summaryrefslogtreecommitdiff
path: root/sbin/ipfstat/ipfstat.8
blob: 37aa01f1852bf5fe818995a10eb75794ac813e79 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
.\"     $OpenBSD: ipfstat.8,v 1.12 1999/07/04 15:34:52 aaron Exp $
.Dd 13 June, 1999
.Os
.Dt ipfstat 8
.Sh NAME
.Nm ipfstat
.Nd reports on packet filter statistics and filter lists
.Sh SYNOPSIS
.Nm ipfstat
.Op Fl aAfhIinosv
.Op Fl d Ar device
.Sh DESCRIPTION
By default
.Nm
displays current kernel statistics gathered
as a result of applying the filters in place (if any) to packets going through
the kernel.
.Pp
When supplied with either
.Fl i
or
.Fl o ,
it will retrieve and display
the appropriate list of filter rules currently installed and in use by the
kernel.
.Pp
.Nm
examines
.Pa /dev/kmem
using the symbols
.Sy _fr_flags ,
.Sy _frstats ,
.Sy _filterin ,
and
.Sy _filterout .
To run and work, it needs to be able to read both
.Pa /dev/kmem
and the kernel itself.
.Sh OPTIONS
.Bl -tag -width "-d device"
.It Fl a
Display the accounting filter list and show bytes counted against each rule. Used
with
.Fl i
or
.Fl o .
.It Fl A
Display packet authentication statistics.
.It Fl d Ar device
Use
.Ar device
instead of
.Pa /dev/ipl
for interfacing with the kernel.
.It Fl f
Show fragment state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl h
Show per-rule the number of times each one scores a
.Sq hit .
For use in
combination with
.Fl i .
.It Fl i
Display the filter list used for the input side of the kernel IP processing.
.It Fl I
Swap between retrieving
.Sq inactive
/
.Sq active
filter list details. For use in combination with
.Fl i .
.It Fl n
Show the rule number for each rule as it is printed.
.It Fl o
Display the filter list used for the output side of the kernel IP processing.
.It Fl s
Show packet/flow state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl v
Turn verbose mode on. Displays more debugging information.
.El
.Sh FILES
.Pa /dev/kmem
.br
.Pa /dev/ipl
.br
.Pa /dev/ipstate
.br
.Pa /bsd
.Sh SEE ALSO
.Xr ipftest 1 ,
.Xr ipf 4 ,
.Xr ipl 4 ,
.Xr ipnat 4 ,
.Xr ipf 5 ,
.Xr ipnat 5 ,
.Xr ipf 8 ,
.Xr ipmon 8 ,
.Xr ipnat 8 ,
.Pp
http://coombs.anu.edu.au/ipfilter/
.Sh BUGS
If you find any, please send email to me at darrenr@pobox.com.