summaryrefslogtreecommitdiff
path: root/sbin/ipfstat/ipfstat.8
blob: c8a81e892f6135a4399fd87c9893b2cb47c7220a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
.\"     $OpenBSD: ipfstat.8,v 1.20 2000/11/14 18:55:56 aaron Exp $
.Dd June 13, 1999
.Dt IPFSTAT 8
.Os
.Sh NAME
.Nm ipfstat
.Nd reports on packet filter statistics and filter lists
.Sh SYNOPSIS
.Nm ipfstat
.Op Fl aAfghIinosv
.Op Fl d Ar device
.Op Fl M Ar core
.Sh DESCRIPTION
By default,
.Nm
displays current kernel statistics gathered
as a result of applying the filters in place (if any) to packets going through
the kernel.
.Pp
When supplied with either
.Fl i
or
.Fl o ,
it will retrieve and display
the appropriate list of filter rules currently installed and in use by the
kernel.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a
Display the accounting filter list and show bytes counted against each rule.
Used with
.Fl i
or
.Fl o .
.It Fl A
Display packet authentication statistics.
.It Fl d Ar device
Use
.Ar device
instead of
.Pa /dev/ipl
for interfacing with the kernel.
.It Fl f
Show fragment state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl g
Show group information for active and inactive filter, accounting, and
authentication groups.
.It Fl h
Show per-rule the number of times each one scores a
.Dq hit .
For use in
combination with
.Fl i
or
.Fl o .
.It Fl i
Display the filter list used for the input side of the kernel IP processing.
.It Fl I
Swap between retrieving
.Dq inactive
and
.Dq active
filter list details.
For use in combination with
.Fl h .
.It Fl n
Show the rule number for each rule as it is printed.
.It Fl M Ar core
Extract values associated with the name list from the specified core
instead of the default
.Pa /dev/kmem .
.It Fl o
Display the filter list used for the output side of the kernel IP processing.
.It Fl s
Show packet/flow state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl v
Turn verbose mode on.
Displays more debugging information.
.El
.Sh FILES
.Bl -tag -width /dev/ipstate -compact
.It Pa /dev/kmem
default kernel memory
.It Pa /dev/ipl
IP packet logging pseudo-device
.It Pa /dev/ipstate
IP filter state device
.El
.Sh SEE ALSO
.Xr ipftest 1 ,
.Xr ipf 4 ,
.Xr ipl 4 ,
.Xr ipnat 4 ,
.Xr ipf 5 ,
.Xr ipnat 5 ,
.Xr ipf 8 ,
.Xr ipmon 8 ,
.Xr ipnat 8 ,
.Pp
http://coombs.anu.edu.au/ipfilter/
.Sh BUGS
If you find any, please send email to me at darrenr@pobox.com.