netdev
[Top] [All Lists]

Re: RFC iptables target for selectively removing ECN

To: Sebastian <sebastian+list02@xxxxxxxxxxxxxx>
Subject: Re: RFC iptables target for selectively removing ECN
From: Harald Welte <laforge@xxxxxxxxxxxx>
Date: Tue, 26 Feb 2002 10:12:35 +0100
Cc: netdev@xxxxxxxxxxx
In-reply-to: <20020225224721.020ccfe4.sebastian+list02@xxxxxxxxxxxxxx>; from sebastian+list02@xxxxxxxxxxxxxx on Mon, Feb 25, 2002 at 10:47:21PM +0100
References: <20020225144047.Z23307@xxxxxxxxxxxxxxxxxxxxxxx> <20020225224721.020ccfe4.sebastian+list02@xxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
User-agent: Mutt/1.3.17i
On Mon, Feb 25, 2002 at 10:47:21PM +0100, Sebastian wrote:

> So this target is doing what is described in section 18.1.13 of RFC 3168.

Mh, I should have read the full RFC :(.


> You might run into a problem when an upstream router marked the packet
> instead of dropping it. By setting the codepoint to 0, you will remove the
> congestion indication. This will not be a problem if you only use this target
> on outgoing packets and if you don't have a marking router in the inner
> network. Otherwise it will be one.

Ok. Well, we could restrict the usage of the iptables target to the 
LOCAL_OUT hook, but this would limit its possibilities.

> Since you don't know what people will do with this target and if they really
> understand what it does, I fear that it might become a problem.
> 
> Instead, I suggest to only clear the ECE and CWR TCP flags on SYN-packets.

I don't need to clear the ECT codepoint in the IP header as well? Is it valid
to receive an IP packet which has an ECT codepoint set in the IP header, but no
ECE/CWR bits in the TCP headee?

> Sebastian

-- 
Live long and prosper
- Harald Welte / laforge@xxxxxxxxxxxx               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

<Prev in Thread] Current Thread [Next in Thread>