Add the DragonFly cvs id and perform general cleanups on cvs/rcs/sccs ids. Most

[dragonfly.git] / contrib / ipfilter / man / ipfstat.8

.\" $FreeBSD: src/contrib/ipfilter/man/ipfstat.8,v 1.3.2.4 2003/03/01 03:55:53 darrenr Exp $
.\" $DragonFly: src/contrib/ipfilter/man/ipfstat.8,v 1.2 2003/06/17 04:24:02 dillon Exp $
.TH ipfstat 8
.SH NAME
ipfstat \- reports on packet filter statistics and filter list
.SH SYNOPSIS
.B ipfstat
[
.B \-6aAfghIinosv
] [
.B \-d
<device>
]

.B ipfstat -t
[
.B \-C
] [
.B \-D
<addrport>
] [
.B \-P
<protocol>
] [
.B \-S
<addrport>
] [
.B \-T
<refresh time>
] [
.B \-d
<device>
]
.SH DESCRIPTION
.PP
\fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP,
\fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP.
To run and work, it needs to be able to read both /dev/kmem and the
kernel itself.  The kernel name defaults to \fB/kernel\fP.
.PP
The default behaviour of \fBipfstat\fP
is to retrieve and display the accumulated statistics which have been
accumulated over time as the kernel has put packets through the filter.
.SH OPTIONS
.TP
.B \-6
Display filter lists for IPv6, if available.
.TP
.B \-a
Display the accounting filter list and show bytes counted against each rule.
.TP
.B \-A
Display packet authentication statistics.
.TP 
.B \-C
This option is only valid in combination with \fB\-t\fP.
Display "closed" states as well in the top. Normally, a TCP connection is
not displayed when it reaches the CLOSE_WAIT protocol state. With this
option enabled, all state entries are displayed.
.TP
.BR \-d \0<device>
Use a device other than \fB/dev/ipl\fP for interfacing with the kernel.
.TP
.BR \-D \0<addrport>
This option is only valid in combination with \fB\-t\fP. Limit the state top
display to show only state entries whose destination IP address and port
match the addport argument. The addrport specification is of the form
ipaddress[,port].  The ipaddress and port should be either numerical or the
string "any" (specifying any ip address resp. any port). If the \fB\-D\fP
option is not specified, it defaults to "\fB\-D\fP any,any".
.TP
.B \-f
Show fragment state information (statistics) and held state information (in
the kernel) if any is present.
.TP
.B \-g
Show groups currently configured (both active and inactive).
.TP
.B \-h
Show per-rule the number of times each one scores a "hit".  For use in
combination with \fB\-i\fP.
.TP
.B \-i
Display the filter list used for the input side of the kernel IP processing.
.TP
.B \-I
Swap between retrieving "inactive"/"active" filter list details.  For use
in combination with \fB\-i\fP.
.TP
.B \-n
Show the "rule number" for each rule as it is printed.
.TP
.B \-o
Display the filter list used for the output side of the kernel IP processing.
.TP
.BR \-P \0<protocol>
This option is only valid in combination with \fB\-t\fP. Limit the state top
display to show only state entries that match a specific protocol. The
argument can be a protocol name (as defined in \fB/etc/protocols\fP) or a
protocol number. If this option is not specified, state entries for any
protocol are specified.
.TP
.B \-s
Show packet/flow state information (statistics only).
.TP
.B \-sl
Show held state information (in the kernel) if any is present (no statistics).
.TP
.BR \-S \0<addrport>
This option is only valid in combination with \fB\-t\fP. Limit the state top
display to show only state entries whose source IP address and port match
the addport argument. The addrport specification is of the form
ipaddress[,port].  The ipaddress and port should be either numerical or the
string "any" (specifying any ip address resp. any port). If the \fB\-S\fP
option is not specified, it defaults to "\fB\-S\fP any,any".
.TP
.B \-t
Show the state table in a way similar to they way \fBtop(1)\fP shows the process
table. States can be sorted using a number of different ways. This options
requires \fBncurses(3)\fP and needs to be compiled in. It may not be available on
all operating systems. See below, for more information on the keys that can
be used while ipfstat is in top mode.
.TP
.BR \-T \0<refreshtime>
This option is only valid in combination with \fB\-t\fP. Specifies how often
the state top display should be updated. The refresh time is the number of
seconds between an update. Any positive integer can be used. The default (and
minimal update time) is 1.
.TP
.B \-v
Turn verbose mode on.  Displays more debugging information.
.SH SYNOPSIS
The role of \fBipfstat\fP is to display current kernel statistics gathered
as a result of applying the filters in place (if any) to packets going in and
out of the kernel.  This is the default operation when no command line
parameters are present.
.PP
When supplied with either \fB\-i\fP or \fB\-o\fP, it will retrieve and display
the appropriate list of filter rules currently installed and in use by the
kernel.
.SH STATE TOP
Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
this mode the state table is displayed similar to the way \fBtop\fP displays
the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP 
commandline options can be used to restrict the state entries that will be 
shown and to specify the frequency of display updates.
.PP
In state top mode, the following keys can be used to influence the displayed
information:
.TP
\fBd\fP select information to display.
.TP
\fBl\fP redraw the screen.
.TP
\fBq\fP quit the program. 
.TP
\fBs\fP switch between different sorting criterion.
.TP
\fBr\fP reverse the sorting criterion.
.PP
States can be sorted by protocol number, by number of IP packets, by number
of bytes and by time-to-live of the state entry. The default is to sort by
the number of bytes. States are sorted in descending order, but you can use
the \fBr\fP key to sort them in ascending order.
.SH STATE TOP LIMITATIONS
It is currently not possible to interactively change the source, destination
and protocol filters or the refresh frequency. This must be done from the
command line.
.PP
The screen must have at least 80 columns. This is however not checked.
.PP
Only the first X-5 entries that match the sort and filter criteria are
displayed (where X is the number of rows on the display. There is no way to 
see more entries.
.PP
No support for IPv6
.PP
.SH FILES
/dev/kmem
.br
/dev/ipl
.br
/dev/ipstate
.br
/kernel
.SH SEE ALSO
ipf(8)
.SH BUGS
none known.