netstat -i[d] violates PoLS
Alan Somers
asomers at freebsd.org
Mon Mar 31 20:03:37 UTC 2014
"netstat -i" prints dropped output packets iff you also use "-d".
Starting with r199803 on 2009-11-25, "netstat -i" prints dropped input
packets regardless of the "-d" flags. That is a PoLS violation, IMHO.
I think that the "-d" flag should control printing of dropped input
packets as well as dropped output packets.
OTOH, this behavior has been around for more than 4 years, and some
scripts may rely on it. At the very least, the man page should be
updated to reflect r199803.
What do you think? Does the likelihood of hardcoded scripts preclude
fixing this bug?
-Alan
More information about the freebsd-net
mailing list