008

Date

ipss 命令的使用

ip(8)

ip 命令能够显示/操作路由、网络设备、接口和隧道等。若机器上不存在 ip 命令,则需要安装 iproute2

iproute2 提供了一系列用于替换 net-tools 的命令,一个简单的对比如下

iproute2 net-tools meaing
ip addr ifconfig -a 显示所有地址信息
ip link set eth0 down ifconfig eth0 down 停止网络接口
ip link set eth0 up ifconfig eth0 up 激活网络接口
ip addr add 192.168.1.1/24 dev eth0 ifconfig eth0 192.168.1.1 为 eth0 设置 IP
ip addr add 192.168.1.1/24 dev eth0 ifconfig eth0 netmask 255.255.255.0 为 eth0 设置 IP
ip route route 列出路由表条目
ip route add 192.168.1.0/24 dev eth0 route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0 添加路由
ip route add default via 192.168.1.1 route add default gw 192.168.1.1 更改默认路由

退出码:

Exit status is 0 if command was successful, and 1 if there is a syntax error. If an error was reported by the kernel exit status is 2

ip 功能强大,支持下面所有对象的设置(仅列出部分)

  • link: network device
  • address: protocol (IP or IPv6) address on a device
  • route: routing table entry
  • neigh :manage ARP or NDISC cache entries
  • netns: manage network namespaces

每个对象具有不同的参数选项,可以通过 man 8 ip-xxx 进行查阅,这里列出几个使用频率较高的(上面对比表格中的就不列出了)

ip link list type bridge 显示指定类型的网络接口

$ ip link list type bridge
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default                                                                                 
    link/ether 02:42:0e:05:16:7b brd ff:ff:ff:ff:ff:ff

ip link list master docker0 显示依附于某个设备下的接口

$ ip link list master docker0
17: veth0ecc4d6@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default                                                            
    link/ether 92:41:3d:0a:cf:84 brd ff:ff:ff:ff:ff:ff link-netnsid 0

ip -s link list eth0 显示指定网络接口的统计数据

$ ip -s link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000                                                                             
    link/ether 02:01:85:82:61:59 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    524853493  3266577  0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    252720573  483509   0       0       0       0

假设现在你有一个IP地址,你需要知道路由包从哪里来可以使用 ip route get

$ ip route get 172.17.0.2
172.17.0.2 dev docker0 src 172.17.0.1 uid 0
   cache

网络命名空间

  • ip netns add name 添加网络命名空间
  • ip netns list 显示所有的网络命名空间
  • ip netns exec name command 在指定的网络命名空间下执行命令

ARP 记录

  • ip neigh 显示当前的 ARP 表
  • ip neigh flush dev eth0 清空指定接口下的所有记录
  • ip neigh add 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth0 添加一条 ARP 记录
  • ip neigh del 192.168.1.1 dev eth0 删除一条 ARP 记录

ss(8)

ss 命令用于替换 netstat,可以输出 socket 统计信息

ss -ta 显示所有 TCP 连接

  • -e, --extended: Show detailed socket information.
  • -t, --tcp: Display only TCP sockets.
  • -a, --all: Display all sockets.
  • -u, --udp: Display only UDP sockets.
  • -d, --dccp: Display only DCCP sockets.
  • -w, --raw: Display only RAW sockets
  • -x, --unix: Display only Unix domain sockets.
  • -4, --ipv4: Display only IP version 4 sockets (alias for -f inet).
  • -6, --ipv6: Display only IP version 6 sockets (alias for -f inet6).
  • -0, --packet: Display PACKET sockets.

默认下,-t 选项只会列出 ESTABLISHEDCONNECTED 状态的连接,需要 -a 选项来列出其他的

$ ss -tae
State     Recv-Q     Send-Q          Local Address:Port             Peer Address:Port                                                 
LISTEN    0          128                   0.0.0.0:ssh                   0.0.0.0:*          ino:14521 sk:32 <->                       
LISTEN    0          128                   0.0.0.0:llmnr                 0.0.0.0:*          uid:195 ino:13445 sk:33 <->               
LISTEN    0          128                      [::]:ssh                      [::]:*          ino:14528 sk:35 v6only:1 <->              
LISTEN    0          128                      [::]:llmnr                    [::]:*          uid:195 ino:13448 sk:36 v6only:1 <->

ss -m 显示 socket 的内存占用

  • -m, --memory: Show socket memory usage.
$ ss -uam
State        Recv-Q        Send-Q                                 Local Address:Port                          Peer Address:Port       

UNCONN       0             0                                      127.0.0.53%lo:domain                             0.0.0.0:*          
         skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)

ss -s 显示统计信息

  • -s, --summary: Print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.
$ ss -s
Total: 132
TCP:   8 (estab 1, closed 0, orphaned 0, timewait 0)

Transport Total     IP        IPv6
RAW   1         0         1        
UDP   5         3         2        
TCP   8         6         2        
INET      14        9         5        
FRAG      0         0         0

ss -lp | grep <port> 显示占用端口的进程

  • -l, --listening: Display listening sockets.
  • -p, --processes: Show process using socket.
  • -n, --numeric: Do now try to resolve service names.
  • -r, --resolve: Try to resolve numeric address/ports.
$ ss -lp | grep 22
# 这样是没有结果的,因为显示的是 ssh 而不是 22。参考上面 `ss -ta` 的返回结果

$ ss -lpn | grep 22  # 不进行解析
# 省略

ss -o state established '( dport = :http or sport = :http )' 显示所有状态为 Established 的 HTTP 连接,并且显示 timer 信息

  • -o, --options: Show timer information.

ss 命令除了上述提到或者没提到的参数之外,还可以添加过滤条件。不过需要注意格式是参数在前,过滤条件在后

state established 便是一个过滤条件,筛选所有 ESTABLISHED 状态的连接

state 可以是

  • established
  • syn-sent
  • syn-recv
  • fin-wait-1
  • fin-wait-2
  • time-wait
  • closed
  • close-wait
  • last-ack
  • listening
  • closing
  • all : All of the above states
  • connected : All the states except for listening and closed
  • synchronized : All the connected states except for syn-sent
  • bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
  • big : Opposite to bucket state.

因为诸如 syn-sentsyn-recv 等状态停留的时间非常短,所以大部分情况下无发观测到。可以配合 watch 命令进行实时监测

watch -n 1 "ss -t4 state syn-sent"

'( dport = :http or sport = :http )' 可以对目标端口源端口进行过滤,支持协议名称和端口的数字表示。dstsrc 可以过滤目标地址和源地址

$ ss -o state established '( dport = :http or sport = :http )'                                                              
Netid Recv-Q  Send-Q                          Local Address:Port                                   Peer Address:Port                  
tcp   0       0          [2400:8500:1301:735:133:130:97:89]:56890                    [2404:6800:4004:808::2004]:http                  
timer:(keepalive,59sec,0)