> > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > trusted, but I won't argue that point since the firewall is often the
> > > > most 'natural' place to stick network accounting software.
> > >
> > > If you can't trust something in the kernel, then you just can't trust
> > > anything at all.
> >
> > It isn't the kernel that's zero'ing the counters. :)
>
> Accounting numbers in a kernel firewall _should_ be trustable, and on that
> basis, one can clearly make an argument for separating the logging count
> from the accounting count - which should never be zero'ed, at least in
> securemode.
One could argue that 'logging counters' in a firewall _should_ be
trustable as well. You've argued against it, but I'm not convinced that
your opinion (or mine) is enough to consider it a 'bug'.
> I'm not saying your desire for per-rule counters is invalid, I'm just not
> of that same mindset. But it does seem clear that it would be useful to
> have a mechanism to restart the logging after an IPFW_VERBOSE_LIMIT
> throttle.
It would be useful. But, is it's usefulness more important than being
able to rely on 'logging counters' being valid? (You argue no, but I'm
not convinced...)
Again, it's not a fix, it's a feature. Not being able to mess with
counters (logging or otherwise) is a feature. It may be a feature that
you can do without, but that decision is not to be made lightly.
Nate
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message