# option on the SYN, but the fast-output SMTP banner will not
# be seen unless you also deliberately emulate a long path:
# 'sudo tc qdisc add dev lo root netem delay 50ms'
+# You'll need iproute-tc installed, for the tc command.
# You'll need kernel-modules-extra installed, or you get
# an unhelpful error from RTNETLINK.
# To tidy up: 'sudo tc qdisc delete dev lo root'
#
+# MacOS:
+# The kernel seems to have TFO enabled both ways as default.
+# There is a net.inet.tcp.clear_tfocache parameter
+## sysctl -w foo-val
+#
+# For network delays there is something called 'Network Link Conditioner'
+# which might do the job. But how to manipulate it?
+#
+#
+# FreeBSD: it looks like you have to compile a custom kernel, with
+# 'options TCP_RFC7413' in the config. Also set
+# 'net.inet.tcp.fastopen.server_enable=1' in /etc/sysctl.conf
+# Seems to always claim TFO used by transport, if tried.
+#
+# FreeBSD: tried this setup, but we only get the banner captured 100ms after 3rd-ack:
+# #kenv net.inet.ip.fw.default_to_accept=1
+# #kldload ipfw dummynet
+# #ipfw add 00097 pipe 1 ip from 127.0.0.1 to 127.0.0.1
+# #ipfw pipe 1 config delay 50ms
+# Also, the VM managed to lose the ipv4 & 6 addrs on its main interface
+# after a while - so not usable in production
+#
sudo perl
system ("tc qdisc add dev lo root netem delay 50ms");
****
#
+#
+# Disable the TFO blackhole detection, as we seem to be running foul of it.
+# If bitten, we see the expected EINPROGRESS for sendto, yet no TFO cookie
+# option on the SYN.
+#
+sudo perl
+system ("[ -e /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec ] && echo 0 > /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec");
+****
+#
# First time runs will see a TFO request option only; subsequent
# ones should see the TFO cookie and fast-output SMTP banner
# (currently on a separate packet after the server SYN,ACK but before
# the client ACK).
#
-# The client log => lint.ex should have a "TFO" element.
-# Assuming this is the first run since boot, the a@test recipient will not.
+# The client log => line should have a "TFO" element.
+# The server log <= line for a@test.ex should not.
#
+# First clear any previously-obtained cookie:
sudo perl
+open(INFO, "-|", "/usr/bin/uname -s");
+$_ = <INFO>;
+if (/^FreeBSD/) {
+system("sysctl net.inet.tcp.fastopen.client_enable=0"); system("sysctl net.inet.tcp.fastopen.client_enable=1");
+} else {
system ("ip tcp_metrics delete 127.0.0.1");
+}
+
****
#
-# The server log <= line for b@test.ex should have a "TFO" element, but
-# this will only be obtained when the above delay is inserted into the
-# loopback net path.
#
#
-#
-# FreeBSD: it looks like you have to compile a custom kernel, with
-# 'options TCP_RFC7413' in the config. Also set
-# 'net.inet.tcp.fastopen.enabled=1' in /etc/sysctl.conf
-# Untested.
-#
exim -DSERVER=server -bd -oX PORT_D
****
#
****
sleep 3
#
+# The server log <= line for b@test.ex should have a "TFO" element, but
+# this will only be obtained when the above delay is inserted into the
+# loopback net path.
+#
exim b@test.ex
Testing
****
#
sudo perl
system ("tc qdisc delete dev lo root");
+system ("[ -e /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec ] && echo 3600 > /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec");
****
#
killdaemon