On 02/04/09 14:39, Peter Tribble wrote: > On Wed, Feb 4, 2009 at 10:28 PM, Michael Schuster > <Michael.Schuster at sun.com> wrote: >> On 02/04/09 14:18, Peter Tribble wrote: >> >>> I would normally want to be able to get at all the rule statistics >>> easily, and would hen simply display the lot or do additional >>> processing based on content. So I would want the kstat names >>> and classes to be fixed strings known in advance. >> (return to the initial problem, that of the name field being limited TO 30 >> characters): >> >> we've been toying with the idea of creating a (private, internal to the >> daemon) mapping of IPv6 addresses to some name which we then put into the >> kstats field. Obviously, this name will mean nothing to the user/admin if >> they use kstat(1M), and the only meaningful way to get the ilb kstats would >> be via "ilbadm show-statistics", which would perform the reverse mapping for >> you. >> >> Is that something you could live with? > > I'm not sure. What use is the kstat then? If you obfuscate the name then kstat > clients can't make any sense of the kstats at all, so why publish them? If you > need to go talk to the daemon to get some of the data, why not just hold it > all > there?
because it's the kernel that actually accumulates the relevant information (ie the various counters). We don't want to have that kind of "administrative" information travelling the kernel->userland boundary every time we process a packet. > Or you put the mapping of made-up name to address as one of the key-value > pairs in the kstat so that the user can disentangle it, at which point > there's no > need to use the address in any form as the name. hmm ... that sounds like a good suggestion. I don't know whether it's feasible; if it is, I'd be in favour of it. > In a sense, I'm arguing for this, I think. Only my 'made up' name for the > kstat > is just an incrementing number (I used the instance rather than the name, but > the principle is the same) and the address (or whatever) is held in the kstat > data. I'm presuming that there is some internal rule number or some such > concept to do the mapping. actually, rules are known by name only, but I guess in the end that's "just" an implementation detail. thx Michael -- Michael Schuster http://blogs.sun.com/recursion Recursion, n.: see 'Recursion'
