Name

aftr.command — interactive commands for aftr

Synopsis

aftr.commands

DESCRIPTION

The aftr daemon runs in the background. After it starts, it can be controlled interactively from a control channel (aka. a session).

All of the reloadable configuration commands can be allowed to run from the command line, to add or change configuration. In addition, the following commands can be run interactively.

INTERACTIVE COMMANDS

abort

Call abort(3) to create a core file. Please try to use it only on forked processes.

echo xxx

Echo the command. This can be used for an external tool to synchronize with the AFTR daemon.

fork

Fork the aftr process. In the parent the current session is closed (so after this command you'll talk only to the child) and other activities, including packet forwarding, are continued. In the child all file descriptors at the exception of the current session are closed.

This command should be used before to execution an expensive and atomic operation like list commands or some debug commands, and of course the abort command.

help [all]

List available or all commands.

kill

Orderly kill the aftr process.

load file

Redirect the input of the current session from the content of the file. This is done in an atomic way (i.e., there is no other activity during the operation) but exists if a command fails.

quit

Obsolete, use session close (for closing the current session) or kill (for killing the process).

reboot

Reboot the whole process.

reload

Reload the section two part of the config file. This is sliced with the packet forwarding, but not with session reading (so you can't execute a command until reload is finished).

The reload process uses a generation system: static NAT, PRR/A+P and no-NAT entries in the reloaded file are put in the next generation. If the reload succeeds, global entries in older generations are garbaged collected, if it fails new generation entries are backtracked to the previous generation. Garbage collection and backtracking are sliced with the packet forwarding, another reload command is forbidden until they finish so a reload flushes the input buffer of the current session.

show dropped|stat

Aliases of debug dropped and debug stat, display dropped packet and general statistics.

DEBUG COMMANDS

noop

Returns LOG: alive.

debug check [nat|nonat|pool|session|tunnel]

Performs some sanity checks on structures. Reserved to expert usage on a forked process (or better core file debugged with gdb). Note it uses recusive deep structure walking so can eat a lot of stack.

debug disable [clear]

Disable per-tunnel debug counters. Optionally clear them.

debug dropped

This displays the dropped packet statistics with reasons.

debug enable addr

Enable per-tunnel debug counters for the tunnel with addr remote IPv6 address. Note the counters can be incremented only when the involved tunnel is known, for instance, only after reassembly.

debug fragment IPv6|in|out

This displays the list of IPv4 or IPv6 fragments awaiting reassembly.

debug fragment addr

This displays information about a single fragment or fragment chain. add> is the memory address of the fragment structure (from a previous debug fragment command).

debug hash

This displays some statistics about the various hash tables (fragment, nat, and tunnel).

debug nat

This displays some information about the nat hash table and entry table.

debug nat addr

This displays detailed information about a single nat mapping. addr is the memory address of the nat structure (from a previous debug nat command).

debug nonat

This displays the list of no-nat tunnel entries.

debug pool

This displays the global IPv4 addresses that will be used for NAT mappings.

debug session

This displays the control channel session types with the number of active sessions.

debug stat

This displays some general statistics about packets in and out. If per-tunnel debug counters are enable, displays them.

debug tunnel

This displays some information about the tunnel table.

debug tunnel IPv6_remote

This displays some information about a single tunnel.

DELETE COMMANDS

delete acl6 IPv6_address

This removes the IPv6 ACL entry with the IPv6 address.

delete filter IPv6_remote tcp|udp IPv4 port

This removes the remote filter if it exits attached to a static or explicit dynamic NAT mapping.

delete nat IPv6_remote tcp|udp IPv4 port

This removes a static or explicit dynamic NAT mapping.

delete nonat IPv6_remote

This removes a no-nat tunnel entry.

delete private IPv4_address

Look at zone zero configuration commands.

delete prr IPv6_remote tcp|udp|icmp IPv4 port

This removes a Port-Range Router/A+P null NAT mapping.

delete tunnel IPv6_remote

This removes a tunnel and all NAT mappings associated with it.

LIST COMMANDS

list acl6

List IPv6 ACLs.

list default

List all the default values which can be set by a 'default'/'global' command.

list nat [conf|static|prr|dynamic|all|global]

List the NAT entries in the configuration file format. Default is to list only the configured ('conf') NAT entries. 'global' lists the the configured global (i.e., not by a session) active (i.e., not to be garbaged collected after a reload) NAT entries.

list nonat

List all the No-NAT tunnel entries in the configuration file format.

list pcp

List the NATted source addresses with current PCP ranges in the configuration file format.

list pool

List the NATted source addresses with current port ranges in the configuration file format.

list session [name|generation]

List the static NAT, PRR/A+P and no-NAT entries created by the current session or the session with name or with generation (note these entries will be flushed when the session will be closed so this command can be used to get them in order to include them in the config).

list tunnel

List the tunnel entries in the configuration file format, including specific MTU (if different from the default MTU).

SESSION COMMANDS

These commands deal directly with sessions (aka. control channels).

session close [name|generation]

Close the current or designed session. Delete all the static NAT, PRR/A+P and no-NAT entries created by the current session and which were not promoted to global/permanent entries by a reload.

session config on|off

Enable/disable the section two configuration commands. By default configuration commands must go to the config file.

session dynamic on|off

Enable/disable the creation of new implicit dynamic mappings. Used by the PCP daemon and default and reset on session close to off.

session log on|off

Log errors or don't for the current session. Default is on.

session name [name]

Display or set the name of the current session. The stdio initial session is statically named 'tty'.

session notify on|off

Log tunnel removal or don't to the current session. Default is off.

SEE ALSO

aftr(8), aftr.conf(5)

AUTHOR

Internet Systems Consortium