Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 13:15:11 -0600
From:      Nate Williams <nate@mt.sri.com>
To:        Joe Greco <jgreco@ns.sol.net>
Cc:        nate@mt.sri.com (Nate Williams), hackers@freebsd.org, freebsd-ipfw@freebsd.org
Subject:   Re: securelevel and ipfw zero
Message-ID:  <199907271915.NAA26782@mt.sri.com>
In-Reply-To: <199907271856.NAA09504@aurora.sol.net>
References:  <199907271652.KAA25747@mt.sri.com> <199907271856.NAA09504@aurora.sol.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > trusted, but I won't argue that point since the firewall is often the
> > > > most 'natural' place to stick network accounting software.
> > > 
> > > If you can't trust something in the kernel, then you just can't trust
> > > anything at all.
> > 
> > It isn't the kernel that's zero'ing the counters. :)
> 
> Accounting numbers in a kernel firewall _should_ be trustable, and on that
> basis, one can clearly make an argument for separating the logging count
> from the accounting count - which should never be zero'ed, at least in
> securemode.

One could argue that 'logging counters' in a firewall _should_ be
trustable as well.  You've argued against it, but I'm not convinced that
your opinion (or mine) is enough to consider it a 'bug'.

> I'm not saying your desire for per-rule counters is invalid, I'm just not
> of that same mindset.  But it does seem clear that it would be useful to
> have a mechanism to restart the logging after an IPFW_VERBOSE_LIMIT
> throttle.

It would be useful.  But, is it's usefulness more important than being
able to rely on 'logging counters' being valid?  (You argue no, but I'm
not convinced...)

Again, it's not a fix, it's a feature.  Not being able to mess with
counters (logging or otherwise) is a feature.  It may be a feature that
you can do without, but that decision is not to be made lightly.



Nate



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199907271915.NAA26782>