From owner-freebsd-hackers Tue Jul 27 12:17: 1 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id 44C5B1522A; Tue, 27 Jul 1999 12:16:49 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id NAA17154; Tue, 27 Jul 1999 13:15:12 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id NAA26782; Tue, 27 Jul 1999 13:15:11 -0600 Date: Tue, 27 Jul 1999 13:15:11 -0600 Message-Id: <199907271915.NAA26782@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Joe Greco Cc: nate@mt.sri.com (Nate Williams), hackers@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: securelevel and ipfw zero In-Reply-To: <199907271856.NAA09504@aurora.sol.net> References: <199907271652.KAA25747@mt.sri.com> <199907271856.NAA09504@aurora.sol.net> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > > One could argue that accounting numbers in a firewall shouldn't be > > > > trusted, but I won't argue that point since the firewall is often the > > > > most 'natural' place to stick network accounting software. > > > > > > If you can't trust something in the kernel, then you just can't trust > > > anything at all. > > > > It isn't the kernel that's zero'ing the counters. :) > > Accounting numbers in a kernel firewall _should_ be trustable, and on that > basis, one can clearly make an argument for separating the logging count > from the accounting count - which should never be zero'ed, at least in > securemode. One could argue that 'logging counters' in a firewall _should_ be trustable as well. You've argued against it, but I'm not convinced that your opinion (or mine) is enough to consider it a 'bug'. > I'm not saying your desire for per-rule counters is invalid, I'm just not > of that same mindset. But it does seem clear that it would be useful to > have a mechanism to restart the logging after an IPFW_VERBOSE_LIMIT > throttle. It would be useful. But, is it's usefulness more important than being able to rely on 'logging counters' being valid? (You argue no, but I'm not convinced...) Again, it's not a fix, it's a feature. Not being able to mess with counters (logging or otherwise) is a feature. It may be a feature that you can do without, but that decision is not to be made lightly. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message