sfx2000
Part of the Furniture
On another thread, but this is a common occurrence with many AsusWRT users with iPhone/iPads and those devices impacting network performance...
Apple introduced Multi-path TCP in IOS7 and later - it's a nice feature when it works, but with AsusWRT, it seems to have a negative impact...
Working with a forum member on a thread.... and with RMerlin's assistance, we might have a way to improve performance using iptables...
Need some testing from the collective...
in a nutshell - the rules I propose disable the MPTCP handshake, and forces the iOS device to use regular TCP for it's communication with the iCloud and it's various services...
proposed fix below... the iptables are mine, the rest is RMerlin on how to get this working on AsusWRT...
=============
==============
Initial feedback is positive here - as the iOS devices no longer suck up bandwidth when they're backing up to the iCloud or other activities, e.g. downloading app updates, whatever...
Need more testing however... make sure Siri still works if you can.
==============
for those more technically inclined - here's a test case, and one doesn't need an iOS device to do this.... but one does need perhaps Ubuntu, either baremetal or VM (or VPS perhaps)
(set the bit to 0 to disable afterwords)
===============
Anyways, give it a try and see - the IPtables entry here only takes action on MPTCP packets, nothing else...
Apple introduced Multi-path TCP in IOS7 and later - it's a nice feature when it works, but with AsusWRT, it seems to have a negative impact...
Working with a forum member on a thread.... and with RMerlin's assistance, we might have a way to improve performance using iptables...
Need some testing from the collective...
in a nutshell - the rules I propose disable the MPTCP handshake, and forces the iOS device to use regular TCP for it's communication with the iCloud and it's various services...
proposed fix below... the iptables are mine, the rest is RMerlin on how to get this working on AsusWRT...
=============
Connect over SSH, and copy/paste the following, this is per RMerlin's insight here - I can't test this directly at the moment as I don't have a device capable of running AsusWRT.
This will create the script that sets up the rules, and restart the firewall.
Do not run this if you already created a firewall-start script, as it will overwrite it!
Use -I instead of -A for the rules, to ensure that they get processed before any ACCEPT rule.
Code:
cat << EOF > /jffs/scripts/firewall-start
#!/bin/sh
iptables -I INPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP
iptables -I OUTPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP
EOF
chmod a+rx /jffs/scripts/firewall-start
nvram set jffs2_scripts=1
nvram commit
service restart_firewall
This will create the script that sets up the rules, and restart the firewall.
Do not run this if you already created a firewall-start script, as it will overwrite it!
Use -I instead of -A for the rules, to ensure that they get processed before any ACCEPT rule.
==============
Initial feedback is positive here - as the iOS devices no longer suck up bandwidth when they're backing up to the iCloud or other activities, e.g. downloading app updates, whatever...
Need more testing however... make sure Siri still works if you can.
==============
for those more technically inclined - here's a test case, and one doesn't need an iOS device to do this.... but one does need perhaps Ubuntu, either baremetal or VM (or VPS perhaps)
To test the iptables change - one can enable mptcp on ubuntu, and then grab a pcap with a filter similar to below;
tcpdump –i eth0 ‘tcp[13] & 0x12 = 0x12’ and tcp[40] = 0x1e
To enable mptcp on ubuntu, check sysctl
sysctl –w net.mptcp.mptcp_enabled=1
tcpdump –i eth0 ‘tcp[13] & 0x12 = 0x12’ and tcp[40] = 0x1e
To enable mptcp on ubuntu, check sysctl
sysctl –w net.mptcp.mptcp_enabled=1
(set the bit to 0 to disable afterwords)
===============
Anyways, give it a try and see - the IPtables entry here only takes action on MPTCP packets, nothing else...