Re: /proc/sys/net/* proliferation

Jacques Gelinas (
Sat, 13 Sep 1997 18:25:34 -0400 (EDT)

On Fri, 12 Sep 1997, David Fries wrote:

> On %M %N, Richard Gooch wrote
> > Hi, all. I'll admit that it's very nice having runtime control over
> > the various networking options, but one things that bothers me is that
> > things which used to work suddenly stop working because the default is
> > off. For example, running a bootp server under 2.0.30 worked fine, but
> > when I booted 2.1.5[45] it stopped working and I got an error about
> > martians invading. OK, so I read
> > Documentation/networking/ip-sysctl.txt to see if there was something I
> > should configure, and sure enough I found "ip_bootp_agent" is off by
> > default. Enabling it worked fine.
> > I've noticed the same thing for IP forwarding and SYN cookies.
> > [clip]
> > Is there a good reason why these options aren't enabled by default?
> I agree. If you ask me, as long as it is compiled into the kernel it
> should default to on. I mean they implicitly assume if it is compiled
> into the kernel it should work. It took us a long time to figure out
> why masquerading didn't work with the 2.1.x series kernels.
> If you compile it in the kernel it should default to on, unless you
> don't really want it, in that case look at the docs to turn it off not
> the other way around is how I think it should work.

This makes sens. There is another point of view though. Distribution maker
are shipping fully configured kernel these days, using modules whenever
possible. This means that the vast majority of users don't need to compile
a kernel. This also means that the vast majority of users don't need all
the goodies inside.

The strategy to deliver those binary kernels in a disable state make some
sens then. I understand the surprise for someone who is used to the
current state of affair in 2.0 where most configured features can't be
turned off.

Obviously, once you migrate to 2.2 (or late 2.1), you will have the proper
scripts or tools which will be aware of this. For example, we can believe
that ipfwadm will know that in order to enter masquerading rules, he must
turn on masquerading.

The current solution is probably correct seen this way.

Jacques Gelinas (
Linuxconf: The ultimate administration system for Linux.
new development: dhcp, disk quota management, virtual email accounts