aftr.command
— interactive commands for aftr
aftr.commands
The aftr daemon runs in the background. After it starts, it can be controlled interactively from a control channel (aka. a session).
All of the reloadable configuration commands can be allowed to run from the command line, to add or change configuration. In addition, the following commands can be run interactively.
Call abort(3) to create a core file. Please try to use it only on forked processes.
xxx
Echo the command. This can be used for an external tool to synchronize with the AFTR daemon.
Fork the aftr process. In the parent the current session is closed (so after this command you'll talk only to the child) and other activities, including packet forwarding, are continued. In the child all file descriptors at the exception of the current session are closed.
This command should be used before to execution an expensive and atomic operation like list commands or some debug commands, and of course the abort command.
List available or all commands.
Orderly kill the aftr process.
file
Redirect the input of the current session from the content of the file. This is done in an atomic way (i.e., there is no other activity during the operation) but exists if a command fails.
Obsolete, use session close (for closing the current session) or kill (for killing the process).
Reboot the whole process.
Reload the section two part of the config file. This is sliced with the packet forwarding, but not with session reading (so you can't execute a command until reload is finished).
The reload process uses a generation system: static NAT, PRR/A+P and no-NAT entries in the reloaded file are put in the next generation. If the reload succeeds, global entries in older generations are garbaged collected, if it fails new generation entries are backtracked to the previous generation. Garbage collection and backtracking are sliced with the packet forwarding, another reload command is forbidden until they finish so a reload flushes the input buffer of the current session.
Aliases of debug dropped and debug stat, display dropped packet and general statistics.
Returns LOG: alive
.
Performs some sanity checks on structures. Reserved to expert usage on a forked process (or better core file debugged with gdb). Note it uses recusive deep structure walking so can eat a lot of stack.
Disable per-tunnel debug counters. Optionally clear them.
This displays the dropped packet statistics with reasons.
addr
Enable per-tunnel debug counters for the tunnel with
addr
remote IPv6 address.
Note the counters can be incremented only when the
involved tunnel is known, for instance, only after reassembly.
This displays the list of IPv4 or IPv6 fragments awaiting reassembly.
addr
This displays information about a single fragment or
fragment chain.
add
> is the memory address of the
fragment structure (from a previous debug
fragment command).
This displays some statistics about the various hash tables (fragment, nat, and tunnel).
This displays some information about the nat hash table and entry table.
addr
This displays detailed information about a single nat binding.
addr
is the memory address of the nat
structure (from a previous debug nat command).
This displays the list of no-nat tunnel entries.
This displays the global IPv4 addresses that will be used for NAT mapping.
This displays the control channel session types with the number of active sessions.
This displays some general statistics about packets in and out. If per-tunnel debug counters are enable, displays them.
This displays some information about the tunnel table.
IPv6_remote
This displays some information about a single tunnel.
IPv6_address
This removes the IPv6 ACL entry with the IPv6 address.
IPv6_remote
tcp|udp IPv4
port
This removes a static or dynamic NAT binding.
IPv6_remote
This removes a no-nat tunnel entry.
IPv6_remote
tcp|udp IPv4
port
This removes a Port-Range Router/A+P null NAT binding.
IPv6_remote
This removes a tunnel and all NAT bindings associated with it.
List IPv6 ACLs.
List all the default values which can be set by a 'default'/'global' command.
List the NAT entries in the configuration file format. Default is to list only the configured ('conf') NAT entries. 'global' lists the the configured global (i.e., not by a session) NAT entries.
List all the No-NAT tunnel entries in the configuration file format.
List the NATted source addresses with current port ranges in the configuration file format.
name
|generation
]
List the static NAT, PRR/A+P and no-NAT entries created by
the current session or the session
with name
or
with generation
(note these
entries will be flushed when the session will be closed so
this command can be used to get them in order to include
them in the config).
List the tunnel entries in the configuration file format, including specific MTU (if different from the default MTU).
These commands deal directly with sessions (aka. control channels).
name
|generation
]Close the current or designed session. Delete all the static NAT, PRR/A+P and no-NAT entries created by the current session and which were not promoted to global/permanent entries by a reload.
Enable/disable the section two configuration commands. By default configuration commands must go to the config file.
Log errors or don't for the current session. Default is on.
name
]Display or set the name of the current session. The stdio initial session is statically named 'tty'.
Log tunnel removal or don't to the current session. Default is off.