1ICMP(7) Linux Programmer's Manual ICMP(7)
2
3
4
6 icmp - Linux IPv4 ICMP kernel module.
7
9 This kernel protocol module implements the Internet Control Message
10 Protocol defined in RFC 792. It is used to signal error conditions and
11 for diagnosis. The user doesn't interact directly with this module;
12 instead it communicates with the other protocols in the kernel and
13 these pass the ICMP errors to the application layers. The kernel ICMP
14 module also answers ICMP requests.
15
16 A user protocol may receive ICMP packets for all local sockets by open‐
17 ing a raw socket with the protocol IPPROTO_ICMP. See raw(7) for more
18 information. The types of ICMP packets passed to the socket can be
19 filtered using the ICMP_FILTER socket option. ICMP packets are always
20 processed by the kernel too, even when passed to a user socket.
21
22 Linux limits the rate of ICMP error packets to each destination.
23 ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the destination
24 route of the incoming packets.
25
26 /proc interfaces
27 ICMP supports a set of /proc interfaces to configure some global IP pa‐
28 rameters. The parameters can be accessed by reading or writing files
29 in the directory /proc/sys/net/ipv4/. Most of these parameters are
30 rate limitations for specific ICMP types. Linux 2.2 uses a token
31 bucket filter to limit ICMPs. The value is the timeout in jiffies un‐
32 til the token bucket filter is cleared after a burst. A jiffy is a
33 system dependent unit, usually 10ms on i386 and about 1ms on alpha and
34 ia64.
35
36 icmp_destunreach_rate (Linux 2.2 to 2.4.9)
37 Maximum rate to send ICMP Destination Unreachable packets. This
38 limits the rate at which packets are sent to any individual
39 route or destination. The limit does not affect sending of
40 ICMP_FRAG_NEEDED packets needed for path MTU discovery.
41
42 icmp_echo_ignore_all (since Linux 2.2)
43 If this value is nonzero, Linux will ignore all ICMP_ECHO re‐
44 quests.
45
46 icmp_echo_ignore_broadcasts (since Linux 2.2)
47 If this value is nonzero, Linux will ignore all ICMP_ECHO pack‐
48 ets sent to broadcast addresses.
49
50 icmp_echoreply_rate (Linux 2.2 to 2.4.9)
51 Maximum rate for sending ICMP_ECHOREPLY packets in response to
52 ICMP_ECHOREQUEST packets.
53
54 icmp_errors_use_inbound_ifaddr (Boolean; default: disabled; since Linux
55 2.6.12)
56 If disabled, ICMP error messages are sent with the primary ad‐
57 dress of the exiting interface.
58
59 If enabled, the message will be sent with the primary address of
60 the interface that received the packet that caused the ICMP er‐
61 ror. This is the behavior that many network administrators will
62 expect from a router. And it can make debugging complicated
63 network layouts much easier.
64
65 Note that if no primary address exists for the interface se‐
66 lected, then the primary address of the first non-loopback in‐
67 terface that has one will be used regardless of this setting.
68
69 icmp_ignore_bogus_error_responses (Boolean; default: disabled; since
70 Linux 2.2)
71 Some routers violate RFC1122 by sending bogus responses to
72 broadcast frames. Such violations are normally logged via a
73 kernel warning. If this parameter is enabled, the kernel will
74 not give such warnings, which will avoid log file clutter.
75
76 icmp_paramprob_rate (Linux 2.2 to 2.4.9)
77 Maximum rate for sending ICMP_PARAMETERPROB packets. These
78 packets are sent when a packet arrives with an invalid IP
79 header.
80
81 icmp_ratelimit (integer; default: 1000; since Linux 2.4.10)
82 Limit the maximum rates for sending ICMP packets whose type
83 matches icmp_ratemask (see below) to specific targets. 0 to
84 disable any limiting, otherwise the minimum space between re‐
85 sponses in milliseconds.
86
87 icmp_ratemask (integer; default: see below; since Linux 2.4.10)
88 Mask made of ICMP types for which rates are being limited.
89
90 Significant bits: IHGFEDCBA9876543210
91 Default mask: 0000001100000011000 (0x1818)
92
93 Bit definitions (see the Linux kernel source file in‐
94 clude/linux/icmp.h):
95
96 0 Echo Reply
97 3 Destination Unreachable *
98 4 Source Quench *
99 5 Redirect
100 8 Echo Request
101 B Time Exceeded *
102 C Parameter Problem *
103 D Timestamp Request
104 E Timestamp Reply
105 F Info Request
106 G Info Reply
107 H Address Mask Request
108 I Address Mask Reply
109
110 The bits marked with an asterisk are rate limited by default (see the
111 default mask above).
112
113 icmp_timeexceed_rate (Linux 2.2 to 2.4.9)
114 Maximum rate for sending ICMP_TIME_EXCEEDED packets. These
115 packets are sent to prevent loops when a packet has crossed too
116 many hops.
117
118 ping_group_range (two integers; default: see below; since Linux 2.6.39)
119 Range of the group IDs (minimum and maximum group IDs, inclu‐
120 sive) that are allowed to create ICMP Echo sockets. The default
121 is "1 0", which means no group is allowed to create ICMP Echo
122 sockets.
123
125 Support for the ICMP_ADDRESS request was removed in 2.2.
126
127 Support for ICMP_SOURCE_QUENCH was removed in Linux 2.2.
128
130 As many other implementations don't support IPPROTO_ICMP raw sockets,
131 this feature should not be relied on in portable programs.
132
133 ICMP_REDIRECT packets are not sent when Linux is not acting as a
134 router. They are also accepted only from the old gateway defined in
135 the routing table and the redirect routes are expired after some time.
136
137 The 64-bit timestamp returned by ICMP_TIMESTAMP is in milliseconds
138 since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
139
140 Linux ICMP internally uses a raw socket to send ICMPs. This raw socket
141 may appear in netstat(8) output with a zero inode.
142
144 ip(7), rdisc(8)
145
146 RFC 792 for a description of the ICMP protocol.
147
149 This page is part of release 5.10 of the Linux man-pages project. A
150 description of the project, information about reporting bugs, and the
151 latest version of this page, can be found at
152 https://www.kernel.org/doc/man-pages/.
153
154
155
156Linux 2017-11-26 ICMP(7)