From owner-freebsd-net@freebsd.org  Sat Sep  5 00:53:52 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EEF69CAF19
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sat,  5 Sep 2015 00:53:52 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from gw.catspoiler.org (unknown [IPv6:2602:304:b010:ef20::f2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.catspoiler.org", Issuer "gw.catspoiler.org" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CC10A1E0B;
 Sat,  5 Sep 2015 00:53:51 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2])
 by gw.catspoiler.org (8.15.2/8.15.2) with ESMTP id t850rh9P071595;
 Fri, 4 Sep 2015 17:53:47 -0700 (PDT)
 (envelope-from truckman@FreeBSD.org)
Message-Id: <201509050053.t850rh9P071595@gw.catspoiler.org>
Date: Fri, 4 Sep 2015 17:53:43 -0700 (PDT)
From: Don Lewis <truckman@FreeBSD.org>
Subject: Re: default ECN settings
To: kmacy@freebsd.org
cc: freebsd-net@freebsd.org
In-Reply-To: <CAHM0Q_NOUftuDrehq-sqa4CRjRxjyyP7hAe+ZdegBoenSMcbQg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2015 00:53:52 -0000

On  4 Sep, K. Macy wrote:
> By default ECN is completely disabled on FreeBSD. On Linux the default
> is to disable it outbound (not request it) but enable it inbound
> (accept new connections asking for it). Is there a good reason to only
> set ECN_PERMIT on inbound connections if the system is doing ECN on
> outbound connections?

Not that I can think of.  The risk in enabling ECN for outbound
connections is that some connection attempts can fail, especially if you
are attempting to connect to some old and oddball device.  That should
not be a risk for inbound connections since those devices won't be
requesting ECN.

Seems like we should be defaulting ECN on for inbound connections,
though we currently can't control the two directions separately.