On Fri, Oct 07, 2016 at 11:05:28PM -0400, David Hill wrote:
> Hello -
>
> Many operating systems out there are starting to enable TCP ECN by
> default, most inbound-only. Linux, FreeBSD, Apple MacOS and iOS.
>
> This diff mimicks the FreeBSD diff found at
> http://marc.info/?l=freebsd-commits-all=146369644516347=2
>
> It modifies the net.inet.tcp.ecn from an off and on switch to a
> three-way setting: off, on, and inbound-only (0, 1, 2, respectively).
>
> It also enables TCP ECN by default for inbound connections that request
> it.
>
> My home router has TCP ECN enabled. With 36 hours of uptime, netstat -s
> shows:
> 16165 ECN connections accepted
> 1 ECE packet received
> 6 ECE packets sent
> 589 CWR packets received
> 109 CWR packets sent
>
> This diff is just to see if there is interest in such a change. If
> people seem to like the idea, perhaps I could update the diff to also:
> - Remove TCP_ECN kernel option and always compile in support?
> - Only allow 0, 1, or 2 via the sysctl net.inet.tcp.ecn knob.
> - Update pf.os
>
> Thoughts?
> - David
>
Here is a diff that doesn't change the default.
Index: netinet/tcp_output.c
===
RCS file: /cvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.119
diff -u -p -r1.119 tcp_output.c
--- netinet/tcp_output.c9 Feb 2017 15:19:32 - 1.119
+++ netinet/tcp_output.c4 Mar 2017 21:26:02 -
@@ -843,10 +843,12 @@ send:
}
if (!(tp->t_flags & TF_DISABLE_ECN)) {
/*
-* if this is a SYN seg, set ECE and CWR.
-* set only ECE for SYN-ACK if peer supports ECN.
+* If net.inet.tcp.ecn is set to 1 and this is a
+* SYN seg, set both ECE and CWR.
+* Set only ECE for SYN-ACK if peer supports ECN.
*/
- if ((flags & (TH_SYN|TH_ACK)) == TH_SYN)
+ if (tcp_do_ecn == 1 &&
+ (flags & (TH_SYN|TH_ACK)) == TH_SYN)
flags |= (TH_ECE|TH_CWR);
else if ((tp->t_flags & TF_ECN_PERMIT) &&
(flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK))
Index: netinet/tcp_subr.c
===
RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.160
diff -u -p -r1.160 tcp_subr.c
--- netinet/tcp_subr.c 9 Feb 2017 15:19:32 - 1.160
+++ netinet/tcp_subr.c 4 Mar 2017 21:26:02 -
@@ -110,7 +110,7 @@ int tcp_do_sack = 1;/* RFC 2018 selecti
#endif
inttcp_ack_on_push = 0;/* set to enable immediate ACK-on-PUSH */
#ifdef TCP_ECN
-inttcp_do_ecn = 0; /* RFC3168 ECN enabled/disabled? */
+inttcp_do_ecn = 0; /* RFC3168 TCP ECN 0:off 1:on 2:inbound-only */
#endif
inttcp_do_rfc3390 = 2; /* Increase TCP's Initial Window to 10*mss */
Index: netinet/tcp_var.h
===
RCS file: /cvs/src/sys/netinet/tcp_var.h,v
retrieving revision 1.122
diff -u -p -r1.122 tcp_var.h
--- netinet/tcp_var.h 9 Feb 2017 15:19:32 - 1.122
+++ netinet/tcp_var.h 4 Mar 2017 21:26:02 -
@@ -703,7 +703,7 @@ extern int tcp_do_sack;/* SACK enabled/
extern struct pool sackhl_pool;
extern int tcp_sackhole_limit; /* max entries for tcp sack queues */
#endif
-extern int tcp_do_ecn; /* RFC3168 ECN enabled/disabled? */
+extern int tcp_do_ecn; /* RFC3168 ECN: 0:off 1:on 2:inbound-only */
extern int tcp_do_rfc3390; /* RFC3390 Increasing TCP's Initial Window */
extern struct pool tcpqe_pool;