Slashdot Mirror

← Back to Stories (view on slashdot.org)

There Are Real Reasons For Linux To Replace ifconfig, netstat and Other Classic Tools (utoronto.ca)

Posted by msmash on from the making-a-case dept.

Several readers have shared a blog post: One of the ongoing system administration controversies in Linux is that there is an ongoing effort to obsolete the old, cross-Unix standard network administration and diagnosis commands of ifconfig, netstat and the like and replace them with fresh new Linux specific things like ss and the ip suite. Old sysadmins are generally grumpy about this; they consider it yet another sign of Linux's 'not invented here' attitude that sees Linux breaking from well-established Unix norms to go its own way. Although I'm an old sysadmin myself, I don't have this reaction. Instead, I think that it might be both sensible and honest for Linux to go off in this direction. There are two reasons for this, one ostensible and one subtle.

The ostensible surface issue is that the current code for netstat, ifconfig, and so on operates in an inefficient way. Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world (either on the kernel side or on netstat's side). You won't notice this on a small system, but apparently there are real impacts on large ones. Modern commands like ss and ip use Linux's netlink sockets, which are much more efficient. In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

(Netstat and ifconfig are part of net-tools, while ss and ip are part of iproute2.)

However, the deeper issue is the interface that netstat, ifconfig, and company present to users. In practice, these commands are caught between two masters. On the one hand, the information the tools present and the questions they let us ask are deeply intertwined with how the kernel itself does networking, and in general the tools are very much supposed to report the kernel's reality. On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example. As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.

32 of 478 comments (clear)

  1. So by ArchieBunker · · Score: 5, Insightful

    keep the command names the same but rewrite how they function? Nah makes too much fucking sense. I've had distros where my default route wasn't working and traceroute wasn't even installed by default. Talk about a shit show. What was the reason for replacing "route" anyhow? It's worked for decades and done one thing.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:So by jfdavis668 · · Score: 4, Interesting

      Traceroute is disabled on every network I work with to prevent intruders from determining the network structure. Real pain in the neck, but one of those things we face to secure systems.

    2. Re:So by Z00L00K · · Score: 4, Insightful

      I agree - I don't care how the commands work under the cover as long as they have the names and syntax I expect since ages ago.

      Most of the listed programs aren't really performance hogs anyway so there's not a huge reason to rewrite them unless there's some serious safety issues or stability issues that has to be taken care of.

      Please don't generate time wasters trying to force people find new commands with new syntaxes doing what the old commands did fine. It's not worth it.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    3. Re:So by Anonymous Coward · · Score: 5, Insightful

      Following the systemd model, "if it aint broken, you're not trying hard enough"...

    4. Re:So by gweihir · · Score: 4, Interesting

      Also really stupid. A competent attacker (and only those manage it into your network, right?) is not even slowed down by things like this.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:So by HanzoSpam · · Score: 4, Interesting

      Not only not worth it, but a major pain in the ass if you're trying to build scripts that need to be deployed on multiple platforms. Yo, there's still plenty of Solaris, HPUX and AIX out there. And not infrequently, they're all deployed in the same shop.

      This is reminiscent of Windows, "embrace, extend and extinguish" strategy. Linux (or more accurately, Linux distributions) seems to be acquiring all of the characteristics that drove people to abandon Windows for Linux in the first place.

      --

      Progressivism: Parasites helping parasites to help themselves - to other people's stuff.
    6. Re:So by DamnOregonian · · Score: 5, Insightful

      No.
      Things like this don't slow down "hackers" with even a modicum of network knowledge inside of a functioning network.
      What they do slow down is your ability to troubleshoot network problems.
      Breaking into a network is a slow process. Slow and precise. Trying to fix problems is a fast reactionary process. Who do you really think you're hurting?
      Yes another example of how ignorant opinions can become common sense.

    7. Re:So by Hylandr · · Score: 4, Interesting

      They can easily. And often time will compile their own tools, versions of Apache, etc..

      At best it slows down incident response and resolution while doing nothing to prevent discovery of their networks. If you only use Vlans to segregate your architecture you're boned.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  2. Bad idea by goombah99 · · Score: 5, Insightful

    Unix was founded on the ideas of lots os simple command line tools that do one job well and don't depend on system idiosyncracies. If you make the tool have to know the lower layers of the system to exploit them then you break the encapsulation. Polling proc has worked across eons of linux flavors without breaking. when you make everthing integrated it creates paralysis to change down the road for backward compatibility. small speed game now for massive fragility and no portability later.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Bad idea by llamalad · · Score: 5, Insightful

      The error you're making is thinking that Linux is UNIX.

      It's not. It's merely UNIX-like. And with first SystemD and now this nonsense, it's rapidly becoming less UNIX-like. The Windows of the UNIX(ish) world.

      Happily, the BSDs seem to be staying true to their UNIX roots.

  3. SS Really by barryvoeten · · Score: 5, Insightful

    What moron has called the tool SS ? I thing someone who does not check Google first. It is not only Unix history being wiped here.

    1. Re:SS Really by ArchieBunker · · Score: 5, Funny

      That made me chuckle a bit. Can't wait for the new wireless config tool luftwaffe.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
  4. That would break scripts which use the UI by raymorris · · Score: 5, Insightful

    A LOT of scripts use ifconfig and friends. Changing them would be bad, imho. Better would be to call it ifconfig6 or whatever if you're going to change the output or the meaning of commands, so you don't break existing scripts.

    In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

    1. Re:That would break scripts which use the UI by drinkypoo · · Score: 5, Informative

      In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

      ...and they have no other choice, and shell scripting is a central feature of UNIX.

      The problem isn't so much new tools as new tools that suck. If I just type ifconfig it will show me the state of all the active interfaces on the system. If I type ifconfig interface I get back pretty much everything I want to know about it. If I want to get the same data back with the ip tool, not only can't I, but I have to type multiple commands, with far more complex arguments.

      The problem isn't new tools. It's crap tools.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:That would break scripts which use the UI by drinkypoo · · Score: 4, Insightful

      Yes, the UNIX way has a fundamental flaw.

      It's not a flaw. Process creation is cheap on Unixlikes.

      There's nothing like an iterative algorithm that loads and saves it's (large) data to disk multiple times per iteration.

      That's not a problem inherent to scripts; if you do it wrong, you can do it that way with a coded program, too. Some things, of course, should just not be done with shell scripts. For those things, there is perl :)

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:That would break scripts which use the UI by gweihir · · Score: 5, Insightful

      The problem isn't new tools. It's crap tools.

      Crap tools written by morons with huge egos and rather mediocre skills. Happens time and again an the only sane answer to these people is "no". Good new tools also do not have to be pushed on anybody, they can compete on merit. As soon as there is pressure to use something new though, you can be sure it is inferior.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:That would break scripts which use the UI by Anonymous Coward · · Score: 5, Interesting

      The problem isn't new tools. It's crap tools.

      The problem isn't new tools. It's not even crap tools. It's the mindset that we need to get rid of an ~70KB netstat, ~120KB ifconfig, etc. Like others have posted, this has more to do with the ego of the new tools creators and/or their supporters who see the old tools as some sort of competition. Well, that's the real problem, then, isn't it? They don't want to have to face competition and the notion that their tools aren't vastly superior to the user to justify switching completely, so they must force the issue.

      Now, it'd be different if this was 5 years down the road, netstat wasn't being maintained*, and most scripts/dependents had already been converted over. At that point there'd be a good, serious reason to consider removing an outdated package. That's obviously not the debate, though.

      * Vs developed. If seven year old stable tools are sufficiently bug free that no further work is necessary, that's a good thing.

  5. Why do they need to be REPLACED? by freeze128 · · Score: 4, Insightful

    What's wrong with just ADDING newer commands and leaving the old ones?

    1. Re:Why do they need to be REPLACED? by c · · Score: 4, Insightful

      What's wrong with just ADDING newer commands and leaving the old ones?

      People would just keep using the old ones and ignore the new ones. This would be a blow to the egos of the people reinventing the wheel and hence can't be allowed.

      --
      Log in or piss off.
  6. We will 'correct' your tools, one by one. by Anonymous Coward · · Score: 4, Interesting

    We will 'correct' your tools, one by one.

  7. Re:Install size and attack surface by Anonymous Coward · · Score: 5, Informative

    The size increase due to stuff like netstat and ifconfig is trivial. Where the bloat comes from is needing python, java, javascript, often in various versions to make a system run. There is absolutely no reason this crap needs to be mandatory. And talk about expanding the attack surface.

  8. That's the reason by Anonymous Coward · · Score: 5, Interesting

    It done one thing: Maintain the routing table.

    "ip" (and "ip2" and whatever that other candidate not-so-better not-so-replacement of ifconfig was) all have the same problem: They try to be the one tool that does everything "ip". That's "assign ip address somewhere", "route the table", and all that. But that means you still need a complete zoo of other tools, like brconfig, iwconfig/iw/whatever-this-week.

    In other words, it's a modeling difference. On sane systems, ifconfig _configures the interface_, for all protocols and hardware features, bridges, vlans, what-have-you. And then route _configures the routing table_. On linux... the poor kids didn't understand what they were doing, couldn't fix their broken ifconfig to save their lives, and so went off to reinvent the wheel, badly, a couple times over.

    And I say the blogposter is just as much an idiot.

    Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world

    So don't use it. That does not mean you gotta change the user interface too. Sheesh.

    However, the deeper issue is the interface that netstat, ifconfig, and company present to users.

    No, that interface is a close match to the hardware. Here is an interface, IOW something that connects to a radio or a wire, and you can make it ready to talk IP (or back when, IPX, appletalk, and whatever other networks your system supported). That makes those tools hardware-centric. At least on sane systems. It's when you want to pretend shit that it all goes awry. And boy, does linux like to pretend. The linux ifconfig-replacements are IP-only-stack-centric. Which causes problems.

    For example because that only does half the job and you still need the aforementioned zoo of helper utilities that do things you can have ifconfig do if your system is halfway sane. Which linux isn't, it's just completely confused. As is this blogposter.

    On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example.

    linux' ifconfig always was enormously shitty here. It outputs lots of stuff I expect to find through netstat and it doesn't output stuff I expect to find out through ifconfig. That's linux, and that is NOT "traditional" compared to, say, the *BSDs.

    As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.

    Was it ever? linux is the great pretender here.

    But then, "linux" embraced the idiocy oozing out of poettering-land. Everything out of there so far has caused me problems that were best resolved by getting rid of that crap code. Point in case: "Network-Manager". Another attempt at "replacing ifconfig" with something that causes problems and solves very few.

  9. What utter nonsense. by AJWM · · Score: 5, Insightful

    I'm responsible a lot of production systems (somewhere around a thousand VMs, it varies), so of course I worry about CPU use, memory use, I/O, etc. I have never, ever, in decades of sysadmin'ing, worried about how much of the above ifconfig or netstat take. (It's not like what's in /proc are actual files, after all; /proc a kernel interface.)

    Worried about efficiency? In the aggregate you'll waste more CPU- and man-hours compiling and debugging your replacement tools than using ifconfig or netstat will. Go spend that time on something useful.

    --
    -- Alastair
  10. The dislike of support work by petes_PoV · · Score: 4, Interesting

    In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

    No, it is far simpler than looking for some mythical "political" issues. It is simply that hackers - especially amateur ones, who write code as a hobby - dislike trying to work out how old stuff works. They like writing new stuff, instead.

    Partly this is because of the poor documentation: explanations of why things work, what other code was tried but didn't work out, the reasons for weird-looking constructs, techniques and the history behind patches. It could even be that many programmers are wedded to a particular development environment and lack the skill and experience (or find it beyond their capacity) to do things in ways that are alien to it. I feel that another big part is that merely rewriting old code does not allow for the "look how clever I am" element that is present in fresh, new, software. That seems to be a big part of the amateur hacker's effort-reward equation.

    One thing that is imperative however is to keep backwards compatibility. So that the same options continue to work and that they provide the same content and format. Possibly Unix / Linux only remaining advantage over Windows for sysadmins is its scripting. If that was lost, there would be little point keeping it around.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:The dislike of support work by DamnOregonian · · Score: 4, Insightful

      iproute2 exists because ifconfig, netstat, and route do not support the full capabilities of the linux network stack.
      This is because today's network stack is far more complicated than it was in the past. For very simple networks, the old tools work fine. For complicated ones, you must use the new ones.

      Your post could not be any more wrong. Your moderation amazes me. It seems that slashdot is full of people who are mostly amateurs.
      iproute2 has been the main network management suite for linux amongst higher end sysadmins for a decade. It wasn't written to sate someone's desire to change for the sake of change, to make more complicated, to NIH. It was written because the old tools can't encompass new functionality without being rewritten themselves.

  11. So windowification (making it incompatible) by CraigCruden · · Score: 4, Interesting

    So basically there is a proposal to dump existing terminal utilities that are cross-platform and create custom Linux utilities - then get rid of the existing functionality? That would be moronic! I already go nuts remoting into a windows platform and then an AIX and Linux platform and having different command line utilities / directory separators / etc. Adding yet another difference between my Linux and macOS/AIX terminals would absolutely drive me bonkers!

    I have no problem with updating or rewriting or adding functionalities to existing utilities (for all 'nix platforms), but creating a yet another incompatible platform would be crazily annoying.

    (not a sys admin, just a dev who has to deal with multiple different server platforms)

  12. Output for 'ip' is machine readable, not human by Anonymous Coward · · Score: 5, Interesting

    All output for 'ip' is machine readable, not human.
    Compare
    $ ip route
    to
    $ route -n

    Which is more readable? Fuckers.

    Same for
    $ ip a
    and
    $ ifconfig
    Which is more readable? Fuckers.

    The new commands should generally make the same output as the old, using the same options, by default. Using additional options to get new behavior. -m is commonly used to get "machine readable" output. Fuckers.

    It is like the systemd interface fuckers took hold of everything. Fuckers.

    BTW, I'm a happy person almost always, but change for the sake of change is fucking stupid.

    Want to talk about resolvconf, anyone? Fuckers! Easier just to purge that shit.

  13. Re:After the systemd fiasco... by jythie · · Score: 4, Insightful

    Well yes, systemd was intended to cater to a different set of users and use cases than the old system, so of course it 'worked well', or was 'a fiasco', depending on what one was doing.

  14. Piss and vinigar by fluffernutter · · Score: 4, Interesting

    What pisses me off is when I go to run ifconfig and it isn't there, and then I Google on it and there doesn't seem to be *any* direct substitute that gives me the same information. If you want to change the command then fine, but allow the same output from the new commands. Furthermore, another bitch I have is most systemd installations don't have an easy substitute for /etc/rc.local.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  15. Re: Denying ICMP echo @ server/workstation level t by Bing+Tsher+E · · Score: 5, Insightful

    Linux has one of the few IP stacks that isn't derived from the BSD stack, which in the industry is considered the reference design. Instead for linux, a new stack with it's own bugs and peculiarities was cobbled up.

    Reference designs are a good thing to promote interoperability. As far as TCP/IP is concerned, linux is the biggest and ugliest stepchild. A theme that fits well into this whole discussion topic, actually.

  16. I propose a new word: by JustNiz · · Score: 5, Funny

    SysD: (v). To force an unnecessary replacement of something that already works well with an alternative that the majority perceive as fundamentally worse.
    Example usage: Wow you really SysD'd that up.

  17. inotify / fswatch by raymorris · · Score: 4, Informative

    >. Files don't generally call you, for example, you have to poll.

    That's called inotify. If you want to be compatible with systems that have something other than inotify, fswatch is a wrapper around various implementations of "call me when a file changes".

    Polling is normally the safest and simplest paradigm, though, because the standard thing is "when a file changes, do this". Polling / waiting makes that simple and self-explanatory:
    while tail file
    do
            something
    done

    The alternative, asynchronously calling the function like this has a big problem:

    when file changes
          do something

    The biggest problem is that a file can change WHILE you're doing something(), meaning it will re-start your function while you're in the middle of it. Re-entrancy carries with it all manner of potential problems. Those problems can be handled of you really know what you're doing, you're careful, and you make a full suite of re-entrant integration tests. Or you can skip all that and just use synchronous io, waiting or polling. Neither is the best choice in ALL situations, but very often simplicity is the best choice.