Thanks for caring Anthony! Zitiere Anthony Towns <aj@azure.humbug.org.au>:
> I'm not sure what you mean by "idealism" but surely it's obvious the > solution that's closest to ideal for the most users should be chosen as > the default. We've currently had what options? > > 1) Disable ECN in the kernel, and let people who want it recompile > the kernel by hand. Pros: doesn't hurt anyone, follows the upstream > kernel defaults. Cons: makes it hard for people to enable, which > in the long term damages the Internet's resiliance to DoS attacks. > > 2) Leave ECN in the kernel, but disable it externally by default. > Pros: doesn't hurt anyone, makes it easy to change. Cons: requires > kludging around in other packages (boot-floppies and procps/netbase) Cons for procps: solving it here is a techincally bad choice, since it would require procps to decide to assign the flag based on available kernel options. Which is doable for this specific problem but is not a general solution for similar problems. Pros netbase: The message "ECN disabled: use /etc/network/options to enable" keeps reminding the user which rises the probability that s/he will enable it later and so serve the purpose of ECN in the first place. > 3) Leave ECN in the kernel, enabled by default. Pros: easy to setup, > easy to change after the fact. Cons: neophytes can easily be confused > when random sites start not working unpredictably from Debian machines > but work fine elsewhere. Cons: if upstream doesn't accept the changed default and include it, there forever be a fork between Debian an the main kernel. Changing the default upstream will cause a lot of trouble there which makes it not very probable. IMO this would be the cleanest solution though. > Another option, which would require a minor patch to the kernel, would > be to have ECN default to disabled even when compiled into the kernel (and > thus require an explit 'echo 1 >/proc/sys/net/ipv4/tcp_ecn' to enable). > This'd be analagous to the current behaviour with IP forwarding. > > There might be other options too. Both 1) and 3) would require action from the kernel-image maintainer, which requires someone else than me talking to him since he's either not seeing ECN as his problem at all: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=110862&msg=8 or just ignoring my reports: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=110862&msg=14 *t
