Ask HN: Why is iOS 17 setting TCP reserved bit?

13 pointsGGO2y ago12 comments

I started using iOS 17 beta and I am noticing that websites take long to load. I looked at my firewall logs and it looks like safari on new iOS is setting reserved bit in which firewall's IPS engine is blocking right away: Invalid TCP reserved bit. This is not happening on iOS 16.

Is there some hidden TCP change with iOS 17 that is now secretly using those TCP reserved bits?

13 pointsGGO2y ago12 comments

Is there some hidden TCP change with iOS 17 that is now secretly using those TCP reserved bits?

12 comments

12 comments · 5 top-level

dtaht2y ago· 3 in thread

Which TCP reserved bit? ECN? The reserved fields in the ack?

Ocha2y ago

Since it is firewall dropping the packet, and during initial connection (that’s why websites load slow), I doubt it’s ECN. Firewall would know about ECN.

GGOOP2y ago

I don't know. I don't have raw packet. just the log in firewall that does not specify which bit.

toast02y ago

We can't help much without a raw packet. Can you get a capture from the firewall?

Or failing that, setup some other way to capture packets (does iOS do reverse tethering? or you can setup a different wifi access point and capture packets between that and the firewall, etc)

mikequinlan2y ago· 1 in thread

Are you using iCloud Private Relay? Is it possible that their third-party content provider is setting that?

GGOOP2y ago

All I did was to upgrade to iOS 17. did not install anything new. Also I dont use private relay and I also dont have limit IP tracking enabled on my home wifi.

wmf2y ago· 1 in thread

I wonder if this is L4S. https://developer.apple.com/documentation/network/testing_an...

GGOOP2y ago

I checked - L4S is off and makes no difference if I enable or disable it.

Ocha2y ago· 1 in thread

TIL there is TCP reserved bits

bombcar2y ago

Maybe they’re setting the evil bit.

https://news.ycombinator.com/item?id=36330116

Ocha2y ago· 1 in thread

Would be nice to see a TDP dump of before and after upgrade. Is there a way to get it on iOS?

stop502y ago

You could get the dump from the other side. You only need the tcpdump program, the port doesn't even need to be open

j / k navigate · click thread line to collapse