.\" This man page is Copyright (C) 1999 Andi Kleen <ak@muc.de>.
+.\"
+.\" %%%LICENSE_START(VERBATIM_ONE_PARA)
.\" Permission is granted to distribute possibly modified copies
.\" of this page provided the header is included verbatim,
.\" and in case of nontrivial modification author and date
.\" of the modification is added to the header.
+.\" %%%LICENSE_END
+.\"
.\" $Id: icmp.7,v 1.6 2000/08/14 08:03:45 ak Exp $
-.TH ICMP 7 2008-11-24 "Linux" "Linux Programmer's Manual"
+.\"
+.TH ICMP 7 2017-11-26 "Linux" "Linux Programmer's Manual"
.SH NAME
-icmp, IPPROTO_ICMP \- Linux IPv4 ICMP kernel module.
+icmp \- Linux IPv4 ICMP kernel module.
.SH DESCRIPTION
This kernel protocol module implements the Internet Control
Message Protocol defined in RFC\ 792.
socket option.
ICMP packets are always processed by the kernel too, even
when passed to a user socket.
-.LP
+.PP
Linux limits the rate of ICMP error packets to each destination.
.B ICMP_REDIRECT
and
.IR /proc/sys/net/ipv4/ .
Most of these parameters are rate limitations for specific ICMP types.
Linux 2.2 uses a token bucket filter to limit ICMPs.
-.\" FIXME better description needed
+.\" FIXME . better description needed
The value is the timeout in jiffies until the token bucket filter is
cleared after a burst.
A jiffy is a system dependent unit, usually 10ms on i386 and
about 1ms on alpha and ia64.
.TP
-.IR icmp_destunreach_rate " (Linux 2.2 to 2.4.10)"
+.IR icmp_destunreach_rate " (Linux 2.2 to 2.4.9)"
.\" Precisely: from 2.1.102
Maximum rate to send ICMP Destination Unreachable packets.
This limits the rate at which packets are sent to any individual
.TP
.IR icmp_echo_ignore_all " (since Linux 2.2)"
.\" Precisely: 2.1.68
-If this value is non-zero, Linux will ignore all
+If this value is nonzero, Linux will ignore all
.B ICMP_ECHO
requests.
.TP
.IR icmp_echo_ignore_broadcasts " (since Linux 2.2)"
.\" Precisely: from 2.1.68
-If this value is non-zero, Linux will ignore all
+If this value is nonzero, Linux will ignore all
.B ICMP_ECHO
packets sent to broadcast addresses.
.TP
-.IR icmp_echoreply_rate " (Linux 2.2 to 2.4.10)"
+.IR icmp_echoreply_rate " (Linux 2.2 to 2.4.9)"
.\" Precisely: from 2.1.102
Maximum rate for sending
.B ICMP_ECHOREPLY
.B ICMP_ECHOREQUEST
packets.
.TP
-.IR icmp_paramprob_rate " (Linux 2.2 to 2.4.10)"
+.IR icmp_errors_use_inbound_ifaddr " (Boolean; default: disabled; since Linux 2.6.12)"
+.\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
+If disabled, ICMP error messages are sent with the primary address of
+the exiting interface.
+.IP
+If enabled, the message will be sent with the primary address of
+the interface that received the packet that caused the ICMP error.
+This is the behavior that many network administrators will expect from
+a router.
+And it can make debugging complicated network layouts much easier.
+.IP
+Note that if no primary address exists for the interface selected,
+then the primary address of the first non-loopback interface that
+has one will be used regardless of this setting.
+.TP
+.IR icmp_ignore_bogus_error_responses " (Boolean; default: disabled; since Linux 2.2)"
+.\" precisely: since 2.1.32
+.\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
+Some routers violate RFC1122 by sending bogus responses to broadcast frames.
+Such violations are normally logged via a kernel warning.
+If this parameter is enabled, the kernel will not give such warnings,
+which will avoid log file clutter.
+.TP
+.IR icmp_paramprob_rate " (Linux 2.2 to 2.4.9)"
.\" Precisely: from 2.1.102
Maximum rate for sending
.B ICMP_PARAMETERPROB
.IR icmp_ratemask " (integer; default: see below; since Linux 2.4.10)"
.\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
Mask made of ICMP types for which rates are being limited.
-
+.IP
Significant bits: IHGFEDCBA9876543210
.br
Default mask: 0000001100000011000 (0x1818)
-
-Bit definitions (see the kernel source file
+.IP
+Bit definitions (see the Linux kernel source file
.IR include/linux/icmp.h ):
-
-.in +4n
-.nf
+.RS 12
+.TS
+l l.
0 Echo Reply
3 Destination Unreachable *
4 Source Quench *
G Info Reply
H Address Mask Request
I Address Mask Reply
-.fi
-.in
-
+.TE
+.RE
+.PP
The bits marked with an asterisk are rate limited by default
(see the default mask above).
.TP
-.IR icmp_timeexceed_rate " (Linux 2.2 to 2.4.10)"
+.IR icmp_timeexceed_rate " (Linux 2.2 to 2.4.9)"
Maximum rate for sending
.B ICMP_TIME_EXCEEDED
packets.
These packets are
sent to prevent loops when a packet has crossed too many hops.
+.TP
+.IR ping_group_range " (two integers; default: see below; since Linux 2.6.39)"
+Range of the group IDs (minimum and maximum group IDs, inclusive)
+that are allowed to create ICMP Echo sockets.
+The default is "1 0", which
+means no group is allowed to create ICMP Echo sockets.
.SH VERSIONS
Support for the
.B ICMP_ADDRESS
.PP
.B ICMP_REDIRECT
packets are not sent when Linux is not acting as a router.
-They are also only accepted from the old gateway defined in the
+They are also accepted only from the old gateway defined in the
routing table and the redirect routes are expired after some time.
.PP
The 64-bit timestamp returned by
.B ICMP_TIMESTAMP
-is in milliseconds since January 1, 1970.
+is in milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
.PP
Linux ICMP internally uses a raw socket to send ICMPs.
This raw socket may appear in
.BR netstat (8)
output with a zero inode.
-.SH "SEE ALSO"
-.BR ip (7)
+.SH SEE ALSO
+.BR ip (7),
+.BR rdisc (8)
.PP
RFC\ 792 for a description of the ICMP protocol.