Subject: Re: Resetting ip, icmp etc statistics
To: Bill Studenmund <email@example.com>
From: None <firstname.lastname@example.org>
Date: 03/31/2006 11:09:43
In message <20060331190158.GB5840@netbsd.org>Bill Studenmund writes
>You're 100% correct. If the host is running SNMP or some such. The problem
>is that a lot of sites don't, and this makes sense for them. In fact, if
>you aren't running SNMP, resetting counters can be one of the sanest
>things you can do. :-)
>One thing I could see adding (which I don't really have time to do) is add
>a sysctl to disable resetting the counters. If you're running SNMP or some
>such monitoring system, set it as part of /etc/sysctl.conf.
A sysctl doesn't really help: anyone with superuser privileges can
turn off the sysctl, then zero the counters.
I think we'd be better off to rework both the in-kernel support for
"ifconfig -z", and the current proposal to allow resetting
per-rpotocol statistics, to become compile-time options. Per the
discussion that such zeroisation makes sense for "experimental" or
single-user systems, the default should be
"zeroization not allowed".