> The problem I see here is that many of these options default to
> off. Why is that? Considering that the default was on with the 2.0.x
> series when the option was not runtime configurable, should not the
> default remain the same? Not only is it annoying to have to read the
They didn't default to on - they were just only compile time, not runtime
configurable.
> documentation and edit the system boot scripts (for those who know
> this particular trap), but it can be a real trap for sysadmins who
> boot a 2.1.x kernel and a few days later (say when someone reboots
> their bootp client) some user asks why xxx doesn't work anymore. The
> sysadmin scratches his head thinking that nothing has been changed
> today. Must be a faulty network cable...
>
> Is there a good reason why these options aren't enabled by default?
I think the idea is that compile time configuration for the network
layer is to be phased out and replaced by sysctls. But it's a very bad
thing to ship a system with ipforward or bootp relay turned on per
default. That's a problem for vendors like Caldera or RedHat who ship
binary kernel images. Hopefully Linux 2.2.x based distributions will
have some nice configuration tools or config files to tune this
(e.g. like /etc/sysconfig in FreeBSD).
Regarding the syncookies: strictly speaking they don't conform to
RFC792. So I think it should be left to the system administrator
to enable them explicitely. Perhaps an entry to Documentation/Changes
should be added for this.
-Andi
P.S.: Anyone knows if Caldera/RedHat/SUSE ship their default kernels
with IP forwarding enabled?