man-pages/man7/icmp.7.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of ICMP</TITLE>
</HEAD><BODY>
<H1>ICMP</H1>
Section: Linux Programmer's Manual (7)<BR>Updated: 2017-11-26<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

icmp - Linux IPv4 ICMP kernel module.
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>

This kernel protocol module implements the Internet Control
Message Protocol defined in RFC&nbsp;792.
It is used to signal error conditions and for diagnosis.
The user doesn't interact directly with this module;
instead it communicates with the other protocols in the kernel
and these pass the ICMP errors to the application layers.
The kernel ICMP module also answers ICMP requests.
<P>

A user protocol may receive ICMP packets for all local sockets by opening
a raw socket with the protocol
<B>IPPROTO_ICMP</B>.

See
<B><A HREF="/cgi-bin/man/man2html?7+raw">raw</A></B>(7)

for more information.
The types of ICMP packets passed to the socket can be filtered using the
<B>ICMP_FILTER</B>

socket option.
ICMP packets are always processed by the kernel too, even
when passed to a user socket.
<P>

Linux limits the rate of ICMP error packets to each destination.
<B>ICMP_REDIRECT</B>

and
<B>ICMP_DEST_UNREACH</B>

are also limited by the destination route of the incoming packets.
<A NAME="lbAD">&nbsp;</A>
<H3>/proc interfaces</H3>

ICMP supports a set of
<I>/proc</I>

interfaces to configure some global IP parameters.
The parameters can be accessed by reading or writing files in the directory
<I>/proc/sys/net/ipv4/</I>.

Most of these parameters are rate limitations for specific ICMP types.
Linux 2.2 uses a token bucket filter to limit ICMPs.

The value is the timeout in jiffies until the token bucket filter is
cleared after a burst.
A jiffy is a system dependent unit, usually 10ms on i386 and
about 1ms on alpha and ia64.
<DL COMPACT>
<DT id="1"><I>icmp_destunreach_rate</I> (Linux 2.2 to 2.4.9)

<DD>

Maximum rate to send ICMP Destination Unreachable packets.
This limits the rate at which packets are sent to any individual
route or destination.
The limit does not affect sending of
<B>ICMP_FRAG_NEEDED</B>

packets needed for path MTU discovery.
<DT id="2"><I>icmp_echo_ignore_all</I> (since Linux 2.2)

<DD>

If this value is nonzero, Linux will ignore all
<B>ICMP_ECHO</B>

requests.
<DT id="3"><I>icmp_echo_ignore_broadcasts</I> (since Linux 2.2)

<DD>

If this value is nonzero, Linux will ignore all
<B>ICMP_ECHO</B>

packets sent to broadcast addresses.
<DT id="4"><I>icmp_echoreply_rate</I> (Linux 2.2 to 2.4.9)

<DD>

Maximum rate for sending
<B>ICMP_ECHOREPLY</B>

packets in response to
<B>ICMP_ECHOREQUEST</B>

packets.
<DT id="5"><I>icmp_errors_use_inbound_ifaddr</I> (Boolean; default: disabled; since Linux 2.6.12)

<DD>

If disabled, ICMP error messages are sent with the primary address of
the exiting interface.
<DT id="6"><DD>
If enabled, the message will be sent with the primary address of
the interface that received the packet that caused the ICMP error.
This is the behavior that many network administrators will expect from
a router.
And it can make debugging complicated network layouts much easier.
<DT id="7"><DD>
Note that if no primary address exists for the interface selected,
then the primary address of the first non-loopback interface that
has one will be used regardless of this setting.
<DT id="8"><I>icmp_ignore_bogus_error_responses</I> (Boolean; default: disabled; since Linux 2.2)

<DD>


Some routers violate RFC1122 by sending bogus responses to broadcast frames.
Such violations are normally logged via a kernel warning.
If this parameter is enabled, the kernel will not give such warnings,
which will avoid log file clutter.
<DT id="9"><I>icmp_paramprob_rate</I> (Linux 2.2 to 2.4.9)

<DD>

Maximum rate for sending
<B>ICMP_PARAMETERPROB</B>

packets.
These packets are sent when a packet arrives with an invalid IP header.
<DT id="10"><I>icmp_ratelimit</I> (integer; default: 1000; since Linux 2.4.10)

<DD>

Limit the maximum rates for sending ICMP packets whose type matches
<I>icmp_ratemask</I>

(see below) to specific targets.
0 to disable any limiting,
otherwise the minimum space between responses in milliseconds.
<DT id="11"><I>icmp_ratemask</I> (integer; default: see below; since Linux 2.4.10)

<DD>

Mask made of ICMP types for which rates are being limited.
<DT id="12"><DD>
Significant bits: IHGFEDCBA9876543210
<BR>

Default mask:     0000001100000011000 (0x1818)
<DT id="13"><DD>
Bit definitions (see the Linux kernel source file
<I>include/linux/icmp.h</I>):

<DL COMPACT><DT id="14"><DD>
<TABLE>
<TR VALIGN=top><TD>0 Echo Reply</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>3 Destination Unreachable *</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>4 Source Quench *</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>5 Redirect</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>8 Echo Request</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>B Time Exceeded *</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>C Parameter Problem *</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>D Timestamp Request</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>E Timestamp Reply</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>F Info Request</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>G Info Reply</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>H Address Mask Request</TD><TD><BR></TD></TR>
<TR VALIGN=top><TD>I Address Mask Reply</TD><TD><BR></TD></TR>
</TABLE>

</DL>

</DL>
<P>

The bits marked with an asterisk are rate limited by default
(see the default mask above).
<DL COMPACT>
<DT id="15"><I>icmp_timeexceed_rate</I> (Linux 2.2 to 2.4.9)

<DD>
Maximum rate for sending
<B>ICMP_TIME_EXCEEDED</B>

packets.
These packets are
sent to prevent loops when a packet has crossed too many hops.
<DT id="16"><I>ping_group_range</I> (two integers; default: see below; since Linux 2.6.39)

<DD>
Range of the group IDs (minimum and maximum group IDs, inclusive)
that are allowed to create ICMP Echo sockets.
The default is &quot;1 0&quot;, which
means no group is allowed to create ICMP Echo sockets.
</DL>
<A NAME="lbAE">&nbsp;</A>
<H2>VERSIONS</H2>

Support for the
<B>ICMP_ADDRESS</B>

request was removed in 2.2.
<P>

Support for
<B>ICMP_SOURCE_QUENCH</B>

was removed in Linux 2.2.
<A NAME="lbAF">&nbsp;</A>
<H2>NOTES</H2>

As many other implementations don't support
<B>IPPROTO_ICMP</B>

raw sockets, this feature
should not be relied on in portable programs.



<P>

<B>ICMP_REDIRECT</B>

packets are not sent when Linux is not acting as a router.
They are also accepted only from the old gateway defined in the
routing table and the redirect routes are expired after some time.
<P>

The 64-bit timestamp returned by
<B>ICMP_TIMESTAMP</B>

is in milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
<P>

Linux ICMP internally uses a raw socket to send ICMPs.
This raw socket may appear in
<B><A HREF="/cgi-bin/man/man2html?8+netstat">netstat</A></B>(8)

output with a zero inode.
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>

<B><A HREF="/cgi-bin/man/man2html?7+ip">ip</A></B>(7),

<B><A HREF="/cgi-bin/man/man2html?8+rdisc">rdisc</A></B>(8)

<P>

RFC&nbsp;792 for a description of the ICMP protocol.
<A NAME="lbAH">&nbsp;</A>
<H2>COLOPHON</H2>

This page is part of release 5.05 of the Linux
<I>man-pages</I>

project.
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="17"><A HREF="#lbAB">NAME</A><DD>
<DT id="18"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DL>
<DT id="19"><A HREF="#lbAD">/proc interfaces</A><DD>
</DL>
<DT id="20"><A HREF="#lbAE">VERSIONS</A><DD>
<DT id="21"><A HREF="#lbAF">NOTES</A><DD>
<DT id="22"><A HREF="#lbAG">SEE ALSO</A><DD>
<DT id="23"><A HREF="#lbAH">COLOPHON</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:08 GMT, March 31, 2021
</BODY>
</HTML>