In message <20060401012345.GC5840@netbsd.org>, Bill Studenmund writes:


>> A sysctl doesn't really help: anyone with superuser privileges can
>> turn off the sysctl, then zero the counters.
>
>So?

>All the sysctl is supposed to do is make sure that an administrator
>doesn't accidentally reset the counters.

Bill, since other people clearly got the gist of my messag,e I don't
see why you have failed to grasp it.  The point I'm aiming at is to
provide hoooks to deny anyone the ability to zero out counters.

Which is you're not getting: that statement, or the reasons behind it?

>> I think we'd be better off to rework both the in-kernel support for
>> "ifconfig -z", and the current proposal to allow resetting
>> per-rpotocol statistics, to become compile-time options. Per the
>> discussion that such zeroisation makes sense for "experimental" or
>> single-user systems, the default should be
>>=20
>>      "zeroization not allowed".
>
>Why? A LOT of folks like it. 

And some folks find it objectionable. Next point?