summaryrefslogtreecommitdiff
path: root/sbin/ipfstat/ipfstat.8
blob: 98555433e989438b1c6e2a14a821c6b617a5196f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

.\"     $OpenBSD: ipfstat.8,v 1.19 2000/03/18 22:55:58 aaron Exp $
.Dd June 13, 1999
.Dt IPFSTAT 8
.Os
.Sh NAME
.Nm ipfstat
.Nd reports on packet filter statistics and filter lists
.Sh SYNOPSIS
.Nm ipfstat
.Op Fl aAfhIinosv
.Op Fl d Ar device
.Op Fl M Ar core
.Sh DESCRIPTION
By default,
.Nm
displays current kernel statistics gathered
as a result of applying the filters in place (if any) to packets going through
the kernel.
.Pp
When supplied with either
.Fl i
or
.Fl o ,
it will retrieve and display
the appropriate list of filter rules currently installed and in use by the
kernel.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a
Display the accounting filter list and show bytes counted against each rule.
Used with
.Fl i
or
.Fl o .
.It Fl A
Display packet authentication statistics.
.It Fl d Ar device
Use
.Ar device
instead of
.Pa /dev/ipl
for interfacing with the kernel.
.It Fl f
Show fragment state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl h
Show per-rule the number of times each one scores a
.Dq hit .
For use in
combination with
.Fl i
or
.Fl o .
.It Fl i
Display the filter list used for the input side of the kernel IP processing.
.It Fl I
Swap between retrieving
.Dq inactive
and
.Dq active
filter list details.
For use in combination with
.Fl h .
.It Fl n
Show the rule number for each rule as it is printed.
.It Fl M Ar core
Extract values associated with the name list from the specified core
instead of the default
.Pa /dev/kmem .
.It Fl o
Display the filter list used for the output side of the kernel IP processing.
.It Fl s
Show packet/flow state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl v
Turn verbose mode on.
Displays more debugging information.
.El
.Sh FILES
.Bl -tag -width /dev/ipstate -compact
.It Pa /dev/kmem
default kernel memory
.It Pa /dev/ipl
IP packet logging pseudo-device
.It Pa /dev/ipstate
IP filter state device
.El
.Sh SEE ALSO
.Xr ipftest 1 ,
.Xr ipf 4 ,
.Xr ipl 4 ,
.Xr ipnat 4 ,
.Xr ipf 5 ,
.Xr ipnat 5 ,
.Xr ipf 8 ,
.Xr ipmon 8 ,
.Xr ipnat 8 ,
.Pp
http://coombs.anu.edu.au/ipfilter/
.Sh BUGS
If you find any, please send email to me at darrenr@pobox.com.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 15:20:46 +0000