iproute命令家族：ip，ss

ip命令：查看管理路由，设备等相关功能

• 格式用法：
  ip [ OPTIONS ] OBJECT { COMMAND | help }
   OBJECT := { link | address | rotue | netns }
   注意：OBJECT可简写，各OBJECT的子命令也可简写
  • ip link：网络设备配置
     ip link set：修改设备属性
      dev NAME(default)：指明要管理的设备，dev关键字可省略；
      up/down：启用/禁用；
      multicast on or multicast off：启用或禁用多播功能；
      name NAME：重命名接口；
      mtu NUMBER：设置MTU的大小，默认为1500；
     ip link [ show | list ]：显示设备属性

    [root@node1 ~]# ip link show
    1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: ens33:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
        link/ether 00:0c:29:0e:af:80 brd ff:ff:ff:ff:ff:ff
    3: virbr0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
        link/ether 52:54:00:60:69:03 brd ff:ff:ff:ff:ff:ff
    4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
        link/ether 52:54:00:60:69:03 brd ff:ff:ff:ff:ff:ff
    5: ens37:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
        link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
    

  • ip address：管理IP地址
    • ip address add：添加IP地址；
       [root@node1 ~]# ip addr add IFADDR dev IFACE
        [label NAME]：为额外添加的地址指明接口别名；
        [broadcast ADDRESS]：广播地址，会根据IP和NETMASK自动计算得到；
        [scope SCOPE_VALUE]：作用域
         global：全局可用；
         global：link：接口可用；
         global：host：仅本机可用；

      [root@node1 ~]# ip addr show ens37
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet6 fe80::6875:3a17:13d5:3efe/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      [root@node1 ~]# ip addr add 192.168.1.115 dev ens37 label ens37:1
      [root@node1 ~]# ip addr show ens37
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet 192.168.1.115/32 scope global ens37:1
             valid_lft forever preferred_lft forever
          inet6 fe80::6875:3a17:13d5:3efe/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      

    • ip address delete：删除IP地址；
       ip addr delete IFADDR dev IFACE

      [root@node1 ~]# ip addr show ens37
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet 192.168.1.115/32 scope global ens37:1
             valid_lft forever preferred_lft forever
          inet6 fe80::6875:3a17:13d5:3efe/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      [root@node1 ~]# ip addr del 192.168.1.115 dev ens37
      Warning: Executing wildcard deletion to stay compatible with old scripts.
               Explicitly specify the prefix length (192.168.1.115/32) to avoid this warning.
               This special behaviour is likely to disappear in further releases,
               fix your scripts!
      [root@node1 ~]# ip addr show ens37                 
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet6 fe80::6875:3a17:13d5:3efe/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      

    • ip address show：查看IP地址；
       显示指定接口的地址：ip addr list [IFACE]

      [root@node1 ~]# ip addr show ens37                   
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet 192.168.1.115/8 scope global ens37
            valid_lft forever preferred_lft forever
      

    • ip address flush：清空所有的IP地址；
        ip addr flush dev IFACE

      [root@node1 ~]# ip addr show ens37
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
          inet 192.168.1.115/8 scope global ens37
             valid_lft forever preferred_lft forever
          inet6 fe80::6875:3a17:13d5:3efe/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      [root@node1 ~]# ip addr flush dev ens37
      [root@node1 ~]# ip addr show ens37     
      5: ens37:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 00:0c:29:0e:af:8a brd ff:ff:ff:ff:ff:ff
      

  • ip route：管理路由表
    • 添加路由：ip route add
    • 修改路由：ip route change
    • 有就修改路由，没有就添加路由：ip route replace

      [root@node1 ~]# ip route add 8.8.8.0/24 via 172.16.0.1 dev ens33
      [root@node1 ~]# ip route list 
      default via 192.168.1.1 dev ens37 proto dhcp metric 101 
      default via 172.16.0.1 dev ens33 proto static metric 102 
      8.8.8.0/24 via 172.16.0.1 dev ens33 
      10.0.0.0/8 via 192.168.122.1 dev virbr0 scope link 
      172.16.0.0/24 dev ens33 proto kernel scope link src 172.16.0.11 metric 102 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.1.0/24 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
      

    • 删除路由：ip route delete

      [root@node1 ~]# ip route delete 8.8.8.0/24
      [root@node1 ~]# ip route list 
      default via 192.168.1.1 dev ens37 proto dhcp metric 101 
      default via 172.16.0.1 dev ens33 proto static metric 102 
      10.0.0.0/8 via 192.168.122.1 dev virbr0 scope link 
      172.16.0.0/24 dev ens33 proto kernel scope link src 172.16.0.11 metric 102 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.1.0/24 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
      

    • 显示路由：ip route show

      [root@node1 ~]# ip route show src 192.168.1.115 
      192.0.0.0/8 dev ens37 proto kernel scope link 
      192.0.0.0/8 dev ens37 proto kernel scope link metric 101 
      192.168.1.0/24 dev ens37 proto kernel scope link metric 101 
      

    • 清空路由表：ip route flush

      [root@node1 ~]# ip route show
      default via 192.168.1.1 dev ens37 proto dhcp metric 101 
      default via 172.16.0.1 dev ens33 proto static metric 102 
      10.0.0.0/8 via 192.168.122.1 dev virbr0 scope link 
      172.16.0.0/24 dev ens33 proto kernel scope link src 172.16.0.11 metric 102 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 
      192.0.0.0/8 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.1.0/24 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
      [root@node1 ~]# ip route flush 192/8
      [root@node1 ~]# ip route show       
      default via 192.168.1.1 dev ens37 proto dhcp metric 101 
      default via 172.16.0.1 dev ens33 proto static metric 102 
      10.0.0.0/8 via 192.168.122.1 dev virbr0 scope link 
      172.16.0.0/24 dev ens33 proto kernel scope link src 172.16.0.11 metric 102 
      192.168.1.0/24 dev ens37 proto kernel scope link src 192.168.1.115 metric 101 
      192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
      

    • 获取指定的单条路由：ip route get

      [root@node1 ~]# ip route get 172.16.0.0/24
      broadcast 172.16.0.0 dev ens33 src 172.16.0.11 
          cache  
      

  • ip netns：管理网络名称空间
    列出所有的netns：ip netns list
    创建指定的netns：ip netns add NAME
    删除指定的netns：ip netns del NAME
    在指定的netns中运行命令：ip netns exec NAME COMMAND

---

ss命令：另一个显示套接字的实用程序

• 格式：
  ss [options] [FILTER]
   options：
    -t：TCP协议的相关连接，连接均有其状态；FSM(Finate State Machine)，有限状态机；
    -u：UDP协议的相关连接；
    -w：裸套接字(raw socket)相关的连接；
    -l：处于监听状态的连接；
    -a：所有状态；
    -n：以数字格式显示IP和Port；
    -e：扩展格式；
    -p：显示相关的进程及PID；
    -m：内存用量；
    -o：计时器信息；
    FILTER := [ state STATE-FILTER ] [ EXPRESSION ]

• TCP的常见状态：

  • TCP FSM：
     LISTEN：监听
     ESTABLISEHD：已建立的连接
     FIN_WAIT_1：结束等待状态1
     FIN_WAIT_2：结束等待状态2
     SYN_SENT：SYN发送
     SYN_RECV：SYN接收
     CLOSED：关闭

    [root@node1 ~]# ss -tan state ESTABLISHED
    Recv-Q Send-Q                                                Local Address:Port                                                               Peer Address:Port              
    0      96                                                      172.16.0.11:22                                                                   172.16.0.1:2049              
    

  • EXPRESSION：
     dport =
     sport =

    [root@node1 ~]# ss -tan '( dport = :22 or sport = :22 )'
    State       Recv-Q Send-Q                                           Local Address:Port                                                          Peer Address:Port              
    LISTEN      0      128                                                          *:22                                                                       *:*                  
    ESTAB       0      0                                                  172.16.0.11:22                                                              172.16.0.1:2049               
    LISTEN      0      128                                                         :::22                                                                      :::*