【网络协议-6】net-tools vs iproute2

Demon.Lee 2021年12月06日 1,361次浏览

本文实践环境:
Operating System: CentOS Linux release 8.4.2105
Kernel: 4.18.0-305
Architecture: x86-64

在前一篇的《Linux OS 下 IP 地址怎么看》中,笔者梳理了通过 ifconfigip addr 两种方式查看 Linux OS 中的 IP 地址,并详细列出了每个参数的含义。

在文章的最后,笔者提了一个问题,即这两个命令背后有什么关联呢?这其实是一个关于 net-tools 和 iproute2 两个软件包之间的故事。这一篇文章,笔者就来聊一聊,做一个梳理。

之前用 man ip-addressman ifconfig 获取自查手册上的内容时,最后的几行信息其实已经说出了二者的来源,如下所示:

[demonlee@i-mluwuwl1 ~]$ man ip-address
...
...
...

SEE ALSO   
       ip(8)

AUTHOR
       Original Manpage by Michail Litvak <mci@owl.openwall.com>

iproute2                               20 Dec 2011                                                   IP-ADDRESS(8)
[demonlee@i-mluwuwl1 ~]$ man ifconfig
...
...
...

SEE ALSO
       ip(8), iptables(8)
       http://physics.nist.gov/cuu/Units/binary.html - Prefixes for binary multiples

AUTHORS
       Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
       Alan Cox, <Alan.Cox@linux.org>
       Phil Blundell, <Philip.Blundell@pobox.com>
       Andi Kleen
       Bernd Eckenfels, <net-tools@lina.inka.de>

net-tools                              2008-10-03                                            IFCONFIG(8)

前面的文章中,我们知道 ifconfig 已经过时,官方不再维护,而其对应的正是 net-tools 包。其实不只 ifconfig 命令过时,整个 net-tools 包都已过时,不再维护。取而代之的正是 iproute2 包,可以将 iproute2 软件包理解为 net-tools 的下一代。

net-tools

找到 net-tools 的官方网站:https://net-tools.sourceforge.io ,其内容如下:

net-tools, the collection of base networking utilities for Linux.

Project Home: https://sourceforge.net/projects/net-tools/

Commands: arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8), plipconfig(8), rarp(8), route(8) und slattach(8).

Additional mal pages: ethers(5) -- /etc/ethers file for arp(8)

NB: some projects (like Debian and RedHat) use a net-tools based but different hostname command.

The project is hosted by Sourceforge.net

从中可以知道,net-tools 是一个 Linux 下的软件包,由一系列程序构成,包括 arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8), plipconfig(8), rarp(8), route(8) 和 slattach(8)。

命令
作用备注
arpmanipulate the system ARP cache操作 ARP 协议[1]的缓存内容
hostnameshow or set the system's host name查看或设置系统主机名
ifconfigconfigure a network interface网络接口配置或查看
ipmaddradds, deletes, and displays multicast addresses用于管理多播地址
iptunnelcreates, deletes, and displays configured tunnels用于管理 IP 隧道
mii-toolview, manipulate media-independent interface status查看或设置网络接口的独立媒体接口(MII)单元的状态
nameifname network interfaces based on MAC addresses根据 MAC 地址重命名网络接口名称
netstatPrint network connections, routing tables, interface statistics, masquerade connections, and multicast memberships常用命令,用于查看网络连接,路由等不同数据的状态或统计结果
rarpmanipulate the system RARP tableFrom version 2.3, the Linux kernel no longer contains RARP support. 当前机器上已无该命令,RARP 可以理解为 ARP 协议的反向操作,即已知 MAC 地址,求 IP 地址,目前已基本被 DHCP 协议取代
routemanually manipulate the routing tables用于管理路由表
slattachattach a network interface to a serial line将一个网络接口绑定到一个普通终端上

基于上面的梳理,我们现在对整个 net-tools 软件包有了一个比较直观的了解,那么替代它的 iproute2 又有哪些命令呢?

iproute2

为啥要新开发 iproute2 ?

翻看 iproute2 的官方 wiki ,可以看到:

Iproute2 is a collection of utilities for controlling TCP / IP networking and traffic control in Linux. It is currently maintained by Stephen Hemminger stephen@networkplumber.org. The original author, Alexey Kuznetsov, is well known for the QoS implementation in the Linux kernel.

Most network configuration manuals still refer to ifconfig and route as the primary network configuration tools, but ifconfig is known to behave inadequately in modern network environments. They should be deprecated, but most distros still include them. Most network configuration systems make use of ifconfig and thus provide a limited feature set. The /etc/net project aims to support most modern network technologies, as it doesn't use ifconfig and allows a system administrator to make use of all iproute2 features, including traffic control.

iproute2 is usually shipped in a package called iproute or iproute2 and consists of several tools, of which the most important are ip and tc. ip controls IPv4 and IPv6 configuration and tc stands for traffic control. Both tools print detailed usage messages and are accompanied by a set of manpages.

而从这个 wiki 页面找到对应的 Documentation,其中的 Why iproute2? 也有相关描述:

Most Linux distributions, and most UNIX's, currently use the venerable arp, ifconfig and route commands. While these tools work, they show some unexpected behaviour under Linux 2.2 and up. For example, GRE tunnels are an integral part of routing these days, but require completely different tools.

With iproute2, tunnels are an integral part of the tool set.

The 2.2 and above Linux kernels include a completely redesigned network subsystem. This new networking code brings Linux performance and a feature set with little competition in the general OS arena. In fact, the new routing, filtering, and classifying code is more featureful than the one provided by many dedicated routers and firewalls and traffic shaping products.

As new networking concepts have been invented, people have found ways to plaster them on top of the existing framework in existing OSes. This constant layering of cruft has lead to networking code that is filled with strange behaviour, much like most human languages. In the past, Linux emulated SunOS's handling of many of these things, which was not ideal.

This new framework makes it possible to clearly express features previously beyond Linux's reach.

从这些内容中我们可以得到以下信息:
1)iproute2 也是一个软件包,用于 Linux 下 TCP/IP 网络管理以及流量控制等。
2)iproute2 包含很多工具,其中最重要的是 iptc 命令。ip 命令用来管理 IPv4 和 IPv6 的配置,而 tc 命令则用来进行流量控制。
3)很多 Linux 发行版或 Unix 系统还在使用古老的 arpifconfig 以及 route 等命令,这些 net-tools 下的命令性能不够好,而且在 Linux 2.2 及以上内核版本中存在不可预知的行为。
4)Linux 2.2 及以上内核版本对网络子系统进行了重新设计, iproute2 软件包可以很好地在这些内核版本上工作。

我们通过 man ip 来初步了解一下这个程序:

[demonlee@i-mluwuwl1 ~]$ man ip
NAME
       ip - show / manipulate routing, network devices, interfaces and tunnels

SYNOPSIS
       ip [ OPTIONS ] OBJECT { COMMAND | help }

       ip [ -force ] -batch filename

       OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp |
               tcp_metrics | token | macsec | vrf | mptcp }

       OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | link } | -4 | -6 | -I | -D |
               -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -N[umeric] |
               -a[ll] | -c[olor] | -br[ief] | -j[son] | -p[retty] }
...
...
...

IP - COMMAND SYNTAX
   OBJECT
       address
              - protocol (IP or IPv6) address on a device.

       addrlabel
              - label configuration for protocol address selection.

       l2tp   - tunnel ethernet over IP (L2TPv3).

       link   - network device.

       maddress
              - multicast address.

       monitor
              - watch for netlink messages.

       mptcp  - manage MPTCP path manager.

       mroute - multicast routing cache entry.

       mrule  - rule in multicast routing policy database.

       neighbour
              - manage ARP or NDISC cache entries.

       netns  - manage network namespaces.

       ntable - manage the neighbor cache's operation.

       route  - routing table entry.

       rule   - rule in routing policy database.

       tcp_metrics/tcpmetrics
              - manage TCP Metrics

       token  - manage tokenized interface identifiers.

       tunnel - tunnel over IP.

       tuntap - manage TUN/TAP devices.

       vrf    - manage virtual routing and forwarding devices.

       xfrm   - manage IPSec policies.

       The names of all objects may be written in full or abbreviated form, for example address can be abbreviated as addr or just a.

...
...
...

可以看到,这个工具集非常强大,之前 net-tools 很多命令,都在这一个 ip 工具体系中搞定了,即统一了格式。除了 ip 命令,iproute2 下还有很多工具[2],简单梳理如下:

命令
作用备注
ipshow / manipulate routing, network devices, interfaces and tunnels管理网络设备,接口,路由以及隧道等
tcshow / manipulate traffic control settings网络流量控制
ssanother utility to investigate socketsnetstat 的替代者,用来查看 TCP 状态信息,获取 socket 统计信息等
lnstatunified linux network statistics输出 Linux 网络统计数据
nstatnstat and rtacct are simple tools to monitor kernel snmp counters and network interface statistics用于监视内核 snmp 计数器和网络接口统计
rdmaRDMA toolRDMA(RemoteDirect Memory Access),即远程直接内存访问,可以将一台计算机内存中的数据直接传输到另一台计算机,而无需双方操作系统介入
routefflush routes删除所有路由,网络将无法使用
routellist routes with pretty output format按照格式化后的格式列出路由表信息
ctstat使用 lnstat 替代
rtstat使用 lnstat 替代
bridgeshow / manipulate bridge addresses and devices管理网桥设备和地址
devlinkDevlink tool,devlink device configuration
rtacctnetwork statistics tools参考上面的 nstat
rtmonlistens to and monitors RTnetlink监听 netlink socket 并监视路由表变化
tipca TIPC configuration and management tool透明进程间通信(TIPC)协议配置和管理
arpduserspace arp daemon用户态 arp 守护进程,用于收集 ARP 信息,在需要时提供给内核,防止因内核 ARP 缓存大小有限而造成的冗余广播
genlgeneric netlink utility frontend

不从事网络相关的专业工作,大部分命令我们可能都接触不到,所以刻意去记这些命令意义不大。笔者认为,当我们要使用某一个命令时,详细阅读相关文档,再实践即可。

对比

好了,到这里,我们已经对 iproute2 和 net-tools 两个软件包进行了初步的分析,简单对比如下:

1、net-tools 起源于 BSD ,自 2001 年起,Linux 社区已不再维护。而 iproute2 旨在取代 net-tools,同时提供了一些新功能,并且在性能等方面都有提升。

2、net-tools 通过 procfs(/proc) 和 ioctl 系统调用来管理内核的网络配置,而 iproute2 则通过 netlink socket 接口[3]与内核进行通信。

3、net-tools 中的命令比较杂,而 iproute2 中基本都是 ip xxx 这种比较统一的格式,比较规范。

4、有些 Linux 发行版只支持 iproute2,不再支持 net-tools,但是 net-tools 依然使用广泛,所以这两套软件包都要有所了解。如果找不到相关命令,可以安装这两个软件包,比如在 centOS 上:

yum install net-tools
yum install iproute

前面提到了很多命令,这里也将常用的做一个对比:

net-tools
iproute2
作用
ifconfigip addr; ip link网络接口配置
route; netstat -rip route路由信息,看看是否有不合理的路由
netstatss网络连接统计信息
netstat -snstat网络状态统计
arpip neigharp 缓存等管理
ipmaddrip maddr多播地址管理
iptunnelip tunnelip 隧道管理

参考资料


  1. ARP 协议,即 Address Resolution Protocol (地址解析协议),已知 IP 地址,求 MAC 地址。 ↩︎

  2. https://zh.wikipedia.org/wiki/Iproute2 ↩︎

  3. https://zh.wikipedia.org/wiki/Netlink ↩︎