本文实践环境:
Operating System: CentOS Linux release 8.4.2105
Kernel: 4.18.0-305
Architecture: x86-64
在前一篇的《Linux OS 下 IP 地址怎么看》中,笔者梳理了通过 ifconfig
和 ip addr
两种方式查看 Linux OS 中的 IP 地址,并详细列出了每个参数的含义。
在文章的最后,笔者提了一个问题,即这两个命令背后有什么关联呢?这其实是一个关于 net-tools 和 iproute2 两个软件包之间的故事。这一篇文章,笔者就来聊一聊,做一个梳理。
之前用 man ip-address
和 man ifconfig
获取自查手册上的内容时,最后的几行信息其实已经说出了二者的来源,如下所示:
[demonlee@i-mluwuwl1 ~]$ man ip-address
...
...
...
SEE ALSO
ip(8)
AUTHOR
Original Manpage by Michail Litvak <mci@owl.openwall.com>
iproute2 20 Dec 2011 IP-ADDRESS(8)
[demonlee@i-mluwuwl1 ~]$ man ifconfig
...
...
...
SEE ALSO
ip(8), iptables(8)
http://physics.nist.gov/cuu/Units/binary.html - Prefixes for binary multiples
AUTHORS
Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
Alan Cox, <Alan.Cox@linux.org>
Phil Blundell, <Philip.Blundell@pobox.com>
Andi Kleen
Bernd Eckenfels, <net-tools@lina.inka.de>
net-tools 2008-10-03 IFCONFIG(8)
前面的文章中,我们知道 ifconfig
已经过时,官方不再维护,而其对应的正是 net-tools 包。其实不只 ifconfig
命令过时,整个 net-tools 包都已过时,不再维护。取而代之的正是 iproute2 包,可以将 iproute2 软件包理解为 net-tools 的下一代。
net-tools
找到 net-tools 的官方网站:https://net-tools.sourceforge.io ,其内容如下:
net-tools, the collection of base networking utilities for Linux.
Project Home: https://sourceforge.net/projects/net-tools/
Commands: arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8), plipconfig(8), rarp(8), route(8) und slattach(8).
Additional mal pages: ethers(5) -- /etc/ethers file for arp(8)
NB: some projects (like Debian and RedHat) use a net-tools based but different hostname command.
The project is hosted by Sourceforge.net
从中可以知道,net-tools 是一个 Linux 下的软件包,由一系列程序构成,包括 arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8), plipconfig(8), rarp(8), route(8) 和 slattach(8)。
命令 | 作用 | 备注 |
---|---|---|
arp | manipulate the system ARP cache | 操作 ARP 协议[1]的缓存内容 |
hostname | show or set the system's host name | 查看或设置系统主机名 |
ifconfig | configure a network interface | 网络接口配置或查看 |
ipmaddr | adds, deletes, and displays multicast addresses | 用于管理多播地址 |
iptunnel | creates, deletes, and displays configured tunnels | 用于管理 IP 隧道 |
mii-tool | view, manipulate media-independent interface status | 查看或设置网络接口的独立媒体接口(MII)单元的状态 |
nameif | name network interfaces based on MAC addresses | 根据 MAC 地址重命名网络接口名称 |
netstat | Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships | 常用命令,用于查看网络连接,路由等不同数据的状态或统计结果 |
rarp | manipulate the system RARP table | From version 2.3, the Linux kernel no longer contains RARP support. 当前机器上已无该命令,RARP 可以理解为 ARP 协议的反向操作,即已知 MAC 地址,求 IP 地址,目前已基本被 DHCP 协议取代 |
route | manually manipulate the routing tables | 用于管理路由表 |
slattach | attach a network interface to a serial line | 将一个网络接口绑定到一个普通终端上 |
基于上面的梳理,我们现在对整个 net-tools 软件包有了一个比较直观的了解,那么替代它的 iproute2 又有哪些命令呢?
iproute2
为啥要新开发 iproute2 ?
翻看 iproute2 的官方 wiki ,可以看到:
Iproute2 is a collection of utilities for controlling TCP / IP networking and traffic control in Linux. It is currently maintained by Stephen Hemminger stephen@networkplumber.org. The original author, Alexey Kuznetsov, is well known for the QoS implementation in the Linux kernel.
Most network configuration manuals still refer to ifconfig and route as the primary network configuration tools, but ifconfig is known to behave inadequately in modern network environments. They should be deprecated, but most distros still include them. Most network configuration systems make use of ifconfig and thus provide a limited feature set. The /etc/net project aims to support most modern network technologies, as it doesn't use ifconfig and allows a system administrator to make use of all iproute2 features, including traffic control.
iproute2 is usually shipped in a package called iproute or iproute2 and consists of several tools, of which the most important are ip and tc. ip controls IPv4 and IPv6 configuration and tc stands for traffic control. Both tools print detailed usage messages and are accompanied by a set of manpages.
而从这个 wiki 页面找到对应的 Documentation,其中的 Why iproute2? 也有相关描述:
Most Linux distributions, and most UNIX's, currently use the venerable arp, ifconfig and route commands. While these tools work, they show some unexpected behaviour under Linux 2.2 and up. For example, GRE tunnels are an integral part of routing these days, but require completely different tools.
With iproute2, tunnels are an integral part of the tool set.
The 2.2 and above Linux kernels include a completely redesigned network subsystem. This new networking code brings Linux performance and a feature set with little competition in the general OS arena. In fact, the new routing, filtering, and classifying code is more featureful than the one provided by many dedicated routers and firewalls and traffic shaping products.
As new networking concepts have been invented, people have found ways to plaster them on top of the existing framework in existing OSes. This constant layering of cruft has lead to networking code that is filled with strange behaviour, much like most human languages. In the past, Linux emulated SunOS's handling of many of these things, which was not ideal.
This new framework makes it possible to clearly express features previously beyond Linux's reach.
从这些内容中我们可以得到以下信息:
1)iproute2 也是一个软件包,用于 Linux 下 TCP/IP 网络管理以及流量控制等。
2)iproute2 包含很多工具,其中最重要的是 ip
和 tc
命令。ip
命令用来管理 IPv4 和 IPv6 的配置,而 tc
命令则用来进行流量控制。
3)很多 Linux 发行版或 Unix 系统还在使用古老的 arp
,ifconfig
以及 route
等命令,这些 net-tools 下的命令性能不够好,而且在 Linux 2.2 及以上内核版本中存在不可预知的行为。
4)Linux 2.2 及以上内核版本对网络子系统进行了重新设计, iproute2 软件包可以很好地在这些内核版本上工作。
我们通过 man ip
来初步了解一下这个程序:
[demonlee@i-mluwuwl1 ~]$ man ip
NAME
ip - show / manipulate routing, network devices, interfaces and tunnels
SYNOPSIS
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp |
tcp_metrics | token | macsec | vrf | mptcp }
OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | link } | -4 | -6 | -I | -D |
-B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -N[umeric] |
-a[ll] | -c[olor] | -br[ief] | -j[son] | -p[retty] }
...
...
...
IP - COMMAND SYNTAX
OBJECT
address
- protocol (IP or IPv6) address on a device.
addrlabel
- label configuration for protocol address selection.
l2tp - tunnel ethernet over IP (L2TPv3).
link - network device.
maddress
- multicast address.
monitor
- watch for netlink messages.
mptcp - manage MPTCP path manager.
mroute - multicast routing cache entry.
mrule - rule in multicast routing policy database.
neighbour
- manage ARP or NDISC cache entries.
netns - manage network namespaces.
ntable - manage the neighbor cache's operation.
route - routing table entry.
rule - rule in routing policy database.
tcp_metrics/tcpmetrics
- manage TCP Metrics
token - manage tokenized interface identifiers.
tunnel - tunnel over IP.
tuntap - manage TUN/TAP devices.
vrf - manage virtual routing and forwarding devices.
xfrm - manage IPSec policies.
The names of all objects may be written in full or abbreviated form, for example address can be abbreviated as addr or just a.
...
...
...
可以看到,这个工具集非常强大,之前 net-tools 很多命令,都在这一个 ip
工具体系中搞定了,即统一了格式。除了 ip
命令,iproute2 下还有很多工具[2],简单梳理如下:
命令 | 作用 | 备注 |
---|---|---|
ip | show / manipulate routing, network devices, interfaces and tunnels | 管理网络设备,接口,路由以及隧道等 |
tc | show / manipulate traffic control settings | 网络流量控制 |
ss | another utility to investigate sockets | netstat 的替代者,用来查看 TCP 状态信息,获取 socket 统计信息等 |
lnstat | unified linux network statistics | 输出 Linux 网络统计数据 |
nstat | nstat and rtacct are simple tools to monitor kernel snmp counters and network interface statistics | 用于监视内核 snmp 计数器和网络接口统计 |
rdma | RDMA tool | RDMA(RemoteDirect Memory Access),即远程直接内存访问,可以将一台计算机内存中的数据直接传输到另一台计算机,而无需双方操作系统介入 |
routef | flush routes | 删除所有路由,网络将无法使用 |
routel | list routes with pretty output format | 按照格式化后的格式列出路由表信息 |
ctstat | 使用 lnstat 替代 | |
rtstat | 使用 lnstat 替代 | |
bridge | show / manipulate bridge addresses and devices | 管理网桥设备和地址 |
devlink | Devlink tool,devlink device configuration | |
rtacct | network statistics tools | 参考上面的 nstat |
rtmon | listens to and monitors RTnetlink | 监听 netlink socket 并监视路由表变化 |
tipc | a TIPC configuration and management tool | 透明进程间通信(TIPC)协议配置和管理 |
arpd | userspace arp daemon | 用户态 arp 守护进程,用于收集 ARP 信息,在需要时提供给内核,防止因内核 ARP 缓存大小有限而造成的冗余广播 |
genl | generic netlink utility frontend |
不从事网络相关的专业工作,大部分命令我们可能都接触不到,所以刻意去记这些命令意义不大。笔者认为,当我们要使用某一个命令时,详细阅读相关文档,再实践即可。
对比
好了,到这里,我们已经对 iproute2 和 net-tools 两个软件包进行了初步的分析,简单对比如下:
1、net-tools 起源于 BSD ,自 2001 年起,Linux 社区已不再维护。而 iproute2 旨在取代 net-tools,同时提供了一些新功能,并且在性能等方面都有提升。
2、net-tools 通过 procfs(/proc) 和 ioctl 系统调用来管理内核的网络配置,而 iproute2 则通过 netlink socket 接口[3]与内核进行通信。
3、net-tools 中的命令比较杂,而 iproute2 中基本都是 ip xxx
这种比较统一的格式,比较规范。
4、有些 Linux 发行版只支持 iproute2,不再支持 net-tools,但是 net-tools 依然使用广泛,所以这两套软件包都要有所了解。如果找不到相关命令,可以安装这两个软件包,比如在 centOS 上:
yum install net-tools
yum install iproute
前面提到了很多命令,这里也将常用的做一个对比:
net-tools | iproute2 | 作用 |
---|---|---|
ifconfig | ip addr; ip link | 网络接口配置 |
route; netstat -r | ip route | 路由信息,看看是否有不合理的路由 |
netstat | ss | 网络连接统计信息 |
netstat -s | nstat | 网络状态统计 |
arp | ip neigh | arp 缓存等管理 |
ipmaddr | ip maddr | 多播地址管理 |
iptunnel | ip tunnel | ip 隧道管理 |
参考资料
- 放弃 ifconfig,拥抱 ip 命令,by Linux 中国
- 趣谈网络协议,by 刘超
- 如何分析常见的TCP问题,by 邵亚方
- Linux IP Command with Usage Examples,by Bobbin Zachariah
- ip command from iproute2 – utilities for TCP/IP networking in Linux,by Hayden James
-
ARP 协议,即 Address Resolution Protocol (地址解析协议),已知 IP 地址,求 MAC 地址。 ↩︎