1ipfstat(1M)             System Administration Commands             ipfstat(1M)
2
3
4

NAME

6       ipfstat - reports on packet filter statistics and filter list
7

SYNOPSIS

9       ipfstat [-6aACdfghIilnoRstv]
10
11
12       ipfstat [-C] [-D addrport] [-P protocol] [-S addrport]
13            [-T refreshtime]
14
15

DESCRIPTION

17       The  ipfstat command is part of a suite of commands associated with the
18       Solaris IP Filter feature. See ipfilter(5).
19
20
21       The ipfstat command examines /dev/kmem  using  the  symbols  _fr_flags,
22       _frstats,  _filterin,  and  _filterout. To run and work, it needs to be
23       able to read both /dev/kmem and the kernel itself.
24
25
26       The default behavior of ipfstat is to retrieve and display the  statis‐
27       tics  which have been accumulated over time as the kernel has put pack‐
28       ets through the filter.
29
30
31       The role of ipfstat is to display current kernel statistics gathered as
32       a  result of applying the filters in place (if any) to packets going in
33       and out of the kernel. This is the default operation  when  no  command
34       line  parameters are present. When supplied with either -i or -o, ipfs‐
35       tat will retrieve and display the appropriate list of filter rules cur‐
36       rently installed and in use by the kernel.
37
38
39       ipfstat  uses  kernel  device  files to obtain information. The default
40       permissions of these files require ipfstat to be run as  root  for  all
41       operations.
42
43
44       The ipfstat command supports the kstat(3KSTAT) kernel facility. Because
45       of this support, as an alternative to ipfstat, you can  use  kstat(1M).
46       For example:
47
48
49       # kstat ‐m ipf
50
51
52       Using the ipfstat -t option causes ipfstat to enter the state top mode.
53       In this mode the state table is displayed similarly to the way the Unix
54       top  utility displays the process table. The -C, -D, -P, -S and -T com‐
55       mand line options can be used to restrict the state entries  that  will
56       be shown and to specify the frequency of display updates.
57
58
59       In  state  top  mode, use the following keys to influence the displayed
60       information:
61
62       d    Select information to display.
63
64
65       l    Redraw the screen.
66
67
68       q    Quit the program.
69
70
71       s    Switch between different sorting criteria.
72
73
74       r    Reverse the sorting criteria.
75
76
77
78       States can be sorted by protocol number, by number of  IP  packets,  by
79       number of bytes, and by time-to-live of the state entry. The default is
80       to sort by the number of bytes. States are sorted in descending  order,
81       but you can use the r key to sort them in ascending order.
82
83
84       It is not possible to interactively change the source, destination, and
85       protocol filters or the refresh frequency. This must be done  from  the
86       command line.
87
88
89       The  screen must have at least 80 columns for correct display. However,
90       ipfstat does not check the screen width.
91
92
93       Only the first X-5 entries that match the sort and filter criteria  are
94       displayed  (where  X is the number of rows on the display). There is no
95       way to see additional entries.
96

OPTIONS

98       The following options are supported:
99
100       -6                Display filter lists and states for IPv6,  if  avail‐
101                         able. This option might change in the future.
102
103
104       -a                Display  the  accounting  filter  list and show bytes
105                         counted against each rule.
106
107
108       -A                Display packet authentication statistics.
109
110
111       -C                Valid only in combination with -t.  Display  "closed"
112                         states as well in the top. Normally, a TCP connection
113                         is not displayed when it reaches the CLOSE_WAIT  pro‐
114                         tocol  state.  With  this  option  enabled, all state
115                         entries are displayed.
116
117
118       -d                Produce debugging output when displaying data.
119
120
121       -D addrport       Valid only in combination with -t.  Limit  the  state
122                         top display to show only state entries whose destina‐
123                         tion IP address and port match the addrport argument.
124                         The  addrport  specification  is  of  the  form ipad‐
125                         dress[,port]. The ipaddress and port should be either
126                         numerical  or  the  string  any  (specifying  any  IP
127                         address and any port,  in  that  order).  If  the  -D
128                         option is not specified, it defaults to -D any,any.
129
130
131       -f                Show fragment state information (statistics) and held
132                         state information (in the kernel) if any is present.
133
134
135       -g                Show groups currently  configured  (both  active  and
136                         inactive).
137
138
139       -h                Show  per-rule  the number of times each one scores a
140                         "hit". For use in combination with -i.
141
142
143       -i                Display the filter list used for the  input  side  of
144                         the kernel IP processing.
145
146
147       -I                Swap  between  retrieving inactive/active filter list
148                         details. For use in combination with -i.
149
150
151       -l                When used with  -s,  show  a  list  of  active  state
152                         entries (no statistics).
153
154
155       -n                Show the rule number for each rule as it is printed.
156
157
158       -o                Display  the  filter list used for the output side of
159                         the kernel IP processing.
160
161
162       -P protocol       Valid only in combination with -t.  Limit  the  state
163                         top  display  to show only state entries that match a
164                         specific protocol. The argument  can  be  a  protocol
165                         name  (as  defined  in  /etc/protocols) or a protocol
166                         number.  If  this  option  is  not  specified,  state
167                         entries for any protocol are specified.
168
169
170       -R                Disable  both  IP  address-to-hostname resolution and
171                         port number-to-service name resolution.
172
173
174       -S addrport       Valid only in combination with -t.  Limit  the  state
175                         top  display  to show only state entries whose source
176                         IP address and port match the addrport argument.  The
177                         addrport   specification   is   of   the  form  ipad‐
178                         dress[,port]. The ipaddress and port should be either
179                         numerical  or  the  string  any  (specifying  any  IP
180                         address and any port,  in  that  order).  If  the  -S
181                         option is not specified, it defaults to -S any,any.
182
183
184       -s                Show packet/flow state information (statistics only).
185
186
187       -T refreshtime    Valid  only  in  combination  with  -t. Specifies how
188                         often the state top display should  be  updated.  The
189                         refresh  time  is  the  number  of seconds between an
190                         update. Any positive integer can be used. The default
191                         (and minimal update time) is 1.
192
193
194       -t                Show  the state table in a way similar to the way the
195                         Unix utility, top, shows the  process  table.  States
196                         can be sorted in a number of different ways.
197
198
199       -v                Turn  verbose  mode on. Displays additional debugging
200                         information.
201
202

FILES

204           o      /dev/kmem
205
206           o      /dev/ksyms
207
208           o      /dev/ipl
209
210           o      /dev/ipstate
211

ATTRIBUTES

213       See attributes(5) for descriptions of the following attributes:
214
215
216
217
218       ┌─────────────────────────────┬─────────────────────────────┐
219       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
220       ├─────────────────────────────┼─────────────────────────────┤
221       │Availability                 │SUNWipfu                     │
222       ├─────────────────────────────┼─────────────────────────────┤
223       │Interface Stability          │Committed                    │
224       └─────────────────────────────┴─────────────────────────────┘
225

SEE ALSO

227       ipf(1M), kstat(1M), kstat(3KSTAT), attributes(5), ipfilter(5)
228
229
230
231
232
233
234SunOS 5.11                        3 Apr 2008                       ipfstat(1M)
Impressum