Hi!
Some time ago I've written an ECN target for the iptables mangle table.
It has now undergone some final bugfixes and I intend to submit it to
the kernel.
The main goal of this target is to be able to selectively work around
known ECN blackholes rather than disabling ECN for the whole host using
"echo 0 > /proc/sys/net/ipv4/tcp_ecn".
There is one question left: How much flexibility do we want to give the user?
The ECN target currently allows:
--ecn-tcp-remove Remove CWR+ECE bits from TCP header. Should be used
on TCP syn packets to prevent ECN negotiation
--ecn-ip-ect [0..3] Allows arbitrary setting of the ECT codepoint
--ecn-tcp-cwr [0|1] Allows setting or clearing the TCP CWR bit
--ecn-tcp-ece [0|1] Allows setting or clearing the TCP ECE bit
The first option is necessarry and is the primary use of the target.
The last three options are more experimental and would allow somebody
to play with 'simulated congestion' by setting the ECT in IP, etc.
However, this is potentially very dangerous and I'm not sure if it was
a good idea to give this power directly to the user.
Do you suggest removing the last three options and just keep the
--ecn-tcp-remove ?
Thanks for your assistance,
--
Live long and prosper
- Harald Welte / laforge@xxxxxxxxxxxx http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
pgplqT1uU7COq.pgp
Description: PGP signature
|