mirror of https://github.com/mkerrisk/man-pages
269 lines
8.2 KiB
Groff
269 lines
8.2 KiB
Groff
'\" t
|
|
.\" This man page is Copyright (C) 1999 Matthew Wilcox <willy@bofh.ai>.
|
|
.\" Permission is granted to distribute possibly modified copies
|
|
.\" of this page provided the header is included verbatim,
|
|
.\" and in case of nontrivial modification author and date
|
|
.\" of the modification is added to the header.
|
|
.\" Modified June 1999 Andi Kleen
|
|
.\" $Id: arp.7,v 1.10 2000/04/27 19:31:38 ak Exp $
|
|
.TH ARP 7 1999-06-03 "Linux Man Page" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
arp \- Linux ARP kernel module.
|
|
.SH DESCRIPTION
|
|
This kernel protocol module implements the Address Resolution
|
|
Protocol defined in RFC\ 826.
|
|
It is used to convert between Layer2 hardware addresses
|
|
and IPv4 protocol addresses on directly connected networks.
|
|
The user normally doesn't interact directly with this module except to
|
|
configure it;
|
|
instead it provides a service for other protocols in the kernel.
|
|
|
|
A user process can receive ARP packets by using
|
|
.BR packet (7)
|
|
sockets. There is also a mechanism for managing the ARP cache
|
|
in user-space by using
|
|
.BR netlink (7)
|
|
sockets. The ARP table can also be controlled via
|
|
.BR ioctl (2)
|
|
on any
|
|
.B PF_INET
|
|
socket.
|
|
|
|
The ARP module maintains a cache of mappings between hardware addresses
|
|
and protocol addresses. The cache has a limited size so old and less
|
|
frequently used entries are garbage-collected. Entries which are marked
|
|
as permanent are never deleted by the garbage-collector. The cache can
|
|
be directly manipulated by the use of ioctls and its behaviour can be
|
|
tuned by the sysctls defined below.
|
|
|
|
When there is no positive feedback for an existing mapping after some
|
|
time (see the sysctls below) a neighbour cache entry is considered stale.
|
|
Positive feedback can be gotten from a higher layer; for example from
|
|
a successful TCP ACK. Other protocols can signal forward progress
|
|
using the
|
|
.B MSG_CONFIRM
|
|
flag to
|
|
.BR sendmsg (2).
|
|
When there is no forward progress ARP tries to reprobe.
|
|
It first tries to ask a local arp daemon
|
|
.B app_solicit
|
|
times for an updated MAC address.
|
|
If that fails and an old MAC address is known an unicast probe is send
|
|
.B ucast_solicit
|
|
times. If that fails too it will broadcast a new ARP
|
|
request to the network. Requests are only send when there is data queued
|
|
for sending.
|
|
|
|
Linux will automatically add a non-permanent proxy arp entry when it
|
|
receives a request for an address it forwards to and proxy arp is
|
|
enabled on the receiving interface.
|
|
When there is a reject route for the target no proxy arp entry is added.
|
|
|
|
.SH IOCTLS
|
|
Three ioctls are available on all
|
|
.B PF_INET
|
|
sockets.
|
|
They take a pointer to a
|
|
.I struct arpreq
|
|
as their parameter.
|
|
|
|
.nf
|
|
.ta 4 20 33
|
|
struct arpreq {
|
|
struct sockaddr arp_pa; /* protocol address */
|
|
struct sockaddr arp_ha; /* hardware address */
|
|
int arp_flags; /* flags */
|
|
struct sockaddr arp_netmask; /* netmask of protocol address */
|
|
char arp_dev[16];
|
|
};
|
|
.fi
|
|
|
|
.BR SIOCSARP ", " SIOCDARP " and " SIOCGARP
|
|
respectively set, delete and get an ARP mapping.
|
|
Setting & deleting ARP maps are privileged operations and may
|
|
only be performed by a process with the
|
|
.B CAP_NET_ADMIN
|
|
capability or an effective UID of 0.
|
|
|
|
.I arp_pa
|
|
must be an
|
|
.B AF_INET
|
|
socket and
|
|
.I arp_ha
|
|
must have the same type as the device which is specified in
|
|
.IR arp_dev .
|
|
.I arp_dev
|
|
is a zero-terminated string which names a device.
|
|
|
|
.TS
|
|
tab(:) allbox;
|
|
c s
|
|
l l.
|
|
\fIarp_flags\fR
|
|
flag:meaning
|
|
ATF_COM:Lookup complete
|
|
ATF_PERM:Permanent entry
|
|
ATF_PUBL:Publish entry
|
|
ATF_USETRAILERS:Trailers requested
|
|
ATF_NETMASK:Use a netmask
|
|
ATF_DONTPUB:Don't answer
|
|
.TE
|
|
|
|
.PP
|
|
|
|
If the
|
|
.B ATF_NETMASK
|
|
flag is set, then
|
|
.I arp_netmask
|
|
should be valid.
|
|
Linux 2.2 does not support proxy network ARP entries, so this
|
|
should be set to 0xffffffff, or 0 to remove an existing proxy arp entry.
|
|
.B ATF_USETRAILERS
|
|
is obsolete and should not be used.
|
|
|
|
.SH SYSCTLS
|
|
ARP supports a sysctl interface to configure parameters on a global
|
|
or per-interface basis.
|
|
The sysctls can be accessed by reading or writing the
|
|
.I /proc/sys/net/ipv4/neigh/*/*
|
|
files or with the
|
|
.BR sysctl (2)
|
|
interface. Each interface in the system has its own directory in
|
|
/proc/sys/net/ipv4/neigh/.
|
|
The setting in the `default' directory is used for all newly created
|
|
devices.
|
|
Unless otherwise specified time related sysctls are specified
|
|
in seconds.
|
|
.TP
|
|
.B anycast_delay
|
|
The maximum number of jiffies to delay before replying to a
|
|
IPv6 neighbour solicitation message.
|
|
Anycast support is not yet implemented.
|
|
Defaults to 1 second.
|
|
.TP
|
|
.B app_solicit
|
|
The maximum number of probes to send to the user space ARP daemon via
|
|
netlink before dropping back to multicast probes (see
|
|
.IR mcast_solicit ).
|
|
Defaults to 0.
|
|
.TP
|
|
.B base_reachable_time
|
|
Once a neighbour has been found, the entry is considered to be valid
|
|
for at least a random value between
|
|
.IR base_reachable_time "/2 and 3*" base_reachable_time /2.
|
|
An entry's validity will be extended if it receives positive feedback
|
|
from higher level protocols.
|
|
Defaults to 30 seconds.
|
|
.TP
|
|
.B delay_first_probe_time
|
|
Delay before first probe after it has been decided that a neighbour
|
|
is stale.
|
|
Defaults to 5 seconds.
|
|
.TP
|
|
.B gc_interval
|
|
How frequently the garbage collector for neighbour entries
|
|
should attempt to run.
|
|
Defaults to 30 seconds.
|
|
.TP
|
|
.B gc_stale_time
|
|
Determines how often to check for stale neighbour entries. When
|
|
a neighbour entry is considered stale it is resolved again before
|
|
sending data to it.
|
|
Defaults to 60 seconds.
|
|
.TP
|
|
.B gc_thresh1
|
|
The minimum number of entries to keep in the ARP cache.
|
|
The garbage collector will not run if there are fewer than
|
|
this number of entries in the cache.
|
|
Defaults to 128.
|
|
.TP
|
|
.B gc_thresh2
|
|
The soft maximum number of entries to keep in the ARP cache.
|
|
The garbage collector will allow the number of entries to exceed
|
|
this for 5 seconds before collection will be performed.
|
|
Defaults to 512.
|
|
.TP
|
|
.B gc_thresh3
|
|
The hard maximum number of entries to keep in the ARP cache.
|
|
The garbage collector will always run if there are more than
|
|
this number of entries in the cache.
|
|
Defaults to 1024.
|
|
.TP
|
|
.B locktime
|
|
The minimum number of jiffies to keep an ARP entry in the cache.
|
|
This prevents ARP cache thrashing if there is more than one potential
|
|
mapping (generally due to network misconfiguration).
|
|
Defaults to 1 second.
|
|
.TP
|
|
.B mcast_solicit
|
|
The maximum number of attempts to resolve an address by
|
|
multicast/broadcast before marking the entry as unreachable.
|
|
Defaults to 3.
|
|
.TP
|
|
.B proxy_delay
|
|
When an ARP request for a known proxy-ARP address is received, delay up to
|
|
.I proxy_delay
|
|
jiffies before replying.
|
|
This is used to prevent network flooding in some cases.
|
|
Defaults to 0.8 seconds.
|
|
.TP
|
|
.B proxy_qlen
|
|
The maximum number of packets which may be queued to proxy-ARP addresses.
|
|
Defaults to 64.
|
|
.TP
|
|
.B retrans_time
|
|
The number of jiffies to delay before retransmitting a request.
|
|
Defaults to 1 second.
|
|
.TP
|
|
.B ucast_solicit
|
|
The maximum number of attempts to send unicast probes before asking
|
|
the ARP daemon (see
|
|
.IR app_solicit ).
|
|
Defaults to 3.
|
|
.TP
|
|
.B unres_qlen
|
|
The maximum number of packets which may be queued for each unresolved
|
|
address by other network layers.
|
|
Defaults to 3.
|
|
|
|
.SH BUGS
|
|
Some timer settings are specified in jiffies, which is architecture
|
|
related.
|
|
On the Alpha a jiffy is 1/1024 of a second, on most other
|
|
architectures it is 1/100s.
|
|
|
|
There is no way to signal positive feedback from user space.
|
|
This means connection oriented protocols implemented in user space
|
|
will generate excessive ARP traffic, because ndisc will regularly
|
|
reprobe the MAC address.
|
|
The same problem applies for some kernel protocols (e.g. NFS over UDP).
|
|
|
|
This man page mashes IPv4 specific and shared between IPv4 and IPv6
|
|
functionality together.
|
|
|
|
.SH VERSIONS
|
|
The
|
|
.I struct arpreq
|
|
changed in Linux 2.0 to include the
|
|
.I arp_dev
|
|
member and the ioctl numbers changed at the same time.
|
|
Support for the old ioctls was dropped in Linux 2.2.
|
|
|
|
Support for proxy arp entries for networks (netmask not equal 0xffffffff)
|
|
was dropped in Linux 2.2. It is replaced by automatic proxy arp setup by
|
|
the kernel for all reachable hosts on other interfaces (when
|
|
forwarding and proxy arp is enabled for the interface).
|
|
|
|
The neigh/* sysctls did not exist before Linux 2.2.
|
|
|
|
.SH "SEE ALSO"
|
|
.BR capabilities (7),
|
|
.BR ip (7)
|
|
.PP
|
|
RFC\ 826 for a description of ARP.
|
|
.br
|
|
RFC\ 2461 for a description of IPv6 neighbour discovery and the base
|
|
algorithms used.
|
|
.LP
|
|
Linux 2.2+ IPv4 ARP uses the IPv6 algorithms when applicable.
|