Hi! Is it possible to clear the ECN bit in outgoing packings using pf? Something like a no-ecn option, similar to scrub's no-df option.
Why? Well, using scrub reassemble tcp and having hosts set the ECN flag seems to cause some troubles. That is, in my post of July 2006, "scrub reassemble tcp and nat causes problems with some sites" (http://marc.theaimsgroup.com/?l=openbsd-misc&m=115330518001669&w=4), I had trouble connection to some sites (e.g. eBay) with scrub's reassemble tcp enabled from hosts behind the OpenBSD NAT gateway. Now I've found that I can connect from the nat'ted hosts if either: * reassemble tcp disabled and ecn flag set or * reassemble tcp enabled and ecn flag cleared. However, ecn flag set and reassemble tcp results in connection problems. Since ECN is useful with traffic shaping, I'd like to use it locally but have pf strip it for outbound packets. Regard, Walter
