DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

ipfstat(TC)


ipfstat -- reports on packet filter statistics and filter list

Synopsis

ipfstat [ -aAfhIinosv ] [ -d <device> ]

Description

ipfstat examines /dev/kmem using the symbols _fr_flags, _frstats, _filterin, and _filterout. To run and work, it needs to be able to read both /dev/kmem and the kernel itself. The kernel name defaults to /unix.

The default behaviour of ipfstat is to retrieve and display the accumulated statistics which have been accumulated over time as the kernel has put packets through the filter.

Options


-a
Display the accounting filter list and show bytes counted against each rule.

-A
Display packet authentication statistics.

-d <device>
Use a device other than /dev/ipl for interfacing with the kernel.

-f
Show fragment state information (statistics) and held state information (in the kernel) if any is present.

-h
Show per-rule the number of times each one scores a "hit". For use in combination with -i.

-i
Display the filter list used for the input side of the kernel IP processing.

-I
Swap between retrieving "inactive"/"active" filter list details. For use in combination with -i.

-n
Show the "rule number" for each rule as it is printed.

-o
Display the filter list used for the output side of the kernel IP processing.

-s
Show packet/flow state information (statistics) and held state information (in the kernel) if any is present.

-v
Turn verbose mode on. Displays more debugging information.

Synopsis

The role of ipfstat is to display current kernel statistics gathered as a result of applying the filters in place (if any) to packets going in and out of the kernel. This is the default operation when no command line parameters are present.

When supplied with either -i or -o, it will retrieve and display the appropriate list of filter rules currently installed and in use by the kernel.

Files

/dev/kmem
/dev/ipl
/dev/ipstate
/unix

See also

ipf(ADMN)

Standards conformance

ipfstat is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc. It includes software developed by the University of California, Berkeley and its contributors.
© 2004 The SCO Group, Inc. All rights reserved.