BLog
ImprintImpressum
PrivacyDatenschutz
DisclaimerHaftung
Downloads 

Network speed and security tuning by tweaking sysctl settings on a jailbroken iPhone 4 with iOS 7

The following implies a jailbroken iOS, because we are going to place a launchd.plist(5) configuration file into /Library/LaunchDaemons.

The TCP network protocol requires a receiver of TCP packets to acknowledge receipt by respective ACK packets. By this way, the sender knows that the packets have been received well and it may proceed with its operation.

TCP delayed acknowledgment is an operation mode by which not every single received packet needs to be acknowledged, but ACK responses may be delayed and combined with other ACK packets and/or with regular response packets. The idea is to reduce the number of TCP packets running back and forth between the peers in the course of IP communication. This operation mode can cause severe problems together with another standard TCP technique, namely Nagle’s algorithm, which tries to fill each packet before transmission and for this it waits until enough data worth of sending has arrived.

What happens if the maximum segment size is not filled yet, and the sender has nothing more to tell, because it is waiting for acknowledgment of the already sent packets by the receiver, and the receiver does not send an ACK response because it is waiting with the response until all the data has arrived — a Deadlock happens until the ACK delay timeout, usually 200 ms, has expired. While these two techniques improve network utilization at the expense of latency in the course of Telnet sessions, in typical request/response application layer protocols like http, smtp, pop3/imap, afp, smb, networked multiplayer games, etc., this can easily deteriorate network speed and reaction times to a crawl.

Nobody uses the iPhone for Telnet and everybody use it heavily for Web, Mail, Gaming, etc., and Web-Page loading as well as receiving/sending of e-mails can be heavily improved by pulling the plug of said deadlock once and for all by setting the sysctl value net.inet.tcp.delayed_ack from 3 to 0.

On a jailbroken iPhone, login via ssh as the user root and place into the directory /Library/LaunchDaemons a file named cfg.sysctl.plist with the following content: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>cfg.sysctl.plist</string>
	<key>ProgramArguments</key>
        <array>
            <string>/usr/sbin/sysctl</string>
            <string>-w</string>
            <string>net.inet.tcp.delayed_ack=0</string>
            <string>net.inet.tcp.blackhole=2</string>
            <string>net.inet.udp.blackhole=1</string>
        </array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

Then restart the iPhone and experience improved network speed and response times. The two blackhole settings are useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system. It could potentially also slow down someone who is attempting a denial of service attack, and by this, add a little security to iPhones that are connected to the internet without any firewall in the middle.

Keywords: deadlock, iOS, iPhone, Nagle’s-algorithm, security-tuning, speed-tuning, sysctl, TCP-delayed-acknowledgment, TCP_NODELAY

Copyright © Dr. Rolf Jansen - 2015-08-30 22:44:08

Discussion on Twitter: 1082803061884637184