Linux iproute2 命令家族（ip / ss）

iproute 简介ip 命令1、ip link1.1 up / down 和 multicast1.2 name1.3 mtu1.4 netns1.5 show1.6 help2、ip netns3、ip address3.1 ip address add3.2 ip address delete3.3 ip link show3.4 ip link flush4、ip route5、ip link setss 命令1、ss 语法格式2、TCP 常见状态

iproute 简介

iproute 与 内核是密切相关的，所以两者版本是一致的。

[root@LeeMumu ~]# rpm -qi iprouteName : iprouteVersion: 4.11.0Release: 14.el7_6.2Architecture: x86_64Install Date: Sun 28 Jul 09:28:29 AM EDTGroup : Applications/SystemSize : 1793061License: GPLv2+ and Public DomainSignature : RSA/SHA256, Mon 29 Apr 11:45:09 AM EDT, Key ID 24c6a8a7f4a80eb5Source RPM : iproute-4.11.0-14.el7_6.2.src.rpmBuild Date : Wed 24 Apr 10:03:34 AM EDTBuild Host : x86-02.Relocations : (not relocatable)Packager : CentOS BuildSystem <>Vendor: CentOSURL : /pub/linux/utils/net/iproute2/Summary: Advanced IP routing and network device configuration toolsDescription :The iproute package contains networking utilities (ip and rtmon, for example)which are designed to use the advanced networking capabilities of the Linuxkernel.[root@LeeMumu ~]# uname -r3.10.0-957.el7.x86_64[root@LeeMumu ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)

ip 命令

用来显示或操纵Linux主机的路由、网络设备、策略路由和隧道，是Linux下较新的功能强大的网络配置工具。

show / manipulate routing, devices, policy routing and tunnels

语法格式：

# ip [ OPTIONS ] OBJECT {COMMAND | help }OBJECT := {link | addr | route | netns }注意： OBJECT可简写，各OBJECT的子命令也可简写

1、ip link

ip link： network device configuration

1.1 up / down 和 multicast

ip link set - change device attributesdev NAME (default) # 指明要管理的设备，dev 关键字可省略up 和 down# 对接口进行up或downmulticast on 或 multicast off # 启用或禁用多播功能# ip link set tangtang multicast on

1.2 name

# ip link set name NAME：重命名接口# 重命名接口时，需要对接口进行down，才能进行操作# ip link set wlp2s0 name tangtangRTNETLINK answers: Device or resource busy# ip link set wlp2s0 down# ip link set wlp2s0 name tangtang# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000link/ether e4:3a:6e:0a:9b:88 brd ff:ff:ff:ff:ff:ff3: tangtang: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000link/ether d0:c5:d3:4e:25:71 brd ff:ff:ff:ff:ff:ff

1.3 mtu

# ip link set mtu NUMBER # 设置 MTU 的大小，默认为1500# ip link set tangtang mtu 1300

1.4 netns

netns PID # ns为namespace，用于将接口移动到指定的网络名称空间# ip netns add neo# ip netns list# ip link set tangtang netns neo

1.5 show

# ip link show - display device attributes# 看二层设备的相关属性，和 IP 地址没关系

1.6 help

# ip link help - 显示简要使用帮助

2、ip netns

manage network namespaces# ip netns list# 列出所有的 netns# ip netns add NAME # 创建指定的 netns# ip netns del NAME # 删除指定的 netns# ip netns exec NAME COMMAND # 在指定的 netns 中运行命令

3、ip address

3.1 ip address add

ip address add - add new protocol address

# ip addr add IFADDR dev IFACE[label NAME]：为额外添加的地址指明接口别名指定接口别名后，使用 ifconfig -a 可以查看到所有的接口名称和IP地址不指定接口别名后，使用 ip addr list IFACE 进行查看[broadcast ADDRESS]：广播地址；会根据IP和NETMASK自动计算得到[scope SCOPE_VALUE]：global：全局可用link：接口可用host：仅本机可用

# ip addr add 10.0.0.1/8 dev tangtang # ip addr add 10.0.0.2/8 dev tangtang # ip addr add 10.0.0.3/8 dev tangtang label tangtang:0# ip addr add 192.168.0.2/24 dev tangtang label tangtang:1# ifconfig -a tangtang: flags=4098<BROADCAST,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 255.0.0.0 broadcast 0.0.0.0ether d0:c5:d3:4e:25:71 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tangtang:0: flags=4098<BROADCAST,MULTICAST> mtu 1500 inet 10.0.0.3 netmask 255.0.0.0 broadcast 0.0.0.0ether d0:c5:d3:4e:25:71 txqueuelen 1000 (Ethernet) tangtang:1: flags=4098<BROADCAST,MULTICAST> mtu 1500 inet 192.168.0.2 netmask 255.255.255.0 broadcast 0.0.0.0 ether d0:c5:d3:4e:25:71 txqueuelen 1000 (Ethernet) # ip addr list tangtang 3: tangtang: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether d0:c5:d3:4e:25:71 brd ff:ff:ff:ff:ff:ffinet 10.0.0.1/8 scope global tangtang valid_lft forever preferred_lft forever inet 192.168.0.2/24 scope global tangtang:1 valid_lft forever preferred_lft forever inet 10.0.0.2/8 scope global secondary tangtang valid_lft forever preferred_lft forever inet 10.0.0.3/8 scope global secondary tangtang:0 valid_lft forever preferred_lft forever

3.2 ip address delete

delete protocol address# ip addr delete IFADDR dev IFACE

# ip addr delete 10.0.0.3/8 dev tangtang

3.3 ip link show

look at protocol addresses# ip addr list [IFACE]：显示接口的地址

# ip addr list tangtang 3: tangtang: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether d0:c5:d3:4e:25:71 brd ff:ff:ff:ff:ff:ffinet 10.0.0.1/8 scope global tangtang valid_lft forever preferred_lft forever inet 192.168.0.2/24 scope global tangtang:1 valid_lft forever preferred_lft forever inet 10.0.0.2/8 scope global secondary tangtang valid_lft forever preferred_lft forever

3.4 ip link flush

flush protocol addresses# ip addr flush dev IFACE 清楚接口所有地址

# ip addr flush dev tangtang

4、ip route

routing table management# ip route add - add new route# ip route change - change route# ip route replace - change or add new one# ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]IFACE 有多个地址，在配置路由时，可以指定 SOURCE_IP GW 下一跳# ip route delete - delete routeip route del TYPE PRIFIX # ip route show - list routesTYPE PRIFIX # ip route flush - flush routing tables # 清除路由/指定路由TYPE PRIFIX# ip route get - get a single route# 获取到达特定目的地址的路由条目ip route get TYPE PRIFIX

# ip route add 192.168.0.0/24 via 10.0.0.1 dev eth1 src 10.0.20.100## 配置带源地址的路由# ip route add 192.168.10.0/24 via 192.168.5.100 dev eth0## 前往目的网络 192.168.10.0/24 的下一跳是 192.168.5.100 ，接口是 eth0# ip route add default via GW# ip route delete 192.168.1.0/24# ip route get 192.168.0.0/24# ip route get 192.168.1.0/24broadcast 192.168.1.0 dev ens33 src 192.168.1.9 cache <local,brd> # ip route add default via 192.168.1.2 dev eth0## 默认路由指向 192.168.1.2 ，接口是 eth0## 只要一个默认路由就 OK

[root@Tang-1 ~]# ip route showdefault via 172.16.141.1 dev enp1s0 proto static metric 100 172.16.141.0/24 dev enp1s0 proto kernel scope link src 172.16.141.209 metric 100 [root@Tang-1 ~]# ip route listdefault via 172.16.141.1 dev enp1s0 proto static metric 100 172.16.141.0/24 dev enp1s0 proto kernel scope link src 172.16.141.209 metric 100 [root@Tang-1 ~]# route -nKernel IP routing tableDestinationGateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.16.141.1 0.0.0.0 UG 100 0 0 enp1s0172.16.141.0 0.0.0.0 255.255.255.0 U100 0 0 enp1s0

5、ip link set

# ip link set eth0 up## 启动 eth0 # ip link set eth0 down## 关闭 eth0# ip link set eth0 mtu 1000## 更改 MTU 的值为 1000 bytes.使用 ifconfig 也能更新网卡的 MTU

# ip link set eth0 name vbirdSIOCSIFNAME: Device or resource busy## 该设备目前是启动，应该先# ip link set eth0 downmtu 900 qdisc pfifo_fast qlen 1000link/ehter 00:40:d0:13:c3:46 brd ff:ff:ff:ff:ff:ff## 网卡名称也可以进行改变，ifcfg-eth0 建议使用默认的接口名称# ip link set vbird name eth0 ## 设备的硬件相关信息，包括MTU、MAC及传输的模式等，都能在这里设置## address的项目后接的可是 MAC 而不是IP

ss 命令

iproute2 包附带的一个工具，用来显示处于活动状态的套接字信息。ss命令可以用来获取socket统计信息，它可以显示和netstat类似的内容。但ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息，而且比netstat更快速更高效。

1、ss 语法格式

another utility to investigate sockets

ss [options] [ FILTER ]OPTIONS： -t：TCP协议的相关连接 -u：UDP相关的连接 -w：raw socket相关的连接 -l：监听状态的连接-a：所有状态的连接-n：数字格式-p：相关的程序及其PID -e：扩展格式信息 -m：内存用量-o：计时器信息 FILTER := [ state TCP-STATE ] [ EXPRESSION ]实现状态过滤的功能EXPRESSION：dport = sport = 示例：'( dport = :22 or sport = :22)'

# ss -tan '( dport = :22 or sport = :22 )' 注意空格# ss -tan state ESTABLISHED 只显示已连接状态的连接

[root@LeeMumu ~]# ss -tanp StateRecv-Q Send-Q Local Address:Port Peer Address:Port LISTEN0128 *:22*:* users:(("sshd",pid=7017,fd=3)) LISTEN0100127.0.0.1:25*:* users:(("master",pid=7148,fd=13)) ESTAB052 192.168.1.9:22 192.168.1.199:64402 users:(("sshd",pid=7282,fd=3)) LISTEN0128 :::22:::* users:(("sshd",pid=7017,fd=4)) LISTEN0100::1:25:::* users:(("master",pid=7148,fd=14)) [root@LeeMumu ~]# ss -tan StateRecv-Q Send-Q Local Address:Port Peer Address:Port LISTEN0128 *:22*:* LISTEN0100127.0.0.1:25*:* ESTAB052 192.168.1.9:22 192.168.1.199:64402 LISTEN0128 :::22:::* LISTEN0100::1:25:::*

2、TCP 常见状态

TCP FSM：LISTEN # 监听ESTABLISEHD # 建立的连接FIN_WAIT_1# 等待断开连接FIN_WAIT_2# 确认断开连接SYN_SENT # 发送SYN_RECV # 接收CLOSED # 关闭

[root@LeeMumu ~]# ss -tan '( dport = :22 or sport = :22 )'StateRecv-Q Send-Q Local Address:Port Peer Address:Port LISTEN0128 *:22*:*ESTAB052 192.168.1.9:22 192.168.1.199:64402 LISTEN0128 :::22:::*

如果觉得《Linux iproute2 命令家族（ip / ss）》对你有帮助，请点赞、收藏，并留下你的观点哦！