> > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > trusted, but I won't argue that point since the firewall is often the
> > > > most 'natural' place to stick network accounting software.
> > > 
> > > If you can't trust something in the kernel, then you just can't trust
> > > anything at all.
> > 
> > It isn't the kernel that's zero'ing the counters. :)
> 
> Accounting numbers in a kernel firewall _should_ be trustable, and on that
> basis, one can clearly make an argument for separating the logging count
> from the accounting count - which should never be zero'ed, at least in
> securemode.

One could argue that 'logging counters' in a firewall _should_ be
trustable as well.  You've argued against it, but I'm not convinced that
your opinion (or mine) is enough to consider it a 'bug'.

> I'm not saying your desire for per-rule counters is invalid, I'm just not
> of that same mindset.  But it does seem clear that it would be useful to
> have a mechanism to restart the logging after an IPFW_VERBOSE_LIMIT
> throttle.

It would be useful.  But, is it's usefulness more important than being
able to rely on 'logging counters' being valid?  (You argue no, but I'm
not convinced...)

Again, it's not a fix, it's a feature.  Not being able to mess with
counters (logging or otherwise) is a feature.  It may be a feature that
you can do without, but that decision is not to be made lightly.



Nate



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to