[Top] [All Lists]

Re: RFC iptables target for selectively removing ECN

To: "Harald Welte" <laforge@xxxxxxxxxxxx>
Subject: Re: RFC iptables target for selectively removing ECN
From: Sebastian Zimmermann <sz@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 26 Feb 2002 13:37:03 +0100
Cc: netdev@xxxxxxxxxxx
In-reply-to: <20020226101235.G23307@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: FSP 4-06
References: <20020225144047.Z23307@xxxxxxxxxxxxxxxxxxxxxxx> <20020225224721.020ccfe4.sebastian+list02@xxxxxxxxxxxxxx> <20020226101235.G23307@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
On Tue, 26 Feb 2002 10:12:35 +0100
"Harald Welte" <laforge@xxxxxxxxxxxx> wrote:
>> Instead, I suggest to only clear the ECE and CWR TCP flags
>> on SYN-packets.
> I don't need to clear the ECT codepoint in the IP header as well? Is > it 
> valid to receive an IP packet which has an ECT codepoint set in the
> IP header, but no ECE/CWR bits in the TCP header?

The RFC states that SYN packets MUST NOT set ECT. So when the TCP connection is 
initiated, the ECN-capability is negotiated only by the two TCP flags ECE and 

If you clear those, ECN cannot be established. If ECN wasn't established, ECT 
MUST NOT be set on the following packets - and thus CE won't be set.

So if the ECN implementation is conforming to the RFC, your target does not 
have to touch IP headers at all to disable ECN.


<Prev in Thread] Current Thread [Next in Thread>