ECN not working in Windows 10

zz1 · May 27, 2020, 1:14am

I have a router running OpenWrt 19.07.3, installed luci-app-sqm, configured it, and enabled ECN in the OS. I've only seen ECN working correctly in Linux and Windows 7 sp1 without any updates.

Windows 7 sp1 with working ECN:

Windows 10 with broken ECN:

Note that Windows 10 has ECT set in a TCP SYN packet, which is not allowed in RFC 3168 under section 6.1.1.

The Windows 10 tcptrace has no CE or CWR, which means ECN wasn't negotiated.

Updating Windows 7 will break ECN. Some of the updates updated tcpip.sys which likely broke it, but it doesn't matter since the OS is EOL.

I did all testing in VirtualBox with the bridged adapter plus a real Windows 10 1909 machine. I tested clean installs Windows 8.1 and Windows 10 1607, those behave exactly like the latest Windows 10. I also tested different ECN enabled servers.

I've tried searching to see if anyone else has this problem but couldn't find anything. Most testing is done in Linux and ECN is off by default in non-server Windows.

Mongolo · May 27, 2020, 1:28am

Enabling ECN on Windows

netsh interface tcp set global ecncapability=enabled

Enable ECN - Bufferbloat.net

zz1 · May 27, 2020, 1:35am

ECN is already enabled in windows. If ecncapability was disabled, there would be no ECE and CWR flag in the TCP SYN packet. I tested both ECN disabled and enabled. The ecncapability setting does have an effect, but ECN negotiation is broken in Windows 10.

xnor · December 25, 2020, 10:10am

Is this maybe due to https://tools.ietf.org/html/rfc5562 ?

xnor · December 26, 2020, 3:06pm

This can be worked around with this hack:
iptables -t mangle -I PREROUTING -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j TOS --set-tos 0/3

Above rule clears both ECN bits for TCP SYN packets.

Technical background: xt_DSCP offers a TOS target which allows setting the entire 8-bit TOS field in the IPv4 header. DSCP & ECN use the TOS bits. ECN uses the lower 2 TOS bits.