Subject: Re: Resetting ip, icmp etc statistics
To: None <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 03/31/2006 18:30:14
Content-Type: text/plain; charset=us-ascii
On Fri, Mar 31, 2006 at 05:55:06PM -0800, firstname.lastname@example.org wrote:
> In message <20060401012345.GC5840@netbsd.org>, Bill Studenmund writes:
> >> A sysctl doesn't really help: anyone with superuser privileges can
> >> turn off the sysctl, then zero the counters.
> >All the sysctl is supposed to do is make sure that an administrator
> >doesn't accidentally reset the counters.
> Bill, since other people clearly got the gist of my messag,e I don't
> see why you have failed to grasp it. The point I'm aiming at is to
> provide hoooks to deny anyone the ability to zero out counters.
> Which is you're not getting: that statement, or the reasons behind it?
Uhm, Jonathan, what makes you think I didn't get the jist of your message?=
The fact I feel your proposal goes way overboard?
Disagreeing doesn't mean I didn't understand your point. It simply means=20
that your arguement is not so immediately-obvious as to be instantly=20
Actually, your point is NOT to provide hooks to deny anyone the ability to=
zero out counters. It does much more. You propose making it a compile-time=
option, and you further propose it defaulting to off.
> >> I think we'd be better off to rework both the in-kernel support for
> >> "ifconfig -z", and the current proposal to allow resetting
> >> per-rpotocol statistics, to become compile-time options. Per the
> >> discussion that such zeroisation makes sense for "experimental" or
> >> single-user systems, the default should be
> >> "zeroization not allowed".
> >Why? A LOT of folks like it.=20
> And some folks find it objectionable. Next point?
Ok, how exactly do you build the case that it should only be compile-time=
enableable and that compile option should default to off?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----