Subject: Re: Resetting ip, icmp etc statistics
To: None <>
From: Bill Studenmund <>
List: tech-net
Date: 03/31/2006 18:30:14
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 31, 2006 at 05:55:06PM -0800, wrote:
> In message <>, Bill Studenmund writes:
> >> A sysctl doesn't really help: anyone with superuser privileges can
> >> turn off the sysctl, then zero the counters.
> >
> >So?
> >All the sysctl is supposed to do is make sure that an administrator
> >doesn't accidentally reset the counters.
> Bill, since other people clearly got the gist of my messag,e I don't
> see why you have failed to grasp it.  The point I'm aiming at is to
> provide hoooks to deny anyone the ability to zero out counters.
> Which is you're not getting: that statement, or the reasons behind it?

Uhm, Jonathan, what makes you think I didn't get the jist of your message?=
The fact I feel your proposal goes way overboard?

Disagreeing doesn't mean I didn't understand your point. It simply means=20
that your arguement is not so immediately-obvious as to be instantly=20

Actually, your point is NOT to provide hooks to deny anyone the ability to=
zero out counters. It does much more. You propose making it a compile-time=
option, and you further propose it defaulting to off.

> >> I think we'd be better off to rework both the in-kernel support for
> >> "ifconfig -z", and the current proposal to allow resetting
> >> per-rpotocol statistics, to become compile-time options. Per the
> >> discussion that such zeroisation makes sense for "experimental" or
> >> single-user systems, the default should be
> >>=3D20
> >>      "zeroization not allowed".
> >
> >Why? A LOT of folks like it.=20
> And some folks find it objectionable. Next point?

Ok, how exactly do you build the case that it should only be compile-time=
enableable and that compile option should default to off?

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)