live long and prosper
- Harald Welte / laforge@xxxxxxxxxxxx http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
|