Hi!

I would like to propose several updates to the linux-kernel config for OpenWRT:

CONFIG_INET_ECN=y
CONFIG_SYN_COOKIES=y

This two features can be enable/disabled in the proc filesystem, but can be very usefull (I use the syn cookies at all my sites, can be usefull against tcp syn attacks, and the ECN, I think is a good thing).

and, I'm not sure how useful can this be:

# CONFIG_IP_MULTICAST is not set

Does this needs to be enabled for a box to route multicast packets?, I mean, I use some multicast copy utilities, and I'm not sure if this will affect how they work.

Isn't there a CONFIG_IP_MROUTE config?

Thanks in advance,

Sincerelly,

Ildefonso

Is it true that I can do a "make menuconfig" to change the configure redo the make at the root directory to create a new firmware with the change ?

I modify the file: sources/openwrt/kernel/linux.config directly. I hasn't tried to do a make menuconfig.

that is what I did to include some more kernel modules, thinking about enabling USB for ASUS WL500G. It can be built this way, if I am not mistaken. It would be a quick and dirty way to alter what kernel modules to build.

Do not enable ECN.  There are still *many* routers out there on the internet that drop all packets with the ECN bit set.  You'll block yourself from random segments of the net if you set that.  (enabling the kernel option leaves it off by default for this reason)

I know, but I thing that ECN is a good thing, and I'm "hunting" sites that doesnt support it. 

Exactly because it is off by default, I think it should be included in the kernel, just in case anyone wants to use it.

Support for ECN is "in" the kernel by default no matter what you choose for CONFIG_INET_ECN.  By turning that option on, it simply makes the kernel enable ECN by default at boot.  To enable ECN when the kernel config option is turned off, type:

echo 1 >/proc/sys/net/ipv4/tcp_ecn

Ok, I see it. Thanks!. 

What about: CONFIG_SYN_COOKIES=y? I think it is good, and useful(specially in "production" devices).