pfstat(8)
Name
pfstat − print packet filter status information
Syntax
pfstat [ −cdfkpqsv01234567 ] [ system [ corefile ] ]
Description
The pfstat command interprets the data structures of the packet filter driver packetfilter(.). If system is given, the required namelist is taken from there; otherwise, it is taken from /vmunix. If corefile is given, the data structures are sought there, otherwise in /dev/kmem. (If corefile is a core dump, then the −k option must be given.)
Options
If no options are given, then all are assumed (except for the verbose option, −v ).
c(Counts) Display various counts (per ethernet unit) including number of packets sent and received, the number of packets dropped due to full input queues, the number of packets not wanted by any filter, and the number of packets missed by the interface.
d(Descriptors) Display OpenDescriptors for each minor device.
f(Filters) Display packet filters for each minor device.
kThe corefile is a crash dump, not a running system’s /dev/kmem.
p(Parameters) Display device parameters including device type, header and address lengths, maximum transmission units (MTU), and interface and broadcast. addresses.
q(QueueElements) Display the QueueElements.
s(Scavenger) Display the FreeQueue and Scavenger statistics.
v(Verbose) Display information for minor devices not actually in use, and complete queue information, only if this flag is given.
<digit>Limit output to information about specified units; if no digits are given, then all units are displayed.
Output Format
This section describes the information displayed in the output of the pfstat command under the headings AllDescriptors, Filters, and QueueElts.
AllDescriptors
#Minor device number for open descriptor.
LOCDescriptor location.
LINK-QUEUEForward link to other descriptors.
STATEBlank, or one of:
waitwaiting for input, indefinite wait
timedwaiting for input, timed wait
touthas timed out
WAIT-QUEUEAddresses of “Queue Elements” for waiting packets.
NQ’DNumber of packets queued for input/maximum for this queue.
TOUTTimeout duration in clock ticks (if the −v [Verbose] option is not given, then times may be expressed as minutes [with a trailing “m”], hours [with a trailing “h”], or simply “long”, to keep the columns lined up.)
MODEShows which mode bits are set for the minor device; each bit is encoded as a single character:
HENHOLDSIG
BENBATCH
TENTSTAMP
PENPROMISC
NENNONEXCL
?An unknown mode bit is set.
SIGSignal number to be delivered when a packet arrives
PROCProcess to be signaled when a packet arrives
PIDProcess id which enabled the signal
Filters
LOCLocation of descriptor
DROPSCount of "recent" drops for this filter
PRIPriority of filter
LENLength of filter (in shortwords)
FILTERSee packetfilter() for interpretation of packet filters
QueueElts
LOCLocation of queue element
LINK-QUEUEForward and backward links
COUNTPacket size
REFReference count for queue element.
FLAGSPer-packet flag bits set; each bit is encoded as a single character:
PENSF_PROMISC
BENSF_BROADCAST
MENSF_MULTICAST
TENSF_TRAILER
?An unknown flag bit is set
DROPCount of packets dropped between the time previous packet was queued and the time this packet was queued
TIMEApproximate time this packet was received
Files
/vmunixnamelist
/dev/kmemdefault source of tables
See Also
netstat(1), packetfilter(4), pfconfig(8c), pstat(8)
K. Thompson, UNIX Implementation
Restrictions
Some of the output is a bit cramped so as to fit on an 80-character line. It should be possible to get a less verbose but more readable listing.
Since things happen pretty fast, it’s not likely that pfstat will provide a consistent view of a running system. It is mostly useful for analyzing static or slowly-varying problems, not transient ones.