Fixes #11945
This do not enables TFO support in general there is still the execution of echo 3 > /proc/sys/net/ipv4/tcp_fastopen needed after every reboot (rc.local e.g.).
For further information see: https://tools.ietf.org/html/rfc7413#section-4.2.2 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Signed-off-by: erik.kapfer ummeegge@ipfire.org --- config/etc/sysctl.conf | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4066af767..52b21efa4 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -13,6 +13,7 @@ net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 +net.ipv4.tcp_fastopen = 3
net.ipv4.conf.default.arp_filter = 1 net.ipv4.conf.default.rp_filter = 0
Hi,
On 14 Dec 2018, at 12:03, erik.kapfer ummeegge@ipfire.org wrote:
Fixes #11945
This do not enables TFO support in general there is still the execution of echo 3 > /proc/sys/net/ipv4/tcp_fastopen needed after every reboot (rc.local e.g.).
Why does this not enable it? Setting that value to 3 is what the sysctl command does.
I am confused.
For further information see: https://tools.ietf.org/html/rfc7413#section-4.2.2 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Signed-off-by: erik.kapfer ummeegge@ipfire.org
config/etc/sysctl.conf | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4066af767..52b21efa4 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -13,6 +13,7 @@ net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 +net.ipv4.tcp_fastopen = 3
net.ipv4.conf.default.arp_filter = 1 net.ipv4.conf.default.rp_filter = 0 -- 2.12.2
Hi Michael,
Am Freitag, den 14.12.2018, 14:59 +0000 schrieb Michael Tremer:
Hi,
On 14 Dec 2018, at 12:03, erik.kapfer ummeegge@ipfire.org wrote:
Fixes #11945
This do not enables TFO support in general there is still the execution of echo 3 > /proc/sys/net/ipv4/tcp_fastopen needed after every reboot (rc.local e.g.).
Why does this not enable it? Setting that value to 3 is what the sysctl command does.
I am confused.
you are right, mixed there testings up but used also old descriptions. There is no need to echo '3' to tcp_fastopen to survive reboots. Should i amend the patch and correct the commit message ?
Did now some tests with OpenSSL-1.1.1a whereby unbound includes the TFO configure options and DoT seems *really* much faster then DoT on another system without TFO support for unbound and OpenSSL-1.1.0i but am currently not able to find some TFO usage evidence except the TFO key
$ cat /proc/sys/net/ipv4/tcp_fastopen_key 750532b8-36e6eb1d-800cb58e-3008f1f1
Monitoring examples like in here --> https://blog.wasin.io/blog/2016/12/26/how-to-enable-fast-tcp-open-on-ubuntu.... didnĀ“t deliver any results but they are also old (echo 3 > /proc/sys/net/ipv4/tcp_fastopen) is in this description also included which is outdated, possibly the monitoring examples are too.
Best,
Erik
Fixes #11945
For further information see: https://tools.ietf.org/html/rfc7413#section-4.2.2 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Signed-off-by: erik.kapfer ummeegge@ipfire.org --- config/etc/sysctl.conf | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4066af767..52b21efa4 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -13,6 +13,7 @@ net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 +net.ipv4.tcp_fastopen = 3
net.ipv4.conf.default.arp_filter = 1 net.ipv4.conf.default.rp_filter = 0
-
erik.kapfer -
Michael Tremer -
ummeegge