Hi Michael,
Am Freitag, den 14.12.2018, 14:59 +0000 schrieb Michael Tremer:
Hi,
On 14 Dec 2018, at 12:03, erik.kapfer ummeegge@ipfire.org wrote:
Fixes #11945
This do not enables TFO support in general there is still the execution of echo 3 > /proc/sys/net/ipv4/tcp_fastopen needed after every reboot (rc.local e.g.).
Why does this not enable it? Setting that value to 3 is what the sysctl command does.
I am confused.
you are right, mixed there testings up but used also old descriptions. There is no need to echo '3' to tcp_fastopen to survive reboots. Should i amend the patch and correct the commit message ?
Did now some tests with OpenSSL-1.1.1a whereby unbound includes the TFO configure options and DoT seems *really* much faster then DoT on another system without TFO support for unbound and OpenSSL-1.1.0i but am currently not able to find some TFO usage evidence except the TFO key
$ cat /proc/sys/net/ipv4/tcp_fastopen_key 750532b8-36e6eb1d-800cb58e-3008f1f1
Monitoring examples like in here --> https://blog.wasin.io/blog/2016/12/26/how-to-enable-fast-tcp-open-on-ubuntu.... didnĀ“t deliver any results but they are also old (echo 3 > /proc/sys/net/ipv4/tcp_fastopen) is in this description also included which is outdated, possibly the monitoring examples are too.
Best,
Erik