Call abort(3) to create a core file. Please try to use it only on forked processes.

Echo the command. This can be used for an external tool to synchronize with the AFTR daemon.

Fork the aftr process. In the parent the current session is closed (so after this command you'll talk only to the child) and other activities, including packet forwarding, are continued. In the child all file descriptors at the exception of the current session are closed.

This command should be used before to execution an expensive and atomic operation like list commands or some debug commands, and of course the abort command.

List available or all commands.

Orderly kill the aftr process.

Redirect the input of the current session from the content of the file. This is done in an atomic way (i.e., there is no other activity during the operation) but exists if a command fails.

Obsolete, use session close (for closing the current session) or kill (for killing the process).

Reboot the whole process.

Reload the section two part of the config file. This is sliced with the packet forwarding, but not with session reading (so you can't execute a command until reload is finished).

The reload process uses a generation system: static NAT, PRR/A+P and no-NAT entries in the reloaded file are put in the next generation. If the reload succeeds, global entries in older generations are garbaged collected, if it fails new generation entries are backtracked to the previous generation. Garbage collection and backtracking are sliced with the packet forwarding, another reload command is forbidden until they finish so a reload flushes the input buffer of the current session.

Aliases of debug dropped and debug stat, display dropped packet and general statistics.

Returns LOG: alive.

Performs some sanity checks on structures. Reserved to expert usage on a forked process (or better core file debugged with gdb). Note it uses recusive deep structure walking so can eat a lot of stack.

Disable per-tunnel debug counters. Optionally clear them.

This displays the dropped packet statistics with reasons.

Enable per-tunnel debug counters for the tunnel with addr remote IPv6 address. Note the counters can be incremented only when the involved tunnel is known, for instance, only after reassembly.

This displays the list of IPv4 or IPv6 fragments awaiting reassembly.

This displays information about a single fragment or fragment chain. add> is the memory address of the fragment structure (from a previous debug fragment command).

This displays some statistics about the various hash tables (fragment, nat, and tunnel).

This displays some information about the nat hash table and entry table.

This displays detailed information about a single nat mapping. addr is the memory address of the nat structure (from a previous debug nat command).

This displays the list of no-nat tunnel entries.

This displays the global IPv4 addresses that will be used for NAT mappings.

This displays the control channel session types with the number of active sessions.

This displays some general statistics about packets in and out. If per-tunnel debug counters are enable, displays them.

This displays some information about the tunnel table.

This displays some information about a single tunnel.

This removes the IPv6 ACL entry with the IPv6 address.

This removes the remote filter if it exits attached to a static or explicit dynamic NAT mapping.

This removes a static or explicit dynamic NAT mapping.

This removes a no-nat tunnel entry.

Look at zone zero configuration commands.

This removes a Port-Range Router/A+P null NAT mapping.

This removes a tunnel and all NAT mappings associated with it.

List IPv6 ACLs.

List all the default values which can be set by a 'default'/'global' command.

List the NAT entries in the configuration file format. Default is to list only the configured ('conf') NAT entries. 'global' lists the the configured global (i.e., not by a session) active (i.e., not to be garbaged collected after a reload) NAT entries.

List all the No-NAT tunnel entries in the configuration file format.

List the NATted source addresses with current PCP ranges in the configuration file format.

List the NATted source addresses with current port ranges in the configuration file format.

List the static NAT, PRR/A+P and no-NAT entries created by the current session or the session with name or with generation (note these entries will be flushed when the session will be closed so this command can be used to get them in order to include them in the config).

List the tunnel entries in the configuration file format, including specific MTU (if different from the default MTU).

Close the current or designed session. Delete all the static NAT, PRR/A+P and no-NAT entries created by the current session and which were not promoted to global/permanent entries by a reload.

Enable/disable the section two configuration commands. By default configuration commands must go to the config file.

Enable/disable the creation of new implicit dynamic mappings. Used by the PCP daemon and default and reset on session close to off.

Log errors or don't for the current session. Default is on.

Display or set the name of the current session. The stdio initial session is statically named 'tty'.

Log tunnel removal or don't to the current session. Default is off.