curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(caddy-nixos-2): limited TFO support in server

This commit is contained in:
MDLeom 2020-03-24 01:29:43 +00:00
parent 608e5c9202
commit 66f5700b10
No known key found for this signature in database
GPG Key ID: 5D9DB57A25D34EE3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/_posts/caddy-nixos-part-2.md
View File

@ -293,7 +293,7 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Protect against tcp time-wait assassination hazards # Protect against tcp time-wait assassination hazards
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
# Latency reduction # TCP Fast Open (TFO)
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
## Bufferbloat mitigations ## Bufferbloat mitigations
# Requires >= 4.9 & kernel module # Requires >= 4.9 & kernel module
@ -302,3 +302,5 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
``` ```
TCP Fast Open ([TFO](https://en.wikipedia.org/wiki/Tcp_fast_open)) is enabled by default (`tcp_fastopen = 1`) for outgoing connection since 3.13. As of writing, TFO has limited server support; Caddy, Tor and I2Pd don't support it yet, so enabling it for incoming and outgoing connections (`3`) has no effect.