I am having a bit of an issue with a customer and their inbound traffic to us. It's authenticated SMTP on port 587 with TLS. For whatever reason, they're trying to negotiate ECN. The receiving systems are somewhat backlevel/due-for-update, kernel 2.6 with /proc/sys/net/ipv4/tcp_ecn = 0 by default. Newer systems have '2': 0 – disable ECN and neither initiate nor accept it 1 – enable ECN when requested by incoming connections, and also request ECN on outgoing connection attempts 2 – (default) enable ECN when requested by incoming connections, but do not request ECN on outgoing connections When /proc/sys/net/ipv4/tcp_ecn is 0, incoming connections appear to be simply ignored, even when the sending host switched off ECN after having tried with ECN. The solution seems to be to set /proc/sys/net/ipv4/tcp_ecn = 2. The question is - are there any other effects? -- Per Jessen, Zürich (21.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org