> If the firewall operator is sufficiently paranoid, they can say: "We
> don't trust the ECN implementation on our hosts behind the firewall,
> so we want to disable it.".
In which case would the "correct" action not be to zero the ECN bits
of packets passing through the firewall? This would have the effect of
informing the ECN aware hosts (both within and outside the firewall)
that ECN is not available for that connection. This would not prevent
ECN aware systems from connecting.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
Please read the FAQ at http://www.tux.org/lkml/