Date: Tue, 18 Jul 2023 00:03:59 -0400 From: Mason Loring Bliss <mason@blisses.org> To: freebsd-net@freebsd.org Subject: ACK filtering? Message-ID: <ZLYPLwX4Bm1RuCBh@blisses.org>
next in thread | raw e-mail | index | archive | help
--IsH90HeIADRPm5aW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I'm likely going to have to move to an Internet connection with asymmetric
bandwidth soon, and I want to be proactive with the firewalling to avoid
the connection choking on itself.
There's a fair amount of documentation out there for bumping the priority
on acks with pf and altq, and that seems reasonable, but is there anything
equivalent I can do with ipfw? I'd prefer ipfw if possible, but I'll switch
if I need to.
Second, in researching the topic, because it's been some time, I
encountered the notion of ACK filtering. Here's a link:
https://lwn.net/Articles/758353/
=46rom that link:
The last major component of CAKE is ACK filtering. A stream of data
flowing in one direction over a TCP connection will generate a
corresponding stream of acknowledgment (ACK) packets heading the other
way. The ACK traffic is much smaller than the actual data, but it can
still reach problematic levels on asymmetric links like those found in
many home links. Much of that data will be redundant: if an ACK packet
for the first 10,000 bytes is immediately followed by an ACK for the
first 20,000 bytes, the first can often be dropped with no ill effect.
Since CAKE maintains per-flow queues of packets, it is relatively easy
for it to tell when a newly queued ACK packet makes an earlier one
redundant. Some care must be taken, though, to only drop ACK packets
that contain no other data, or bad things will happen. The ACK
filtering also will not touch packets that contain unknown headers;
that is an attempt to avoid protocol ossification that could break
future extensions.
I'm not seeing anything talking about ACK filtering in FreeBSD. It seems
like the best of both worlds would be higher-priority ACK packets outbound,
but with those that can be safely discarded discarded. Have I simply missed
the documentation, or does this concept not exist as such right now in
FreeBSD? (How about in OpenBSD?)
It seems like the concept has been batted about for a while:
https://dl.acm.org/doi/10.5555/646461.693587
--=20
Mason Loring Bliss mason@blisses.org Ewige Blumenkra=
ft!
(if awake 'sleep (aref #(sleep dream) (random 2))) -- Hamlet, Act III, Scen=
e I
--IsH90HeIADRPm5aW
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEEXtBZz1axB5rEDCEnrJXcHbvJVUFAmS2Dy4ACgkQnrJXcHbv
JVXNOBAAmxX7npLnxQ7MzSqP/11HQmUis0o7vFCpLB8zconw0G7sf+73BrbGaYGw
Yfze+i4WZxy5knSew20gYMvsmRIpC8E5Z1C3Opvfuhps9YK8u+9O17mUxM2Bwo1r
KmEGAk8dMsTI8jBJMxuwKrFYLzRoeuOHUG2rXistVFCSy6ukIsnkg1jqQqCLEdA0
gwlVWK/TZMbszWXa5bEatCQeV5oovdj85uF0/Cj+qkDH0oJKI1eLierHP1NAAUXl
utyjcOOCzLtn4RFgkYJbl6hpoAurM8EMJcBRDFbSpDVDdTDtO9YJAfcrcyxY3Aoa
h98gBGaq/aDf+W+2zQdXk1IlsNpL0965FXIS2q91WR2gBbCOzrETAA7ZmttqV4s3
lC5evmsJaR8zlYA7leLYQ+kVQ74Mcfgpf/5zuImOZTWZCAyScY+Zxjq3KlR2VPC0
c2+OapQcmoSdiX2/7R6jCDVI9Ubmmxmf+ULiV6ejPQobcxkZpEKoH3NiYYz4y5t9
gBApAQZTL4ADWQOF8bZbNTL8XSb7x/2n9oSIex+daCQyWCbjcNCU3aYz8vmm+twn
PNJWeplLbuLzAP+B4VqC+6W5Ud81aEF2XEwJRQLpYAwAMfR6X+psG2FtvNy8+TtZ
hQlKC57cwVKxNHMn+M1EOTAk2U/wiw9zeDi1+uRs7Y6oX2pyZ5c=
=0Ka8
-----END PGP SIGNATURE-----
--IsH90HeIADRPm5aW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZLYPLwX4Bm1RuCBh>