--PuGuTyElPB9bOcsM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 05, 2006 at 03:21:23PM +0100, Liam J. Foy wrote:
> On 16:54, Mon 03 Apr 06, Bill Studenmund wrote:
> > On Mon, Apr 03, 2006 at 06:50:27PM +0100, Liam J. Foy wrote:
> > Because I think it's simpler and cleaner. Note: I'm assuming that both =
the=20
> > running and checkpointed counters are in the kernel. I think it's simpl=
er=20
> > as we only export "running" and "since-checkpoint" counters, and the on=
ly=20
> > operation permitted by userland is to set the checkpoints to the curren=
t=20
> > values.
>=20
> I'm feeling pretty confused. You're right, both counters in the
> implementation I have here are in the kernel. The current implementation
> I have here copy for example, 'ipstats' into 'cp_ipstats' when a
> checkpoint is requested through 'netstat -Zp ip' for example.=20

My confusion is that it isn't clear what is doing the copying, the kernel=
=20
or netstat. If it's the kernel, I'm content (I still think this is the=20
wrong way to go, but it's not hideously wrong). If netstat is copying,=20
then I think we have a security issue.

> Why concerned? I'm assuming by load you're meaning load the kernel
> stats, for example 'cp_ipstats' into netstat for printing. However, the
> current implementation I have here does nothing different to how the
> 'ipstats' is loaded in netstat. 'netstat -szp ip' I have here just reads
> 'cp_ipstats' instead of 'ipstats'.
>=20
> I think we're confusing each other! :-)

Could be. :-)

Take care,

Bill

--PuGuTyElPB9bOcsM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFENDJGWz+3JHUci9cRAtvyAKCC7FdufV/DAligMecorGwiwt35ugCdETlw
bV4wwn78DNcHAy7ls82wgBc=
=5IPs
-----END PGP SIGNATURE-----

--PuGuTyElPB9bOcsM--