ipfstat man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

ipfstat(1M)		System Administration Commands		   ipfstat(1M)

NAME
       ipfstat - reports on packet filter statistics and filter list

SYNOPSIS
       ipfstat [-6aACdfghIilnoRstv]

       ipfstat [-C] [-D addrport] [-P protocol] [-S addrport]
	    [-T refreshtime]

DESCRIPTION
       The  ipfstat command is part of a suite of commands associated with the
       Solaris IP Filter feature. See ipfilter(5).

       The ipfstat command examines /dev/kmem  using  the  symbols  _fr_flags,
       _frstats,  _filterin,  and  _filterout. To run and work, it needs to be
       able to read both /dev/kmem and the kernel itself.

       The default behavior of ipfstat is to retrieve and display the  statis‐
       tics  which have been accumulated over time as the kernel has put pack‐
       ets through the filter.

       The role of ipfstat is to display current kernel statistics gathered as
       a  result of applying the filters in place (if any) to packets going in
       and out of the kernel. This is the default operation  when  no  command
       line  parameters are present. When supplied with either -i or -o, ipfs‐
       tat will retrieve and display the appropriate list of filter rules cur‐
       rently installed and in use by the kernel.

       ipfstat	uses  kernel  device  files to obtain information. The default
       permissions of these files require ipfstat to be run as	root  for  all
       operations.

       The ipfstat command supports the kstat(3KSTAT) kernel facility. Because
       of this support, as an alternative to ipfstat, you can  use  kstat(1M).
       For example:

       # kstat ‐m ipf

       Using the ipfstat -t option causes ipfstat to enter the state top mode.
       In this mode the state table is displayed similarly to the way the Unix
       top  utility displays the process table. The -C, -D, -P, -S and -T com‐
       mand line options can be used to restrict the state entries  that  will
       be shown and to specify the frequency of display updates.

       In  state  top  mode, use the following keys to influence the displayed
       information:

       d    Select information to display.

       l    Redraw the screen.

       q    Quit the program.

       s    Switch between different sorting criteria.

       r    Reverse the sorting criteria.

       States can be sorted by protocol number, by number of  IP  packets,  by
       number of bytes, and by time-to-live of the state entry. The default is
       to sort by the number of bytes. States are sorted in descending	order,
       but you can use the r key to sort them in ascending order.

       It is not possible to interactively change the source, destination, and
       protocol filters or the refresh frequency. This must be done  from  the
       command line.

       The  screen must have at least 80 columns for correct display. However,
       ipfstat does not check the screen width.

       Only the first X-5 entries that match the sort and filter criteria  are
       displayed  (where  X is the number of rows on the display). There is no
       way to see additional entries.

OPTIONS
       The following options are supported:

       -6		 Display filter lists and states for IPv6,  if	avail‐
			 able. This option might change in the future.

       -a		 Display  the  accounting  filter  list and show bytes
			 counted against each rule.

       -A		 Display packet authentication statistics.

       -C		 Valid only in combination with -t.  Display  "closed"
			 states as well in the top. Normally, a TCP connection
			 is not displayed when it reaches the CLOSE_WAIT  pro‐
			 tocol	state.	With  this  option  enabled, all state
			 entries are displayed.

       -d		 Produce debugging output when displaying data.

       -D addrport	 Valid only in combination with -t.  Limit  the	 state
			 top display to show only state entries whose destina‐
			 tion IP address and port match the addrport argument.
			 The  addrport	specification  is  of  the  form ipad‐
			 dress[,port]. The ipaddress and port should be either
			 numerical  or	the  string  any  (specifying  any  IP
			 address and any port,	in  that  order).  If  the  -D
			 option is not specified, it defaults to -D any,any.

       -f		 Show fragment state information (statistics) and held
			 state information (in the kernel) if any is present.

       -g		 Show groups currently	configured  (both  active  and
			 inactive).

       -h		 Show  per-rule	 the number of times each one scores a
			 "hit". For use in combination with -i.

       -i		 Display the filter list used for the  input  side  of
			 the kernel IP processing.

       -I		 Swap  between	retrieving inactive/active filter list
			 details. For use in combination with -i.

       -l		 When used with	 -s,  show  a  list  of	 active	 state
			 entries (no statistics).

       -n		 Show the rule number for each rule as it is printed.

       -o		 Display  the  filter list used for the output side of
			 the kernel IP processing.

       -P protocol	 Valid only in combination with -t.  Limit  the	 state
			 top  display  to show only state entries that match a
			 specific protocol. The argument  can  be  a  protocol
			 name  (as  defined  in	 /etc/protocols) or a protocol
			 number.  If  this  option  is	not  specified,	 state
			 entries for any protocol are specified.

       -R		 Disable  both	IP  address-to-hostname resolution and
			 port number-to-service name resolution.

       -S addrport	 Valid only in combination with -t.  Limit  the	 state
			 top  display  to show only state entries whose source
			 IP address and port match the addrport argument.  The
			 addrport   specification   is	 of   the  form	 ipad‐
			 dress[,port]. The ipaddress and port should be either
			 numerical  or	the  string  any  (specifying  any  IP
			 address and any port,	in  that  order).  If  the  -S
			 option is not specified, it defaults to -S any,any.

       -s		 Show packet/flow state information (statistics only).

       -T refreshtime	 Valid	only  in  combination  with  -t. Specifies how
			 often the state top display should  be	 updated.  The
			 refresh  time	is  the	 number	 of seconds between an
			 update. Any positive integer can be used. The default
			 (and minimal update time) is 1.

       -t		 Show  the state table in a way similar to the way the
			 Unix utility, top, shows the  process	table.	States
			 can be sorted in a number of different ways.

       -v		 Turn  verbose	mode on. Displays additional debugging
			 information.

FILES
	   o	  /dev/kmem

	   o	  /dev/ksyms

	   o	  /dev/ipl

	   o	  /dev/ipstate

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │network/ipfilter		   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Committed			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       ipf(1M), kstat(1M), kstat(3KSTAT), attributes(5), ipfilter(5)

SunOS 5.11			  3 Apr 2008			   ipfstat(1M)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net