导语
iproute命令家族:
命令系列由软件包’iproute’提供;
安装程序包命令:~]# yum -y install iproute
查看程序包信息:~]# rpm -qi iptoute
关键词:
ip link ; ip netns ; ip address ; ip route ;
ss ;
================================********************************===============================
1、 ip命令:
ip – show / manipulate routing, devices, policy routing and tunnels
查看/管理路由、设备、策略路由、隧道;
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |netns | l2tp | tcp_metrics | token }
OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | ipx | dnet | link} | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] |-ts[hort] | -n[etns] name | -a[ll] }
备注:在能唯一识别的前提下,’OBJECT’ 及其子命令 ‘command’ 的字符串可缩,可缩写成前面几个字符串;
ip OBJECT 常用用法整理:
=============================
ip link : network device configuration,网络设备管理;
———————————————————-
ip link list = ip link show 显示所有网络接口的统计信息;
ip link set DEVICE { up | down } 启用或禁用指定网络接口;
ip link set DEVICE multicast { on | off } 启用或禁用指定网络接口的多播功能;
ip link set DEVICE name NAME 更改指定网络接口的名字;改名字之前先’down’网络接口,然后更改,最后’up’网络接口;
ip link set DEVICE mtu NUMBER 设置指定网络接口的最大传输单元(MTU),默认是1500bytes;
ip link set DEVICE netns { PID | NETNSNAME } ns指的是namespace,用于将网络接口移动到指定的网络名称空间;
把指定网络接口移动的指定的网络名称空间的步骤:
先创建网络名称空间: ~]# ip netns add NETNSNAME 添加一个网络名称空间,自定义一个名字;
移动网络接口到网络名称空间: ~]# ip link set DEVICE netns NETNSNAME
移动网络接口到网络名称空间后,使用类似’ip link show’命令,是查看不到已经移动到网络名称空间的网络接口信息的,如果要查看,则使用命令:
~]# ip netns exec NETNSNAME ip link show
注意:如果当前主机只有一块物理网络接口的时候,移动此网络接口到网络名称空间后,远程连接会中断;
删除网络名称空间:~]# ip netns del NETNSNAME
删除网络名称空间后,之前移动到网络名称空间的网络接口自动退出,也就是说,此时能用命令’ip link show’查看到所有网络接口的信息;
ip netns : process network namespace management,网络名称空间管理;
———————————————————————-
~]# ip netns add NETNSNAME 添加一个网络名称空间,自定义一个名字;
~]# ip netns del NETNSNAME 删除指定的网络名称空间;
~]# ip netns list 列出所有的网络名称空间;
~]# ip netns exec NETNSNAME COMMAND 在指定的网络名称空间中运行指定的命令;
ip address命令:protocol address management,协议地址管理;
——————————————————————–
添加IP地址:
~]# ip address add IFADDR/PREFIX dev IFNAME 对指定的网络接口设定IP地址;’IFADDR/PREFIX’表示’IP地址/掩码长度’,’IFNAME’表示网络接口名称;
备注:上面命令添加的IP地址信息,用命令’ifconfig’是查看不了的,’ifconfig’命令只能查看到第一次配置的IP地址;只能使用命令’ip address show’查看;
~]# ip address add IFADDR/PREFIX dev IFNAME label LABEL_NAME 为指定网络接口添加IP地址,并指定’LABEL_NAME’;
备注1:’LABEL_NAME’ 的表示方式为,’IFNAME:N’,其中’N’表示’0,1,2,…’的数字;
~]# ip address add IFADDR/PREFIX dev IFNAME broadcast ADDRESS
删除IP地址:
~]# ip address del IFADDR/PREFIX dev IFNAME 删除不带’label’标签的IP地址;
~]# ip address del IFADDR/PREFIX dev IFNAME:PREFIX 删除带’label’标签的IP地址;
显示IP地址信息:
~]# ip address show [IFNAME] 查看:所有网络接口或指定网络接口的信息;
清空所有IP地址:
~]# ip address flush dev IFNAME 清空指定网络接口的所有IP地址;
举例:
~]# ip address add 192.168.206.120/16 dev ens33
~]# ip address add 192.168.206.120/16 dev ens33 label ens33:0
~]# ip address add 192.168.206.120/16 dev ens33 label ens33:7
~]# ip address del 192.168.206.120/16 dev ens33
~]# ip address del 192.168.206.120/16 dev ens33:7
ip route命令:routing table management,路由表管理;
———————————————————–
添加路由:
~]# ip route add [ TYPE ] PREFIX via ADDRESS [ dev STRING ] [src SOURCE_ADDRESS]
说明:
‘TYPE’类型有: { unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat };如果没有指定’TYPE’,则使用默认值’unicast’;
‘PREFIX’ : 表示’目标IP网段/掩码长度’;
‘via ADDRESS’ : ‘via’是固定的关键词;’ADDRESS’是网关地址,即下一跳地址;
举例:
~]# ip route add 192.168.40.0/16 via 190.168.10.1 dev ens33 src 192.168.10.55
~]# ip route add default via 190.168.10.1 dev ens33 添加默认路由;
删除路由:
~]# ip route delete [ TYPE ] PREFIX
显示路由表:
~]# ip route list 显示路由表的所有条目;
~]# ip route show 显示路由表的所有条目;
~]# ip route show [ TYPE ] PREFIX 显示指定目标网段的路由条目;
清空路由表;
~]# ip route flush [ TYPE ] PREFIX
2、ss命令:another utility to investigate sockets; 另一个用于研究套接字的实用程序;
ss [options] [ FILTER ]
OPTIONS:
-t : TCP协议的相关连接;
-u : UDP协议的相关连接;
-w : raw socket相关的连接;
-l : 处于监听状态的连接;’State’;
-a : 所有信息状态;Show both listening and non-listening ( for TCP this means established connections) sockets. With the — interfaces option, show interfaces that are not up;
-n : 以数字格式显示IP和PORT;
-e : 扩展格式;’User’,’Inode’;表示显示哪个用户开启的进程,以及此进程文件所对应的’inode’号;
-p : 显示相关的进程及PID;’PID/Program name’
-o : Show timer information; 显示计数器的信息;
-m : Show socket memory usage; 显示套接字内存的使用;
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
TCP的常见状态,TCP FSM(有限状态机,Finite State Machine):
LISTEN : 监听状态;
ESTABLISHED : 已建立的连接;
FIN_WAIT_1 : ;
FIN_WAIT_2 : ;
SYN_SENT : ;
SYN_RECV : ;
TIME_WAIT : ;
CLOSED : ;
CLOSE_WAIT : ;
LAST_ACK : ;
CLOSING : ;
EXPRESSION:
dport = 表示目标端口;
sport = 表示源端口;
举例: ‘( dport = :22 or sport = :22 )’
~]# ss -o state established ‘( dport = :ssh or sport = :ssh )’
Display all established ssh connections;
~]# ss -o state fin-wait-1 ‘( sport = :http or sport = :https )’ dst 193.233.7/24
List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers;
F.E.
1、iproute家族的命令由软件包’iproute’提供,查看’iproute’程序包信息:
[root@kouyuushinn ~]# [root@kouyuushinn ~]# rpm -qi iproute Name : iproute Version : 3.10.0 'iproute'的版本号与内核的版本号是一致的; Release : 87.el7 Architecture: x86_64 Install Date: Wed 27 Dec 2017 05:43:18 AM CST Group : Applications/System Size : 1505751 License : GPLv2+ and Public Domain Signature : RSA/SHA256, Fri 11 Aug 2017 12:45:58 AM CST, Key ID 24c6a8a7f4a80eb5 Source RPM : iproute-3.10.0-87.el7.src.rpm Build Date : Sat 05 Aug 2017 06:11:33 AM CST Build Host : c1bm.rdu2.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://kernel.org/pub/linux/utils/net/iproute2/ Summary : Advanced IP routing and network device configuration tools Description : The iproute package contains networking utilities (ip and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.4.x and 2.6.x kernel. [root@kouyuushinn ~]# [root@kouyuushinn ~]# [root@kouyuushinn ~]# uname -r 3.10.0-693.21.1.el7.x86_64 [root@kouyuushinn ~]#
2、查看’ip’命令的帮助信息:
IP - COMMAND SYNTAX
OBJECT
address
- protocol (IP or IPv6) address on a device.
addrlabel
- label configuration for protocol address selection.
l2tp - tunnel ethernet over IP (L2TPv3).
link - network device.
maddress
- multicast address.
monitor
- watch for netlink messages.
mroute - multicast routing cache entry.
mrule - rule in multicast routing policy database.
neighbour
- manage ARP or NDISC cache entries.
netns - manage network namespaces.
ntable - manage the neighbor cache's operation.
route - routing table entry.
rule - rule in routing policy database.
tcp_metrics/tcpmetrics
- manage TCP Metrics
token - manage tokenized interface identifiers.
tunnel - tunnel over IP.
tuntap - manage TUN/TAP devices.
xfrm - manage IPSec policies.
The names of all objects may be written in full or abbreviated form, for exampe address can be abbreviated as addr or just a.
COMMAND
Specifies the action to perform on the object. The set of possible actions depends on the object type. As a rule, it is possible to add,
delete and show (or list ) objects, but some objects do not allow all of these operations or have some additional commands. The help command
is available for all objects. It prints out a list of available commands and argument syntax conventions.
If no command is given, some default command is assumed. Usually it is list or, if the objects of this class cannot be listed, help.
说明:
1> 'ip OBJECT' 中对于具体的'OBJECT'的使用帮助,可以使用命令查看:'ip OBJECT help',或者 'man ip-OBJECT';
2> 'ip OBJECT' 后面没有给定'OBJECT'的子命令'COMMAND'时候,通常以'list'方式显示,如果遇到'OBJECT'没有可显示的信息,则可用上面的帮助命令查看此'OBJECT'的其他子命令使用方法;
3、’ip address add ‘添加IP地址;使用’label’选项添加IP地址;
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.206.132 netmask 255.255.255.0 broadcast 192.168.206.255
inet6 fe80::7e22:852b:5f82:f5d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ce:f2:dd txqueuelen 1000 (Ethernet)
RX packets 306053 bytes 290195948 (276.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 138299 bytes 46829639 (44.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 2274 bytes 130086 (127.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2274 bytes 130086 (127.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip address add 192.168.206.135/16 dev ens33
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip address add 192.168.206.138/16 dev ens33
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip address add 10.10.10.10/8 dev ens33
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.206.132 netmask 255.255.255.0 broadcast 192.168.206.255
inet6 fe80::7e22:852b:5f82:f5d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ce:f2:dd txqueuelen 1000 (Ethernet)
RX packets 306309 bytes 290218440 (276.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 138453 bytes 46847849 (44.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 2274 bytes 130086 (127.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2274 bytes 130086 (127.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ce:f2:dd brd ff:ff:ff:ff:ff:ff
inet 192.168.206.132/24 brd 192.168.206.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.206.135/16 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.10.10/8 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.206.138/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::7e22:852b:5f82:f5d/64 scope link
valid_lft forever preferred_lft forever
[root@kouyuushinn ~]#
--------------------------------------------
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip addr add 192.168.10.10/16 dev ens33 label ens33:0
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip addr add 192.168.10.15/16 dev ens33 label ens33:5
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.206.132 netmask 255.255.255.0 broadcast 192.168.206.255
inet6 fe80::7e22:852b:5f82:f5d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ce:f2:dd txqueuelen 1000 (Ethernet)
RX packets 307335 bytes 290305849 (276.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 139014 bytes 46919951 (44.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.0.0 broadcast 0.0.0.0
ether 00:0c:29:ce:f2:dd txqueuelen 1000 (Ethernet)
ens33:5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.15 netmask 255.255.0.0 broadcast 0.0.0.0
ether 00:0c:29:ce:f2:dd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 2284 bytes 130666 (127.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2284 bytes 130666 (127.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kouyuushinn ~]#
[root@kouyuushinn ~]# ip addr sho
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ce:f2:dd brd ff:ff:ff:ff:ff:ff
inet 192.168.206.132/24 brd 192.168.206.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.10/16 scope global ens33:0
valid_lft forever preferred_lft forever
inet 192.168.10.15/16 scope global secondary ens33:5
valid_lft forever preferred_lft forever
inet6 fe80::7e22:852b:5f82:f5d/64 scope link
valid_lft forever preferred_lft forever
[root@kouyuushinn ~]#
4、ss命令举例:
[root@kouyuushinn ~]# [root@kouyuushinn ~]# ss -tan state established '( dport = :22 or sport = :22 )' Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 192.168.206.132:22 192.168.206.1:49911 0 52 192.168.206.132:22 192.168.206.1:49912 [root@kouyuushinn ~]# [root@kouyuushinn ~]# ss -tan '( dport = :22 or sport = :22 )' State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* ESTAB 0 0 192.168.206.132:22 192.168.206.1:49911 ESTAB 0 52 192.168.206.132:22 192.168.206.1:49912 LISTEN 0 128 :::22 :::* [root@kouyuushinn ~]#