man-pages/man7/icmp.7

.\" This man page is Copyright (C) 1999 Andi Kleen <ak@muc.de>.
.\" Permission is granted to distribute possibly modified copies
.\" of this page provided the header is included verbatim,
.\" and in case of nontrivial modification author and date
.\" of the modification is added to the header.
.\" $Id: icmp.7,v 1.6 2000/08/14 08:03:45 ak Exp $
.TH ICMP 7 2008-11-24 "Linux" "Linux Programmer's Manual"
.SH NAME
icmp, IPPROTO_ICMP \- Linux IPv4 ICMP kernel module.
.SH DESCRIPTION
This kernel protocol module implements the Internet Control
Message Protocol defined in RFC\ 792.
It is used to signal error conditions and for diagnosis.
The user doesn't interact directly with this module;
instead it communicates with the other protocols in the kernel
and these pass the ICMP errors to the application layers.
The kernel ICMP module also answers ICMP requests.
.PP
A user protocol may receive ICMP packets for all local sockets by opening
a raw socket with the protocol
.BR IPPROTO_ICMP .
See
.BR raw (7)
for more information.
The types of ICMP packets passed to the socket can be filtered using the
.B ICMP_FILTER
socket option.
ICMP packets are always processed by the kernel too, even
when passed to a user socket.
.LP
Linux limits the rate of ICMP error packets to each destination.
.B ICMP_REDIRECT
and
.B ICMP_DEST_UNREACH
are also limited by the destination route of the incoming packets.
.SS /proc interfaces
ICMP supports a set of
.I /proc
interfaces to configure some global IP parameters.
The parameters can be accessed by reading or writing files in the directory
.IR /proc/sys/net/ipv4/ .
Most of these parameters are rate limitations for specific ICMP types.
Linux 2.2 uses a token bucket filter to limit ICMPs.
.\" FIXME better description needed
The value is the timeout in jiffies until the token bucket filter is
cleared after a burst.
A jiffy is a system dependent unit, usually 10ms on i386 and
about 1ms on alpha and ia64.
.TP
.IR icmp_destunreach_rate " (Linux 2.2 to 2.4.10)"
.\" Precisely: from 2.1.102
Maximum rate to send ICMP Destination Unreachable packets.
This limits the rate at which packets are sent to any individual
route or destination.
The limit does not affect sending of
.B ICMP_FRAG_NEEDED
packets needed for path MTU discovery.
.TP
.IR icmp_echo_ignore_all " (since Linux 2.2)"
.\" Precisely: 2.1.68
If this value is non-zero, Linux will ignore all
.B ICMP_ECHO
requests.
.TP
.IR icmp_echo_ignore_broadcasts " (since Linux 2.2)"
.\" Precisely: from 2.1.68
If this value is non-zero, Linux will ignore all
.B ICMP_ECHO
packets sent to broadcast addresses.
.TP
.IR icmp_echoreply_rate " (Linux 2.2 to 2.4.10)"
.\" Precisely: from 2.1.102
Maximum rate for sending
.B ICMP_ECHOREPLY
packets in response to
.B ICMP_ECHOREQUEST
packets.
.TP
.IR icmp_paramprob_rate " (Linux 2.2 to 2.4.10)"
.\" Precisely: from 2.1.102
Maximum rate for sending
.B ICMP_PARAMETERPROB
packets.
These packets are sent when a packet arrives with an invalid IP header.
.TP
.IR icmp_ratelimit " (integer; default: 1000; since Linux 2.4.10)"
.\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
Limit the maximum rates for sending ICMP packets whose type matches
.IR icmp_ratemask
(see below) to specific targets.
0 to disable any limiting,
otherwise the minimum space between responses in milliseconds.
.TP
.IR icmp_ratemask " (integer; default: see below; since Linux 2.4.10)"
.\" The following taken from 2.6.28-rc4 Documentation/networking/ip-sysctl.txt
Mask made of ICMP types for which rates are being limited.

Significant bits: IHGFEDCBA9876543210
.br
Default mask:     0000001100000011000 (0x1818)

Bit definitions (see the kernel source file
.IR include/linux/icmp.h ):

.in +4n
.nf
0 Echo Reply
3 Destination Unreachable *
4 Source Quench *
5 Redirect
8 Echo Request
B Time Exceeded *
C Parameter Problem *
D Timestamp Request
E Timestamp Reply
F Info Request
G Info Reply
H Address Mask Request
I Address Mask Reply
.fi
.in

The bits marked with an asterisk are rate limited by default
(see the default mask above).
.TP
.IR icmp_timeexceed_rate " (Linux 2.2 to 2.4.10)"
Maximum rate for sending
.B ICMP_TIME_EXCEEDED
packets.
These packets are
sent to prevent loops when a packet has crossed too many hops.
.SH VERSIONS
Support for the
.B ICMP_ADDRESS
request was removed in 2.2.
.PP
Support for
.B ICMP_SOURCE_QUENCH
was removed in Linux 2.2.
.SH NOTES
As many other implementations don't support
.B IPPROTO_ICMP
raw sockets, this feature
should not be relied on in portable programs.
.\" not really true ATM
.\" .PP
.\" Linux ICMP should be compliant to RFC 1122.
.PP
.B ICMP_REDIRECT
packets are not sent when Linux is not acting as a router.
They are also only accepted from the old gateway defined in the
routing table and the redirect routes are expired after some time.
.PP
The 64-bit timestamp returned by
.B ICMP_TIMESTAMP
is in milliseconds since January 1, 1970.
.PP
Linux ICMP internally uses a raw socket to send ICMPs.
This raw socket may appear in
.BR netstat (8)
output with a zero inode.
.SH "SEE ALSO"
.BR ip (7)
.PP
RFC\ 792 for a description of the ICMP protocol.