On 2017/11/14 09:13, Theo de Raadt wrote: > Might this be better per-interface, using ifconfig, then people can > disable logging on a particular subnet in hostname.* files?
Hmm yes, that sounds a much better idea actually. And in that case keeping v4 and v6 in one setting isn't as awkward as sysctl. I'll try to figure out what's needed. > > On Tue, Nov 14, 2017 at 02:04:27PM +0000, Stuart Henderson wrote: > > > Any thoughts (and suggestions for mib for an af-independent one if > > > that's the way to go)? > > > > I have the requirement to log all arp overwrites in the local > > network. So I would like to keep the log message, it does no harm > > in a controlled server environment. With different user requirements > > a sysctl knob may be justified. I totally agree, and think that keeping it on by default makes sense. > > An alternative would be that the user ignores kern.info in syslog.conf. > > > > Although it would be nice to have common IPv4/IPv6 switches, sysctl > > net is organized in inet and inet6. Splitting arp and nd6 seems > > the right thing, we have a bunch of these already. > > > > OK bluhm@ > > > > > + ether_sprintf(ea->arp_sha), > > > ifp->if_xname); > > > > This line is too long. > > >