Re: [tsvwg] [Ecn-sane] how to ecn again on osx and ios!!!

Jan Rüth <> Tue, 30 March 2021 09:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A996F3A2CCC for <>; Tue, 30 Mar 2021 02:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c5uC0cQTBy4u for <>; Tue, 30 Mar 2021 02:38:48 -0700 (PDT)
Received: from ( [IPv6:2a00:8a60:1:e501::5:46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BBA463A2CC9 for <>; Tue, 30 Mar 2021 02:38:47 -0700 (PDT)
IronPort-SDR: 2PmNdHxrkbgEOO0BwIr66hU3skDwsvG/q08ZnpgfEZiwZuTzv6h7jty8SqMpcgyKSLDW74ZOFb KhK1LFJRHIiw==
IronPort-HdrOrdr: A9a23:r7Mzna6X2ywXT8R/HwPXwDbXdLJzesId70hD6mlaTxtJfsuE0+ Wnm/oG3RH54QxhO00Is9aGJaWGXDfg5Yd4iLNhX4uKcQH6tAKTQL1KwpDlx1TbcBHW0s54+e Nef7NlCNv2ZGIUse/f7BOjG9gthPmrmZrHuc7kw31gTR5nZshbhm9EIzyGGU57ThQuP/cEPa ec/cZOqn6Bfnkaf62AZkUtYu6rnbf2vaOjRRYHAhI9gTPusQ+V
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,290,1610406000"; d="scan'208,217";a="140339961"
Received: from ([]) by with ESMTP; 30 Mar 2021 11:38:43 +0200
Received: from ( []) by (Postfix) with ESMTPS id 7000FC0983; Tue, 30 Mar 2021 11:38:43 +0200 (CEST)
Received: from (2a00:8a60:1014::54) by (2a00:8a60:1014::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 30 Mar 2021 11:38:43 +0200
Received: from (2a00:8a60:1014::41) by (2a00:8a60:1014::54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Tue, 30 Mar 2021 11:38:42 +0200
Received: from ([fe80::e198:7509:269a:ddb6]) by ([fe80::e198:7509:269a:ddb6%11]) with mapi id 15.01.2106.013; Tue, 30 Mar 2021 11:38:42 +0200
From: Jan Rüth <>
To: Dave Taht <>
CC: ECN-Sane <>, bloat <>, Make-Wifi-fast <>, cerowrt-devel <>, Cake List <>, tsvwg IETF list <>
Thread-Topic: [Ecn-sane] how to ecn again on osx and ios!!!
Thread-Index: AQHXFSRBKSc2He3ieUeaC9TWMX0oOKqcRSEA
Date: Tue, 30 Mar 2021 09:38:42 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US, de-DE
Content-Language: en-US
x-originating-ip: [2a00:8a60:1014:110::1001]
Content-Type: multipart/alternative; boundary="_000_DC3E847529E547C8A4782A9BD81BEB93comsysrwthaachende_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [tsvwg] [Ecn-sane] how to ecn again on osx and ios!!!
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Mar 2021 09:38:53 -0000


I wrote a small dtrace script to track ECN connections on MacOS.

It basically dumps the ecn_flags from the MacOS kernel to find out if ECN was successfully negotiated or not.
It further counts ECN bits on incoming packets.

For anyone interested (feel free to share), the code is here:

During testing I also observed a weird behavior (connections fail) between MacOS and Linux when ECN flags cause packet drops on the downlink (reverse) path.
There is also a more detailed description and a packet trace of this happening in the github repository.

If you have any comments, feel free to contact me.


On 9. Mar 2021, at 21:38, Dave Taht <<>> wrote:

The additional sysctl required to re-enable ecn negotiation always is

sudo sysctl -w net.inet.tcp.disable_tcp_heuristics=1

See also:

It disables mptcp and tfo, which for purposes of even basic worldwide
testing of the survival of the ect(0) and ect(1) codepoints, don't
really matter. I am delirious with joy to be able to test this stuff
again from devices more people have, and I hope y'all turn it on for a
while, on ethernet/wifi and lte, get a bunch of captures and see what
happens in day to day use. I would so love packet captures from many
many vantage points against the worldwide flent testing network.

Those of you that have root access on your iphones can also test ecn
in this way.

A huge thanks to Christoph Paasch over at apple for pointing this out.

"For a successful technology, reality must take precedence over public
relations, for Mother Nature cannot be fooled" - Richard Feynman <Dave Täht> CTO, TekLibre, LLC Tel: 1-831-435-0729
Ecn-sane mailing list