1ba4298b0SPouria Mousavizadeh Tehrani.\" 2ba4298b0SPouria Mousavizadeh Tehrani.\" SPDX-License-Identifier: BSD-2-Clause 3ba4298b0SPouria Mousavizadeh Tehrani.\" 4ba4298b0SPouria Mousavizadeh Tehrani.\" Copyright (c) 2026 Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> 5ba4298b0SPouria Mousavizadeh Tehrani.\" All rights reserved. 6ba4298b0SPouria Mousavizadeh Tehrani.\" 7ba4298b0SPouria Mousavizadeh Tehrani.\" Redistribution and use in source and binary forms, with or without 8ba4298b0SPouria Mousavizadeh Tehrani.\" modification, are permitted provided that the following conditions 9ba4298b0SPouria Mousavizadeh Tehrani.\" are met: 10ba4298b0SPouria Mousavizadeh Tehrani.\" 1. Redistributions of source code must retain the above copyright 11ba4298b0SPouria Mousavizadeh Tehrani.\" notice, this list of conditions and the following disclaimer. 12ba4298b0SPouria Mousavizadeh Tehrani.\" 2. Redistributions in binary form must reproduce the above copyright 13ba4298b0SPouria Mousavizadeh Tehrani.\" notice, this list of conditions and the following disclaimer in the 14ba4298b0SPouria Mousavizadeh Tehrani.\" documentation and/or other materials provided with the distribution. 15ba4298b0SPouria Mousavizadeh Tehrani.\" 16ba4298b0SPouria Mousavizadeh Tehrani.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 17ba4298b0SPouria Mousavizadeh Tehrani.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18ba4298b0SPouria Mousavizadeh Tehrani.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19ba4298b0SPouria Mousavizadeh Tehrani.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 20ba4298b0SPouria Mousavizadeh Tehrani.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21ba4298b0SPouria Mousavizadeh Tehrani.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22ba4298b0SPouria Mousavizadeh Tehrani.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23ba4298b0SPouria Mousavizadeh Tehrani.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24ba4298b0SPouria Mousavizadeh Tehrani.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25ba4298b0SPouria Mousavizadeh Tehrani.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26ba4298b0SPouria Mousavizadeh Tehrani.\" SUCH DAMAGE. 27ba4298b0SPouria Mousavizadeh Tehrani.\" 28ba4298b0SPouria Mousavizadeh Tehrani.Dd March 19, 2026 29ba4298b0SPouria Mousavizadeh Tehrani.Dt ECN 9 30ba4298b0SPouria Mousavizadeh Tehrani.Os 31ba4298b0SPouria Mousavizadeh Tehrani.Sh NAME 32ba4298b0SPouria Mousavizadeh Tehrani.Nm ecn , 33ba4298b0SPouria Mousavizadeh Tehrani.Nm ip_ecn_ingress , 34ba4298b0SPouria Mousavizadeh Tehrani.Nm ip_ecn_egress , 35ba4298b0SPouria Mousavizadeh Tehrani.Nm ip6_ecn_ingress , 36ba4298b0SPouria Mousavizadeh Tehrani.Nm ip6_ecn_egress 37ba4298b0SPouria Mousavizadeh Tehrani.Nd IP ECN interfaces for tunnel encapsulation/decapsulation 38ba4298b0SPouria Mousavizadeh Tehrani.Sh SYNOPSIS 39ba4298b0SPouria Mousavizadeh Tehrani.In sys/netinet/ip_ecn.h 40ba4298b0SPouria Mousavizadeh Tehrani.In sys/netinet6/ip6_ecn.h 41ba4298b0SPouria Mousavizadeh Tehrani.\" 42ba4298b0SPouria Mousavizadeh Tehrani.Ss "Constants" 43ba4298b0SPouria Mousavizadeh Tehrani.Dv ECN_COMPLETE 44ba4298b0SPouria Mousavizadeh Tehrani.Dv ECN_ALLOWED 45ba4298b0SPouria Mousavizadeh Tehrani.Dv ECN_FORBIDDEN 46ba4298b0SPouria Mousavizadeh Tehrani.Dv ECN_NOCARE 47ba4298b0SPouria Mousavizadeh Tehrani.\" 48ba4298b0SPouria Mousavizadeh Tehrani.Ss "ECN Manipulation Functions" 49ba4298b0SPouria Mousavizadeh Tehrani.Ft "void" 50ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_ingress "int mode" "uint8_t *outer" "const uint8_t *inner" 51ba4298b0SPouria Mousavizadeh Tehrani.Ft "void" 52ba4298b0SPouria Mousavizadeh Tehrani.Fn "ip6_ecn_ingress" "int mode" "uint32_t *outer" "const uint32_t *inner" 53ba4298b0SPouria Mousavizadeh Tehrani.Ft "int" 54ba4298b0SPouria Mousavizadeh Tehrani.Fn "ip_ecn_egress" "int mode" "uint8_t *outer" "const uint8_t *inner" 55ba4298b0SPouria Mousavizadeh Tehrani.Ft "int" 56ba4298b0SPouria Mousavizadeh Tehrani.Fn "ip6_ecn_egress" "int mode" "uint32_t *outer" "const uint32_t *inner" 57ba4298b0SPouria Mousavizadeh Tehrani.\" 58ba4298b0SPouria Mousavizadeh Tehrani.Sh DESCRIPTION 59ba4298b0SPouria Mousavizadeh TehraniThe 60ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_ingress 61ba4298b0SPouria Mousavizadeh Tehraniand 62ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_egress 63ba4298b0SPouria Mousavizadeh Tehraniinterfaces implement Explicit Congestion Notification (ECN) processing for 64ba4298b0SPouria Mousavizadeh Tehranitunnel encapsulation (ingress) and decapsulation (egress). They operate on 65ba4298b0SPouria Mousavizadeh Tehranithe ECN bits in the IP Type of Service (TOS) or 66ba4298b0SPouria Mousavizadeh TehraniIPv6 Traffic Class (TCLASS) header field. 67ba4298b0SPouria Mousavizadeh TehraniThese functions implements the standard specification of RFC6040 in 68ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_ALLOWED 69ba4298b0SPouria Mousavizadeh Tehranimode for 70ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_egress 71ba4298b0SPouria Mousavizadeh Tehraniwith addition of 72ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_FORBIDDEN 73ba4298b0SPouria Mousavizadeh Tehranimode as compatibility mode in 74ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_ingress . 75ba4298b0SPouria Mousavizadeh Tehrani.Ss Interface 76ba4298b0SPouria Mousavizadeh TehraniThe functions for manipulating 77ba4298b0SPouria Mousavizadeh Tehrani.Vt ip_tos 78ba4298b0SPouria Mousavizadeh Tehraniand 79ba4298b0SPouria Mousavizadeh Tehrani.Vt ipv6_flow 80ba4298b0SPouria Mousavizadeh Tehraniare as follows: 81ba4298b0SPouria Mousavizadeh Tehrani.Bl -tag -width indent -offset indent 82ba4298b0SPouria Mousavizadeh Tehrani.It Fn ip_ecn_ingress Fn ip6_ecn_ingress 83ba4298b0SPouria Mousavizadeh TehraniPerform ECN processing at encapsulation time (ingress) based on 84ba4298b0SPouria Mousavizadeh Tehranithe ECN bits of the 85ba4298b0SPouria Mousavizadeh Tehrani.Vt ip_tos 86ba4298b0SPouria Mousavizadeh Tehranifield in 87ba4298b0SPouria Mousavizadeh Tehrani.Vt "struct ip" 88ba4298b0SPouria Mousavizadeh Tehranior the 89ba4298b0SPouria Mousavizadeh Tehrani.Vt ip6_flow 90ba4298b0SPouria Mousavizadeh Tehranifield in 91ba4298b0SPouria Mousavizadeh Tehrani.Vt "struct ip6_hdr" 92ba4298b0SPouria Mousavizadeh Tehranias 93ba4298b0SPouria Mousavizadeh Tehrani.Va inner 94ba4298b0SPouria Mousavizadeh Tehranito 95ba4298b0SPouria Mousavizadeh Tehrani.Va outer . 96ba4298b0SPouria Mousavizadeh TehraniIt also copies the DSCP value from 97ba4298b0SPouria Mousavizadeh Tehrani.Va inner 98ba4298b0SPouria Mousavizadeh Tehranito 99ba4298b0SPouria Mousavizadeh Tehrani.Va outer . 100ba4298b0SPouria Mousavizadeh Tehrani.It Fn ip_ecn_egress Fn ip6_ecn_egress 101ba4298b0SPouria Mousavizadeh TehraniPerform ECN processing at decapsulation time (egress) based on 102ba4298b0SPouria Mousavizadeh Tehranithe ECN bits of 103ba4298b0SPouria Mousavizadeh Tehrani.Va outer 104ba4298b0SPouria Mousavizadeh Tehranito 105ba4298b0SPouria Mousavizadeh Tehrani.Va inner . 106ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_ALLOWED 107ba4298b0SPouria Mousavizadeh Tehranimode may modify the 108ba4298b0SPouria Mousavizadeh Tehrani.Va inner 109ba4298b0SPouria Mousavizadeh TehraniECN bits or instruct the caller to drop or log 110ba4298b0SPouria Mousavizadeh Tehraniby returning 111ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_WARN 112ba4298b0SPouria Mousavizadeh Tehranior 113ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_ALARM 114ba4298b0SPouria Mousavizadeh Tehranivalues. 115ba4298b0SPouria Mousavizadeh Tehrani.El 116ba4298b0SPouria Mousavizadeh Tehrani.Pp 117ba4298b0SPouria Mousavizadeh TehraniReturn codes for 118ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_egress 119ba4298b0SPouria Mousavizadeh Tehraniare as follows: 120ba4298b0SPouria Mousavizadeh Tehrani.Bl -tag -width ".Dv ECN_SUCCESS" -offset indent 121ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_DROP 122ba4298b0SPouria Mousavizadeh Tehrani(0) Caller MUST drop the packet. 123ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_SUCCESS 124ba4298b0SPouria Mousavizadeh Tehrani(1) Processing succeeded; 125ba4298b0SPouria Mousavizadeh Tehraniinner ECN bits may have been updated. 126ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_WARN 127ba4298b0SPouria Mousavizadeh Tehrani(2) Processing succeeded; 128ba4298b0SPouria Mousavizadeh Tehranicaller MAY log a warning for an anomalous ECN combination. 129ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_ALARM 130ba4298b0SPouria Mousavizadeh Tehrani(3) Processing succeeded; 131ba4298b0SPouria Mousavizadeh Tehranicaller SHOULD log and MAY raise an alarm for a serious ECN anomaly. 132ba4298b0SPouria Mousavizadeh Tehrani.El 133ba4298b0SPouria Mousavizadeh Tehrani.Pp 134ba4298b0SPouria Mousavizadeh TehraniThe following modes are handled by functions: 135ba4298b0SPouria Mousavizadeh Tehrani.Bl -tag -width ".Dv ECN_FORBIDDEN" -offset indent 136ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_COMPLETE 137ba4298b0SPouria Mousavizadeh TehraniNormal mode as defined in RFC6040. 138ba4298b0SPouria Mousavizadeh TehraniECN bits are preserved through encapsulation; 139ba4298b0SPouria Mousavizadeh Tehranidecapsulation follows RFC6040 rules and it returns 140ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_WARN 141ba4298b0SPouria Mousavizadeh Tehranior 142ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_ALARM 143ba4298b0SPouria Mousavizadeh Tehranivalues when a potentially dangerous packet detected. 144ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_ALLOWED 145ba4298b0SPouria Mousavizadeh TehraniNormal mode as defined in RFC6040 without security checks. 146ba4298b0SPouria Mousavizadeh TehraniECN bits are preserved through encapsulation; 147ba4298b0SPouria Mousavizadeh Tehranidecapsulation follows RFC6040 rules. 148ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_FORBIDDEN 149ba4298b0SPouria Mousavizadeh TehraniCompatibility mode. 150ba4298b0SPouria Mousavizadeh TehraniECN is stripped on encapsulation and decapsulation will 151ba4298b0SPouria Mousavizadeh Tehranidrop packets that carry CE in the outer header. 152ba4298b0SPouria Mousavizadeh TehraniThis mode should not be used in 153ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_egress 154ba4298b0SPouria Mousavizadeh Tehranior 155ba4298b0SPouria Mousavizadeh Tehrani.Fn ip6_ecn_egress 156ba4298b0SPouria Mousavizadeh Tehranisince the 157ba4298b0SPouria Mousavizadeh Tehrani.Vt ECN_ALLOWED 158ba4298b0SPouria Mousavizadeh Tehranimode already covers all possible scenarios as specified in RFC6040. 159ba4298b0SPouria Mousavizadeh Tehrani.It Dv ECN_NOCARE 160ba4298b0SPouria Mousavizadeh Tehranileave ECN bits unchanged and ignored. 161ba4298b0SPouria Mousavizadeh Tehrani.El 162ba4298b0SPouria Mousavizadeh Tehrani.Ss IPV6 HANDLING 163ba4298b0SPouria Mousavizadeh TehraniIPv6 interfaces 164ba4298b0SPouria Mousavizadeh Tehrani.Fn ip6_ecn_ingress 165ba4298b0SPouria Mousavizadeh Tehraniand 166ba4298b0SPouria Mousavizadeh Tehrani.Fn ip6_ecn_egress 167*1c1b4942SPouria Mousavizadeh Tehraniextract the 8-bit DSCP and ECN values from the 32-bit 168ba4298b0SPouria Mousavizadeh Tehrani.Vt ip6_flow 169ba4298b0SPouria Mousavizadeh Tehraniand insert it to IPv4 equivalent interfaces. 170ba4298b0SPouria Mousavizadeh Tehrani.Sh SEE ALSO 171ba4298b0SPouria Mousavizadeh Tehrani.Xr ip 4 , 172ba4298b0SPouria Mousavizadeh Tehrani.Xr ip6 4 , 173ba4298b0SPouria Mousavizadeh Tehrani.Xr ipsec 4 174ba4298b0SPouria Mousavizadeh Tehrani.Sh HISTORY 175ba4298b0SPouria Mousavizadeh TehraniHistorically 176ba4298b0SPouria Mousavizadeh Tehrani.Fn ip_ecn_egress 177ba4298b0SPouria Mousavizadeh Tehraniused a boolean-style return. 178ba4298b0SPouria Mousavizadeh TehraniThe current API preserves numeric mapping for drop (ECN_DROP == 0) 179*1c1b4942SPouria Mousavizadeh Tehraniand success (ECN_SUCCESS == 1) but defines additional non-zero 180ba4298b0SPouria Mousavizadeh Tehranistatus codes (ECN_WARN, ECN_ALARM). 181*1c1b4942SPouria Mousavizadeh TehraniCallers that only test for non-zero success will continue to 182ba4298b0SPouria Mousavizadeh Tehranitreat WARN/ALARM as success. 183ba4298b0SPouria Mousavizadeh Tehrani.Sh AUTHORS 184ba4298b0SPouria Mousavizadeh Tehrani.An Pouria Mousavizadeh Tehrani Aq Mt pouria@FreeBSD.org 185