Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
11121314151617181920
Chapter 2 Troubleshooting Tools VPN-1/FireWall-1 Control Commands
Advanced Technical Reference Guide 4.1 June 2000 11
Option Meaning
driver Access to the kernel module is shown (log entries).
Example Output
fw_read: non blocking read returns
fw_read: log_first = 1276, len = 36
fw_read: log_first = 1316, len = 36
fw_read: log_first = 1356, len = 52
Explanation:
Those are kernel calls about log entries read.
filter Shows the packet filtering that is done by the kernel module, and all the data that is loaded into
the kernel (the building of the tables, the services and the filtering functions.)
hold This is the holding mechanism and all packets that are being held or released are shown when
this switch is turned on (for example when doing encryption).
if All the interface related information (accessing the interface, installing on interface).
ioctl
When this switch is turned on it shows all the ioctl ( I/O control) messages such as the
communication between the kernel and the daemon, loading and unloading of
VPN-1/FireWall-1. (For instance when the daemon exits, it is sometimes possible to see the
ioctl command that caused the exit.)
kbuf All the information that is kbuf related (such as rdp when encrypting). The kbuf is the kernel
buffer memory pool, and the encryption keys use these memory allocations. (The memory
switch is for the tables memory pool).
Ld All the reads and writes to the tables. (heavy)
Log This switch shows everything related to the log (all log calls).
Machine This switch shows the actual assembler commands that are being processed. (heavy)
memory The memory allocations of VPN-1/FireWall-1.
Misc All the things that are not shown with the other commands.
Packet This switch shows all the actions performed on a packet (accept, drop, fragment).
Q The information regarding the driver queue (streams queues operations).
tcpseq This switch prints the tcp sequences that are being changed when using address translation.
xlate, xltrc Prints the NAT related information (changing IPs…) where the xlate switch is the basic (and
most commonly used) switch, and xltrc gives additional information by showing the actual
process of going through the NAT Rule Base for each packet (mostly on telnet and ftp).
See xlate, xltrc on page 14.
Winnt Special information regarding the Windows NT operation.
synatk All the information regarding the Syndefender.
domain Domain queries.
Install Driver installation.
Profile Prints the number of packets that were filtered and the amount of time spent on them.
Media Make level info on NT (frames and not packets).
Align Gives information regarding the decoding of the H323 data in H323 data connections.
Ex Information about dynamic table expiration.
Balance Information about load balancing.
Chain Information about cookie chains.