This bug was fixed in the package procps - 2:3.3.15-2ubuntu1
---------------
procps (2:3.3.15-2ubuntu1) cosmic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/sysctl.d (Ubuntu-specific):
+ 10-console-messages.conf: stop low-level kernel messages on console.
+ 10-kernel-hardening.conf: add the kptr_restrict setting
+ 10-keyboard.conf.powerpc: mouse button emulation on PowerPC.
+ 10-ipv6-privacy.conf: add a file to sysctl.d to apply the defaults
for IPv6 privacy extensions for interfaces. (LP: #176125, #841353)
+ 10-link-restrictions.conf: even though the Ubuntu
kernel is built with these defaults in place, we want to make sure
that people running stock kernels don't miss out.
+ 10-magic-sysrq.conf: Disable most magic sysrq by default, allowing
critical sync, remount, reboot functions. (LP: #194676, LP: #1025467)
+ 10-network-security.conf: enable rp_filter.
+ 10-ptrace.conf: describe new PTRACE setting.
+ 10-zeropage.conf: safe mmap_min_addr value for graceful fall-back.
for armhf, and arm64.
+ 10-qemu.conf.s390x for qemu.
+ README: describe how this directory is supposed to work.
- debian/rules: Fix cross build
- ignore_eaccess.patch: If we get eaccess when opening a sysctl file for
writing, don't error out. Otherwise package upgrades can fail,
especially in containers.
- ignore_erofs.patch: Same as ignore_eaccess but for the case where
part of /proc is read/only.
procps (2:3.3.15-2) unstable; urgency=medium
* Fix link in libprocps-dev Closes: 900239
* Fix typo in license Closes: #899346
-- Balint Reczey <rbal...@ubuntu.com> Tue, 05 Jun 2018 11:20:00 -0700
** Changed in: procps (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1773157
Title:
procps outdated network options, old syncookies, new ecn update
please.
Status in procps package in Ubuntu:
Fix Released
Bug description:
The ubuntu version of procps carries it's own /etc/sysctl.d/10
-network-security.conf file explicitly that appears not to be part of
debian procps version.
Firstly, the section about "# Turn on SYN-flood protections." (came from LP
#57091 ) is now entirely outdated, upstream kernel has long since turned on
syncookies by default, so setting this flag explicitly in
10-network-security.conf is entirely redundant likely since before ubuntu-14.04
.
I would like the ubuntu-maintainer to remove that section entirely in cosmic
onwards.
[I am going to report debian the similarly outdated syncookies
comments in sysctl.conf itself].
Secondly, I propose a new 10-network-tuning.conf with:-
==============================================================================
# Allow ECN for outgoing connections. Starting with 4.2, there is an adaptive
# fallback [enabled by default tcp_ecn_fallback option] preventing connection
# loss even with ecn enabled, also ecn-intolerance is increasingly very rare.
net.ipv4.tcp_ecn=1
==============================================================================
I know there is a (small) chance of issues/regressions with ECN
enabled by default on outgoing but I'm quite sure the issue is very
rare, like others notice [ref: 1 and 2 below]. Apple's selective
enablements etc. show this works just as much as my own use for years
and many similar reports.
ECN actually being used for outgoing connections really helps with
latency-reduction with modern routers (both core and edge) using
queuing disciplines fq_codel or otherwise, able to mark rather than
drop packets on ECN-enabled flows [helps latency and realtime
applications]. Now we are just past LTS release is in my view the
'right time' to finally enable ECN [and obviously easy to revert!].
If this is disputed, in ANY case I strongly suggest at the very least
a commented-out ECN section should be included, but 'defaults
matter'!.
I was going to suggest a non-default section about
net.core.default_qdisc [ LP #1436945 ] but this appears to have been
fixed upstream similarly.
[1]
https://www.ietf.org/proceedings/98/slides/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf
[2] http://seclists.org/nanog/2015/Jun/675
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1773157/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
