| Message ID | 20171003063620.3873-1-rosenp@gmail.com |
|---|---|
| State | Superseded |
| Delegated to: | Mathias Kresin |
| Headers | show
Return-Path: <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pWeL50IW"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="WSmRRveo"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3y5q8823q6z9s8J for <incoming@patchwork.ozlabs.org>; Tue, 3 Oct 2017 17:37:05 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=l51JFC/qzr1Xe11nE9v/hCwQEextN+HUSCYwRYKYerw=; b=pWeL50IWLzx3v5 /cs+uPbpODbxW9E3m0h+iDC82MTCe9w1VDlYjqMAtfhtWXjxv/0cs96wlxJO09JAdGSDKFlD6Z7CY fxc23FyXTCfheQOe7kmOUmyoNYouGG9VMbpBeh8nPMO0H1X8y0FJYiS2C9XCdGUKj/0nTvvaa+u6C nmDC8vXlyaWLQLhCVvOdlGLw8acrZuQDndqWngR5tkkBZXXzVmsuJeCn9A0pdMJfnX4/bGoK/VPV4 qTXPVa0m/5HxZcoqV+GpidGw90Aka/UsiyGAKVzBwVrNHamuroW5e68IWecEr7B9ddfN80KC/JbGS Ht4SY8dbVws0v2YlUs4Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dzGoz-0001se-Ma; Tue, 03 Oct 2017 06:36:49 +0000 Received: from mail-pf0-x243.google.com ([2607:f8b0:400e:c00::243]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dzGow-0001kz-TE for lede-dev@lists.infradead.org; Tue, 03 Oct 2017 06:36:48 +0000 Received: by mail-pf0-x243.google.com with SMTP id m28so7947379pfi.0 for <lede-dev@lists.infradead.org>; Mon, 02 Oct 2017 23:36:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=sUWcrdQrOZPB/xYb26LiTkaXhvflJoHQiJLJcevIAvg=; b=WSmRRveo8NDd8C9ZcthvVaMLx1pwkdoGSym34j7Z7cT7UhKuanhUNz3ojyKQj4xv+u HZQrlLtexooIMN2TN23Afd4F18zyJ8hRt67GpD6QBuWN29oYezgHNm7S24cuH0/39ABs /lnWNe+LsTADGVCdYTulyb4yNd4OemKGAQ7A455WS6qVielFJt399aMDQXunHka8cUsu d0LMpKpuy4qQwy9PUaK3Uxpz8NeKzER8OLbEU6vcEfqQMEIDFLRFf1QFNFbBQHDzyNT9 v7vmMiOqnLC8cq+hziETJi9NUN/QuQslOYe2TvRsEXNTj8T0qW8ZYoulX7uHLasf94WV hUbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=sUWcrdQrOZPB/xYb26LiTkaXhvflJoHQiJLJcevIAvg=; b=XHZTGFJT0DJO0ipokMAUCmddnuhLbDgsDrG3oh9+02FLA1783D48fmRox7R7n4ATxd UsP0wPC68jKYQLPIH4NkuBw/6sdUmxFC6WuVt/HWBe/GRFwdtWBq0HLdfH2AY7MI/W4j +kvAYMBWDiCFyMsOnDsWmjdF15JjDVGvc0cte9P2Bh3IzrkeO4mDWrxbKkC0NFfCNp+0 iXXbz+4hrXgseRLyjMBiS007xe1D6gB/M0mUg56IMKte73Yh5Tdt6jFKW1MOoAA2H3Su 9NUApRVPTCQsWhXDALfebMnl4/+H5zeTMC6kgHFeJFYr7T55syZQ+lW869+2xhip6iyZ JwKA== X-Gm-Message-State: AHPjjUj1DxvDL0NsXH88iOUJucI026l6RvOEuboev502F/+W1O2L5Qq9 bcphztwOOXR5IwpTC973jUUWoCU5 X-Google-Smtp-Source: AOwi7QDBJ+FJOA3OIuEMyhw0x8YetoodZoJWZEKzH0Rwz0Sq+eIdTCAnHpi9OvDedGzdzY0MdiwiXQ== X-Received: by 10.84.185.106 with SMTP id e39mr15933289plg.333.1507012586026; Mon, 02 Oct 2017 23:36:26 -0700 (PDT) Received: from mangix.lan (astound-64-85-237-72.ca.astound.net. [64.85.237.72]) by smtp.gmail.com with ESMTPSA id p128sm4816030pfb.144.2017.10.02.23.36.25 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 02 Oct 2017 23:36:25 -0700 (PDT) From: Rosen Penev <rosenp@gmail.com> To: lede-dev@lists.infradead.org Date: Mon, 2 Oct 2017 23:36:20 -0700 Message-Id: <20171003063620.3873-1-rosenp@gmail.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20171003062335.2495-1-rosenp@gmail.com> References: <20171003062335.2495-1-rosenp@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171002_233646_981600_5A34998D X-CRM114-Status: UNSURE ( 8.20 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:400e:c00:0:0:0:243 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (rosenp[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [LEDE-DEV] [PATCH] firewall3: Enable TCP_ECN by default. X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <lede-dev.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/lede-dev/> List-Post: <mailto:lede-dev@lists.infradead.org> List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=subscribe> Cc: Rosen Penev <rosenp@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org> Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
| Series |
[LEDE-DEV] firewall3: Enable TCP_ECN by default.
|
expand
|
diff --git a/defaults.c b/defaults.c index 85a3750..68e40f5 100644 --- a/defaults.c +++ b/defaults.c @@ -90,6 +90,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p) defs->syn_flood_rate.rate = 25; defs->syn_flood_rate.burst = 50; + defs->tcp_ecn = 2; defs->tcp_syncookies = true; defs->tcp_window_scaling = true; defs->custom_chains = true;
This used to be the default back in 2008 and then reverted in 2009 when the setting was a boolean. Now that 2 is equivalent to 1 from that time, change it to 1. This also matches the default with many desktop Linux distributions. v2: On further investigation, kernel 4.2 introduced tcp_ecn_fallback to deal with ECN failures. It also turns out that the kernel defaults to 2 for tcp_ecn and 1 for fallback. Bump up to 2 to match the kernel. Signed-off-by: Rosen Penev <rosenp@gmail.com> --- defaults.c | 1 + 1 file changed, 1 insertion(+)