簡述iproute家族命令

iptoute2家族

ip命令:
ip – show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap |
maddress | mroute | mrule | monitor | xfrm | netns | l2tp | tcp_metrics | token }

OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | link } | -4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imes‐
tamp] | -ts[hort] | -n[etns] name | -a[ll] }
ip link set-change device attributes
ip link show -display device attributes
dev name(default)指明要管理的設備,dev關鍵字可省略
up and down
multicast on 或multicast off 啟用或禁用多播功能
name NAME 重命名接口
mtu MTU 設置大小,最大為1500
netns PID

ip link show display device attributes
ip netns:ip -manage network namespaces
ip netns list 列出所有的netns
ip netns add name 創建指定的netns
ip netns del ?name ?刪除指定的netns
ip netns exec name command 在指定的netns中運行命令

ip-address – protocol address management
ip address add -add new protocol address
ip addr add ifaddr dev iface
[label name]:為額外添加的地址指明接口別名;
[broadcast address]:廣播地址;會根據ip和netmask自動計算得到;
[scope scope_value]
global:全局可用;
link:接口可用;
host:僅本機可用
ip address delete -delete protocol address
ip addr delete ifaddr dev iface
ip address show -look at protocol addresses
ip addr list [iface]顯示接口的地址;
ip address flush – flush protocol addresses
ip addr flush dev iface
ip route -routing table management
ip route add -add new route
ip route change -change route
ip route replace -change or add new one
ip route add type prefix via gw [dev iface] [src source_ip]
示例:
ip route add 192.168.0.0/24 via 10.0.0.1 dev eth1 src 10.0.20.100
ip route add default via gw
ip route delete-delete route
ip route del type prefix
示例:
ip route del 192.168.1.0/24
ip route show -list routes

ip route flush -flush routing tables

ip route get -get a single route
ip route get type prifix
示例:ip route get 192.168.0.0/24
ss命令:
ss [options] [filter]
-t:tcp協議相關鏈接,連接均有其狀態;FSM
-u:udp相關的鏈接.
-w:raw socket相關的鏈接
-l:處于監聽狀態
-a:所有狀態
-n:以數字格式顯示ip和port
-e:擴展格式
-p:顯示相關的進程及pid
-m:內存用量
-o:計時器信息
fiter:=[state tcp-state] [expression]
tcp 的常見狀態:
tcp fsm
LISTEN:監聽
ESTABLISEHD:建立的連接
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
EXPRESSION:
dport=
sport=
示例:(dport=22 or sport=22)
ss -tan state ESTABLISHED
ss -tan ‘( dport = :22 or sport = :22 )’