Metrics
This feature is only available using the CLI.
Status and statistic counters are available through the sysfs entry /sys/packetshield/<instance name>/<context id>/stats
.
$ cat /sys/packetshield/myinst/Other/stats
status : 0x0000
rx_total : 0
invalid : 0
whitelisted: 0
filtered : 0
out_related: 0
dns_resp : 0
syn : 0
rst : 0
ack : 0
unknown_ttl: 0
ttlfiltered: 0
established: 0
newconns : 0
unmatched : 0
syncookie : 0
drop_syn : 0
drop_rst : 0
drop_ack : 0
delivered : 0
tx_total : 0
status | current status of the context This value is a bitfield. It can be one or a combination of the different following values:
The value | ||||||||||
rx_total | counter of incoming packets on current context | ||||||||||
invalid | counter of invalid (from a protocol point of view) incoming packets on current context Possible reasons are:
| ||||||||||
whitelisted | counter of accepted incoming packets because they match one of the whitelist rule:
| ||||||||||
filtered | counter of dropped packets because of configured policy. Possible reasons are:
| ||||||||||
out_related | counter of accepted incoming TCP packets related to a known outbound session | ||||||||||
dns_rsp | counter of accepted incoming UDP packets related to a known outbound DNS query | ||||||||||
syn | counter of incoming TCP SYN packets | ||||||||||
rst | counter of incoming TCP RST packets | ||||||||||
ack | counter of incoming TCP ACK packets | ||||||||||
unknown_ttl | counter of incoming packets with a suspect TTL | ||||||||||
ttlfiltered | counter of dropped packets in order to validate TTLs | ||||||||||
established | counter of accepted incoming TCP packets related to a known session | ||||||||||
newconns | counter of incoming TCP SYN packets on protected TCP ports which are not TCP retransmit (new connections) | ||||||||||
unmatched | counter of incoming TCP RST and ACK packets on protected ports and not related to a established session | ||||||||||
syncookie | counter of successfully generated syncookies | ||||||||||
drop_syn | counter of dropped SYN packets because generation of syncookie failed | ||||||||||
drop_rst | counter of dropped incoming TCP RST packets on protected port because not related to a known session | ||||||||||
drop_ack | counter of dropped incoming TCP ACK packets on protected port because not related to a known session | ||||||||||
delivered | counter of packets delivered to system stack. If surge protect mode is reached the counter presents the number of packets dropped instead of being delivered. | ||||||||||
total_tx | counter of total outgoing packets (except generated ones) |
Next up
Network Interfaces