From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH] sysctl.conf: Enable TFO in sysctl Date: Fri, 14 Dec 2018 17:41:09 +0100 Message-ID: <294b888432b1f1657b4d47af48bb8dd638f54cbc.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5859939629431953276==" List-Id: --===============5859939629431953276== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, Am Freitag, den 14.12.2018, 14:59 +0000 schrieb Michael Tremer: > Hi, >=20 > > On 14 Dec 2018, at 12:03, erik.kapfer wrote: > >=20 > > Fixes #11945 > >=20 > > This do not enables TFO support in general there is still the > > execution of > > echo 3 > /proc/sys/net/ipv4/tcp_fastopen > > needed after every reboot (rc.local e.g.). > >=20 >=20 > Why does this not enable it? Setting that value to 3 is what the > sysctl command does. >=20 > I am confused. you are right, mixed there testings up but used also old descriptions. There is no need to echo '3' to tcp_fastopen to survive reboots. Should i amend the patch and correct the commit message ? Did now some tests with OpenSSL-1.1.1a whereby unbound includes the TFO configure options and DoT seems *really* much faster then DoT on another system without TFO support for unbound and OpenSSL-1.1.0i but am currently not able to find some TFO usage evidence except the TFO key $ cat /proc/sys/net/ipv4/tcp_fastopen_key =20 750532b8-36e6eb1d-800cb58e-3008f1f1 Monitoring examples like in here --> https://blog.wasin.io/blog/2016/12/26/how-to-enable-fast-tcp-open-on-ubuntu.h= tml didn=C2=B4t deliver any results but they are also old=20 (echo 3 > /proc/sys/net/ipv4/tcp_fastopen) is in this description=20 also included which is outdated, possibly the monitoring examples are too. Best, Erik --===============5859939629431953276==--