man7/icmp.7

   1 .\" This man page is Copyright (C) 1999 Andi Kleen <ak@muc.de>.
   2 .\" Permission is granted to distribute possibly modified copies
   3 .\" of this page provided the header is included verbatim,
   4 .\" and in case of nontrivial modification author and date
   5 .\" of the modification is added to the header.
   6 .\" $Id: icmp.7,v 1.6 2000/08/14 08:03:45 ak Exp $
   7 .TH ICMP 7 2012-05-10 "Linux" "Linux Programmer's Manual"
   8 .SH NAME
   9 icmp \- Linux IPv4 ICMP kernel module.
  10 .SH DESCRIPTION
  11 This kernel protocol module implements the Internet Control
  12 Message Protocol defined in RFC\ 792.
  13 It is used to signal error conditions and for diagnosis.
  14 The user doesn't interact directly with this module;
  15 instead it communicates with the other protocols in the kernel
  16 and these pass the ICMP errors to the application layers.
  17 The kernel ICMP module also answers ICMP requests.
  18 .PP
  19 A user protocol may receive ICMP packets for all local sockets by opening
  20 a raw socket with the protocol
  21 .BR IPPROTO_ICMP .
  22 See
  23 .BR raw (7)
  24 for more information.
  25 The types of ICMP packets passed to the socket can be filtered using the
  26 .B ICMP_FILTER
  27 socket option.
  28 ICMP packets are always processed by the kernel too, even
  29 when passed to a user socket.
  30 .LP
  31 Linux limits the rate of ICMP error packets to each destination.
  32 .B ICMP_REDIRECT
  33 and
  34 .B ICMP_DEST_UNREACH
  35 are also limited by the destination route of the incoming packets.
  36 .SS /proc interfaces
  37 ICMP supports a set of
  38 .I /proc
  39 interfaces to configure some global IP parameters.
  40 The parameters can be accessed by reading or writing files in the directory
  41 .IR /proc/sys/net/ipv4/ .
  42 Most of these parameters are rate limitations for specific ICMP types.
  43 Linux 2.2 uses a token bucket filter to limit ICMPs.
  44 .\" FIXME better description needed
  45 The value is the timeout in jiffies until the token bucket filter is
  46 cleared after a burst.
  47 A jiffy is a system dependent unit, usually 10ms on i386 and
  48 about 1ms on alpha and ia64.
  49 .TP
  50 .IR icmp_destunreach_rate " (Linux 2.2 to 2.4.9)"
  51 .\" Precisely: from 2.1.102
  52 Maximum rate to send ICMP Destination Unreachable packets.
  53 This limits the rate at which packets are sent to any individual
  54 route or destination.
  55 The limit does not affect sending of
  56 .B ICMP_FRAG_NEEDED
  57 packets needed for path MTU discovery.
  58 .TP
  59 .IR icmp_echo_ignore_all " (since Linux 2.2)"
  60 .\" Precisely: 2.1.68
  61 If this value is nonzero, Linux will ignore all
  62 .B ICMP_ECHO
  63 requests.
  64 .TP
  65 .IR icmp_echo_ignore_broadcasts " (since Linux 2.2)"
  66 .\" Precisely: from 2.1.68
  67 If this value is nonzero, Linux will ignore all
  68 .B ICMP_ECHO
  69 packets sent to broadcast addresses.
  70 .TP
  71 .IR icmp_echoreply_rate " (Linux 2.2 to 2.4.9)"
  72 .\" Precisely: from 2.1.102
  73 Maximum rate for sending
  74 .B ICMP_ECHOREPLY
  75 packets in response to
  76 .B ICMP_ECHOREQUEST
  77 packets.
  78 .TP
  79 .IR icmp_errors_use_inbound_ifaddr " (Boolean; default: disabled; since Linux 2.6.12)"
  80 .\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
  81 If disabled, ICMP error messages are sent with the primary address of
  82 the exiting interface.
  83
  84 If enabled, the message will be sent with the primary address of
  85 the interface that received the packet that caused the ICMP error.
  86 This is the behavior that many network administrators will expect from
  87 a router.
  88 And it can make debugging complicated network layouts much easier.
  89
  90 Note that if no primary address exists for the interface selected,
  91 then the primary address of the first non-loopback interface that
  92 has one will be used regardless of this setting.
  93 .TP
  94 .IR icmp_ignore_bogus_error_responses " (Boolean; default: disabled; since Linux 2.2)"
  95 .\" precisely: since 2.1.32
  96 .\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
  97 Some routers violate RFC1122 by sending bogus responses to broadcast frames.
  98 Such violations are normally logged via a kernel warning.
  99 If this parameter is enabled, the kernel will not give such warnings,
 100 which will avoid log file clutter.
 101 .TP
 102 .IR icmp_paramprob_rate " (Linux 2.2 to 2.4.9)"
 103 .\" Precisely: from 2.1.102
 104 Maximum rate for sending
 105 .B ICMP_PARAMETERPROB
 106 packets.
 107 These packets are sent when a packet arrives with an invalid IP header.
 108 .TP
 109 .IR icmp_ratelimit " (integer; default: 1000; since Linux 2.4.10)"
 110 .\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
 111 Limit the maximum rates for sending ICMP packets whose type matches
 112 .IR icmp_ratemask
 113 (see below) to specific targets.
 114 0 to disable any limiting,
 115 otherwise the minimum space between responses in milliseconds.
 116 .TP
 117 .IR icmp_ratemask " (integer; default: see below; since Linux 2.4.10)"
 118 .\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
 119 Mask made of ICMP types for which rates are being limited.
 120
 121 Significant bits: IHGFEDCBA9876543210
 122 .br
 123 Default mask:     0000001100000011000 (0x1818)
 124
 125 Bit definitions (see the Linux kernel source file
 126 .IR include/linux/icmp.h ):
 127
 128 .in +4n
 129 .nf
 130 0 Echo Reply
 131 3 Destination Unreachable *
 132 4 Source Quench *
 133 5 Redirect
 134 8 Echo Request
 135 B Time Exceeded *
 136 C Parameter Problem *
 137 D Timestamp Request
 138 E Timestamp Reply
 139 F Info Request
 140 G Info Reply
 141 H Address Mask Request
 142 I Address Mask Reply
 143 .fi
 144 .in
 145
 146 The bits marked with an asterisk are rate limited by default
 147 (see the default mask above).
 148 .TP
 149 .IR icmp_timeexceed_rate " (Linux 2.2 to 2.4.9)"
 150 Maximum rate for sending
 151 .B ICMP_TIME_EXCEEDED
 152 packets.
 153 These packets are
 154 sent to prevent loops when a packet has crossed too many hops.
 155 .SH VERSIONS
 156 Support for the
 157 .B ICMP_ADDRESS
 158 request was removed in 2.2.
 159 .PP
 160 Support for
 161 .B ICMP_SOURCE_QUENCH
 162 was removed in Linux 2.2.
 163 .SH NOTES
 164 As many other implementations don't support
 165 .B IPPROTO_ICMP
 166 raw sockets, this feature
 167 should not be relied on in portable programs.
 168 .\" not really true ATM
 169 .\" .PP
 170 .\" Linux ICMP should be compliant to RFC 1122.
 171 .PP
 172 .B ICMP_REDIRECT
 173 packets are not sent when Linux is not acting as a router.
 174 They are also only accepted from the old gateway defined in the
 175 routing table and the redirect routes are expired after some time.
 176 .PP
 177 The 64-bit timestamp returned by
 178 .B ICMP_TIMESTAMP
 179 is in milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
 180 .PP
 181 Linux ICMP internally uses a raw socket to send ICMPs.
 182 This raw socket may appear in
 183 .BR netstat (8)
 184 output with a zero inode.
 185 .SH SEE ALSO
 186 .BR ip (7)
 187 .PP
 188 RFC\ 792 for a description of the ICMP protocol.