Herbert, Are you aware that the enabling ECN in the 2.4.x kernels is causing some heartache and isn't recommended in the kernel docs. It is also a difficult problem to diagnose as some sites work and others don't.
A number of large sites are uncontactable (news-server.vic.bigpond.net.au, EveryBuddy package MSN, ETrade, NASDAQ, ...) as well as other web sites. Slashdot has documented some of the problems at http://slashdot.org/articles/01/04/24/0255224.shtml http://eltoday.com/article.php3?ltsn=2001-04-17-001-14-PS One of the comments on /. also states; " If you find ECN enabled in your distributor's 2.4.x kernel package by default, please consider this a severe mistake on your distributor's part." I had the problem here and hadn't dug too deeply, instead reverted to 2.2.x kernels until I saw the /. article. tcpdump was telling me there were extra TCP flags set, but I was having problems working out exactly what they were. Given this causes major incompatibility across a lot of packages I think it is important to leave ECN disabled for the binary kernels. I am happy to file a bug report, but thought I would discuss on devel first as I'm sure there are others who are having the same problem. Mark CONFIG_INET_ECN Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime. Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl. If in doubt, say N.
pgpMCbB25esIZ.pgp
Description: PGP signature