Re: ipfstat inconsistent?

Paul Armstrong Sat, 18 Jan 2003 14:27:57 -0800

On Sat, Jan 18, 2003 at 12:24:55AM -0800, Phil Dibowitz wrote:
> Why is it that when I run 'ipfstat -s' I get:
> 
> IP states added:
>         5742 TCP
>         1015 UDP
>         0 ICMP
>         1675817 hits
>         8187 misses
>         0 maximum
>         0 no memory
>         25 bkts in use
>         25 active
>         1015 expired
>         5717 closed
> 
> Note there that there are "25 active" states... but when I run ipfstat 
> -t, there are a mere 8 states?
> 
> Any help would be much appreciated.


What version and architecture?
Here's the output for 3.4.28 on FreeBSD 4.5 (x86):

hedgehog# ipfstat -s
IP states added:
        178738 TCP
        14133 UDP
        15 ICMP
        35778823 hits
        1391943 misses
        10 maximum
        0 no memory
        4 bkts in use
        4 active
        14148 expired
        178734 closed

hedgehog# ipfstat -sl
192.168.16.16 -> 207.182.190.28 ttl 863827 pass 0x5006 pr 6 state 4/4
        pkts 51 bytes 5740      32770 -> 5222 72fcc1c8:dc6f1afd 7504<<0:24616<<0
        pass out quick keep state       IPv4
        pkt_flags & 2(b2) = b,          pkt_options & ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        interfaces: in sis0,de0 out de0,sis0
192.168.16.16 -> 203.7.155.24 ttl 863976 pass 0x5006 pr 6 state 4/4
        pkts 1861 bytes 134560  32769 -> 22 72e3d32f:9b1cbb4 16896<<0:4096<<0
        pass out quick keep state       IPv4
        pkt_flags & 2(b2) = b,          pkt_options & ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        interfaces: in sis0,de0 out de0,sis0
211.28.122.26 -> 203.7.155.24 ttl 854069 pass 0x5006 pr 6 state 4/4
        pkts 1613 bytes 292711  1222 -> 22 f3f87b57:3480d9cc 32768<<0:4096<<0
        pass out quick keep state       IPv4
        pkt_flags & 2(b2) = b,          pkt_options & ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        interfaces: in -,de0 out de0,-
203.9.124.10 -> 211.28.122.26 ttl 853995 pass 0x500a pr 6 state 4/4
        pkts 1789 bytes 366417  37071 -> 22 23cbbf2e:ab3816e8 8760<<0:33580<<0
        pass in quick keep state        IPv4
        pkt_flags & 2(b2) = b,          pkt_options & ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        interfaces: in de0,- out -,de0

hedgehog# ipfstat -t
             hedgehog.zoo - IP Filter: v3.4.28 - state top              03:33:10

Src = 0.0.0.0  Dest = 0.0.0.0  Proto = any  Sorted by = # bytes

Source IP             Destination IP         ST   PR   #pkts    #bytes       ttl
203.9.124.10,37071    211.28.122.26,22      4/4  tcp    1789    366417 118:36:10
211.28.122.26,1222    203.7.155.24,22       4/4  tcp    1613    292711 118:36:47
192.168.16.16,32769   203.7.155.24,22       4/4  tcp    1973    142672 119:59:53
192.168.16.16,32770   207.182.190.28,5222   4/4  tcp      51      5740 119

Re: ipfstat inconsistent?

Reply via email to