I looked at ipnat utility, actually. It uses kvm library to print list
of active MAP/Redirect filters and sessions, for -l option. It also
uses kvm to access some info when run against kernel core (with -M
option), but that shouldn't be interesting for you (it uses ioctls
against 'live' kernel).

Looks like it wouldn't be too hard to add two ioctls to get the
lists, and make the kvm grovelling optional.

ipfstat might be a bit more difficult (didn't look too close in it).


Alexander Grigo wrote:
> Hi,
> Jaromir Dolecek wrote:
> > Don't think there is any. It wouldn't be very hard to create bunch
> > of ioctls() and use that rather than direct kernel memory
> > reads, OTOH.
> Well, according to the Makefiles in src/usr.sbin/ipf/xxx
> the only ipf/ipnat related programs using kvm are
> ipfstat and ipnat.
> Since ipf doesn't, I was wondering if this kvm stuff is
> just needed for statistics (e.g. ipnat -l ). If so, did
> someone take a look at the code to check that? Or is
> the kvm lib that necessary to ipnat? (I'm going to look
> at the code next week. No time for that now ;)
> Cheers,
> Alexander

