1ipfstat(1M) System Administration Commands ipfstat(1M)
2
6 ipfstat - reports on packet filter statistics and filter list
7
9 ipfstat [-6aACdfghIilnoRstv]
10 ipfstat [-C] [-D addrport] [-P protocol] [-S addrport]
13 [-T refreshtime]
14
17 The ipfstat command is part of a suite of commands associated with the
18 Solaris IP Filter feature. See ipfilter(5).
19 The ipfstat command examines /dev/kmem using the symbols _fr_flags,
22 _frstats, _filterin, and _filterout. To run and work, it needs to be
23 able to read both /dev/kmem and the kernel itself.
24 The default behavior of ipfstat is to retrieve and display the statis‐
27 tics which have been accumulated over time as the kernel has put pack‐
28 ets through the filter.
29 The role of ipfstat is to display current kernel statistics gathered as
32 a result of applying the filters in place (if any) to packets going in
33 and out of the kernel. This is the default operation when no command
34 line parameters are present. When supplied with either -i or -o, ipfs‐
35 tat will retrieve and display the appropriate list of filter rules cur‐
36 rently installed and in use by the kernel.
37 ipfstat uses kernel device files to obtain information. The default
40 permissions of these files require ipfstat to be run as root for all
41 operations.
42 The ipfstat command supports the kstat(3KSTAT) kernel facility. Because
45 of this support, as an alternative to ipfstat, you can use kstat(1M).
46 For example:
47 # kstat ‐m ipf
50 Using the ipfstat -t option causes ipfstat to enter the state top mode.
53 In this mode the state table is displayed similarly to the way the Unix
54 top utility displays the process table. The -C, -D, -P, -S and -T com‐
55 mand line options can be used to restrict the state entries that will
56 be shown and to specify the frequency of display updates.
57 In state top mode, use the following keys to influence the displayed
60 information:
61 d Select information to display.
63 l Redraw the screen.
66 q Quit the program.
69 s Switch between different sorting criteria.
72 r Reverse the sorting criteria.
75 States can be sorted by protocol number, by number of IP packets, by
79 number of bytes, and by time-to-live of the state entry. The default is
80 to sort by the number of bytes. States are sorted in descending order,
81 but you can use the r key to sort them in ascending order.
82 It is not possible to interactively change the source, destination, and
85 protocol filters or the refresh frequency. This must be done from the
86 command line.
87 The screen must have at least 80 columns for correct display. However,
90 ipfstat does not check the screen width.
91 Only the first X-5 entries that match the sort and filter criteria are
94 displayed (where X is the number of rows on the display). There is no
95 way to see additional entries.
96
98 The following options are supported:
99 -6 Display filter lists and states for IPv6, if avail‐
101 able. This option might change in the future.
102 -a Display the accounting filter list and show bytes
105 counted against each rule.
106 -A Display packet authentication statistics.
109 -C Valid only in combination with -t. Display "closed"
112 states as well in the top. Normally, a TCP connection
113 is not displayed when it reaches the CLOSE_WAIT pro‐
114 tocol state. With this option enabled, all state
115 entries are displayed.
116 -d Produce debugging output when displaying data.
119 -D addrport Valid only in combination with -t. Limit the state
122 top display to show only state entries whose destina‐
123 tion IP address and port match the addrport argument.
124 The addrport specification is of the form ipad‐
125 dress[,port]. The ipaddress and port should be either
126 numerical or the string any (specifying any IP
127 address and any port, in that order). If the -D
128 option is not specified, it defaults to -D any,any.
129 -f Show fragment state information (statistics) and held
132 state information (in the kernel) if any is present.
133 -g Show groups currently configured (both active and
136 inactive).
137 -h Show per-rule the number of times each one scores a
140 "hit". For use in combination with -i.
141 -i Display the filter list used for the input side of
144 the kernel IP processing.
145 -I Swap between retrieving inactive/active filter list
148 details. For use in combination with -i.
149 -l When used with -s, show a list of active state
152 entries (no statistics).
153 -n Show the rule number for each rule as it is printed.
156 -o Display the filter list used for the output side of
159 the kernel IP processing.
160 -P protocol Valid only in combination with -t. Limit the state
163 top display to show only state entries that match a
164 specific protocol. The argument can be a protocol
165 name (as defined in /etc/protocols) or a protocol
166 number. If this option is not specified, state
167 entries for any protocol are specified.
168 -R Disable both IP address-to-hostname resolution and
171 port number-to-service name resolution.
172 -S addrport Valid only in combination with -t. Limit the state
175 top display to show only state entries whose source
176 IP address and port match the addrport argument. The
177 addrport specification is of the form ipad‐
178 dress[,port]. The ipaddress and port should be either
179 numerical or the string any (specifying any IP
180 address and any port, in that order). If the -S
181 option is not specified, it defaults to -S any,any.
182 -s Show packet/flow state information (statistics only).
185 -T refreshtime Valid only in combination with -t. Specifies how
188 often the state top display should be updated. The
189 refresh time is the number of seconds between an
190 update. Any positive integer can be used. The default
191 (and minimal update time) is 1.
192 -t Show the state table in a way similar to the way the
195 Unix utility, top, shows the process table. States
196 can be sorted in a number of different ways.
197 -v Turn verbose mode on. Displays additional debugging
200 information.
201
204 o /dev/kmem
205 o /dev/ksyms
207 o /dev/ipl
209 o /dev/ipstate
211
213 See attributes(5) for descriptions of the following attributes:
214 ┌─────────────────────────────┬─────────────────────────────┐
219 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
220 ├─────────────────────────────┼─────────────────────────────┤
221 │Availability │SUNWipfu │
222 ├─────────────────────────────┼─────────────────────────────┤
223 │Interface Stability │Committed │
224 └─────────────────────────────┴─────────────────────────────┘
225
227 ipf(1M), kstat(1M), kstat(3KSTAT), attributes(5), ipfilter(5)
228SunOS 5.11 3 Apr 2008 ipfstat(1M)