Subject: Re: Resetting ip, icmp etc statistics
To: None <jonathan@dsg.stanford.edu>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-net
Date: 03/31/2006 17:23:45
--6zdv2QT/q3FMhpsV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Mar 31, 2006 at 11:09:43AM -0800, jonathan@dsg.stanford.edu wrote:
>=20
> In message <20060331190158.GB5840@netbsd.org>Bill Studenmund writes
>=20
> >You're 100% correct. If the host is running SNMP or some such. The probl=
em
> >is that a lot of sites don't, and this makes sense for them. In fact, if
> >you aren't running SNMP, resetting counters can be one of the sanest
> >things you can do. :-)
> >
> >One thing I could see adding (which I don't really have time to do) is a=
dd
> >a sysctl to disable resetting the counters. If you're running SNMP or so=
me
> >such monitoring system, set it as part of /etc/sysctl.conf.
>=20
> A sysctl doesn't really help: anyone with superuser privileges can
> turn off the sysctl, then zero the counters.
So?
All the sysctl is supposed to do is make sure that an administrator=20
doesn't accidentally reset the counters.
> I think we'd be better off to rework both the in-kernel support for
> "ifconfig -z", and the current proposal to allow resetting
> per-rpotocol statistics, to become compile-time options. Per the
> discussion that such zeroisation makes sense for "experimental" or
> single-user systems, the default should be
>=20
> "zeroization not allowed".
Why? A LOT of folks like it. Also, UNIX typically supplies the rope to=20
admins, letting the admin decide to tie the noose or not.
The presence or absence of daemons that are sensitive to zeroing is a=20
run-time feature. So a compile-time decision seems wrong.
Take care,
Bill
--6zdv2QT/q3FMhpsV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
iD4DBQFELdYhWz+3JHUci9cRAjAeAJYxrz04P4rvhJZnJBP7kGkY7r+tAJ4+YgIA
sxT5w1zJWb2p8Xc70Z9fkg==
=b0+s
-----END PGP SIGNATURE-----
--6zdv2QT/q3FMhpsV--