On 18/05/15 06:46, Mikael Abrahamsson wrote:
> On Sun, 17 May 2015, Kevin Darbyshire-Bryant wrote:
>
>> Thanks Mikael - some ECN tweakage in progress.  I'll see which bits 
>> of the Internet I use break :-)
>
> I have been running this on my macbook for almost 2 years (since I got 
> it):
>
> $ cat /etc/sysctl.conf
> net.inet.tcp.ecn_initiate_out=1
> net.inet.tcp.ecn_negotiate_in=1
>
> and this on my linux server for 5+ years:
>
> $ cat /etc/sysctl.conf | grep -i ecn
> net.ipv4.tcp_ecn = 1
>
> I used the same on my previous Ubuntu based laptop for 5+ years.
>
> I have yet to encounter any ECN related breakage. I have had 
> significant problems with IPv6 PMTUD blackholing, but no ECN related 
> problems. I had ECN related problems back in 2001 (or whenever it 
> was)  when Linux first introduced it due to a lot of firewalls being 
> very paranoid about it, but then I turned it back on again 5-7 years 
> ago and by then all problems were gone.
>
That's good to know :-)

And for those struggling (ok just me then) to get ecn to survive a 
reboot on OpenWrt despite playing with sysctl.conf, instead add "option 
tcp_ecn '1'" in /etc/config/firewall something like:


config defaults
         option syn_flood '1'
         option input 'ACCEPT'
         option output 'ACCEPT'
         option forward 'REJECT'
         option drop_invalid '1'
         option tcp_ecn '1'


Kevin (being that 'better built idiot' since 1971) :-)