ICMP
Section: Linux Programmer's Manual (7)
Updated: 27 Apr 1999
NAME
icmp, IPPROTO_ICMP - Linux IPv4 ICMP kernel module.
DESCRIPTION
This kernel protocol module implements the Internet Control Message Protocol
defined in RFC792. It is used to signal error conditions and for diagnosis.
The user doesn't interact directly with this module; instead it communicates
with the other protocols in the kernel and these pass the ICMP
errors to the application layers. The kernel ICMP module also
answers ICMP requests.
A user protocol may receive ICMP packets for all local sockets by opening
a raw socket with the protocol
IPPROTO_ICMP.
See
raw(7)
for more information.
The types of ICMP packets passed to the socket can be filtered using the
ICMP_FILTER
socket option. ICMP packets are always processed by the kernel too, even
when passed to a user socket.
Linux limits the rate of ICMP error packets to each destination.
ICMP_REDIRECT
and
ICMP_DEST_UNREACH
are also limited by the destination route of the incoming packets.
SYSCTLS
ICMP supports a sysctl interface to configure some global IP parameters. The sysctls
can be accessed by reading or writing the
/proc/sys/net/ipv4/*
files or with the
sysctl(2)
interface. Most of these sysctls are rate limitations for specific ICMP types.
Linux 2.2 uses a token bucket filter to limit ICMPs.
The value is the timeout in seconds until the token bucket filter is cleared
after a burst.
- icmp_destunreach_rate
-
Maximum rate to send ICMP Destination Unreachable packets. This limits the
rate at which packets are sent to any individual route or destination.
The limit does not affect sending of
ICMP_FRAG_NEEDED
packets needed for path MTU discovery.
- icmp_echo_ignore_all
-
If this value is non-zero, Linux will ignore all
ICMP_ECHO
requests.
- icmp_echo_ignore_broadcasts
-
If this value is non-zero, Linux will ignore all
ICMP_ECHO
packets sent to broadcast addresses.
- icmp_echoreply_rate
-
Maximum rate for sending
ICMP_ECHOREPLY
packets in response to
ICMP_ECHOREQUEST
packets.
- icmp_paramprob_rate
-
Maximum rate for sending
ICMP_PARAMETERPROB
packets.
These packets are sent when a packet arrives with an invalid IP header.
- icmp_timeexceed_rate
-
Maximum rate for sending
ICMP_TIME_EXCEEDED
packets. These packets are
sent to prevent loops when a packet has crossed too many hops.
NOTES
As many other implementations don't support
IPPROTO_ICMP
raw sockets, this feature
should not be relied on in portable programs.
ICMP_REDIRECT
packets are not sent when Linux is not acting as a router.
They are also only accepted from the old gateway defined in the routing table and
the redirect routes are expired after some time.
The 64-bit timestamp returned by
ICMP_TIMESTAMP
is in milliseconds since January 1, 1970.
Linux ICMP internally uses a raw socket to send ICMPs. This raw socket
may appear in
netstat(8)
output with a zero inode.
VERSIONS
Support for the
ICMP_ADDRESS
request was removed in 2.2.
Support for
ICMP_SOURCE_QUENCH
was removed in Linux 2.2.
SEE ALSO
ip(7)
RFC792 for a description of the ICMP protocol.