[Top] [All Lists]

Re: RFC iptables target for selectively removing ECN

To: "Harald Welte" <laforge@xxxxxxxxxxxx>
Subject: Re: RFC iptables target for selectively removing ECN
From: Sebastian <sebastian+list02@xxxxxxxxxxxxxx>
Date: Mon, 25 Feb 2002 22:47:21 +0100
Cc: netdev@xxxxxxxxxxx
In-reply-to: <20020225144047.Z23307@xxxxxxxxxxxxxxxxxxxxxxx>
References: <20020225144047.Z23307@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx

On Mon, 25 Feb 2002 14:40:47 +0100
"Harald Welte" <laforge@xxxxxxxxxxxx> wrote:

> I've written a small iptables target for the iptables 'mangle' chain,
> which allows users to remove the ECN bits of the IPv4 header ::on a
> per-rule basis.

So this target is doing what is described in section 18.1.13 of RFC 3168.

You might run into a problem when an upstream router marked the packet instead 
of dropping it. By setting the codepoint to 0, you will remove the congestion 
indication. This will not be a problem if you only use this target on outgoing 
packets and if you don't have a marking router in the inner network. Otherwise 
it will be one.
Since you don't know what people will do with this target and if they really 
understand what it does, I fear that it might become a problem.

Instead, I suggest to only clear the ECE and CWR TCP flags on SYN-packets.


<Prev in Thread] Current Thread [Next in Thread>