man/ipfstat.8 - net/ipfilter - Rivoreo Source Code Repositories

 .TH IPFSTAT 8
 .SH NAME
 ipfstat \- reports on packet filter statistics and filter list
 .SH SYNOPSIS
 .B ipfstat
 [
 .B \-6aAdfghIilnoRsv
 ]
 .br
 .B ipfstat -t
 [
 .B \-6C
 ] [
 .B \-D
 <addrport>
 ] [
 .B \-P
 <protocol>
 ] [
 .B \-S
 <addrport>
 ] [
 .B \-T
 <refresh time>
 ]
 .SH DESCRIPTION
 \fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP,
 \fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP.
 To run and work, it needs to be able to read both /dev/kmem and the
 kernel itself.  The kernel name defaults to \fB/vmunix\fP.
 .PP
 The default behaviour of \fBipfstat\fP
 is to retrieve and display the accumulated statistics which have been
 accumulated over time as the kernel has put packets through the filter.
 .SH OPTIONS
 .TP
 .B \-6
 Display filter lists and states for IPv6, if available.
 .TP
 .B \-a
 Display the accounting filter list and show bytes counted against each rule.
 .TP
 .B \-A
 Display packet authentication statistics.
 .TP
 .B \-C
 This option is only valid in combination with \fB\-t\fP.
 Display "closed" states as well in the top. Normally, a TCP connection is
 not displayed when it reaches the CLOSE_WAIT protocol state. With this
 option enabled, all state entries are displayed.
 .TP
 .BR \-d
 Produce debugging output when displaying data.
 .TP
 .BR \-D \0<addrport>
 This option is only valid in combination with \fB\-t\fP. Limit the state top
 display to show only state entries whose destination IP address and port
 match the addrport argument. The addrport specification is of the form
 ipaddress[,port].  The ipaddress and port should be either numerical or the
 string "any" (specifying any IP address resp. any port). If the \fB\-D\fP
 option is not specified, it defaults to "\fB\-D\fP any,any".
 .TP
 .B \-f
 Show fragment state information (statistics) and held state information (in
 the kernel) if any is present.
 .TP
 .B \-g
 Show groups currently configured (both active and inactive).
 .TP
 .B \-h
 Show per-rule the number of times each one scores a "hit".  For use in
 combination with \fB\-i\fP.
 .TP
 .B \-i
 Display the filter list used for the input side of the kernel IP processing.
 .TP
 .B \-I
 Swap between retrieving "inactive"/"active" filter list details.  For use
 in combination with \fB\-i\fP.
 .TP
 .B \-n
 Show the "rule number" for each rule as it is printed.
 .TP
 .B \-o
 Display the filter list used for the output side of the kernel IP processing.
 .TP
 .BR \-P \0<protocol>
 This option is only valid in combination with \fB\-t\fP. Limit the state top
 display to show only state entries that match a specific protocol. The
 argument can be a protocol name (as defined in \fB/etc/protocols\fP) or a
 protocol number. If this option is not specified, state entries for any
 protocol are specified.
 .TP
 .BR \-R
 Don't try to resolve addresses to hostnames and ports to services while
 printing statistics.
 .TP
 .B \-s
 Show packet/flow state information (statistics only).
 .TP
 .B \-sl
 Show held state information (in the kernel) if any is present (no statistics).
 .TP
 .BR \-S \0<addrport>
 This option is only valid in combination with \fB\-t\fP. Limit the state top
 display to show only state entries whose source IP address and port match
 the addrport argument. The addrport specification is of the form
 ipaddress[,port].  The ipaddress and port should be either numerical or the
 string "any" (specifying any IP address resp. any port). If the \fB\-S\fP
 option is not specified, it defaults to "\fB\-S\fP any,any".
 .TP
 .B \-t
 Show the state table in a way similar to the way \fBtop(1)\fP shows the process
 table. States can be sorted using a number of different ways. This option
 requires \fBcurses(3)\fP and needs to be compiled in. It may not be available on
 all operating systems. See below, for more information on the keys that can
 be used while ipfstat is in top mode.
 .TP
 .BR \-T \0<refreshtime>
 This option is only valid in combination with \fB\-t\fP. Specifies how often
 the state top display should be updated. The refresh time is the number of
 seconds between an update. Any positive integer can be used. The default (and
 minimal update time) is 1.
 .TP
 .B \-v
 Turn verbose mode on.  Displays more debugging information.  When used with
 either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the
 number of times it has been matched and the number of bytes from such packets
 is displayed.  For "keep state" rules, a count of the number of state sessions
 active against the rule is also displayed.
 .SH SYNOPSIS
 The role of \fBipfstat\fP is to display current kernel statistics gathered
 as a result of applying the filters in place (if any) to packets going in and
 out of the kernel.  This is the default operation when no command line
 parameters are present.
 .PP
 When supplied with either \fB\-i\fP or \fB\-o\fP, it will retrieve and display
 the appropriate list of filter rules currently installed and in use by the
 kernel.
 .PP
 One of the statistics that \fBipfstat\fP shows is \fBticks\fP.
 This number indicates how long the filter has been enabled.
 The number is incremented every half\-second.
 .SH STATE TOP
 Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
 this mode the state table is displayed similar to the way \fBtop\fP displays
 the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP
 command line options can be used to restrict the state entries that will be
 shown and to specify the frequency of display updates.
 .PP
 In state top mode, the following keys can be used to influence the displayed
 information:
 .TP
 \fBb\fP show packets/bytes from backward direction.
 .TP
 \fBf\fP show packets/bytes from forward direction. (default)
 .TP
 \fBl\fP redraw the screen.
 .TP
 \fBq\fP quit the program.
 .TP
 \fBs\fP switch between different sorting criterion.
 .TP
 \fBr\fP reverse the sorting criterion.
 .PP
 States can be sorted by protocol number, by number of IP packets, by number
 of bytes and by time-to-live of the state entry. The default is to sort by
 the number of bytes. States are sorted in descending order, but you can use
 the \fBr\fP key to sort them in ascending order.
 .SH STATE TOP LIMITATIONS
 It is currently not possible to interactively change the source, destination
 and protocol filters or the refresh frequency. This must be done from the
 command line.
 .PP
 The screen must have at least 80 columns. This is however not checked.
 When running state top in IPv6 mode, the screen must be much wider to display
 the very long IPv6 addresses.
 .PP
 Only the first X-5 entries that match the sort and filter criteria are
 displayed (where X is the number of rows on the display. The only way to see
 more entries is to resize the screen.
 .SH FILES
 /dev/kmem
 .br
 /dev/ipl
 .br
 /dev/ipstate
 .br
 /vmunix
 .SH SEE ALSO
 ipf(8)
 .SH BUGS
 none known.
	.TH IPFSTAT 8
	.SH NAME
	ipfstat \- reports on packet filter statistics and filter list
	.SH SYNOPSIS
	.B ipfstat
	[
	.B \-6aAdfghIilnoRsv
	]
	.br
	.B ipfstat -t
	[
	.B \-6C
	] [
	.B \-D
	<addrport>
	] [
	.B \-P
	<protocol>
	] [
	.B \-S
	<addrport>
	] [
	.B \-T
	<refresh time>
	]
	.SH DESCRIPTION
	\fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP,
	\fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP.
	To run and work, it needs to be able to read both /dev/kmem and the
	kernel itself. The kernel name defaults to \fB/vmunix\fP.
	.PP
	The default behaviour of \fBipfstat\fP
	is to retrieve and display the accumulated statistics which have been
	accumulated over time as the kernel has put packets through the filter.
	.SH OPTIONS
	.TP
	.B \-6
	Display filter lists and states for IPv6, if available.
	.TP
	.B \-a
	Display the accounting filter list and show bytes counted against each rule.
	.TP
	.B \-A
	Display packet authentication statistics.
	.TP
	.B \-C
	This option is only valid in combination with \fB\-t\fP.
	Display "closed" states as well in the top. Normally, a TCP connection is
	not displayed when it reaches the CLOSE_WAIT protocol state. With this
	option enabled, all state entries are displayed.
	.TP
	.BR \-d
	Produce debugging output when displaying data.
	.TP
	.BR \-D \0<addrport>
	This option is only valid in combination with \fB\-t\fP. Limit the state top
	display to show only state entries whose destination IP address and port
	match the addrport argument. The addrport specification is of the form
	ipaddress[,port]. The ipaddress and port should be either numerical or the
	string "any" (specifying any IP address resp. any port). If the \fB\-D\fP
	option is not specified, it defaults to "\fB\-D\fP any,any".
	.TP
	.B \-f
	Show fragment state information (statistics) and held state information (in
	the kernel) if any is present.
	.TP
	.B \-g
	Show groups currently configured (both active and inactive).
	.TP
	.B \-h
	Show per-rule the number of times each one scores a "hit". For use in
	combination with \fB\-i\fP.
	.TP
	.B \-i
	Display the filter list used for the input side of the kernel IP processing.
	.TP
	.B \-I
	Swap between retrieving "inactive"/"active" filter list details. For use
	in combination with \fB\-i\fP.
	.TP
	.B \-n
	Show the "rule number" for each rule as it is printed.
	.TP
	.B \-o
	Display the filter list used for the output side of the kernel IP processing.
	.TP
	.BR \-P \0<protocol>
	This option is only valid in combination with \fB\-t\fP. Limit the state top
	display to show only state entries that match a specific protocol. The
	argument can be a protocol name (as defined in \fB/etc/protocols\fP) or a
	protocol number. If this option is not specified, state entries for any
	protocol are specified.
	.TP
	.BR \-R
	Don't try to resolve addresses to hostnames and ports to services while
	printing statistics.
	.TP
	.B \-s
	Show packet/flow state information (statistics only).
	.TP
	.B \-sl
	Show held state information (in the kernel) if any is present (no statistics).
	.TP
	.BR \-S \0<addrport>
	This option is only valid in combination with \fB\-t\fP. Limit the state top
	display to show only state entries whose source IP address and port match
	the addrport argument. The addrport specification is of the form
	ipaddress[,port]. The ipaddress and port should be either numerical or the
	string "any" (specifying any IP address resp. any port). If the \fB\-S\fP
	option is not specified, it defaults to "\fB\-S\fP any,any".
	.TP
	.B \-t
	Show the state table in a way similar to the way \fBtop(1)\fP shows the process
	table. States can be sorted using a number of different ways. This option
	requires \fBcurses(3)\fP and needs to be compiled in. It may not be available on
	all operating systems. See below, for more information on the keys that can
	be used while ipfstat is in top mode.
	.TP
	.BR \-T \0<refreshtime>
	This option is only valid in combination with \fB\-t\fP. Specifies how often
	the state top display should be updated. The refresh time is the number of
	seconds between an update. Any positive integer can be used. The default (and
	minimal update time) is 1.
	.TP
	.B \-v
	Turn verbose mode on. Displays more debugging information. When used with
	either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the
	number of times it has been matched and the number of bytes from such packets
	is displayed. For "keep state" rules, a count of the number of state sessions
	active against the rule is also displayed.
	.SH SYNOPSIS
	The role of \fBipfstat\fP is to display current kernel statistics gathered
	as a result of applying the filters in place (if any) to packets going in and
	out of the kernel. This is the default operation when no command line
	parameters are present.
	.PP
	When supplied with either \fB\-i\fP or \fB\-o\fP, it will retrieve and display
	the appropriate list of filter rules currently installed and in use by the
	kernel.
	.PP
	One of the statistics that \fBipfstat\fP shows is \fBticks\fP.
	This number indicates how long the filter has been enabled.
	The number is incremented every half\-second.
	.SH STATE TOP
	Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
	this mode the state table is displayed similar to the way \fBtop\fP displays
	the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP
	command line options can be used to restrict the state entries that will be
	shown and to specify the frequency of display updates.
	.PP
	In state top mode, the following keys can be used to influence the displayed
	information:
	.TP
	\fBb\fP show packets/bytes from backward direction.
	.TP
	\fBf\fP show packets/bytes from forward direction. (default)
	.TP
	\fBl\fP redraw the screen.
	.TP
	\fBq\fP quit the program.
	.TP
	\fBs\fP switch between different sorting criterion.
	.TP
	\fBr\fP reverse the sorting criterion.
	.PP
	States can be sorted by protocol number, by number of IP packets, by number
	of bytes and by time-to-live of the state entry. The default is to sort by
	the number of bytes. States are sorted in descending order, but you can use
	the \fBr\fP key to sort them in ascending order.
	.SH STATE TOP LIMITATIONS
	It is currently not possible to interactively change the source, destination
	and protocol filters or the refresh frequency. This must be done from the
	command line.
	.PP
	The screen must have at least 80 columns. This is however not checked.
	When running state top in IPv6 mode, the screen must be much wider to display
	the very long IPv6 addresses.
	.PP
	Only the first X-5 entries that match the sort and filter criteria are
	displayed (where X is the number of rows on the display. The only way to see
	more entries is to resize the screen.
	.SH FILES
	/dev/kmem
	.br
	/dev/ipl
	.br
	/dev/ipstate
	.br
	/vmunix
	.SH SEE ALSO
	ipf(8)
	.SH BUGS
	none known.