Total Pageviews

Tuesday, 18 June 2019

消失的ifconfig手册页

This is actually very unlike a man page. It assumes that you know very little about TCP/IP networking. It also deals with only the parameter-less invocation of ifconfig, since other invocations are well documented in the real man page.
You can read the sections independently of one another, skipping what you already know. In this regard, it is quite like a man page.

What is ifconfig?

ifconfig is a systems administration utility for UNIX-like systems that allows for diagnosing and configuring network interfaces. Although some claim that it is being replaced with iproute2 (or simply the ip command), I have seen it being used abundantly.
You can using ifconfig to bring up interfaces, turn them off, and configure the protocols and identifiers they use.

Why document it?

ifconfig prints out a wealth of information if invoked without any parameters and options. I simply could not find the definitions of most of these things and what follows is my attempt at documenting these exhaustively.

This is what we see when we invoke GNU ifconfig on a virtual host running Ubuntu. Note the absence of a wifi interface, as is the case with most servers.
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0c:49:47  
          inet addr:192.168.0.121  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0c:4947/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3461 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1778710 (1.7 MB)  TX bytes:821363 (821.3 KB)
          Interrupt:10 Base address:0xd020 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:720 (720.0 B)  TX bytes:720 (720.0 B)

The Ethernet Interface

eth0      Link encap:Ethernet  HWaddr 08:00:27:0c:49:47  
Application data is progressively encapsulated as it descends through the layers of the TCP/IP Stack. Link encap:Ethernet means that IP Datagrams coming from the Internet layer will be wrapped in an Ethernet Frame before leaving this interface.
HWaddr 08:00:27:0c:49:47 is the 48 bit Media Access Control (MAC) address. It uniquely identifies this network interface on the hardware layer. This address will be sent in ARP (Address Resolution Protocol) reponse packets when other devices want to send Ethernet Frames to this interface.

The IPv4 address

eth0      inet addr:192.168.0.121  Bcast:192.168.0.255  Mask:255.255.255.0
inet addr:192.168.0.121 needs no introduction, it is the 32 bit IPv4 address that this interface is using. Wanting to know this address is also probably the most common reason for invoking ifconfig.
Modern networking relies on slicing networks into smaller portions using subnetting and Classless Inter-Domain Routing (CIDR). For subnetting to work, we need to understand what part of an IP address is the Network ID and what part is the Host ID. This information is carried in the Network Mask Mask:255.255.255.0.
Bcast:192.168.0.255 is the broadcast address of the subnetwork the interface is on. Packets sent to this address will be received by all interfaces on this subnet.
We get this the broadcast address by masking the IP Address with a bit complement of the network mask Mask:255.255.255.0 like this –
Network Mask:           255 . 255 . 255 .   0

Complement all bits:      0 .   0 .   0 . 255
Original IP address:    192 . 168 .   0 . 121
                        _____________________
OR them bitwise:        192 . 168 .   0 . 255
                        Which is the Broadcast Address

Next, let’s go over the IPv6 address

I never paid much attention to IPv6 addresses in the past. However, it isn’t too complicated to get to the bottom of it. Your local IPv6 addresses are essentially based on the MAC address of the interface.
eth0      inet6 addr: fe80::a00:27ff:fe0c:4947/64 Scope:Link
fe80::a00:27ff:fe0c:4947/64 is the 128 bit link-local IPv6 address for the interface. We understand that it is a link-local address because of the Scope:Link field. Link-local IPv6 addresses are for communicating with the directly attached network, and not globally.
This is how all link-local addresses are laid out:

10 bits      | 54 bits    | 64 bits
1111 1110 10 | All Zeroes | Interface Identifier

Let's see whether our IPv6 address conforms to this pattern:

                fe80::a00:27ff:fe0c:4947

  (we replace :: with multiple all-zero double-octets)

      fe80:0000:0000:0000 : 0a00:27ff:fe0c:4947

           PREFIX         |   INTERFACE IDENTIFER
  All these zeroes make a | This looks a lot similiar
  link-local IPv6 address | to the MAC address which
  non-routable            | is '08:00:27:0c:49:47'
The Interface Identifier is in fact usually made up using the MAC address. This is called EUI-64, or Extended Unique Indentifier by the IEEE.
  08:00:27:0c:49:47        # Start with the MAC adress

  08:00:27:ff:fe:0c:49:47  # Insert ff:fe in the center
  0a:00:27:ff:fe:0c:49:47  # Invert the 7th MSB starting from the right

  0a00:27ff:fe0c:4947      # Group it into double octets!

More about the interface

 eth0     UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
UP means that network interface is activated (with address and routing tables) and is accessible to the IP layer.
BROADCAST means that interface supports broadcasting (and can hence obtain an IP address using DHCP).
RUNNING signifies that the network driver has been loaded and has initialized the interface.
MULTICAST tells us that multicasting support is enabled on this interface.
Since we didn’t invoke ifconfig with the --all flag, it will only print out interfaces that are currently UP.
MTU 1500 shows that the current Maximum Transmission Unit is set to 1500 bytes, the largest allowed over Ethernet. Any IP datagrams larger than 1500 bytes will be fragmented into multiple Ethernet Frames, if allowed by the routers and hosts in between. Else we’ll just get an ICMP Destination Unreachable response with Code 4.
And finally, Metric:1 is the cost associated with routing frames over this interface. Normally, Linux kernels don’t build routing tables based on metrics. This value is only present for compatibility. If you do try to change the metric, it may not work. [1]
$ sudo ifconfig eth0 metric 2
SIOCSIFMETRIC: Operation not supported

Statistics

eth0      RX packets:3461 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1778710 (1.7 MB)  TX bytes:821363 (821.3 KB)
RX stands for received and TX stands for transmitted. Documentation for the fields that follow is sparse and only long-deserted ghost-town forums popped up in my searches. I download the source code for GNU inetutils 1.9.1 and here are my findings after a few recursive greps:
RX packets: total number of packets received.
RX errors: an aggregation of the total number of packets received with errors. This includes too-long-frames errors, ring-buffer overflow errors, crc errors, frame alignment errors, fifo overruns, and missed packets.
The ring-buffer refers to a buffer that the NIC transfers frames to before raising an IRQ with the kernel.
The RX overruns field displays fifo overruns, which are caused by the rate at which the ring-buffer is drained being higher that the kernel being able to handle IO. RX frame accounts for the incoming frames that were misaligned.
TX packets indicate the total number of transmitted packets.
TX errors present a summation of errors encountered while transmitting packets. This list includes errors due to the transmission being aborted, errors due to the carrier, fifo errors, heartbeat errors, and window errors. This particular struct in the source code isn’t commented.
We also have itemized error counts for droppedoverruns, and carrier.
collisions is the number of transmissions terminated due to CSMA/CD (Carrier Sense Multiple Access with Collision Detection).
The final line is merely all successfully received and transmitted data in bytes and a human readable format.

Transmit Queue Length

Since this isn’t a statistic, it gets its own heading.
The txqueuelen field displays the current Transmit Queue Length. This queue limits the number of frames in the interface’s device driver that are queued for transmission. The value of the txqueuelen can also be set by the ifconfig command.

Interrupts

eth0      Interrupt:10 Base address:0xd020 
Interrupt:10 corresponds to the IRQ number against which to look up the eth0 device in /proc/interrupts, where the interrupts are counted.
$ cat /proc/interrupts 
               CPU0       
      0:        115    XT-PIC-XT-PIC    timer
      1:       3402    XT-PIC-XT-PIC    i8042
      2:          0    XT-PIC-XT-PIC    cascade
      5:          1    XT-PIC-XT-PIC    snd_intel8x0
      8:          0    XT-PIC-XT-PIC    rtc0
      9:          0    XT-PIC-XT-PIC    acpi
=>   10:      53981    XT-PIC-XT-PIC    eth0             <=
     11:       1535    XT-PIC-XT-PIC    ohci_hcd:usb1
     12:        146    XT-PIC-XT-PIC    i8042
     14:      16923    XT-PIC-XT-PIC    ata_piix
     15:      10416    XT-PIC-XT-PIC    ata_piix
53981 is the number of times the eth0 device has interrupted CPU0.
The third column tells the name of the programmable interrupt handler, and XT-PIC-XT-PICmay be something that my VirtualBox is doing.

The Loopback Interface

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:720 (720.0 B)  TX bytes:720 (720.0 B)

The Loopback is not an Ethernet device.

It isn’t connected to the NIC (or any hardware) and frames relayed over the loopback don’t exit the host on any layer. It is fully implemented in software. This also means that IP Datagrams sent over this interface are not encapsulted in an Ethernet frame, as can be seen by Link encap:Local Loopback.

IPv4 Addressing

lo        inet addr:127.0.0.1  Mask:255.0.0.0
We have a large address space as set by the liberal subnet mask – Mask:255.0.0.0. The loopback device can be configured with an IP address on the 127.0.0.0/8 subnetwork which can be any address between 127.0.0.1 to 127.255.255.254. The loopback address on my machine is 127.0.0.1, which is usually the default.

And the IPv6

lo        inet6 addr: ::1/128 Scope:Host
Unlike IPv4, only one address is reserved for the loopback interface in the IPv6 address space – 0:0:0:0:0:0:0:1. It represented more succintly as ::1/128 since we can replace consecutive groups of 0 by a ::.
The IPv6 Scope for the loopback address ::1/128 and is treated under the link-local scope in RFC 3513. The terminology Scope:Host or Scope:Node is also used to further emphasize that the packet will never exit the host (or node). Unlike other link-local addresses, if a packet addressed to ::1/128 is received on an Ethernet interface, it is promptly dropped.

The interface

lo        UP LOOPBACK RUNNING  MTU:16436  Metric:1
The eponymous LOOPBACK flag in the flags string isn’t as interesting as the MTU:16436. Since the loopback interface isn’t bounded by the physical limitations of Ethernet or FDDI, its MTU is set to more than 16KiB.
We can send a 16 x 1024 = 16384 byte data packet, with an additional 52 bytes without fragmenting it. 52 bytes are usually sufficient for TCP and IP headers (both are 20 bytes long without options).
The concept of Metric is the same as it was for Ethernet interface above.

Statistics and Transmit Queue Length

lo        RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
The fields for loopback statistics are printed out by the same function and retain the same definitions from the Ethernet piece above. However, errors and collisions have little chance of making an appearance here, since there isn’t a physical medium present.
The txqueuelen is set to 0 by default. It can be changed for the lo device, but I doubt if that would have any effect.

Other Tools

Don’t like GNU ifconfig or don’t have it? No problem, there are a few other ways of querying a system for similar information. netstat -ai and ifconfig also work on Mac OS X, but the output is slightly different since both tools originate from the BSD userland.
With iproute2 –
$ ip --statistics link list
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    67710      812      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    67710      812      0       0       0       0      
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
    link/ether 08:00:27:89:cf:84 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    10372230   53359    9       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    206555     1826     0       0       0       0 
Or with netstat, on which the ifconfig output is actually based on –
$ netstat --all --interfaces
Kernel Interface table
Iface       MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0     56092     10      0 0          3095      0 0      0      BMRU
lo        16436 0       858      0      0 0           858      0 0      0      LRU
The Flg field above shows us the status of the interfaces. BMRU stands for Broadcast, Multicast, Running, and Up. LRU stands for Loopback, Running, and Up。

No comments:

Post a Comment