summaryrefslogtreecommitdiff
path: root/static/freebsd/man8/ipfstat.8
diff options
context:
space:
mode:
Diffstat (limited to 'static/freebsd/man8/ipfstat.8')
-rw-r--r--static/freebsd/man8/ipfstat.8198
1 files changed, 198 insertions, 0 deletions
diff --git a/static/freebsd/man8/ipfstat.8 b/static/freebsd/man8/ipfstat.8
new file mode 100644
index 00000000..0d9bbb72
--- /dev/null
+++ b/static/freebsd/man8/ipfstat.8
@@ -0,0 +1,198 @@
+.TH ipfstat 8
+.SH NAME
+ipfstat \- reports on packet filter statistics and filter list
+.SH SYNOPSIS
+.B ipfstat
+[
+.B \-46aAdfghIilnoRsv
+]
+.br
+.B ipfstat -t
+[
+.B \-6C
+] [
+.B \-D
+<addrport>
+] [
+.B \-P
+<protocol>
+] [
+.B \-S
+<addrport>
+] [
+.B \-T
+<refresh time>
+]
+.SH DESCRIPTION
+\fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP,
+\fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP.
+To run and work, it needs to be able to read both /dev/kmem and the
+kernel itself. The kernel name defaults to \fB/boot/kernel/kernel\fP.
+.PP
+The default behaviour of \fBipfstat\fP
+is to retrieve and display the accumulated statistics which have been
+accumulated over time as the kernel has put packets through the filter.
+.SH OPTIONS
+.TP
+.B \-4
+Display filter lists and states for IPv4, if available. This is the default
+when displaying states. \fB-4\fP and \fB-6\fP is the default when
+displaying lists.
+.TP
+.B \-6
+Display filter lists and states for IPv6, if available.
+.TP
+.B \-a
+Display the accounting filter list and show bytes counted against each rule.
+.TP
+.B \-A
+Display packet authentication statistics.
+.TP
+.B \-C
+This option is only valid in combination with \fB\-t\fP.
+Display "closed" states as well in the top. Normally, a TCP connection is
+not displayed when it reaches the CLOSE_WAIT protocol state. With this
+option enabled, all state entries are displayed.
+.TP
+.BR \-d
+Produce debugging output when displaying data.
+.TP
+.BR \-D \0<addrport>
+This option is only valid in combination with \fB\-t\fP. Limit the state top
+display to show only state entries whose destination IP address and port
+match the addrport argument. The addrport specification is of the form
+ipaddress[,port]. The ipaddress and port should be either numerical or the
+string "any" (specifying any IP address resp. any port). If the \fB\-D\fP
+option is not specified, it defaults to "\fB\-D\fP any,any".
+.TP
+.B \-f
+Show fragment state information (statistics) and held state information (in
+the kernel) if any is present.
+.TP
+.B \-g
+Show groups currently configured (both active and inactive).
+.TP
+.B \-h
+Show per-rule the number of times each one scores a "hit".
+.TP
+.B \-i
+Display the filter list used for the input side of the kernel IP processing.
+.TP
+.B \-I
+Swap between retrieving "inactive"/"active" filter list details. For use
+in combination with \fB\-i\fP.
+.TP
+.B \-n
+Show the "rule number" for each rule as it is printed.
+.TP
+.B \-o
+Display the filter list used for the output side of the kernel IP processing.
+.TP
+.BR \-P \0<protocol>
+This option is only valid in combination with \fB\-t\fP. Limit the state top
+display to show only state entries that match a specific protocol. The
+argument can be a protocol name (as defined in \fB/etc/protocols\fP) or a
+protocol number. If this option is not specified, state entries for any
+protocol are specified.
+.TP
+.BR \-R
+Don't try to resolve addresses to hostnames and ports to services while
+printing statistics.
+.TP
+.B \-s
+Show packet/flow state information (statistics only).
+.TP
+.B \-sl
+Show held state information (in the kernel) if any is present (no statistics).
+.TP
+.BR \-S \0<addrport>
+This option is only valid in combination with \fB\-t\fP. Limit the state top
+display to show only state entries whose source IP address and port match
+the addrport argument. The addrport specification is of the form
+ipaddress[,port]. The ipaddress and port should be either numerical or the
+string "any" (specifying any IP address resp. any port). If the \fB\-S\fP
+option is not specified, it defaults to "\fB\-S\fP any,any".
+.TP
+.B \-t
+Show the state table in a way similar to the way \fBtop(1)\fP shows the process
+table. States can be sorted using a number of different ways. This option
+requires \fBcurses(3)\fP and needs to be compiled in. It may not be available on
+all operating systems. See below, for more information on the keys that can
+be used while ipfstat is in top mode.
+.TP
+.BR \-T \0<refreshtime>
+This option is only valid in combination with \fB\-t\fP. Specifies how often
+the state top display should be updated. The refresh time is the number of
+seconds between an update. Any positive integer can be used. The default (and
+minimal update time) is 1.
+.TP
+.B \-v
+Turn verbose mode on. Displays more debugging information. When used with
+either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the
+number of times it has been matched and the number of bytes from such packets
+is displayed. For "keep state" rules, a count of the number of state sessions
+active against the rule is also displayed.
+.SH SYNOPSIS
+The role of \fBipfstat\fP is to display current kernel statistics gathered
+as a result of applying the filters in place (if any) to packets going in and
+out of the kernel. This is the default operation when no command line
+parameters are present.
+.PP
+When supplied with either \fB\-i\fP or \fB\-o\fP, it will retrieve and display
+the appropriate list of filter rules currently installed and in use by the
+kernel.
+.PP
+One of the statistics that \fBipfstat\fP shows is \fBticks\fP.
+This number indicates how long the filter has been enabled.
+The number is incremented every half\-second.
+.SH STATE TOP
+Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
+this mode the state table is displayed similar to the way \fBtop\fP displays
+the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP
+command line options can be used to restrict the state entries that will be
+shown and to specify the frequency of display updates.
+.PP
+In state top mode, the following keys can be used to influence the displayed
+information:
+.TP
+\fBb\fP show packets/bytes from backward direction.
+.TP
+\fBf\fP show packets/bytes from forward direction. (default)
+.TP
+\fBl\fP redraw the screen.
+.TP
+\fBq\fP quit the program.
+.TP
+\fBs\fP switch between different sorting criterion.
+.TP
+\fBr\fP reverse the sorting criterion.
+.PP
+States can be sorted by protocol number, by number of IP packets, by number
+of bytes and by time-to-live of the state entry. The default is to sort by
+the number of bytes. States are sorted in descending order, but you can use
+the \fBr\fP key to sort them in ascending order.
+.SH STATE TOP LIMITATIONS
+It is currently not possible to interactively change the source, destination
+and protocol filters or the refresh frequency. This must be done from the
+command line.
+.PP
+The screen must have at least 80 columns. This is however not checked.
+When running state top in IPv6 mode, the screen must be much wider to display
+the very long IPv6 addresses.
+.PP
+Only the first X-5 entries that match the sort and filter criteria are
+displayed (where X is the number of rows on the display. The only way to see
+more entries is to resize the screen.
+.SH FILES
+/dev/kmem
+.br
+/dev/ipl
+.br
+/dev/ipstate
+.br
+/kernel
+.SH SEE ALSO
+ipf(8)
+.SH BUGS
+\fB-4\fP and \fB-6\fP are only valid with \fB-i\fP, \fB-o\fP, and \fB-t\fP.
+An error should result when used with other arguments.
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-15 13:00:16 +0000