1ICMP(7)                    Linux Programmer's Manual                   ICMP(7)
2
3
4

NAME

6       icmp - Linux IPv4 ICMP kernel module.
7

DESCRIPTION

9       This  kernel  protocol  module  implements the Internet Control Message
10       Protocol defined in RFC 792.  It is used to signal error conditions and
11       for  diagnosis.   The  user doesn't interact directly with this module;
12       instead it communicates with the other  protocols  in  the  kernel  and
13       these  pass the ICMP errors to the application layers.  The kernel ICMP
14       module also answers ICMP requests.
15
16       A user protocol may receive ICMP packets for all local sockets by open‐
17       ing  a  raw socket with the protocol IPPROTO_ICMP.  See raw(7) for more
18       information.  The types of ICMP packets passed to  the  socket  can  be
19       filtered  using the ICMP_FILTER socket option.  ICMP packets are always
20       processed by the kernel too, even when passed to a user socket.
21
22       Linux limits the rate  of  ICMP  error  packets  to  each  destination.
23       ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the destination
24       route of the incoming packets.
25
26   /proc interfaces
27       ICMP supports a set of /proc interfaces to configure some global IP pa‐
28       rameters.   The  parameters can be accessed by reading or writing files
29       in the directory /proc/sys/net/ipv4/.  Most  of  these  parameters  are
30       rate  limitations  for  specific  ICMP  types.   Linux 2.2 uses a token
31       bucket filter to limit ICMPs.  The value is the timeout in jiffies  un‐
32       til  the  token  bucket  filter is cleared after a burst.  A jiffy is a
33       system dependent unit, usually 10ms on i386 and about 1ms on alpha  and
34       ia64.
35
36       icmp_destunreach_rate (Linux 2.2 to 2.4.9)
37              Maximum rate to send ICMP Destination Unreachable packets.  This
38              limits the rate at which packets  are  sent  to  any  individual
39              route  or  destination.   The  limit  does not affect sending of
40              ICMP_FRAG_NEEDED packets needed for path MTU discovery.
41
42       icmp_echo_ignore_all (since Linux 2.2)
43              If this value is nonzero, Linux will ignore  all  ICMP_ECHO  re‐
44              quests.
45
46       icmp_echo_ignore_broadcasts (since Linux 2.2)
47              If  this value is nonzero, Linux will ignore all ICMP_ECHO pack‐
48              ets sent to broadcast addresses.
49
50       icmp_echoreply_rate (Linux 2.2 to 2.4.9)
51              Maximum rate for sending ICMP_ECHOREPLY packets in  response  to
52              ICMP_ECHOREQUEST packets.
53
54       icmp_errors_use_inbound_ifaddr (Boolean; default: disabled; since Linux
55       2.6.12)
56              If disabled, ICMP error messages are sent with the  primary  ad‐
57              dress of the exiting interface.
58
59              If enabled, the message will be sent with the primary address of
60              the interface that received the packet that caused the ICMP  er‐
61              ror.  This is the behavior that many network administrators will
62              expect from a router.  And it  can  make  debugging  complicated
63              network layouts much easier.
64
65              Note  that  if  no  primary address exists for the interface se‐
66              lected, then the primary address of the first  non-loopback  in‐
67              terface that has one will be used regardless of this setting.
68
69       icmp_ignore_bogus_error_responses  (Boolean;  default:  disabled; since
70       Linux 2.2)
71              Some routers violate  RFC1122  by  sending  bogus  responses  to
72              broadcast  frames.   Such  violations  are normally logged via a
73              kernel warning.  If this parameter is enabled, the  kernel  will
74              not give such warnings, which will avoid log file clutter.
75
76       icmp_paramprob_rate (Linux 2.2 to 2.4.9)
77              Maximum  rate  for  sending  ICMP_PARAMETERPROB  packets.  These
78              packets are sent when  a  packet  arrives  with  an  invalid  IP
79              header.
80
81       icmp_ratelimit (integer; default: 1000; since Linux 2.4.10)
82              Limit  the  maximum  rates  for  sending ICMP packets whose type
83              matches icmp_ratemask (see below) to  specific  targets.   0  to
84              disable  any  limiting,  otherwise the minimum space between re‐
85              sponses in milliseconds.
86
87       icmp_ratemask (integer; default: see below; since Linux 2.4.10)
88              Mask made of ICMP types for which rates are being limited.
89
90              Significant bits: IHGFEDCBA9876543210
91              Default mask:     0000001100000011000 (0x1818)
92
93              Bit  definitions  (see  the  Linux  kernel   source   file   in‐
94              clude/linux/icmp.h):
95
96                   0 Echo Reply
97                   3 Destination Unreachable *
98                   4 Source Quench *
99                   5 Redirect
100                   8 Echo Request
101                   B Time Exceeded *
102                   C Parameter Problem *
103                   D Timestamp Request
104                   E Timestamp Reply
105                   F Info Request
106                   G Info Reply
107                   H Address Mask Request
108                   I Address Mask Reply
109
110       The  bits  marked with an asterisk are rate limited by default (see the
111       default mask above).
112
113       icmp_timeexceed_rate (Linux 2.2 to 2.4.9)
114              Maximum rate  for  sending  ICMP_TIME_EXCEEDED  packets.   These
115              packets  are sent to prevent loops when a packet has crossed too
116              many hops.
117
118       ping_group_range (two integers; default: see below; since Linux 2.6.39)
119              Range of the group IDs (minimum and maximum  group  IDs,  inclu‐
120              sive) that are allowed to create ICMP Echo sockets.  The default
121              is "1 0", which means no group is allowed to  create  ICMP  Echo
122              sockets.
123

VERSIONS

125       Support for the ICMP_ADDRESS request was removed in 2.2.
126
127       Support for ICMP_SOURCE_QUENCH was removed in Linux 2.2.
128

NOTES

130       As  many  other implementations don't support IPPROTO_ICMP raw sockets,
131       this feature should not be relied on in portable programs.
132
133       ICMP_REDIRECT packets are not sent  when  Linux  is  not  acting  as  a
134       router.   They  are  also accepted only from the old gateway defined in
135       the routing table and the redirect routes are expired after some time.
136
137       The 64-bit timestamp returned  by  ICMP_TIMESTAMP  is  in  milliseconds
138       since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
139
140       Linux ICMP internally uses a raw socket to send ICMPs.  This raw socket
141       may appear in netstat(8) output with a zero inode.
142

SEE ALSO

144       ip(7), rdisc(8)
145
146       RFC 792 for a description of the ICMP protocol.
147

COLOPHON

149       This page is part of release 5.10 of the Linux  man-pages  project.   A
150       description  of  the project, information about reporting bugs, and the
151       latest    version    of    this    page,    can     be     found     at
152       https://www.kernel.org/doc/man-pages/.
153
154
155
156Linux                             2017-11-26                           ICMP(7)
Impressum