1aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\documentstyle[12pt,twoside]{article} 2aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\def\TITLE{IP Command Reference} 3aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\input preamble 4aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{center} 5aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\Large\bf IP Command Reference. 6aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{center} 7aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 8aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 9aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{center} 10aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger{ \large Alexey~N.~Kuznetsov } \\ 11aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\em Institute for Nuclear Research, Moscow \\ 12aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|kuznet@ms2.inr.ac.ru| \\ 13aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\rm April 14, 1999 14aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{center} 15aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 16aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vspace{5mm} 17aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 18aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\tableofcontents 19aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 20aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\newpage 21aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 22aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{About this document} 23aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 24aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis document presents a comprehensive description of the \verb|ip| utility 25aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom the \verb|iproute2| package. It is not a tutorial or user's guide. 26aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is a {\em dictionary\/}, not explaining terms, 27aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbut translating them into other terms, which may also be unknown to the reader. 28aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerHowever, the document is self-contained and the reader, provided they have a 29aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbasic networking background, will find enough information 30aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand examples to understand and configure Linux-2.2 IP and IPv6 31aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetworking. 32aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 33aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis document is split into sections explaining \verb|ip| commands 34aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand options, decrypting \verb|ip| output and containing a few examples. 35aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerMore voluminous examples and some topics, which require more elaborate 36aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdiscussion, are in the appendix. 37aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 38aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe paragraphs beginning with NB contain side notes, warnings about 39aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbugs and design drawbacks. They may be skipped at the first reading. 40aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 41aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip} --- command syntax} 42aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 43aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe generic form of an \verb|ip| command is: 44aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 45aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]] 46aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 47aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhere \verb|OPTIONS| is a set of optional modifiers affecting the 48aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergeneral behaviour of the \verb|ip| utility or changing its output. All options 49aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbegin with the character \verb|'-'| and may be used in either long or abbreviated 50aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerforms. Currently, the following options are available: 51aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 52aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 53aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-V|, \verb|-Version| 54aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 55aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- print the version of the \verb|ip| utility and exit. 56aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 57aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 58aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-s|, \verb|-stats|, \verb|-statistics| 59aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 60aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- output more information. If the option 61aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerappears twice or more, the amount of information increases. 62aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAs a rule, the information is statistics or some time values. 63aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 645cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\item \verb|-d|, \verb|-details| 655cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 665cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk--- output more detailed information. 67aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 68aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-f|, \verb|-family| followed by a protocol family 69aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeridentifier: \verb|inet|, \verb|inet6| or \verb|link|. 70aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 71aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- enforce the protocol family to use. If the option is not present, 72aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe protocol family is guessed from other arguments. If the rest of the command 73aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerline does not give enough information to guess the family, \verb|ip| falls back to the default 74aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerone, usually \verb|inet| or \verb|any|. \verb|link| is a special family 75aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeridentifier meaning that no networking protocol is involved. 76aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 77aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-4| 78aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 79aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- shortcut for \verb|-family inet|. 80aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 81aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-6| 82aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 83aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- shortcut for \verb|-family inet6|. 84aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 85aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-0| 86aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 87aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- shortcut for \verb|-family link|. 88aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 89aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 90aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-o|, \verb|-oneline| 91aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 92aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- output each record on a single line, replacing line feeds 93aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the \verb|'\'| character. This is convenient when you want to 94aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercount records with \verb|wc| or to \verb|grep| the output. The trivial 95aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerscript \verb|rtpr| converts the output back into readable form. 96aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 97aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|-r|, \verb|-resolve| 98aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 99aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- use the system's name resolver to print DNS names instead of 100aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhost addresses. 101aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 102aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 103aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Do not use this option when reporting bugs or asking for advice. 104aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 105aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 106aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \verb|ip| never uses DNS to resolve names to addresses. 107aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 108aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1095cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\item \verb|-b|, \verb|-batch FILE| 1105cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 1115cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk--- read commands from provided file or standart input and invoke them. 1125cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkFirst failure will cause termination of \verb|ip|. 1135cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkIn batch \verb|FILE| everything which begins with \verb|#| symbol is 1145cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkignored and can be used for comments. 1155cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\paragraph{Example:} 1165cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\begin{verbatim} 1175cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkkuznet@kaiser $ cat /tmp/ip_batch.ip 1185cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk# This is a comment 1195cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimktuntap add mode tap tap1 # This is an another comment 1205cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimklink set up dev tap1 1215cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkaddr add 10.0.0.1/24 dev tap1 1225cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkkuznet@kaiser $ sudo ip -b /tmp/ip_batch.ip 1235cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\end{verbatim} 1245cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkor from standart input: 1255cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\begin{verbatim} 1265cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkkuznet@kaiser $ cat /tmp/ip_batch.ip | sudo ip -b - 1275cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\end{verbatim} 1285cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 1295cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\item \verb|-force| 1305cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 1315cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk--- don't terminate ip on errors in batch mode. 1325cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkIf there were any errors during execution of the commands, 1335cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkthe application return code will be non zero. 1345cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 1355cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk\item \verb|-l|, \verb|-loops COUNT| 1365cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 1375cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk--- specify maximum number of loops the 'ip addr flush' logic will attempt 1385cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkbefore giving up. The default is 10. Zero (0) means loop until all 1395cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimkaddresses are removed. 1405cb6aa0348b5df47b5c9d3692526f4980d8db6e2vadimk 141aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 142aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 143aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|OBJECT| is the object to manage or to get information about. 144aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe object types currently understood by \verb|ip| are: 145aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 146aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 147aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|link| --- network device 148aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|address| --- protocol (IP or IPv6) address on a device 149aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|neighbour| --- ARP or NDISC cache entry 150aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|route| --- routing table entry 151aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|rule| --- rule in routing policy database 152aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|maddress| --- multicast address 153aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mroute| --- multicast routing cache entry 154aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tunnel| --- tunnel over IP 155aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 156aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 157aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAgain, the names of all objects may be written in full or 158aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerabbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr| 159aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror just \verb|a|. 160aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 161aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|COMMAND| specifies the action to perform on the object. 162aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe set of possible actions depends on the object type. 163aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAs a rule, it is possible to \verb|add|, \verb|delete| and 164aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|show| (or \verb|list|) objects, but some objects 165aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdo not allow all of these operations or have some additional commands. 166aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|help| command is available for all objects. It prints 167aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerout a list of available commands and argument syntax conventions. 168aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 169aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf no command is given, some default command is assumed. 170aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerUsually it is \verb|list| or, if the objects of this class 171aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercannot be listed, \verb|help|. 172aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 173aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ARGUMENTS| is a list of arguments to the command. 174aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe arguments depend on the command and object. There are two types of arguments: 175aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger{\em flags\/}, consisting of a single keyword, and {\em parameters\/}, 176aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerconsisting of a keyword followed by a value. For convenience, 177aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingereach command has some {\em default parameter\/} 178aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich may be omitted. F.e.\ parameter \verb|dev| is the default 179aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent 180aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto {\tt ip link ls dev eth0}. 181aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn the command descriptions below such parameters 182aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare distinguished with the marker: ``(default)''. 183aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 184aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAlmost all keywords may be abbreviated with several first (or even single) 185aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerletters. The shortcuts are convenient when \verb|ip| is used interactively, 186aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbut they are not recommended in scripts or when reporting bugs 187aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror asking for advice. ``Officially'' allowed abbreviations are listed 188aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the document body. 189aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 190aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 191aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 192aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip} --- error messages} 193aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 194aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| may fail for one of the following reasons: 195aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 196aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 197aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 198aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerA syntax error on the command line: an unknown keyword, incorrectly formatted 199aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIP address {\em et al\/}. In this case \verb|ip| prints an error message 200aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand exits. As a rule, the error message will contain information 201aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerabout the reason for the failure. Sometimes it also prints a help page. 202aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 203aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 204aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe arguments did not pass verification for self-consistency. 205aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 206aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 207aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| failed to compile a kernel request from the arguments 208aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause the user didn't give enough information. 209aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 210aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 211aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe kernel returned an error to some syscall. In this case \verb|ip| 212aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprints the error message, as it is output with \verb|perror(3)|, 213aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprefixed with a comment and a syscall identifier. 214aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 215aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 216aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe kernel returned an error to some RTNETLINK request. 217aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case \verb|ip| prints the error message, as it is output 218aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith \verb|perror(3)| prefixed with ``RTNETLINK answers:''. 219aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 220aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 221aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 222aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAll the operations are atomic, i.e.\ 223aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif the \verb|ip| utility fails, it does not change anything 224aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the system. One harmful exception is \verb|ip link| command 225aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(Sec.\ref{IP-LINK}, p.\pageref{IP-LINK}), 226aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich may change only some of the device parameters given 227aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron command line. 228aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 229aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is difficult to list all the error messages (especially 230aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersyntax errors). However, as a rule, their meaning is clear 231aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom the context of the command. 232aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 233aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe most common mistakes are: 234aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 235aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 236aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Netlink is not configured in the kernel. The message is: 237aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 238aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCannot open netlink socket: Invalid value 239aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 240aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 241aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item RTNETLINK is not configured in the kernel. In this case 242aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerone of the following messages may be printed, depending on the command: 243aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 244aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCannot talk to rtnetlink: Connection refused 245aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCannot send dump request: Connection refused 246aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 247aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 248aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item The \verb|CONFIG_IP_MULTIPLE_TABLES| option was not selected 249aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhen configuring the kernel. In this case any attempt to use the 250aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| \verb|rule| command will fail, f.e. 251aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 252aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@kaiser $ ip rule list 253aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRTNETLINK error: Invalid argument 254aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdump terminated 255aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 256aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 257aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 258aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 259aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 260aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip link} --- network device configuration} 261aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-LINK} 262aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 263aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} A \verb|link| is a network device and the corresponding 264aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercommands display and change the state of devices. 265aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 266aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|set| and \verb|show| (or \verb|list|). 267aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 268aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip link set} --- change device attributes} 269aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 270aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|set|, \verb|s|. 271aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 272aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 273aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 274aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 275aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| (default) 276aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 277aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \verb|NAME| specifies the network device on which to operate. 278aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 279aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|up| and \verb|down| 280aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 281aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the state of the device to \verb|UP| or \verb|DOWN|. 282aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 283aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|arp on| or \verb|arp off| 284aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 285aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the \verb|NOARP| flag on the device. 286aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 287aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 288aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis operation is {\em not allowed\/} if the device is in state \verb|UP|. 289aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThough neither the \verb|ip| utility nor the kernel check for this condition. 290aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerYou can get unpredictable results changing this flag while the 291aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdevice is running. 292aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 293aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 294aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|multicast on| or \verb|multicast off| 295aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 296aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the \verb|MULTICAST| flag on the device. 297aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 298aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dynamic on| or \verb|dynamic off| 299aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 300aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the \verb|DYNAMIC| flag on the device. 301aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 302aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|name NAME| 303aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 304aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the name of the device. This operation is not 305aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrecommended if the device is running or has some addresses 306aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeralready configured. 307aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 308aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|txqueuelen NUMBER| or \verb|txqlen NUMBER| 309aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 310aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the transmit queue length of the device. 311aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 312aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mtu NUMBER| 313aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 314aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the MTU of the device. 315aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 316aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|address LLADDRESS| 317aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 318aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the station address of the interface. 319aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 320aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|broadcast LLADDRESS|, \verb|brd LLADDRESS| or \verb|peer LLADDRESS| 321aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 322aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the link layer broadcast address or the peer address when 323aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe interface is \verb|POINTOPOINT|. 324aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 325aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vskip 1mm 326aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 327aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor most devices (f.e.\ for Ethernet) changing the link layer 328aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbroadcast address will break networking. 329aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerDo not use it, if you do not understand what this operation really does. 330aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 331aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 332e2613dc8605e56dbc53890ebbae263f93610bd41Benjamin Thery\item \verb|netns PID| 333e2613dc8605e56dbc53890ebbae263f93610bd41Benjamin Thery 334e2613dc8605e56dbc53890ebbae263f93610bd41Benjamin Thery--- move the device to the network namespace associated with the process PID. 335e2613dc8605e56dbc53890ebbae263f93610bd41Benjamin Thery 336aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 337aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 338aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vskip 1mm 339aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 340e17b7337f1ce0c7367215fe73b4722524ec1bdf3Tomas JanousekThe \verb|PROMISC| and \verb|ALLMULTI| flags are considered 341e17b7337f1ce0c7367215fe73b4722524ec1bdf3Tomas Janousekobsolete and should not be changed administratively, though 342e17b7337f1ce0c7367215fe73b4722524ec1bdf3Tomas Janousekthe {\tt ip} utility will allow that. 343aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 344aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 345aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Warning:} If multiple parameter changes are requested, 346aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| aborts immediately after any of the changes have failed. 347aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis is the only case when \verb|ip| can move the system to 348aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeran unpredictable state. The solution is to avoid changing 349aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerseveral parameters with one {\tt ip link set} call. 350aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 351aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 352aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 353aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip link set dummy address 00:00:00:00:00:01| 354aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 355aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change the station address of the interface \verb|dummy|. 356aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 357aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip link set dummy up| 358aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 359aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- start the interface \verb|dummy|. 360aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 361aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 362aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 363aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 364aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip link show} --- display device attributes} 365aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-LINK-SHOW} 366aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 367aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|, 368aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|l|. 369aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 370aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 371aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 372aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| (default) 373aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 374aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \verb|NAME| specifies the network device to show. 375aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf this argument is omitted all devices are listed. 376aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 377aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|up| 378aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 379aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only display running interfaces. 380aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 381aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 382aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 383aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 384aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 385aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 386aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 387aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip link ls eth0 388aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100 389aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff 390aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip link ls sit0 391aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger5: sit0@NONE: <NOARP,UP> mtu 1480 qdisc noqueue 392aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/sit 0.0.0.0 brd 0.0.0.0 393aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip link ls dummy 394aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger2: dummy: <BROADCAST,NOARP> mtu 1500 qdisc noop 395aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 396aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 397aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 398aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 399aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 400aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe number before each colon is an {\em interface index\/} or {\em ifindex\/}. 401aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis number uniquely identifies the interface. This is followed by the {\em interface name\/} 402aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(\verb|eth0|, \verb|sit0| etc.). The interface name is also 403aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerunique at every given moment. However, the interface may disappear from the 404aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlist (f.e.\ when the corresponding driver module is unloaded) and another 405aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerone with the same name may be created later. Besides that, 406aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe administrator may change the name of any device with 407aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| \verb|link| \verb|set| \verb|name| 408aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto make it more intelligible. 409aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 410aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe interface name may have another name or \verb|NONE| appended 411aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerafter the \verb|@| sign. This means that this device is bound to some other 412aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdevice, 413aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeri.e.\ packets send through it are encapsulated and sent via the ``master'' 414aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdevice. If the name is \verb|NONE|, the master is unknown. 415aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 416aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen we see the interface {\em mtu\/} (``maximal transfer unit''). This determines 417aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe maximal size of data which can be sent as a single packet over this interface. 418aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 419aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger{\em qdisc\/} (``queuing discipline'') shows the queuing algorithm used 420aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron the interface. Particularly, \verb|noqueue| means that this interface 421aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdoes not queue anything and \verb|noop| means that the interface is in blackhole 422aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermode i.e.\ all packets sent to it are immediately discarded. 423aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger{\em qlen\/} is the default transmit queue length of the device measured 424aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin packets. 425aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 426aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe interface flags are summarized in the angle brackets. 427aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 428aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 429aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|UP| --- the device is turned on. It is ready to accept 430aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpackets for transmission and it may inject into the kernel packets received 431aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom other nodes on the network. 432aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 433aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|LOOPBACK| --- the interface does not communicate with other 434aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhosts. All packets sent through it will be returned 435aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand nothing but bounced packets can be received. 436aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 437aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|BROADCAST| --- the device has the facility to send packets 438aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto all hosts sharing the same link. A typical example is an Ethernet link. 439aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 440aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|POINTOPOINT| --- the link has only two ends with one node 441aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerattached to each end. All packets sent to this link will reach the peer 442aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand all packets received by us came from this single peer. 443aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 444aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf neither \verb|LOOPBACK| nor \verb|BROADCAST| nor \verb|POINTOPOINT| 445aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare set, the interface is assumed to be NMBA (Non-Broadcast Multi-Access). 446aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis is the most generic type of device and the most complicated one, because 447aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe host attached to a NBMA link has no means to send to anyone 448aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwithout additionally configured information. 449aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 450aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|MULTICAST| --- is an advisory flag indicating that the interface 451aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris aware of multicasting i.e.\ sending packets to some subset of neighbouring 452aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernodes. Broadcasting is a particular case of multicasting, where the multicast 453aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergroup consists of all nodes on the link. It is important to emphasize 454aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthat software {\em must not\/} interpret the absence of this flag as the inability 455aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto use multicasting on this interface. Any \verb|POINTOPOINT| and 456aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|BROADCAST| link is multicasting by definition, because we have 457aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdirect access to all the neighbours and, hence, to any part of them. 458aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCertainly, the use of high bandwidth multicast transfers is not recommended 459aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron broadcast-only links because of high expense, but it is not strictly 460aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprohibited. 461aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 462aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|PROMISC| --- the device listens to and feeds to the kernel all 463aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertraffic on the link even if it is not destined for us, not broadcasted 464aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand not destined for a multicast group of which we are member. Usually 465aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis mode exists only on broadcast links and is used by bridges and for network 466aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermonitoring. 467aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 468aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ALLMULTI| --- the device receives all multicast packets 469aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwandering on the link. This mode is used by multicast routers. 470aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 471aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|NOARP| --- this flag is different from the other ones. It has 472aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerno invariant value and its interpretation depends on the network protocols 473aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinvolved. As a rule, it indicates that the device needs no address 474aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerresolution and that the software or hardware knows how to deliver packets 475aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwithout any help from the protocol stacks. 476aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 477aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is 478aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdynamically created and destroyed. 479aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 480aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|SLAVE| --- this interface is bonded to some other interfaces 481aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto share link capacities. 482aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 483aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 484aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 485aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vskip 1mm 486aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 487aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThere are other flags but they are either obsolete (\verb|NOTRAILERS|) 488aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror not implemented (\verb|DEBUG|) or specific to some devices 489aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(\verb|MASTER|, \verb|AUTOMEDIA| and \verb|PORTSEL|). We do not discuss 490aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthem here. 491aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 492aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 493aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 494aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe second line contains information on the link layer addresses 495aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerassociated with the device. The first word (\verb|ether|, \verb|sit|) 496aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdefines the interface hardware type. This type determines the format and semantics 497aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the addresses and is logically part of the address. 498aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe default format of the station address and the broadcast address 499aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(or the peer address for pointopoint links) is a 500aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersequence of hexadecimal bytes separated by colons, but some link 501aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertypes may have their natural address format, f.e.\ addresses 502aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof tunnels over IP are printed as dotted-quad IP addresses. 503aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 504aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vskip 1mm 505aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 506aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger NBMA links have no well-defined broadcast or peer address, 507aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger however this field may contain useful information, f.e.\ 508aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger about the address of broadcast relay or about the address of the ARP server. 509aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 510aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 511aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerMulticast addresses are not shown by this command, see 512aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this 513aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdocument). 514aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 515aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 516aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 517aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also 518aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprints interface statistics: 519aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 520aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 521aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip -s link ls eth0 522aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100 523aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff 524aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger RX: bytes packets errors dropped overrun mcast 525aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2449949362 2786187 0 0 0 0 526aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger TX: bytes packets errors dropped carrier collsns 527aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 178558497 1783945 332 0 332 35172 528aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 529aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 530aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|RX:| and \verb|TX:| lines summarize receiver and transmitter 531aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstatistics. They contain: 532aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 533aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|bytes| --- the total number of bytes received or transmitted 534aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron the interface. This number wraps when the maximal length of the data type 535aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernatural for the architecture is exceeded, so continuous monitoring requires 536aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera user level daemon snapping it periodically. 537aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|packets| --- the total number of packets received or transmitted 538aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron the interface. 539aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|errors| --- the total number of receiver or transmitter errors. 540aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dropped| --- the total number of packets dropped due to lack 541aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof resources. 542aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|overrun| --- the total number of receiver overruns resulting 543aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin dropped packets. As a rule, if the interface is overrun, it means 544aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerserious problems in the kernel or that your machine is too slow 545aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor this interface. 546aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mcast| --- the total number of received multicast packets. This option 547aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris only supported by a few devices. 548aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|carrier| --- total number of link media failures f.e.\ because 549aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof lost carrier. 550aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|collsns| --- the total number of collision events 551aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron Ethernet-like media. This number may have a different sense on other 552aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlink types. 553aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|compressed| --- the total number of compressed packets. This is 554aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeravailable only for links using VJ header compression. 555aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 556aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 557aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 558aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the \verb|-s| option is entered twice or more, 559aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| prints more detailed statistics on receiver 560aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand transmitter errors. 561aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 562aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 563aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip -s -s link ls eth0 564aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100 565aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff 566aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger RX: bytes packets errors dropped overrun mcast 567aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2449949362 2786187 0 0 0 0 568aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger RX errors: length crc frame fifo missed 569aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 0 0 0 0 0 570aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger TX: bytes packets errors dropped carrier collsns 571aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 178558497 1783945 332 0 332 35172 572aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger TX errors: aborted fifo window heartbeat 573aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 0 0 0 332 574aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 575aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 576aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThese error names are pure Ethernetisms. Other devices 577aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay have non zero values in these fields but they may be 578aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinterpreted differently. 579aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 580aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 581aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip address} --- protocol address management} 582aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 583aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|address|, \verb|addr|, \verb|a|. 584aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 585aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached 586aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto a network device. Each device must have at least one address 587aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto use the corresponding protocol. It is possible to have several 588aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdifferent addresses attached to one device. These addresses are not 589aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdiscriminated, so that the term {\em alias\/} is not quite appropriate 590aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor them and we do not use it in this document. 591aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 592aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|ip addr| command displays addresses and their properties, 593aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradds new addresses and deletes old ones. 594aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 595aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|flush| and \verb|show| 596aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(or \verb|list|). 597aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 598aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 599aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip address add} --- add a new protocol address} 600aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ADDR-ADD} 601aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 602aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|. 603aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 604aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 605aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 606aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 607aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 608aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 609aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent--- the name of the device to add the address to. 610aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 611aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|local ADDRESS| (default) 612aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 613aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address of the interface. The format of the address depends 614aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords 615aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerseparated by colons for IPv6. The \verb|ADDRESS| may be followed by 616aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera slash and a decimal number which encodes the network prefix length. 617aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 618aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 619aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|peer ADDRESS| 620aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 621aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address of the remote endpoint for pointopoint interfaces. 622aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAgain, the \verb|ADDRESS| may be followed by a slash and a decimal number, 623aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerencoding the network prefix length. If a peer address is specified, 624aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe local address {\em cannot\/} have a prefix length. The network prefix is associated 625aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the peer rather than with the local address. 626aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 627aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 628aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|broadcast ADDRESS| 629aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 630aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the broadcast address on the interface. 631aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 632aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is possible to use the special symbols \verb|'+'| and \verb|'-'| 633aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinstead of the broadcast address. In this case, the broadcast address 634aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris derived by setting/resetting the host bits of the interface prefix. 635aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 636aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\vskip 1mm 637aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 638aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerUnlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast 639aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress unless explicitly requested. 640aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 641aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 642aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 643aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|label NAME| 644aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 645aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- Each address may be tagged with a label string. 646aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn order to preserve compatibility with Linux-2.0 net aliases, 647aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis string must coincide with the name of the device or must be prefixed 648aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the device name followed by colon. 649aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 650aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 651aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|scope SCOPE_VALUE| 652aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 653aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the scope of the area where this address is valid. 654aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe available scopes are listed in file \verb|/etc/iproute2/rt_scopes|. 655aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerPredefined scope values are: 656aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 657aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \begin{itemize} 658aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|global| --- the address is globally valid. 659aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|site| --- (IPv6 only) the address is site local, 660aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger i.e.\ it is valid inside this site. 661aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|link| --- the address is link local, i.e.\ 662aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger it is valid only on this device. 663aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|host| --- the address is valid only inside this host. 664aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \end{itemize} 665aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 666aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAppendix~\ref{ADDR-SEL} (p.\pageref{ADDR-SEL} of this document) 667aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontains more details on address scopes. 668aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 669aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 670aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 671aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 672aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 673aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host| 674aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 675aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- add the usual loopback address to the loopback device. 676aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 677aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias| 678aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 679aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- add the address 10.0.0.1 with prefix length 24 (i.e.\ netmask 680aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|255.255.255.0|), standard broadcast and label \verb|eth0:Alias| 681aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the interface \verb|eth0|. 682aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 683aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 684aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 685aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip address delete} --- delete a protocol address} 686aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 687aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|. 688aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 689aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|. 690aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe device name is a required argument. The rest are optional. 691aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf no arguments are given, the first address is deleted. 692aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 693aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 694aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 695aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip addr del 127.0.0.1/8 dev lo| 696aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 697aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- deletes the loopback address from the loopback device. 698aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt would be best not to repeat this experiment. 699aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 700aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Disable IP on the interface \verb|eth0|: 701aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 702aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger while ip -f inet addr del dev eth0; do 703aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger : nothing 704aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger done 705aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 706aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAnother method to disable IP on an interface using {\tt ip addr flush} 707aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay be found in sec.\ref{IP-ADDR-FLUSH}, p.\pageref{IP-ADDR-FLUSH}. 708aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 709aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 710aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 711aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 712aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip address show} --- display protocol addresses} 713aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 714aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|, 715aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|l|. 716aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 717aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 718aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 719aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 720aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| (default) 721aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 722aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the name of the device. 723aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 724aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|scope SCOPE_VAL| 725aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 726aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list addresses with this scope. 727aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 728aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to PREFIX| 729aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 730aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list addresses matching this prefix. 731aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 732aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|label PATTERN| 733aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 734aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list addresses with labels matching the \verb|PATTERN|. 735aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|PATTERN| is a usual shell style pattern. 736aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 737aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 738aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dynamic| and \verb|permanent| 739aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 740aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (IPv6 only) only list addresses installed due to stateless 741aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress configuration or only list permanent (not dynamic) addresses. 742aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 743aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tentative| 744aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 745aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (IPv6 only) only list addresses which did not pass duplicate 746aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress detection. 747aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 748aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|deprecated| 749aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 750aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (IPv6 only) only list deprecated addresses. 751aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 752aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 753aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|primary| and \verb|secondary| 754aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 755aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list primary (or secondary) addresses. 756aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 757aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 758aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 759aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 760aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 761aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 762aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 763aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip addr ls eth0 764aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100 765aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff 766aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger inet 193.233.7.90/24 brd 193.233.7.255 scope global eth0 767aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger inet6 3ffe:2400:0:1:2a0:ccff:fe66:1878/64 scope global dynamic 768aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger valid_lft forever preferred_lft 604746sec 769aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger inet6 fe80::2a0:ccff:fe66:1878/10 scope link 770aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 771aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 772aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 773aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe first two lines coincide with the output of \verb|ip link ls|. 774aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is natural to interpret link layer addresses 775aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeras addresses of the protocol family \verb|AF_PACKET|. 776aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 777aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen the list of IP and IPv6 addresses follows, accompanied by 778aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradditional address attributes: scope value (see Sec.\ref{IP-ADDR-ADD}, 779aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerp.\pageref{IP-ADDR-ADD} above), flags and the address label. 780aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 781aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAddress flags are set by the kernel and cannot be changed 782aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradministratively. Currently, the following flags are defined: 783aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 784aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 785aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|secondary| 786aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 787aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address is not used when selecting the default source address 788aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof outgoing packets (Cf.\ Appendix~\ref{ADDR-SEL}, p.\pageref{ADDR-SEL}.). 789aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAn IP address becomes secondary if another address with the same 790aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprefix bits already exists. The first address is primary. 791aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is the leader of the group of all secondary addresses. When the leader 792aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris deleted, all secondaries are purged too. 7933a9e4821b6f1c3bb87c52fe4ef11707e5dc0b75aAndreas HenrikssonThere is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries| 7943a9e4821b6f1c3bb87c52fe4ef11707e5dc0b75aAndreas Henrikssonwhich activate secondaries promotion when a primary is deleted. 7953a9e4821b6f1c3bb87c52fe4ef11707e5dc0b75aAndreas HenrikssonTo permanently enable this feature on all devices add 7963a9e4821b6f1c3bb87c52fe4ef11707e5dc0b75aAndreas Henriksson\verb|net.ipv4.conf.all.promote_secondaries=1| to \verb|/etc/sysctl.conf|. 7973a9e4821b6f1c3bb87c52fe4ef11707e5dc0b75aAndreas HenrikssonThis tweak is available in linux 2.6.15 and later. 798aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 799aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 800aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dynamic| 801aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 802aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address was created due to stateless autoconfiguration~\cite{RFC-ADDRCONF}. 803aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case the output also contains information on times, when 804aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe address is still valid. After \verb|preferred_lft| expires the address is 805aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermoved to the deprecated state. After \verb|valid_lft| expires the address 806aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris finally invalidated. 807aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 808aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|deprecated| 809aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 810aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address is deprecated, i.e.\ it is still valid, but cannot 811aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbe used by newly created connections. 812aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 813aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tentative| 814aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 815aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address is not used because duplicate address detection~\cite{RFC-ADDRCONF} 816aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris still not complete or failed. 817aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 818aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 819aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 820aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 821aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip address flush} --- flush protocol addresses} 822aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ADDR-FLUSH} 823aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 824aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|flush|, \verb|f|. 825aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 826aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:}This command flushes the protocol addresses 827aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerselected by some criteria. 828aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 829aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} This command has the same arguments as \verb|show|. 830aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe difference is that it does not run when no arguments are given. 831aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 832aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Warning:} This command (and other \verb|flush| commands 833aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdescribed below) is pretty dangerous. If you make a mistake, it will 834aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernot forgive it, but will cruelly purge all the addresses. 835aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 836aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} With the \verb|-statistics| option, the command 837aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecomes verbose. It prints out the number of deleted addresses and the number 838aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof rounds made to flush the address list. If this option is given 839aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertwice, \verb|ip addr flush| also dumps all the deleted addresses 840aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the format described in the previous subsection. 841aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 842aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} Delete all the addresses from the private network 843aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger10.0.0.0/8: 844aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 845aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -s -s a f to 10/8 846aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger2: dummy inet 10.7.7.7/16 brd 10.7.255.255 scope global dummy 847aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3: eth0 inet 10.10.7.7/16 brd 10.10.255.255 scope global eth0 848aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger4: eth1 inet 10.8.7.7/16 brd 10.8.255.255 scope global eth1 849aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 850aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Round 1, deleting 3 addresses *** 851aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Flush is complete after 1 round *** 852aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # 853aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 854aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAnother instructive example is disabling IP on all the Ethernets: 855aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 856aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -4 addr flush label "eth*" 857aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 858aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAnd the last example shows how to flush all the IPv6 addresses 859aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeracquired by the host from stateless address autoconfiguration 860aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerafter you enabled forwarding or disabled autoconfiguration. 861aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 862aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -6 addr flush dynamic 863aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 864aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 865aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 866aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 867aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip neighbour} --- neighbour/arp tables management} 868aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 869aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|neighbour|, \verb|neighbor|, \verb|neigh|, 870aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|n|. 871aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 872aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|neighbour| objects establish bindings between protocol 873aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddresses and link layer addresses for hosts sharing the same link. 874aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNeighbour entries are organized into tables. The IPv4 neighbour table 875aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris known by another name --- the ARP table. 876aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 877aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe corresponding commands display neighbour bindings 878aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand their properties, add new neighbour entries and delete old ones. 879aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 880aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|add|, \verb|change|, \verb|replace|, 881aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|delete|, \verb|flush| and \verb|show| (or \verb|list|). 882aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 883aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{See also:} Appendix~\ref{PROXY-NEIGH}, p.\pageref{PROXY-NEIGH} 884aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdescribes how to manage proxy ARP/NDISC with the \verb|ip| utility. 885aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 886aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 887aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip neighbour add} --- add a new neighbour entry\\ 888aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip neighbour change} --- change an existing entry\\ 889aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip neighbour replace} --- add a new entry or change an existing one} 890aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 891aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|; 892aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|replace|, \verb|repl|. 893aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 894aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} These commands create new neighbour records 895aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror update existing ones. 896aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 897aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 898aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 899aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 900aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to ADDRESS| (default) 901aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 902aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the protocol address of the neighbour. It is either an IPv4 or IPv6 address. 903aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 904aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 905aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 906aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the interface to which this neighbour is attached. 907aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 908aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 909aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|lladdr LLADDRESS| 910aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 911aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the link layer address of the neighbour. \verb|LLADDRESS| can also be 912aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|null|. 913aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 914aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nud NUD_STATE| 915aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 916aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour 917aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerUnreachability Detection''. The state can take one of the following values: 918aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 919aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 920aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed 921aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradministratively. 922aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|noarp| --- the neighbour entry is valid. No attempts to validate 923aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis entry will be made but it can be removed when its lifetime expires. 924aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|reachable| --- the neighbour entry is valid until the reachability 925aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertimeout expires. 926aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|stale| --- the neighbour entry is valid but suspicious. 927aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis option to \verb|ip neigh| does not change the neighbour state if 928aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerit was valid and the address is not changed by this command. 929aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 930aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 931aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 932aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 933aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 934aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 935aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm| 936aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 937aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- add a permanent ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|. 938aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 939aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable| 940aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 941aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- change its state to \verb|reachable|. 942aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 943aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 944aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 945aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip neighbour delete} --- delete a neighbour entry} 946aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 947aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|. 948aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 949aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} This command invalidates a neighbour entry. 950aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 951aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|, 952aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerexcept that \verb|lladdr| and \verb|nud| are ignored. 953aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 954aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 955aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} 956aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 957aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip neigh del 10.0.0.3 dev eth0| 958aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 959aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- invalidate an ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|. 960aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 961aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 962aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 963aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 964aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The deleted neighbour entry will not disappear from the tables 965aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger immediately. If it is in use it cannot be deleted until the last 966aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger client releases it. Otherwise it will be destroyed during 967aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger the next garbage collection. 968aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 969aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 970aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 971aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Warning:} Attempts to delete or manually change 972aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera \verb|noarp| entry created by the kernel may result in unpredictable behaviour. 973aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerParticularly, the kernel may try to resolve this address even 974aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron a \verb|NOARP| interface or if the address is multicast or broadcast. 975aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 976aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 977aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip neighbour show} --- list neighbour entries} 978aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 979aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|. 980aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 981aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:}This commands displays neighbour tables. 982aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 983aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 984aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 985aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 986aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 987aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to ADDRESS| (default) 988aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 989aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the prefix selecting the neighbours to list. 990aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 991aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 992aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 993aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list the neighbours attached to this device. 994aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 995aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|unused| 996aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 997aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list neighbours which are not currently in use. 998aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 999aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nud NUD_STATE| 1000aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1001aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list neighbour entries in this state. \verb|NUD_STATE| takes 1002aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingervalues listed below or the special value \verb|all| which means all states. 1003aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis option may occur more than once. If this option is absent, \verb|ip| 1004aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlists all entries except for \verb|none| and \verb|noarp|. 1005aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1006aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1007aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1008aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1009aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 1010aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1011aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1012aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip neigh ls 1013aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger:: dev lo lladdr 00:00:00:00:00:00 nud noarp 1014aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfe80::200:cff:fe76:3f85 dev eth0 lladdr 00:00:0c:76:3f:85 router \ 1015aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger nud stale 1016aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger0.0.0.0 dev lo lladdr 00:00:00:00:00:00 nud noarp 1017aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 nud reachable 1018aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.85 dev eth0 lladdr 00:e0:1e:63:39:00 nud stale 1019aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 1020aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1021aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1022aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe first word of each line is the protocol address of the neighbour. 1023aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen the device name follows. The rest of the line describes the contents of 1024aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe neighbour entry identified by the pair (device, address). 1025aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1026aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|lladdr| is the link layer address of the neighbour. 1027aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1028aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|nud| is the state of the ``neighbour unreachability detection'' machine 1029aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor this entry. The detailed description of the neighbour 1030aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstate machine can be found in~\cite{RFC-NDISC}. Here is the full list 1031aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the states with short descriptions: 1032aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1033aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 1034aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|none| --- the state of the neighbour is void. 1035aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|incomplete| --- the neighbour is in the process of resolution. 1036aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|reachable| --- the neighbour is valid and apparently reachable. 1037aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|stale| --- the neighbour is valid, but is probably already 1038aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerunreachable, so the kernel will try to check it at the first transmission. 1039aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting 1040aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor confirmation. 1041aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|probe| --- the delay timer expired but no confirmation was received. 1042aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe kernel has started to probe the neighbour with ARP/NDISC messages. 1043aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|failed| --- resolution has failed. 1044aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|noarp| --- the neighbour is valid. No attempts to check the entry 1045aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwill be made. 1046aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator 1047aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay remove the entry from the neighbour table. 1048aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 1049aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1050aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe link layer address is valid in all states except for \verb|none|, 1051aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|failed| and \verb|incomplete|. 1052aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1053aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIPv6 neighbours can be marked with the additional flag \verb|router| 1054aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich means that the neighbour introduced itself as an IPv6 router~\cite{RFC-NDISC}. 1055aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1056aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} The \verb|-statistics| option displays some usage 1057aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstatistics, f.e.\ 1058aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1059aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1060aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip -s n ls 193.233.7.254 1061aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 ref 5 used 12/13/20 \ 1062aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger nud reachable 1063aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 1064aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1065aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1066aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerHere \verb|ref| is the number of users of this entry 1067aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand \verb|used| is a triplet of time intervals in seconds 1068aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerseparated by slashes. In this case they show that: 1069aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1070aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 1071aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item the entry was used 12 seconds ago. 1072aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item the entry was confirmed 13 seconds ago. 1073aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item the entry was updated 20 seconds ago. 1074aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 1075aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1076aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip neighbour flush} --- flush neighbour entries} 1077aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1078aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|flush|, \verb|f|. 1079aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1080aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:}This command flushes neighbour tables, selecting 1081aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerentries to flush by some criteria. 1082aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1083aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} This command has the same arguments as \verb|show|. 1084aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe differences are that it does not run when no arguments are given, 1085aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand that the default neighbour states to be flushed do not include 1086aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|permanent| and \verb|noarp|. 1087aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1088aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1089aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} With the \verb|-statistics| option, the command 1090aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecomes verbose. It prints out the number of deleted neighbours and the number 1091aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof rounds made to flush the neighbour table. If the option is given 1092aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertwice, \verb|ip neigh flush| also dumps all the deleted neighbours 1093aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the format described in the previous subsection. 1094aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1095aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} 1096aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1097aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip -s -s n f 193.233.7.254 1098aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 ref 5 used 12/13/20 \ 1099aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger nud reachable 1100aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1101aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Round 1, deleting 1 entries *** 1102aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Flush is complete after 1 round *** 1103aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # 1104aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1105aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1106aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1107aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip route} --- routing table management} 1108aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ROUTE} 1109aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1110aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|route|, \verb|ro|, \verb|r|. 1111aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1112aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|route| entries in the kernel routing tables keep 1113aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinformation about paths to other networked nodes. 1114aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1115aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEach route entry has a {\em key\/} consisting of a {\em prefix\/} 1116aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(i.e.\ a pair containing a network address and the length of its mask) and, 1117aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeroptionally, the TOS value. An IP packet matches the route if the highest 1118aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbits of its destination address are equal to the route prefix at least 1119aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerup to the prefix length and if the TOS of the route is zero or equal to 1120aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe TOS of the packet. 1121aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1122aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf several routes match the packet, the following pruning rules 1123aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare used to select the best one (see~\cite{RFC1812}): 1124aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 1125aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item The longest matching prefix is selected. All shorter ones 1126aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare dropped. 1127aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1128aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If the TOS of some route with the longest prefix is equal to the TOS 1129aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the packet, the routes with different TOS are dropped. 1130aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1131aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf no exact TOS match was found and routes with TOS=0 exist, 1132aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe rest of routes are pruned. 1133aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1134aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerOtherwise, the route lookup fails. 1135aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1136aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If several routes remain after the previous steps, then 1137aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe routes with the best preference values are selected. 1138aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1139aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If we still have several routes, then the {\em first\/} of them 1140aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris selected. 1141aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1142aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1143aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Note the ambiguity of the last step. Unfortunately, Linux 1144aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger historically allows such a bizarre situation. The sense of the 1145aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerword ``first'' depends on the order of route additions and it is practically 1146aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerimpossible to maintain a bundle of such routes in this order. 1147aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1148aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1149aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor simplicity we will limit ourselves to the case where such a situation 1150aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris impossible and routes are uniquely identified by the triplet 1151aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\{prefix, tos, preference\}. Actually, it is impossible to create 1152aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernon-unique routes with \verb|ip| commands described in this section. 1153aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1154aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerOne useful exception to this rule is the default route on non-forwarding 1155aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhosts. It is ``officially'' allowed to have several fallback routes 1156aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhen several routers are present on directly connected networks. 1157aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case, Linux-2.2 makes ``dead gateway detection''~\cite{RFC1122} 1158aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontrolled by neighbour unreachability detection and by advice 1159aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom transport protocols to select a working router, so the order 1160aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the routes is not essential. However, in this case, 1161aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfiddling with default routes manually is not recommended. Use the Router Discovery 1162aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprotocol (see Appendix~\ref{EXAMPLE-SETUP}, p.\pageref{EXAMPLE-SETUP}) 1163aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinstead. Actually, Linux-2.2 IPv6 does not give user level applications 1164aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerany access to default routes. 1165aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 1166aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1167aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCertainly, the steps above are not performed exactly 1168aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin this sequence. Instead, the routing table in the kernel is kept 1169aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin some data structure to achieve the final result 1170aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith minimal cost. However, not depending on a particular 1171aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrouting algorithm implemented in the kernel, we can summarize 1172aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe statements above as: a route is identified by the triplet 1173aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\{prefix, tos, preference\}. This {\em key\/} lets us locate 1174aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe route in the routing table. 1175aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1176aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Route attributes:} Each route key refers to a routing 1177aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinformation record containing 1178aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe data required to deliver IP packets (f.e.\ output device and 1179aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernext hop router) and some optional attributes (f.e. the path MTU or 1180aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe preferred source address when communicating with this destination). 1181aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThese attributes are described in the following subsection. 1182aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1183aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Route types:} \label{IP-ROUTE-TYPES} 1184aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is important that the set 1185aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof required and optional attributes depend on the route {\em type\/}. 1186aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe most important route type 1187aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris \verb|unicast|. It describes real paths to other hosts. 1188aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAs a rule, common routing tables contain only such routes. However, 1189aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthere are other types of routes with different semantics. The 1190aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfull list of types understood by Linux-2.2 is: 1191aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1192aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|unicast| --- the route entry describes real paths to the 1193aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdestinations covered by the route prefix. 1194aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|unreachable| --- these destinations are unreachable. Packets 1195aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare discarded and the ICMP message {\em host unreachable\/} is generated. 1196aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe local senders get an \verb|EHOSTUNREACH| error. 1197aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|blackhole| --- these destinations are unreachable. Packets 1198aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare discarded silently. The local senders get an \verb|EINVAL| error. 1199aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|prohibit| --- these destinations are unreachable. Packets 1200aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare discarded and the ICMP message {\em communication administratively 1201aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprohibited\/} is generated. The local senders get an \verb|EACCES| error. 1202aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|local| --- the destinations are assigned to this 1203aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhost. The packets are looped back and delivered locally. 1204aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|broadcast| --- the destinations are broadcast addresses. 1205aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe packets are sent as link broadcasts. 1206aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|throw| --- a special control route used together with policy 1207aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup 1208aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin this table is terminated pretending that no route was found. 1209aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWithout policy routing it is equivalent to the absence of the route in the routing 1210aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertable. The packets are dropped and the ICMP message {\em net unreachable\/} 1211aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris generated. The local senders get an \verb|ENETUNREACH| error. 1212aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nat| --- a special NAT route. Destinations covered by the prefix 1213aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare considered to be dummy (or external) addresses which require translation 1214aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto real (or internal) ones before forwarding. The addresses to translate to 1215aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare selected with the attribute \verb|via|. More about NAT is 1216aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin Appendix~\ref{ROUTE-NAT}, p.\pageref{ROUTE-NAT}. 1217aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|anycast| --- ({\em not implemented\/}) the destinations are 1218aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger{\em anycast\/} addresses assigned to this host. They are mainly equivalent 1219aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto \verb|local| with one difference: such addresses are invalid when used 1220aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeras the source address of any packet. 1221aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|multicast| --- a special type used for multicast routing. 1222aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is not present in normal routing tables. 1223aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1224aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1225aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Route tables:} Linux-2.2 can pack routes into several routing 1226aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertables identified by a number in the range from 1 to 255 or by 1227aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingername from the file \verb|/etc/iproute2/rt_tables|. By default all normal 1228aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroutes are inserted into the \verb|main| table (ID 254) and the kernel only uses 1229aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis table when calculating routes. 1230aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1231aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerActually, one other table always exists, which is invisible but 1232aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingereven more important. It is the \verb|local| table (ID 255). This table 1233aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerconsists of routes for local and broadcast addresses. The kernel maintains 1234aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis table automatically and the administrator usually need not modify it 1235aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror even look at it. 1236aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1237aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe multiple routing tables enter the game when {\em policy routing\/} 1238aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}. 1239aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case, the table identifier effectively becomes 1240aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerone more parameter, which should be added to the triplet 1241aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\{prefix, tos, preference\} to uniquely identify the route. 1242aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1243aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1244aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip route add} --- add a new route\\ 1245aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip route change} --- change a route\\ 1246aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip route replace} --- change a route or add a new one} 1247aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ROUTE-ADD} 1248aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1249aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|; 1250aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \verb|replace|, \verb|repl|. 1251aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1252aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1253aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 1254aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1255aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to PREFIX| or \verb|to TYPE PREFIX| (default) 1256aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1257aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the destination prefix of the route. If \verb|TYPE| is omitted, 1258aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE| 1259aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed 1260aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby a slash and the prefix length. If the length of the prefix is missing, 1261aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| assumes a full-length host route. There is also a special 1262aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or 1263aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto IPv6 \verb|::/0|. 1264aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1265aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tos TOS| or \verb|dsfield TOS| 1266aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1267aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the Type Of Service (TOS) key. This key has no associated mask and 1268aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe longest match is understood as: First, compare the TOS 1269aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the route and of the packet. If they are not equal, then the packet 1270aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal 1271aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernumber or an identifier from {\tt /etc/iproute2/rt\_dsfield}. 1272aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1273aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1274aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|metric NUMBER| or \verb|preference NUMBER| 1275aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1276aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number. 1277aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1278aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|table TABLEID| 1279aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1280aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the table to add this route to. 1281aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|TABLEID| may be a number or a string from the file 1282aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|/etc/iproute2/rt_tables|. If this parameter is omitted, 1283aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| assumes the \verb|main| table, with the exception of 1284aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|local|, \verb|broadcast| and \verb|nat| routes, which are 1285aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerput into the \verb|local| table by default. 1286aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1287aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 1288aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1289aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the output device name. 1290aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1291aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|via ADDRESS| 1292aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1293aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the address of the nexthop router. Actually, the sense of this field depends 1294aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron the route type. For normal \verb|unicast| routes it is either the true nexthop 1295aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrouter or, if it is a direct route installed in BSD compatibility mode, 1296aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerit can be a local address of the interface. 1297aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor NAT routes it is the first address of the block of translated IP destinations. 1298aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1299aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|src ADDRESS| 1300aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1301aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the source address to prefer when sending to the destinations 1302aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercovered by the route prefix. 1303aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1304aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|realm REALMID| 1305aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1306aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the realm to which this route is assigned. 1307aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|REALMID| may be a number or a string from the file 1308aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|/etc/iproute2/rt_realms|. Sec.\ref{RT-REALMS} (p.\pageref{RT-REALMS}) 1309aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontains more information on realms. 1310aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1311aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mtu MTU| or \verb|mtu lock MTU| 1312aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1313aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the MTU along the path to the destination. If the modifier \verb|lock| is 1314aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernot used, the MTU may be updated by the kernel due to Path MTU Discovery. 1315aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the modifier \verb|lock| is used, no path MTU discovery will be tried, 1316aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerall packets will be sent without the DF bit in IPv4 case 1317aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror fragmented to MTU for IPv6. 1318aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1319aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|window NUMBER| 1320aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1321aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the maximal window for TCP to advertise to these destinations, 1322aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeasured in bytes. It limits maximal data bursts that our TCP 1323aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpeers are allowed to send to us. 1324aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1325aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|rtt NUMBER| 1326aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1327aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the initial RTT (``Round Trip Time'') estimate. 1328aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1329aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1330aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|rttvar NUMBER| 1331aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1332aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \threeonly the initial RTT variance estimate. 1333aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1334aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1335aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ssthresh NUMBER| 1336aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1337aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \threeonly an estimate for the initial slow start threshold. 1338aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1339aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1340aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|cwnd NUMBER| 1341aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1342aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \threeonly the clamp for congestion window. It is ignored if the \verb|lock| 1343aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger flag is not used. 1344aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1345aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1346aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|advmss NUMBER| 1347aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1348aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \threeonly the MSS (``Maximal Segment Size'') to advertise to these 1349aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger destinations when establishing TCP connections. If it is not given, 1350aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Linux uses a default value calculated from the first hop device MTU. 1351aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1352aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1353aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger If the path to these destination is asymmetric, this guess may be wrong. 1354aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1355aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1356aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|reordering NUMBER| 1357aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1358aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- \threeonly Maximal reordering on the path to this destination. 1359aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger If it is not given, Linux uses the value selected with \verb|sysctl| 1360aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger variable \verb|net/ipv4/tcp_reordering|. 1361aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 136271e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef\item \verb|hoplimit NUMBER| 1363aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 136471e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef--- [2.5.74+ only] Maximum number of hops on the path to this destination. 136571e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef The default is the value selected with the \verb|sysctl| variable 136671e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef \verb|net/ipv4/ip_default_ttl|. 136771e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef 136871e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef\item \verb|initcwnd NUMBER| 136971e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef--- [2.5.70+ only] Initial congestion window size for connections to 137071e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef this destination. Actual window size is this value multiplied by the 137171e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef MSS (``Maximal Segment Size'') for same connection. The default is 137271e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef zero, meaning to use the values specified in~\cite{RFC2414}. 1373aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1374f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey+\item \verb|initrwnd NUMBER| 1375f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey 1376f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey+--- [2.6.33+ only] Initial receive window size for connections to 1377f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey+ this destination. The actual window size is this value multiplied 1378f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey+ by the MSS (''Maximal Segment Size'') of the connection. The default 1379f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey+ value is zero, meaning to use Slow Start value. 1380f5fd80039fb95242ad8d5796bdf2f52190a058b4laurent chavey 1381aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nexthop NEXTHOP| 1382aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1383aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the nexthop of a multipath route. \verb|NEXTHOP| is a complex value 1384aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith its own syntax similar to the top level argument lists: 1385aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1386aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|via ADDRESS| is the nexthop router. 1387aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| is the output device. 1388aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|weight NUMBER| is a weight for this element of a multipath 1389aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroute reflecting its relative bandwidth or quality. 1390aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1391aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1392aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|scope SCOPE_VAL| 1393aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1394aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the scope of the destinations covered by the route prefix. 1395aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|SCOPE_VAL| may be a number or a string from the file 1396aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|/etc/iproute2/rt_scopes|. 1397aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf this parameter is omitted, 1398aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast| 1399aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroutes, scope \verb|link| for direct \verb|unicast| and \verb|broadcast| routes 1400aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand scope \verb|host| for \verb|local| routes. 1401aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1402aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|protocol RTPROTO| 1403aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1404aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the routing protocol identifier of this route. 1405aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|RTPROTO| may be a number or a string from the file 1406aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|/etc/iproute2/rt_protos|. If the routing protocol ID is 1407aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernot given, \verb|ip| assumes protocol \verb|boot| (i.e.\ 1408aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerit assumes the route was added by someone who doesn't 1409aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerunderstand what they are doing). Several protocol values have a fixed interpretation. 1410aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNamely: 1411aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1412aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|redirect| --- the route was installed due to an ICMP redirect. 1413aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|kernel| --- the route was installed by the kernel during 1414aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerautoconfiguration. 1415aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|boot| --- the route was installed during the bootup sequence. 1416aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf a routing daemon starts, it will purge all of them. 1417aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|static| --- the route was installed by the administrator 1418aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto override dynamic routing. Routing daemon will respect them 1419aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand, probably, even advertise them to its peers. 1420aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ra| --- the route was installed by Router Discovery protocol. 1421aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1422aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe rest of the values are not reserved and the administrator is free 1423aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto assign (or not to assign) protocol tags. At least, routing 1424aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdaemons should take care of setting some unique protocol values, 1425aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerf.e.\ as they are assigned in \verb|rtnetlink.h| or in \verb|rt_protos| 1426aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdatabase. 1427aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1428aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1429aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|onlink| 1430aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1431aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- pretend that the nexthop is directly attached to this link, 1432aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingereven if it does not match any interface prefix. One application of this 1433aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeroption may be found in~\cite{IP-TUNNELS}. 1434aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1435194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\item \verb|pref PREF| 1436194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel 1437194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel--- the IPv6 route preference. 1438194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\verb|PREF| PREF is a string specifying the route preference as defined in 1439194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir RintelRFC4191 for Router Discovery messages. Namely: 1440194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\begin{itemize} 1441194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\item \verb|low| --- the route has a lowest priority. 1442194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\item \verb|medium| --- the route has a default priority. 1443194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\item \verb|high| --- the route has a highest priority. 1444194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel\end{itemize} 1445194e9b855d05310cb3c400b1ca7fce3deca7c96aLubomir Rintel 1446aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1447aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1448aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1449aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1450aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Actually there are more commands: \verb|prepend| does the same 1451aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger thing as classic \verb|route add|, i.e.\ adds a route, even if another 1452aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger route to the same destination exists. Its opposite case is \verb|append|, 1453aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger which adds the route to the end of the list. Avoid these 1454aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger features. 1455aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1456aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1457aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger More sad news, IPv6 only understands the \verb|append| command correctly. 1458aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger All the others are translated into \verb|append| commands. Certainly, 1459aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger this will change in the future. 1460aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1461aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1462aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 1463aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1464aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item add a plain route to network 10.0.0/24 via gateway 193.233.7.65 1465aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1466aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add 10.0.0/24 via 193.233.7.65 1467aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1468aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item change it to a direct route via the \verb|dummy| device 1469aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1470aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip ro chg 10.0.0/24 dev dummy 1471aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1472aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item add a default multipath route splitting the load between \verb|ppp0| 1473aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand \verb|ppp1| 1474aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1475aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add default scope global nexthop dev ppp0 \ 1476aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger nexthop dev ppp1 1477aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1478aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNote the scope value. It is not necessary but it informs the kernel 1479aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthat this route is gatewayed rather than direct. Actually, if you 1480aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerknow the addresses of remote endpoints it would be better to use the 1481aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|via| parameter. 1482aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item announce that the address 192.203.80.144 is not a real one, but 1483aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingershould be translated to 193.233.7.83 before forwarding 1484aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1485aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add nat 192.203.80.144 via 193.233.7.83 1486aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1487aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerBackward translation is setup with policy rules described 1488aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the following section (sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). 1489aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1490aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1491aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip route delete} --- delete a route} 1492aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1493aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|. 1494aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1495aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} \verb|ip route del| has the same arguments as 1496aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip route add|, but their semantics are a bit different. 1497aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1498aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerKey values (\verb|to|, \verb|tos|, \verb|preference| and \verb|table|) 1499aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerselect the route to delete. If optional attributes are present, \verb|ip| 1500aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerverifies that they coincide with the attributes of the route to delete. 1501aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf no route with the given key and attributes was found, \verb|ip route del| 1502aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfails. 1503aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1504aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerLinux-2.0 had the option to delete a route selected only by prefix address, 1505aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerignoring its length (i.e.\ netmask). This option no longer exists 1506aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause it was ambiguous. However, look at {\tt ip route flush} 1507aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(sec.\ref{IP-ROUTE-FLUSH}, p.\pageref{IP-ROUTE-FLUSH}) which 1508aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprovides similar and even richer functionality. 1509aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1510aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1511aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} 1512aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1513aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item delete the multipath route created by the command in previous subsection 1514aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1515aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route del default scope global nexthop dev ppp0 \ 1516aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger nexthop dev ppp1 1517aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1518aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1519aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1520aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1521aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1522aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip route show} --- list routes} 1523aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1524aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|. 1525aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1526aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} the command displays the contents of the routing tables 1527aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror the route(s) selected by some criteria. 1528aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1529aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1530aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 1531aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1532aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to SELECTOR| (default) 1533aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1534aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only select routes from the given range of destinations. \verb|SELECTOR| 1535aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerconsists of an optional modifier (\verb|root|, \verb|match| or \verb|exact|) 1536aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand a prefix. \verb|root PREFIX| selects routes with prefixes not shorter 1537aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthan \verb|PREFIX|. F.e.\ \verb|root 0/0| selects the entire routing table. 1538aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|match PREFIX| selects routes with prefixes not longer than 1539aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|PREFIX|. F.e.\ \verb|match 10.0/16| selects \verb|10.0/16|, 1540aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|10/8| and \verb|0/0|, but it does not select \verb|10.1/16| and 1541aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|10.0.0/24|. And \verb|exact PREFIX| (or just \verb|PREFIX|) 1542aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerselects routes with this exact prefix. If neither of these options 1543aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table. 1544aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1545aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1546aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tos TOS| or \verb|dsfield TOS| 1547aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1548aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger --- only select routes with the given TOS. 1549aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1550aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1551aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|table TABLEID| 1552aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1553aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger --- show the routes from this table(s). The default setting is to show 1554aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|table| \verb|main|. \verb|TABLEID| may either be the ID of a real table 1555aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeror one of the special values: 1556aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \begin{itemize} 1557aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|all| --- list all of the tables. 1558aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \item \verb|cache| --- dump the routing cache. 1559aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \end{itemize} 1560aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1561aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger IPv6 has a single table. However, splitting it into \verb|main|, \verb|local| 1562aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger and \verb|cache| is emulated by the \verb|ip| utility. 1563aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1564aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1565aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|cloned| or \verb|cached| 1566aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1567aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- list cloned routes i.e.\ routes which were dynamically forked from 1568aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerother routes because some route attribute (f.e.\ MTU) was updated. 1569aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerActually, it is equivalent to \verb|table cache|. 1570aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1571aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|from SELECTOR| 1572aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1573aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the same syntax as for \verb|to|, but it binds the source address range 1574aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrather than destinations. Note that the \verb|from| option only works with 1575aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercloned routes. 1576aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1577aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|protocol RTPROTO| 1578aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1579aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes of this protocol. 1580aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1581aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1582aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|scope SCOPE_VAL| 1583aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1584aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes with this scope. 1585aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1586aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|type TYPE| 1587aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1588aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes of this type. 1589aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1590aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 1591aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1592aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes going via this device. 1593aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1594aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|via PREFIX| 1595aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1596aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes going via the nexthop routers selected by \verb|PREFIX|. 1597aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1598aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|src PREFIX| 1599aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1600aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes with preferred source addresses selected 1601aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby \verb|PREFIX|. 1602aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1603aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|realm REALMID| or \verb|realms FROMREALM/TOREALM| 1604aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1605aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- only list routes with these realms. 1606aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1607aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1608aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1609aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} Let us count routes of protocol \verb|gated/bgp| 1610aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron a router: 1611aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1612aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip ro ls proto gated/bgp | wc 1613aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1413 9891 79010 1614aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1615aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1616aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTo count the size of the routing cache, we have to use the \verb|-o| option 1617aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause cached attributes can take more than one line of output: 1618aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1619aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip -o ro ls cloned | wc 1620aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 159 2543 18707 1621aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1622aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1623aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1624aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1625aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} The output of this command consists 1626aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof per route records separated by line feeds. 1627aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerHowever, some records may consist 1628aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof more than one line: particularly, this is the case when the route 1629aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris cloned or you requested additional statistics. If the 1630aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|-o| option was given, then line feeds separating lines inside 1631aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrecords are replaced with the backslash sign. 1632aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1633aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe output has the same syntax as arguments given to {\tt ip route add}, 1634aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerso that it can be understood easily. F.e.\ 1635aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1636aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip ro ls 193.233.7/24 1637aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.0/24 dev eth0 proto gated/conn scope link \ 1638aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger src 193.233.7.65 realms inr.ac 1639aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1640aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1641aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1642aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf you list cloned entries, the output contains other attributes which 1643aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare evaluated during route calculation and updated during route 1644aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlifetime. An example of the output is: 1645aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1646aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip ro ls 193.233.7.82 tab cache 1647aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.82 from 193.233.7.82 dev eth0 src 193.233.7.65 \ 1648aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger realms inr.ac/inr.ac 1649aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache <src-direct,redirect> mtu 1500 rtt 300 iif eth0 1650aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.82 dev eth0 src 193.233.7.65 realms inr.ac 1651aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache mtu 1500 rtt 300 1652aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1653aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1654aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1655aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \label{NB-strange-route} 1656aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The route looks a bit strange, doesn't it? Did you notice that 1657aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger it is a path from 193.233.7.82 back to 193.233.82? Well, you will 1658aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness}) 1659aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger how it appeared. 1660aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1661aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe second line, starting with the word \verb|cache|, shows 1662aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradditional attributes which normal routes do not possess. 1663aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCached flags are summarized in angle brackets: 1664aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1665aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|local| --- packets are delivered locally. 1666aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt stands for loopback unicast routes, for broadcast routes 1667aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand for multicast routes, if this host is a member of the corresponding 1668aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergroup. 1669aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1670aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|reject| --- the path is bad. Any attempt to use it results 1671aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}). 1672aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1673aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mc| --- the destination is multicast. 1674aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1675aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|brd| --- the destination is broadcast. 1676aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1677aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|src-direct| --- the source is on a directly connected 1678aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinterface. 1679aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1680aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|redirected| --- the route was created by an ICMP Redirect. 1681aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1682aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|redirect| --- packets going via this route will 1683aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertrigger an ICMP redirect. 1684aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1685aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|fastroute| --- the route is eligible to be used for fastroute. 1686aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1687aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|equalize| --- make packet by packet randomization 1688aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeralong this path. 1689aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1690aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dst-nat| --- the destination address requires translation. 1691aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1692aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|src-nat| --- the source address requires translation. 1693aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1694aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|masq| --- the source address requires masquerading. 1695aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis feature disappeared in linux-2.4. 1696aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1697aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|notify| --- ({\em not implemented}) change/deletion 1698aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof this route will trigger RTNETLINK notification. 1699aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1700aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1701aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen some optional attributes follow: 1702aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1703aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|error| --- on \verb|reject| routes it is error code 1704aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerreturned to local senders when they try to use this route. 1705aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThese error codes are translated into ICMP error codes, sent to remote 1706aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersenders, according to the rules described above in the subsection 1707aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdevoted to route types (p.\pageref{IP-ROUTE-TYPES}). 1708aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ROUTE-GET-error} 1709aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1710aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|expires| --- this entry will expire after this timeout. 1711aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1712aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|iif| --- the packets for this path are expected to arrive 1713aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron this interface. 1714aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1715aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1716aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} With the \verb|-statistics| option, more 1717aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinformation about this route is shown: 1718aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1719aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|users| --- the number of users of this entry. 1720aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|age| --- shows when this route was last used. 1721aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|used| --- the number of lookups of this route since its creation. 1722aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1723aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1724f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\subsection{{\tt ip route save} -- save routing tables} 1725f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\label{IP-ROUTE-SAVE} 1726f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1727f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Description:} this command saves the contents of the routing 1728f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithtables or the route(s) selected by some criteria to standard output. 1729f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1730f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Arguments:} \verb|ip route save| has the same arguments as 1731f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\verb|ip route show|. 1732f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1733f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Example:} This saves all the routes to the {\tt saved\_routes} 1734f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithfile: 1735f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\begin{verbatim} 1736f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithdan@caffeine:~ # ip route save > saved_routes 1737f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\end{verbatim} 1738f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1739f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Output format:} The format of the data stream provided by 1740f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\verb|ip route save| is that of \verb|rtnetlink|. See 1741f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\verb|rtnetlink(7)| for more information. 1742f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1743f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\subsection{{\tt ip route restore} -- restore routing tables} 1744f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\label{IP-ROUTE-RESTORE} 1745f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1746f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Description:} this command restores the contents of the routing 1747f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithtables according to a data stream as provided by \verb|ip route save| via 1748f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithstandard input. Note that any routes already in the table are left unchanged. 1749f4ff11e3e298d457c4f30813e305f7d27d89823aDan SmithAny routes in the input stream that already exist in the tables are ignored. 1750f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1751f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Arguments:} This command takes no arguments. 1752f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1753f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\paragraph{Example:} This restores all routes that were saved to the 1754f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith{\tt saved\_routes} file: 1755f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith 1756f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\begin{verbatim} 1757f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smithdan@caffeine:~ # ip route restore < saved_routes 1758f4ff11e3e298d457c4f30813e305f7d27d89823aDan Smith\end{verbatim} 1759aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1760aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip route flush} --- flush routing tables} 1761aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ROUTE-FLUSH} 1762aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1763aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|flush|, \verb|f|. 1764aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1765aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} this command flushes routes selected 1766aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby some criteria. 1767aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1768aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} the arguments have the same syntax and semantics 1769aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeras the arguments of \verb|ip route show|, but routing tables are not 1770aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlisted but purged. The only difference is the default action: \verb|show| 1771aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdumps all the IP main routing table but \verb|flush| prints the helper page. 1772aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe reason for this difference does not require any explanation, does it? 1773aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1774aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1775aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} With the \verb|-statistics| option, the command 1776aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecomes verbose. It prints out the number of deleted routes and the number 1777aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof rounds made to flush the routing table. If the option is given 1778aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertwice, \verb|ip route flush| also dumps all the deleted routes 1779aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the format described in the previous subsection. 1780aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1781aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} The first example flushes all the 1782aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergatewayed routes from the main table (f.e.\ after a routing daemon crash). 1783aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1784aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -4 ro flush scope global type unicast 1785aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1786aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis option deserves to be put into a scriptlet \verb|routef|. 1787aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1788aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis option was described in the \verb|route(8)| man page borrowed 1789aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom BSD, but was never implemented in Linux. 1790aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1791aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1792aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe second example flushes all IPv6 cloned routes: 1793aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1794aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -6 -s -s ro flush cache 1795aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3ffe:2400::220:afff:fef4:c5d1 via 3ffe:2400::220:afff:fef4:c5d1 \ 1796aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dev eth0 metric 0 1797aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache used 2 age 12sec mtu 1500 rtt 300 1798aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3ffe:2400::280:adff:feb7:8034 via 3ffe:2400::280:adff:feb7:8034 \ 1799aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dev eth0 metric 0 1800aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache used 2 age 15sec mtu 1500 rtt 300 1801aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3ffe:2400::280:c8ff:fe59:5bcc via 3ffe:2400::280:c8ff:fe59:5bcc \ 1802aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dev eth0 metric 0 1803aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache users 1 used 1 age 23sec mtu 1500 rtt 300 1804aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3ffe:2400:0:1:2a0:ccff:fe66:1878 via 3ffe:2400:0:1:2a0:ccff:fe66:1878 \ 1805aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dev eth1 metric 0 1806aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache used 2 age 20sec mtu 1500 rtt 300 1807aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger3ffe:2400:0:1:a00:20ff:fe71:fb30 via 3ffe:2400:0:1:a00:20ff:fe71:fb30 \ 1808aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dev eth1 metric 0 1809aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache used 2 age 33sec mtu 1500 rtt 300 1810aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerff02::1 via ff02::1 dev eth1 metric 0 1811aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache users 1 used 1 age 45sec mtu 1500 rtt 300 1812aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1813aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Round 1, deleting 6 entries *** 1814aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Flush is complete after 1 round *** 1815aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -6 -s -s ro flush cache 1816aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNothing to flush. 1817aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # 1818aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1819aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1820aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe third example flushes BGP routing tables after a \verb|gated| 1821aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdeath. 1822aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1823aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip ro ls proto gated/bgp | wc 1824aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1408 9856 78730 1825aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip -s ro f proto gated/bgp 1826aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1827aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Round 1, deleting 1408 entries *** 1828aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*** Flush is complete after 1 round *** 1829aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip ro f proto gated/bgp 1830aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNothing to flush. 1831aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip ro ls proto gated/bgp 1832aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # 1833aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1834aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1835aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1836aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip route get} --- get a single route} 1837aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-ROUTE-GET} 1838aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1839aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|get|, \verb|g|. 1840aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1841aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} this command gets a single route to a destination 1842aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand prints its contents exactly as the kernel sees it. 1843aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1844aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 1845aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1846aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to ADDRESS| (default) 1847aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1848aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the destination address. 1849aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1850aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|from ADDRESS| 1851aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1852aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the source address. 1853aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1854aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tos TOS| or \verb|dsfield TOS| 1855aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1856aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the Type Of Service. 1857aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1858aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|iif NAME| 1859aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1860aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the device from which this packet is expected to arrive. 1861aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1862aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|oif NAME| 1863aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1864aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- force the output device on which this packet will be routed. 1865aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1866aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|connected| 1867aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1868aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- if no source address (option \verb|from|) was given, relookup 1869aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe route with the source set to the preferred address received from the first lookup. 1870aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf policy routing is used, it may be a different route. 1871aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1872aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1873aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1874aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNote that this operation is not equivalent to \verb|ip route show|. 1875aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|show| shows existing routes. \verb|get| resolves them and 1876aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercreates new clones if necessary. Essentially, \verb|get| 1877aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris equivalent to sending a packet along this path. 1878aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the \verb|iif| argument is not given, the kernel creates a route 1879aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto output packets towards the requested destination. 1880aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis is equivalent to pinging the destination 1881aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith a subsequent {\tt ip route ls cache}, however, no packets are 1882aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeractually sent. With the \verb|iif| argument, the kernel pretends 1883aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthat a packet arrived from this interface and searches for 1884aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera path to forward the packet. 1885aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1886aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} This command outputs routes in the same 1887aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerformat as \verb|ip route ls|. 1888aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1889aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 1890aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 1891aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Find a route to output packets to 193.233.7.82: 1892aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1893aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip route get 193.233.7.82 1894aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.82 dev eth0 src 193.233.7.65 realms inr.ac 1895aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache mtu 1500 rtt 300 1896aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1897aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1898aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1899aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Find a route to forward packets arriving on \verb|eth0| 1900aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom 193.233.7.82 and destined for 193.233.7.82: 1901aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1902aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip r g 193.233.7.82 from 193.233.7.82 iif eth0 1903aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.82 from 193.233.7.82 dev eth0 src 193.233.7.65 \ 1904aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger realms inr.ac/inr.ac 1905aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache <src-direct,redirect> mtu 1500 rtt 300 iif eth0 1906aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1907aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1908aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1909aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \label{NB-nature-of-strangeness} 1910aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger This is the command that created the funny route from 193.233.7.82 1911aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger looped back to 193.233.7.82 (cf.\ NB on~p.\pageref{NB-strange-route}). 1912aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Note the \verb|redirect| flag on it. 1913aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 1914aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1915aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Find a multicast route for packets arriving on \verb|eth0| 1916aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfrom host 193.233.7.82 and destined for multicast group 224.2.127.254 1917aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(it is assumed that a multicast routing daemon is running. 1918aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case, it is \verb|pimd|) 1919aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1920aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip r g 224.2.127.254 from 193.233.7.82 iif eth0 1921aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermulticast 224.2.127.254 from 193.233.7.82 dev lo \ 1922aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger src 193.233.7.65 realms inr.ac/cosmos 1923aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache <mc> iif eth0 Oifs: eth1 pimreg 1924aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 1925aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1926aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis route differs from the ones seen before. It contains a ``normal'' part 1927aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand a ``multicast'' part. The normal part is used to deliver (or not to 1928aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdeliver) the packet to local IP listeners. In this case the router 1929aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris not a member 1930aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof this group, so that route has no \verb|local| flag and only 1931aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerforwards packets. The output device for such entries is always loopback. 1932aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe multicast part consists of an additional \verb|Oifs:| list showing 1933aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe output interfaces. 1934aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 1935aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1936aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1937aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is time for a more complicated example. Let us add an invalid 1938aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergatewayed route for a destination which is really directly connected: 1939aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1940aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254 1941aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip route get 193.233.7.98 1942aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.98 via 193.233.7.254 dev eth0 src 193.233.7.90 1943aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache mtu 1500 rtt 3072 1944aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # 1945aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1946aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand probe it with ping: 1947aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1948aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ping -n 193.233.7.98 1949aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerPING 193.233.7.98 (193.233.7.98) from 193.233.7.90 : 56 data bytes 1950aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFrom 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98) 1951aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger64 bytes from 193.233.7.98: icmp_seq=0 ttl=255 time=3.5 ms 1952aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFrom 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98) 1953aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger64 bytes from 193.233.7.98: icmp_seq=1 ttl=255 time=2.2 ms 1954aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger64 bytes from 193.233.7.98: icmp_seq=2 ttl=255 time=0.4 ms 1955aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger64 bytes from 193.233.7.98: icmp_seq=3 ttl=255 time=0.4 ms 1956aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger64 bytes from 193.233.7.98: icmp_seq=4 ttl=255 time=0.4 ms 1957aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger^C 1958aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- 193.233.7.98 ping statistics --- 1959aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger5 packets transmitted, 5 packets received, 0% packet loss 1960aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerround-trip min/avg/max = 0.4/1.3/3.5 ms 1961aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # 1962aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1963aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWhat happened? Router 193.233.7.254 understood that we have a much 1964aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbetter path to the destination and sent us an ICMP redirect message. 1965aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWe may retry \verb|ip route get| to see what we have in the routing 1966aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertables now: 1967aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 1968aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip route get 193.233.7.98 1969aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.98 dev eth0 src 193.233.7.90 1970aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger cache <redirected> mtu 1500 rtt 3072 1971aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # 1972aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 1973aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1974aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1975aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1976aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip rule} --- routing policy database management} 1977aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-RULE} 1978aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1979aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|rule|, \verb|ru|. 1980aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1981aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|rule|s in the routing policy database control 1982aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe route selection algorithm. 1983aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1984aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerClassic routing algorithms used in the Internet make routing decisions 1985aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbased only on the destination address of packets (and in theory, 1986aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbut not in practice, on the TOS field). The seminal review of classic 1987aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrouting algorithms and their modifications can be found in~\cite{RFC1812}. 1988aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1989aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn some circumstances we want to route packets differently depending not only 1990aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron destination addresses, but also on other packet fields: source address, 1991aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIP protocol, transport protocol ports or even packet payload. 1992aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis task is called ``policy routing''. 1993aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1994aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 1995aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ``policy routing'' $\neq$ ``routing policy''. 1996aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1997aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent ``policy routing'' $=$ ``cunning routing''. 1998aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 1999aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent ``routing policy'' $=$ ``routing tactics'' or ``routing plan''. 2000aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2001aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2002aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTo solve this task, the conventional destination based routing table, ordered 2003aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraccording to the longest match rule, is replaced with a ``routing policy 2004aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdatabase'' (or RPDB), which selects routes 2005aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby executing some set of rules. The rules may have lots of keys of different 2006aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernatures and therefore they have no natural ordering, but one imposed 2007aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby the administrator. Linux-2.2 RPDB is a linear list of rules 2008aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerordered by numeric priority value. 2009aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRPDB explicitly allows matching a few packet fields: 2010aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2011aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2012aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item packet source address. 2013aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item packet destination address. 2014aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item TOS. 2015aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item incoming interface (which is packet metadata, rather than a packet field). 2016aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2017aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2018aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerMatching IP protocols and transport ports is also possible, 2019aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerindirectly, via \verb|ipchains|, by exploiting their ability 2020aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto mark some classes of packets with \verb|fwmark|. Therefore, 2021aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|fwmark| is also included in the set of keys checked by rules. 2022aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2023aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEach policy routing rule consists of a {\em selector\/} and an {\em action\/} 2024aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpredicate. The RPDB is scanned in the order of increasing priority. The selector 2025aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof each rule is applied to \{source address, destination address, incoming 2026aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinterface, tos, fwmark\} and, if the selector matches the packet, 2027aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe action is performed. The action predicate may return with success. 2028aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case, it will either give a route or failure indication 2029aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand the RPDB lookup is terminated. Otherwise, the RPDB program 2030aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontinues on the next rule. 2031aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2032aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWhat is the action, semantically? The natural action is to select the 2033aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernexthop and the output device. This is what 2034aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCisco IOS~\cite{IOS} does. Let us call it ``match \& set''. 2035aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe Linux-2.2 approach is more flexible. The action includes 2036aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlookups in destination-based routing tables and selecting 2037aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera route from these tables according to the classic longest match algorithm. 2038aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe ``match \& set'' approach is the simplest case of the Linux one. It is realized 2039aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhen a second level routing table contains a single default route. 2040aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRecall that Linux-2.2 supports multiple tables 2041aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermanaged with the \verb|ip route| command, described in the previous section. 2042aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2043aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAt startup time the kernel configures the default RPDB consisting of three 2044aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrules: 2045aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2046aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 2047aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Priority: 0, Selector: match anything, Action: lookup routing 2048aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertable \verb|local| (ID 255). 2049aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|local| table is a special routing table containing 2050aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhigh priority control routes for local and broadcast addresses. 2051aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2052aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRule 0 is special. It cannot be deleted or overridden. 2053aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2054aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2055aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Priority: 32766, Selector: match anything, Action: lookup routing 2056aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertable \verb|main| (ID 254). 2057aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|main| table is the normal routing table containing all non-policy 2058aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroutes. This rule may be deleted and/or overridden with other 2059aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerones by the administrator. 2060aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2061aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Priority: 32767, Selector: match anything, Action: lookup routing 2062aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertable \verb|default| (ID 253). 2063aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|default| table is empty. It is reserved for some 2064aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpost-processing if no previous default rules selected the packet. 2065aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis rule may also be deleted. 2066aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2067aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 2068aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2069aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerDo not confuse routing tables with rules: rules point to routing tables, 2070aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerseveral rules may refer to one routing table and some routing tables 2071aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay have no rules pointing to them. If the administrator deletes all the rules 2072aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerreferring to a table, the table is not used, but it still exists 2073aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand will disappear only after all the routes contained in it are deleted. 2074aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2075aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2076aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Rule attributes:} Each RPDB entry has additional 2077aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerattributes. F.e.\ each rule has a pointer to some routing 2078aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertable. NAT and masquerading rules have an attribute to select new IP 2079aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress to translate/masquerade. Besides that, rules have some 2080aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeroptional attributes, which routes have, namely \verb|realms|. 2081aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThese values do not override those contained in the routing tables. They 2082aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare only used if the route did not select any attributes. 2083aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2084aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2085aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Rule types:} The RPDB may contain rules of the following 2086aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertypes: 2087aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2088aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|unicast| --- the rule prescribes to return the route found 2089aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the routing table referenced by the rule. 2090aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|blackhole| --- the rule prescribes to silently drop the packet. 2091aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|unreachable| --- the rule prescribes to generate a ``Network 2092aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris unreachable'' error. 2093aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|prohibit| --- the rule prescribes to generate 2094aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Communication is administratively prohibited'' error. 2095aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nat| --- the rule prescribes to translate the source address 2096aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the IP packet into some other value. More about NAT is 2097aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin Appendix~\ref{ROUTE-NAT}, p.\pageref{ROUTE-NAT}. 2098aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2099aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2100aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2101aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|add|, \verb|delete| and \verb|show| 2102aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(or \verb|list|). 2103aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2104aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip rule add} --- insert a new rule\\ 2105aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip rule delete} --- delete a rule} 2106aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-RULE-ADD} 2107aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2108aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, 2109aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \verb|d|. 2110aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2111aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 2112aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2113aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2114aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|type TYPE| (default) 2115aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2116aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the type of this rule. The list of valid types was given in the previous 2117aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersubsection. 2118aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2119aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|from PREFIX| 2120aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2121aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the source prefix to match. 2122aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2123aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to PREFIX| 2124aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2125aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the destination prefix to match. 2126aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2127aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|iif NAME| 2128aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2129aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the incoming device to match. If the interface is loopback, 2130aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe rule only matches packets originating from this host. This means that you 2131aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermay create separate routing tables for forwarded and local packets and, 2132aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhence, completely segregate them. 2133aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2134aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tos TOS| or \verb|dsfield TOS| 2135aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2136aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the TOS value to match. 2137aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2138aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|fwmark MARK| 2139aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2140aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the \verb|fwmark| value to match. 2141aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2142aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|priority PREFERENCE| 2143aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2144aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the priority of this rule. Each rule should have an explicitly 2145aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerset {\em unique\/} priority value. 2146aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2147aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Really, for historical reasons \verb|ip rule add| does not require a 2148aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger priority value and allows them to be non-unique. 2149aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger If the user does not supplied a priority, it is selected by the kernel. 2150aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger If the user creates a rule with a priority value that 2151aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger already exists, the kernel does not reject the request. It adds 2152aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger the new rule before all old rules of the same priority. 2153aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2154aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger It is mistake in design, no more. And it will be fixed one day, 2155aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger so do not rely on this feature. Use explicit priorities. 2156aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2157aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2158aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2159aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|table TABLEID| 2160aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2161aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the routing table identifier to lookup if the rule selector matches. 2162aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2163aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|realms FROM/TO| 2164aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2165aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- Realms to select if the rule matched and the routing table lookup 2166aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersucceeded. Realm \verb|TO| is only used if the route did not select 2167aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerany realm. 2168aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2169aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nat ADDRESS| 2170aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2171aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- The base of the IP address block to translate (for source addresses). 2172aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|ADDRESS| may be either the start of the block of NAT addresses 2173aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(selected by NAT routes) or in linux-2.2 a local host address (or even zero). 2174aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn the last case the router does not translate the packets, 2175aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbut masquerades them to this address; this feature disappered in 2.4. 2176aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerMore about NAT is in Appendix~\ref{ROUTE-NAT}, 2177aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerp.\pageref{ROUTE-NAT}. 2178aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2179aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2180aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2181aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Warning:} Changes to the RPDB made with these commands 2182aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdo not become active immediately. It is assumed that after 2183aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera script finishes a batch of updates, it flushes the routing cache 2184aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith \verb|ip route flush cache|. 2185aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2186aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Examples:} 2187aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2188aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Route packets with source addresses from 192.203.80/24 2189aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraccording to routing table \verb|inr.ruhep|: 2190aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2191aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip ru add from 192.203.80.0/24 table inr.ruhep prio 220 2192aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2193aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2194aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Translate packet source address 193.233.7.83 into 192.203.80.144 2195aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand route it according to table \#1 (actually, it is \verb|inr.ruhep|): 2196aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2197aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip ru add from 193.233.7.83 nat 192.203.80.144 table 1 prio 320 2198aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2199aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2200aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Delete the unused default rule: 2201aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2202aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip ru del prio 32767 2203aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2204aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2205aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2206aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2207aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2208aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2209aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip rule show} --- list rules} 2210aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-RULE-SHOW} 2211aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2212aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|. 2213aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2214aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2215aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} Good news, this is one command that has no arguments. 2216aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2217aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 2218aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2219aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2220aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip ru ls 2221aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger0: from all lookup local 2222aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger200: from 192.203.80.0/24 to 193.233.7.0/24 lookup main 2223aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger210: from 192.203.80.0/24 to 192.203.80.0/24 lookup main 2224aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger220: from 192.203.80.0/24 lookup inr.ruhep realms inr.ruhep/radio-msu 2225aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger300: from 193.233.7.83 to 193.233.7.0/24 lookup main 2226aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger310: from 193.233.7.83 to 192.203.80.0/24 lookup main 2227aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger320: from 193.233.7.83 lookup inr.ruhep map-to 192.203.80.144 2228aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger32766: from all lookup main 2229aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2230aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2231aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2232aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn the first column is the rule priority value followed 2233aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby a colon. Then the selectors follow. Each key is prefixed 2234aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the same keyword that was used to create the rule. 2235aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2236aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe keyword \verb|lookup| is followed by a routing table identifier, 2237aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeras it is recorded in the file \verb|/etc/iproute2/rt_tables|. 2238aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2239aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the rule does NAT (f.e.\ rule \#320), it is shown by the keyword 2240aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|map-to| followed by the start of the block of addresses to map. 2241aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2242aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe sense of this example is pretty simple. The prefixes 2243aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger192.203.80.0/24 and 193.233.7.0/24 form the internal network, but 2244aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthey are routed differently when the packets leave it. 2245aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerBesides that, the host 193.233.7.83 is translated into 2246aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeranother prefix to look like 192.203.80.144 when talking 2247aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the outer world. 2248aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 22492f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\subsection{{\tt ip rule save} -- save rules tables} 22502f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\label{IP-RULE-SAVE} 22512f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22522f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Description:} this command saves the contents of the rules 22532f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaitables or the rule(s) selected by some criteria to standard output. 22542f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22552f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Arguments:} \verb|ip rule save| has the same arguments as 22562f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\verb|ip rule show|. 22572f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22582f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Example:} This saves all the rules to the {\tt saved\_rules} 22592f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaifile: 22602f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\begin{verbatim} 22612f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaidan@caffeine:~ # ip rule save > saved_rules 22622f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\end{verbatim} 22632f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22642f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Output format:} The format of the data stream provided by 22652f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\verb|ip rule save| is that of \verb|rtnetlink|. See 22662f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\verb|rtnetlink(7)| for more information. 22672f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22682f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\subsection{{\tt ip rule restore} -- restore rules tables} 22692f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\label{IP-RULE-RESTORE} 22702f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22712f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Description:} this command restores the contents of the rules 22722f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaitables according to a data stream as provided by \verb|ip rule save| via 22732f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaistandard input. Note that any rules already in the table are left unchanged, 22742f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaiand duplicates are not ignored. 22752f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22762f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Arguments:} This command takes no arguments. 22772f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22782f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\paragraph{Example:} This restores all rules that were saved to the 22792f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai{\tt saved\_rules} file: 22802f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 22812f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\begin{verbatim} 22822f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhaidan@caffeine:~ # ip rule restore < saved_rules 22832f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai\end{verbatim} 22842f4e171f7df22107b38fddcffa56c1ecb5e73359Kirill Tkhai 2285aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2286aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2287aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip maddress} --- multicast addresses management} 2288aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-MADDR} 2289aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2290aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|maddress| objects are multicast addresses. 2291aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2292aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|show| (or \verb|list|). 2293aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2294aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip maddress show} --- list multicast addresses} 2295aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2296aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|. 2297aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2298aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 2299aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2300aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2301aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2302aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| (default) 2303aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2304aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the device name. 2305aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2306aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2307aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2308aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 2309aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2310aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2311aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ ip maddr ls dummy 2312aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger2: dummy 2313aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link 33:33:00:00:00:01 2314aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link 01:00:5e:00:00:01 2315aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger inet 224.0.0.1 users 2 2316aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger inet6 ff02::1 2317aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@alisa:~ $ 2318aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2319aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2320aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe first line of the output shows the interface index and its name. 2321aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen the multicast address list follows. Each line starts with the 2322aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprotocol identifier. The word \verb|link| denotes a link layer 2323aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermulticast addresses. 2324aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2325aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf a multicast address has more than one user, the number 2326aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof users is shown after the \verb|users| keyword. 2327aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2328aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerOne additional feature not present in the example above 2329aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris the \verb|static| flag, which indicates that the address was joined 2330aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith \verb|ip maddr add|. See the following subsection. 2331aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2332aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2333aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2334aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip maddress add} --- add a multicast address\\ 2335aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip maddress delete} --- delete a multicast address} 2336aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2337aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, \verb|d|. 2338aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2339aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Description:} these commands attach/detach 2340aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingera static link layer multicast address to listen on the interface. 2341aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNote that it is impossible to join protocol multicast groups 2342aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstatically. This command only manages link layer addresses. 2343aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2344aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2345aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 2346aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2347aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2348aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|address LLADDRESS| (default) 2349aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2350aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the link layer multicast address. 2351aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2352aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 2353aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2354aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the device to join/leave this multicast address. 2355aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2356aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2357aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2358aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2359aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} Let us continue with the example from the previous subsection. 2360aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2361aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2362aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip maddr add 33:33:00:00:00:01 dev dummy 2363aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip -0 maddr ls dummy 2364aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger2: dummy 2365aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link 33:33:00:00:00:01 users 2 static 2366aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger link 01:00:5e:00:00:01 2367aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@alisa:~ # ip maddr del 33:33:00:00:00:01 dev dummy 2368aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2369aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2370aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2371aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Neither \verb|ip| nor the kernel check for multicast address validity. 2372aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Particularly, this means that you can try to load a unicast address 2373aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger instead of a multicast address. Most drivers will ignore such addresses, 2374aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger but several (f.e.\ Tulip) will intern it to their on-board filter. 2375aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The effects may be strange. Namely, the addresses become additional 2376aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger local link addresses and, if you loaded the address of another host 2377aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger to the router, wait for duplicated packets on the wire. 2378aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger It is not a bug, but rather a hole in the API and intra-kernel interfaces. 2379aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger This feature is really more useful for traffic monitoring, but using it 2380aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger with Linux-2.2 you {\em have to\/} be sure that the host is not 2381aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger a router and, especially, that it is not a transparent proxy or masquerading 2382aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger agent. 2383aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2384aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2385aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2386aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2387aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip mroute} --- multicast routing cache management} 2388aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-MROUTE} 2389aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2390aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|mroute|, \verb|mr|. 2391aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2392aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|mroute| objects are multicast routing cache 2393aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerentries created by a user level mrouting daemon 2394aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(f.e.\ \verb|pimd| or \verb|mrouted|). 2395aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2396aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerDue to the limitations of the current interface to the multicast routing 2397aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerengine, it is impossible to change \verb|mroute| objects administratively, 2398aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerso we may only display them. This limitation will be removed 2399aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the future. 2400aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2401aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|show| (or \verb|list|). 2402aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2403aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2404aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip mroute show} --- list mroute cache entries} 2405aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2406aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|. 2407aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2408aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 2409aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2410aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2411aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|to PREFIX| (default) 2412aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2413aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the prefix selecting the destination multicast addresses to list. 2414aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2415aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2416aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|iif NAME| 2417aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2418aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the interface on which multicast packets are received. 2419aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2420aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2421aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|from PREFIX| 2422aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2423aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- the prefix selecting the IP source addresses of the multicast route. 2424aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2425aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2426aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2427aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2428aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 2429aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2430aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2431aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip mroute ls 2432aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(193.232.127.6, 224.0.1.39) Iif: unresolved 2433aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(193.232.244.34, 224.0.1.40) Iif: unresolved 2434aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(193.233.7.65, 224.66.66.66) Iif: eth0 Oifs: pimreg 2435aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2436aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2437aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2438aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEach line shows one (S,G) entry in the multicast routing cache, 2439aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhere S is the source address and G is the multicast group. \verb|Iif| is 2440aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe interface on which multicast packets are expected to arrive. 2441aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the word \verb|unresolved| is there instead of the interface name, 2442aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerit means that the routing daemon still hasn't resolved this entry. 2443aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe keyword \verb|oifs| is followed by a list of output interfaces, separated 2444aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby spaces. If a multicast routing entry is created with non-trivial 2445aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTTL scope, administrative distances are appended to the device names 2446aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the \verb|oifs| list. 2447aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2448aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} The \verb|-statistics| option also prints the 2449aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernumber of packets and bytes forwarded along this route and 2450aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe number of packets that arrived on the wrong interface, if this number is not zero. 2451aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2452aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2453aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip -s mr ls 224.66/16 2454aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(193.233.7.65, 224.66.66.66) Iif: eth0 Oifs: pimreg 2455aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 9383 packets, 300256 bytes 2456aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2457aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2458aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2459aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2460aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip tunnel} --- tunnel configuration} 2461aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-TUNNEL} 2462aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2463aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|tunnel|, \verb|tunl|. 2464aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2465aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Object:} \verb|tunnel| objects are tunnels, encapsulating 2466aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpackets in IPv4 packets and then sending them over the IP infrastructure. 2467aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2468aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|change|, \verb|show| 2469aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(or \verb|list|). 2470aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2471aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{See also:} A more informal discussion of tunneling 2472aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerover IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}. 2473aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2474aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip tunnel add} --- add a new tunnel\\ 2475aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip tunnel change} --- change an existing tunnel\\ 2476aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger {\tt ip tunnel delete} --- destroy a tunnel} 2477aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2478aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|; 2479aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|delete|, \verb|del|, \verb|d|. 2480aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2481aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2482aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} 2483aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2484aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2485aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2486aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|name NAME| (default) 2487aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2488aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- select the tunnel device name. 2489aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2490aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|mode MODE| 2491aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2492aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- set the tunnel mode. Three modes are currently available: 2493aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \verb|ipip|, \verb|sit| and \verb|gre|. 2494aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2495aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|remote ADDRESS| 2496aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2497aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- set the remote endpoint of the tunnel. 2498aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2499aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|local ADDRESS| 2500aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2501aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- set the fixed local address for tunneled packets. 2502aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt must be an address on another interface of this host. 2503aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2504aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ttl N| 2505aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2506aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- set a fixed TTL \verb|N| on tunneled packets. 2507aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger \verb|N| is a number in the range 1--255. 0 is a special value 2508aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger meaning that packets inherit the TTL value. 2509aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The default value is: \verb|inherit|. 2510aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2511aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|tos T| or \verb|dsfield T| 2512aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2513aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- set a fixed TOS \verb|T| on tunneled packets. 2514aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The default value is: \verb|inherit|. 2515aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2516aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2517aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2518aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|dev NAME| 2519aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2520aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- bind the tunnel to the device \verb|NAME| so that 2521aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger tunneled packets will only be routed via this device and will 2522aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger not be able to escape to another device when the route to endpoint changes. 2523aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2524aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|nopmtudisc| 2525aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2526aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- disable Path MTU Discovery on this tunnel. 2527aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger It is enabled by default. Note that a fixed ttl is incompatible 2528aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger with this option: tunnelling with a fixed ttl always makes pmtu discovery. 2529aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2530aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|key K|, \verb|ikey K|, \verb|okey K| 2531aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2532aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is 2533aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger either a number or an IP address-like dotted quad. 2534aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|key| parameter sets the key to use in both directions. 2535aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|ikey| and \verb|okey| parameters set different keys for input and output. 2536aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2537aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2538aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|csum|, \verb|icsum|, \verb|ocsum| 2539aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2540aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (only GRE tunnels) generate/require checksums for tunneled packets. 2541aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|ocsum| flag calculates checksums for outgoing packets. 2542aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|icsum| flag requires that all input packets have the correct 2543aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger checksum. The \verb|csum| flag is equivalent to the combination 2544aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ``\verb|icsum| \verb|ocsum|''. 2545aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2546aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|seq|, \verb|iseq|, \verb|oseq| 2547aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2548aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger--- (only GRE tunnels) serialize packets. 2549aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|oseq| flag enables sequencing of outgoing packets. 2550aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|iseq| flag requires that all input packets are serialized. 2551aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''. 2552aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2553aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2554aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger I think this option does not 2555aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger work. At least, I did not test it, did not debug it and 2556aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger do not even understand how it is supposed to work or for what 2557aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger purpose Cisco planned to use it. Do not use it. 2558aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2559aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2560aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2561aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2562aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2563aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Example:} Create a pointopoint IPv6 tunnel with maximal TTL of 32. 2564aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2565aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetadm@amber:~ # ip tunl add Cisco mode sit remote 192.31.7.104 \ 2566aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger local 192.203.80.142 ttl 32 2567aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2568aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2569aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\subsection{{\tt ip tunnel show} --- list tunnels} 2570aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2571aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|. 2572aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2573aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2574aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Arguments:} None. 2575aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2576aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Output format:} 2577aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2578aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip tunl ls Cisco 2579aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32 2580aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2581aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2582aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe line starts with the tunnel device name followed by a colon. 2583aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThen the tunnel mode follows. The parameters of the tunnel are listed 2584aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the same keywords that were used when creating the tunnel. 2585aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2586aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{Statistics:} 2587aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2588aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2589aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ ip -s tunl ls Cisco 2590aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32 2591aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts 2592aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 12566 1707516 0 0 0 0 2593aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTX: Packets Bytes Errors DeadLoop NoRoute NoBufs 2594aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 13445 1879677 0 0 0 0 2595aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2596aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2597aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEssentially, these numbers are the same as the numbers 2598aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerprinted with {\tt ip -s link show} 2599aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(sec.\ref{IP-LINK-SHOW}, p.\pageref{IP-LINK-SHOW}) but the tags are different 2600aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto reflect that they are tunnel specific. 2601aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2602aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|CsumErrs| --- the total number of packets dropped 2603aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause of checksum failures for a GRE tunnel with checksumming enabled. 2604aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|OutOfSeq| --- the total number of packets dropped 2605aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause they arrived out of sequence for a GRE tunnel with 2606aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerserialization enabled. 2607aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|Mcasts| --- the total number of multicast packets 2608aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerreceived on a broadcast GRE tunnel. 2609aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|DeadLoop| --- the total number of packets which were not 2610aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertransmitted because the tunnel is looped back to itself. 2611aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|NoRoute| --- the total number of packets which were not 2612aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertransmitted because there is no IP route to the remote endpoint. 2613aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|NoBufs| --- the total number of packets which were not 2614aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertransmitted because the kernel failed to allocate a buffer. 2615aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2616aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2617aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2618aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{{\tt ip monitor} and {\tt rtmon} --- state monitoring} 2619aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{IP-MONITOR} 2620aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2621aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|ip| utility can monitor the state of devices, addresses 2622aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand routes continuously. This option has a slightly different format. 2623aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNamely, 2624aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe \verb|monitor| command is the first in the command line and then 2625aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe object list follows: 2626aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2627488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenke ip monitor [ file FILE ] [ all | OBJECT-LIST ] [ label ] 2628aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2629488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenke\verb|OBJECT-LIST| is the list of object types that we want to 2630488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenkemonitor. It may contain \verb|link|, \verb|address| and \verb|route|. 2631488c41d21678744ea56332333853ca4ab0827ac9Martin SchwenkeSpecifying \verb|label| indicates that output lines should be labelled 2632488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenkewith the type of object being printed --- this happens by default if 2633488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenke\verb|all| is specified. If no \verb|file| argument is given, 2634488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenke\verb|ip| opens RTNETLINK, listens on it and dumps state changes in 2635488c41d21678744ea56332333853ca4ab0827ac9Martin Schwenkethe format described in previous sections. 2636aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2637aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf a file name is given, it does not listen on RTNETLINK, 2638aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbut opens the file containing RTNETLINK messages saved in binary format 2639aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand dumps them. Such a history file can be generated with the 2640aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|rtmon| utility. This utility has a command line syntax similar to 2641aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip monitor|. 2642aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIdeally, \verb|rtmon| should be started before 2643aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe first network configuration command is issued. F.e.\ if 2644aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeryou insert: 2645aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2646aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger rtmon file /var/log/rtmon.log 2647aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2648aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin a startup script, you will be able to view the full history 2649aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlater. 2650aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2651aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCertainly, it is possible to start \verb|rtmon| at any time. 2652aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt prepends the history with the state snapshot dumped at the moment 2653aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof starting. 2654aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2655aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2656aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Route realms and policy propagation, {\tt rtacct}} 2657aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{RT-REALMS} 2658aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2659aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerOn routers using OSPF ASE or, especially, the BGP protocol, routing 2660aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingertables may be huge. If we want to classify or to account for the packets 2661aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerper route, we will have to keep lots of information. Even worse, if we 2662aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwant to distinguish the packets not only by their destination, but 2663aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeralso by their source, the task gets quadratic complexity and its solution 2664aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris physically impossible. 2665aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2666aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerOne approach to propagating the policy from routing protocols 2667aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the forwarding engine has been proposed in~\cite{IOS-BGP-PP}. 2668aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEssentially, Cisco Policy Propagation via BGP is based on the fact 2669aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthat dedicated routers all have the RIB (Routing Information Base) 2670aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerclose to the forwarding engine, so policy routing rules can 2671aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercheck all the route attributes, including ASPATH information 2672aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand community strings. 2673aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2674aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe Linux architecture, splitting the RIB (maintained by a user level 2675aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdaemon) and the kernel based FIB (Forwarding Information Base), 2676aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdoes not allow such a simple approach. 2677aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2678aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is to our fortune because there is another solution 2679aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich allows even more flexible policy and richer semantics. 2680aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2681aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNamely, routes can be clustered together in user space, based on their 2682aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerattributes. F.e.\ a BGP router knows route ASPATH, its community; 2683aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeran OSPF router knows the route tag or its area. The administrator, when adding 2684aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroutes manually, also knows their nature. Providing that the number of such 2685aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraggregates (we call them {\em realms\/}) is low, the task of full 2686aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerclassification both by source and destination becomes quite manageable. 2687aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2688aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerSo each route may be assigned to a realm. It is assumed that 2689aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis identification is made by a routing daemon, but static routes 2690aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercan also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE}, 2691aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerp.\pageref{IP-ROUTE}). 2692aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2693aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger There is a patch to \verb|gated|, allowing classification of routes 2694aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger to realms with all the set of policy rules implemented in \verb|gated|: 2695aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger by prefix, by ASPATH, by origin, by tag etc. 2696aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2697aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2698aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTo facilitate the construction (f.e.\ in case the routing 2699aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdaemon is not aware of realms), missing realms may be completed 2700aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith routing policy rules, see sec.~\ref{IP-RULE}, p.\pageref{IP-RULE}. 2701aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2702aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor each packet the kernel calculates a tuple of realms: source realm 2703aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand destination realm, using the following algorithm: 2704aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2705aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 2706aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If the route has a realm, the destination realm of the packet is set to it. 2707aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If the rule has a source realm, the source realm of the packet is set to it. 2708aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the destination realm was not inherited from the route and the rule has a destination realm, 2709aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerit is also set. 2710aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If at least one of the realms is still unknown, the kernel finds 2711aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe reversed route to the source of the packet. 2712aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If the source realm is still unknown, get it from the reversed route. 2713aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item If one of the realms is still unknown, swap the realms of reversed 2714aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerroutes and apply step 2 again. 2715aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 2716aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2717aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerAfter this procedure is completed we know what realm the packet 2718aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerarrived from and the realm where it is going to propagate to. 2719aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf some of the realms are unknown, they are initialized to zero 2720aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(or realm \verb|unknown|). 2721aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2722aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe main application of realms is the TC \verb|route| classifier~\cite{TC-CREF}, 2723aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhere they are used to help assign packets to traffic classes, 2724aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto account, police and schedule them according to this 2725aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerclassification. 2726aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2727aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerA much simpler but still very useful application is incoming packet 2728aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraccounting by realms. The kernel gathers a packet statistics summary 2729aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich can be viewed with the \verb|rtacct| utility. 2730aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2731aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ rtacct russia 2732aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRealm BytesTo PktsTo BytesFrom PktsFrom 2733aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrussia 20576778 169176 47080168 153805 2734aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkuznet@amber:~ $ 2735aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2736aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis shows that this router received 153805 packets from 2737aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe realm \verb|russia| and forwarded 169176 packets to \verb|russia|. 2738aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe realm \verb|russia| consists of routes with ASPATHs not leaving 2739aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRussia. 2740aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2741aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNote that locally originating packets are not accounted here, 2742aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|rtacct| shows incoming packets only. Using the \verb|route| 2743aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerclassifier (see~\cite{TC-CREF}) you can get even more detailed 2744aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraccounting information about outgoing packets, optionally 2745aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersummarizing traffic not only by source or destination, but 2746aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby any pair of source and destination realms. 2747aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2748aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2749aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{thebibliography}{99} 2750aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\addcontentsline{toc}{section}{References} 2751aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{RFC-NDISC} T.~Narten, E.~Nordmark, W.~Simpson. 2752aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Neighbor Discovery for IP Version 6 (IPv6)'', RFC-2461. 2753aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2754aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{RFC-ADDRCONF} S.~Thomson, T.~Narten. 2755aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``IPv6 Stateless Address Autoconfiguration'', RFC-2462. 2756aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2757aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{RFC1812} F.~Baker. 2758aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Requirements for IP Version 4 Routers'', RFC-1812. 2759aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2760aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{RFC1122} R.~T.~Braden. 2761aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Requirements for Internet hosts --- communication layers'', RFC-1122. 2762aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2763aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{IOS} ``Cisco IOS Release 12.0 Network Protocols 2764aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCommand Reference, Part 1'' and 2765aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Cisco IOS Release 12.0 Quality of Service Solutions 2766aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerConfiguration Guide: Configuring Policy-Based Routing'',\\ 2767aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120. 2768aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2769aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{IP-TUNNELS} A.~N.~Kuznetsov. 2770aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Tunnels over IP in Linux-2.2'', \\ 2771aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}. 2772aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2773aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{TC-CREF} A.~N.~Kuznetsov. ``TC Command Reference'',\\ 2774aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}. 2775aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2776aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{IOS-BGP-PP} ``Cisco IOS Release 12.0 Quality of Service Solutions 2777aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerConfiguration Guide: Configuring QoS Policy Propagation via 2778aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerBorder Gateway Protocol'',\\ 2779aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120. 2780aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2781aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\bibitem{RFC-DHCP} R.~Droms. 2782aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger``Dynamic Host Configuration Protocol.'', RFC-2131 2783aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 278471e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef\bibitem{RFC2414} M.~Allman, S.~Floyd, C.~Partridge. 278571e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef``Increasing TCP's Initial Window'', RFC-2414. 278671e5815105fb0b86af7df9c719f7c106f05f29c0Gilad Ben-Yossef 2787aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{thebibliography} 2788aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2789aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2790aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2791aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2792aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\appendix 2793aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\addcontentsline{toc}{section}{Appendix} 2794aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2795aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Source address selection} 2796aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{ADDR-SEL} 2797aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2798aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWhen a host creates an IP packet, it must select some source 2799aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress. Correct source address selection is a critical procedure, 2800aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbecause it gives the receiver the information needed to deliver a 2801aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerreply. If the source is selected incorrectly, in the best case, 2802aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe backward path may appear different to the forward one which 2803aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris harmful for performance. In the worst case, when the addresses 2804aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare administratively scoped, the reply may be lost entirely. 2805aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2806aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerLinux-2.2 selects source addresses using the following algorithm: 2807aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2808aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2809aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item 2810aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe application may select a source address explicitly with \verb|bind(2)| 2811aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersyscall or supplying it to \verb|sendmsg(2)| via the ancillary data object 2812aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|IP_PKTINFO|. In this case the kernel only checks the validity 2813aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the address and never tries to ``improve'' an incorrect user choice, 2814aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergenerating an error instead. 2815aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2816aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Never say ``Never''. The sysctl option \verb|ip_dynaddr| breaks 2817aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger this axiom. It has been made deliberately with the purpose 2818aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger of automatically reselecting the address on hosts with dynamic dial-out interfaces. 2819aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger However, this hack {\em must not\/} be used on multihomed hosts 2820aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger and especially on routers: it would break them. 2821aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2822aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2823aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2824aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Otherwise, IP routing tables can contain an explicit source 2825aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddress hint for this destination. The hint is set with the \verb|src| parameter 2826aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}. 2827aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2828aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2829aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Otherwise, the kernel searches through the list of addresses 2830aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerattached to the interface through which the packets will be routed. 2831aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe search strategies are different for IP and IPv6. Namely: 2832aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2833aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{itemize} 2834aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item IPv6 searches for the first valid, not deprecated address 2835aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the same scope as the destination. 2836aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2837aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item IP searches for the first valid address with a scope wider 2838aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthan the scope of the destination but it prefers addresses 2839aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich fall to the same subnet as the nexthop of the route 2840aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the destination. Unlike IPv6, the scopes of IPv4 destinations 2841aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerare not encoded in their addresses but are supplied 2842aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin routing tables instead (the \verb|scope| parameter to the \verb|ip route| command, 2843aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}). 2844aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2845aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2846aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2847aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2848aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Otherwise, if the scope of the destination is \verb|link| or \verb|host|, 2849aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe algorithm fails and returns a zero source address. 2850aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2851aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item Otherwise, all interfaces are scanned to search for an address 2852aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith an appropriate scope. The loopback device \verb|lo| is always the first 2853aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the search list, so that if an address with global scope (not 127.0.0.1!) 2854aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris configured on loopback, it is always preferred. 2855aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2856aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{itemize} 2857aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2858aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2859aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Proxy ARP/NDISC} 2860aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{PROXY-NEIGH} 2861aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2862aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRouters may answer ARP/NDISC solicitations on behalf of other hosts. 2863aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn Linux-2.2 proxy ARP on an interface may be enabled 2864aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby setting the kernel \verb|sysctl| variable 2865aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|/proc/sys/net/ipv4/conf/<dev>/proxy_arp| to 1. After this, the router 2866aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstarts to answer ARP requests on the interface \verb|<dev>|, provided 2867aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe route to the requested destination does {\em not\/} go back via the same 2868aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdevice. 2869aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2870aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe variable \verb|/proc/sys/net/ipv4/conf/all/proxy_arp| enables proxy 2871aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerARP on all the IP devices. 2872aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2873aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerHowever, this approach fails in the case of IPv6 because the router 2874aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermust join the solicited node multicast address to listen for the corresponding 2875aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNDISC queries. It means that proxy NDISC is possible only on a per destination 2876aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerbasis. 2877aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2878aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerLogically, proxy ARP/NDISC is not a kernel task. It can easily be implemented 2879aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin user space. However, similar functionality was present in BSD kernels 2880aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand in Linux-2.0, so we have to preserve it at least to the extent that 2881aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris standardized in BSD. 2882aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2883aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger Linux-2.0 ARP had a feature called {\em subnet\/} proxy ARP. 2884aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger It is replaced with the sysctl flag in Linux-2.2. 2885aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2886aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2887aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2888aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe \verb|ip| utility provides a way to manage proxy ARP/NDISC 2889aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwith the \verb|ip neigh| command, namely: 2890aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2891aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip neigh add proxy ADDRESS [ dev NAME ] 2892aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2893aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradds a new proxy ARP/NDISC record and 2894aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2895aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip neigh del proxy ADDRESS [ dev NAME ] 2896aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2897aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdeletes it. 2898aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2899aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the name of the device is not given, the router will answer solicitations 2900aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfor address \verb|ADDRESS| on all devices, otherwise it will only serve 2901aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe device \verb|NAME|. Even if the proxy entry is created with 2902aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\verb|ip neigh|, the router {\em will not\/} answer a query if the route 2903aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto the destination goes back via the interface from which the solicitation 2904aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwas received. 2905aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2906aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is important to emphasize that proxy entries have {\em no\/} 2907aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerparameters other than these (IP/IPv6 address and optional device). 2908aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerParticularly, the entry does not store any link layer address. 2909aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt always advertises the station address of the interface 2910aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron which it sends advertisements (i.e. it's own station address). 2911aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2912aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Route NAT status} 2913aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{ROUTE-NAT} 2914aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2915aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNAT (or ``Network Address Translation'') remaps some parts 2916aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the IP address space into other ones. Linux-2.2 route NAT is supposed 2917aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto be used to facilitate policy routing by rewriting addresses 2918aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto other routing domains or to help while renumbering sites 2919aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto another prefix. 2920aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2921aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{What it is not:} 2922aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is necessary to emphasize that {\em it is not supposed\/} 2923aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto be used to compress address space or to split load. 2924aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis is not missing functionality but a design principle. 2925aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRoute NAT is {\em stateless\/}. It does not hold any state 2926aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerabout translated sessions. This means that it handles any number 2927aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof sessions flawlessly. But it also means that it is {\em static\/}. 2928aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt cannot detect the moment when the last TCP client stops 2929aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerusing an address. For the same reason, it will not help to split 2930aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerload between several servers. 2931aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2932aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is a pretty commonly held belief that it is useful to split load between 2933aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerseveral servers with NAT. This is a mistake. All you get from this 2934aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris the requirement that the router keep the state of all the TCP connections 2935aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingergoing via it. Well, if the router is so powerful, run apache on it. 8) 2936aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2937aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2938aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe second feature: it does not touch packet payload, 2939aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdoes not try to ``improve'' broken protocols by looking 2940aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthrough its data and mangling it. It mangles IP addresses, 2941aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeronly IP addresses and nothing but IP addresses. 2942aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis also, is not missing any functionality. 2943aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2944aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTo resume: if you need to compress address space or keep 2945aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeractive FTP clients happy, your choice is not route NAT but masquerading, 2946aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerport forwarding, NAPT etc. 2947aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2948aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerBy the way, you may also want to look at 2949aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhttp://www.suse.com/\~mha/HyperNews/get/linux-ip-nat.html 2950aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2951aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2952aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2953aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{How it works.} 2954aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerSome part of the address space is reserved for dummy addresses 2955aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhich will look for all the world like some host addresses 2956aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinside your network. No other hosts may use these addresses, 2957aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhowever other routers may also be configured to translate them. 2958aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2959aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerA great advantage of route NAT is that it may be used not 2960aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeronly in stub networks but in environments with arbitrarily complicated 2961aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstructure. It does not firewall, it {\em forwards.} 2962aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 2963aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThese addresses are selected by the \verb|ip route| command 2964aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger(sec.\ref{IP-ROUTE-ADD}, p.\pageref{IP-ROUTE-ADD}). F.e.\ 2965aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2966aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add nat 192.203.80.144 via 193.233.7.83 2967aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2968aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstates that the single address 192.203.80.144 is a dummy NAT address. 2969aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor all the world it looks like a host address inside our network. 2970aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerFor neighbouring hosts and routers it looks like the local address 2971aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerof the translating router. The router answers ARP for it, advertises 2972aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis address as routed via it, {\em et al\/}. When the router 2973aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerreceives a packet destined for 192.203.80.144, it replaces 2974aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthis address with 193.233.7.83 which is the address of some real 2975aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhost and forwards the packet. If you need to remap 2976aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerblocks of addresses, you may use a command like: 2977aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2978aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add nat 192.203.80.192/26 via 193.233.7.64 2979aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2980aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis command will map a block of 63 addresses 192.203.80.192-255 to 2981aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger193.233.7.64-127. 2982aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 2983aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerWhen an internal host (193.233.7.83 in the example above) 2984aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersends something to the outer world and these packets are forwarded 2985aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerby our router, it should translate the source address 193.233.7.83 2986aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerinto 192.203.80.144. This task is solved by setting a special 2987aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpolicy rule (sec.\ref{IP-RULE-ADD}, p.\pageref{IP-RULE-ADD}): 2988aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 2989aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip rule add prio 320 from 193.233.7.83 nat 192.203.80.144 2990aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 2991aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis rule says that the source address 193.233.7.83 2992aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingershould be translated into 192.203.80.144 before forwarding. 2993aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt is important that the address after the \verb|nat| keyword 2994aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeris some NAT address, declared by {\tt ip route add nat}. 2995aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf it is just a random address the router will not map to it. 2996aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 2997aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe exception is when the address is a local address of this 2998aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrouter (or 0.0.0.0) and masquerading is configured in the linux-2.2 2999aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkernel. In this case the router will masquerade the packets as this address. 3000aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf 0.0.0.0 is selected, the result is equivalent to one 3001aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerobtained with firewalling rules. Otherwise, you have the way 3002aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto order Linux to masquerade to this fixed address. 3003aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerNAT mechanism used in linux-2.4 is more flexible than 3004aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermasquerading, so that this feature has lost meaning and disabled. 3005aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 3006aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3007aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf the network has non-trivial internal structure, it is 3008aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeruseful and even necessary to add rules disabling translation 3009aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhen a packet does not leave this network. Let us return to the 3010aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerexample from sec.\ref{IP-RULE-SHOW} (p.\pageref{IP-RULE-SHOW}). 3011aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3012aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger300: from 193.233.7.83 to 193.233.7.0/24 lookup main 3013aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger310: from 193.233.7.83 to 192.203.80.0/24 lookup main 3014aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger320: from 193.233.7.83 lookup inr.ruhep map-to 192.203.80.144 3015aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3016aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis block of rules causes normal forwarding when 3017aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpackets from 193.233.7.83 do not leave networks 193.233.7/24 3018aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand 192.203.80/24. Also, if the \verb|inr.ruhep| table does not 3019aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontain a route to the destination (which means that the routing 3020aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdomain owning addresses from 192.203.80/24 is dead), no translation 3021aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwill occur. Otherwise, the packets are translated. 3022aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3023aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\paragraph{How to only translate selected ports:} 3024aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIf you only want to translate selected ports (f.e.\ http) 3025aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand leave the rest intact, you may use \verb|ipchains| 3026aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerto \verb|fwmark| a class of packets. 3027aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerSuppose you did and all the packets from 193.233.7.83 3028aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdestined for port 80 are marked with marker 0x1234 in input fwchain. 3029aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIn this case you may replace rule \#320 with: 3030aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3031aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger320: from 193.233.7.83 fwmark 1234 lookup main map-to 192.203.80.144 3032aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3033aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerand translation will only be enabled for outgoing http requests. 3034aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3035aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Example: minimal host setup} 3036aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{EXAMPLE-SETUP} 3037aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3038aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe following script gives an example of a fault safe 3039aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersetup of IP (and IPv6, if it is compiled into the kernel) 3040aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerin the common case of a node attached to a single broadcast 3041aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernetwork. A more advanced script, which may be used both on multihomed 3042aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerhosts and on routers, is described in the following 3043aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersection. 3044aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3045aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThe utilities used in the script may be found in the 3046aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdirectory ftp://ftp.inr.ac.ru/ip-routing/: 3047aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{enumerate} 3048aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|ip| --- package \verb|iproute2|. 3049aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|arping| --- package \verb|iputils|. 3050aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\item \verb|rdisc| --- package \verb|iputils|. 3051aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{enumerate} 3052aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{NB} 3053aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIt also refers to a DHCP client, \verb|dhcpcd|. I should refrain from 3054aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerrecommending a good DHCP client to use. All that I can 3055aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersay is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that 3056aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercan be found in the \verb|dhcp.bootp.rarp| subdirectory of 3057aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe same ftp site {\em does\/} work, 3058aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerat least on Ethernet and Token Ring. 3059aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{NB} 3060aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3061aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3062aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#! /bin/bash 3063aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3064aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3065aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Usage: \verb|ifone ADDRESS[/PREFIX-LENGTH] [DEVICE]|}\\ 3066aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Parameters:}\\ 3067aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# \$1 --- Static IP address, optionally followed by prefix length.\\ 3068aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\ 3069aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# F.e. \verb|ifone 193.233.7.90| 3070aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3071aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3072aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdev=$2 3073aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger: ${dev:=eth0} 3074aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeripaddr= 3075aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3076aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Parse IP address, splitting prefix length. 3077aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3078aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$1" != "" ]; then 3079aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ipaddr=${1%/*} 3080aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$1" != "$ipaddr" ]; then 3081aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger pfxlen=${1#*/} 3082aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3083aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger : ${pfxlen:=24} 3084aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3085aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpfx="${ipaddr}/${pfxlen}" 3086aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3087aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3088aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3089aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 0} --- enable loopback.\\ 3090aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3091aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# This step is necessary on any networked box before attempt\\ 3092aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# to configure any other device.\\ 3093aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3094aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3095aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip link set up dev lo 3096aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip addr add 127.0.0.1/8 dev lo brd + scope host 3097aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3098aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3099aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# IPv6 autoconfigure themself on loopback.\\ 3100aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3101aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If user gave loopback as device, we add the address as alias and exit. 3102aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3103aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3104aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$dev" = "lo" ]; then 3105aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$ipaddr" != "" -a "$ipaddr" != "127.0.0.1" ]; then 3106aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip address add $ipaddr dev $dev 3107aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit $? 3108aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3109aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 0 3110aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3111aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3112aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3113aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent\# {\bf Step 1} --- enable device \verb|$dev| 3114aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3115aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3116aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! ip link set up dev $dev ; then 3117aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Cannot enable interface $dev. Aborting." 1>&2 3118aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3119aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3120aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3121aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3122aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\ 3123aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# and its configuration finishes here. However,\\ 3124aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# IP still needs some static preconfigured address. 3125aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3126aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3127aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$ipaddr" = "" ]; then 3128aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "No address for $dev is configured, trying DHCP..." 1>&2 3129aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dhcpcd 3130aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit $? 3131aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3132aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3133aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3134aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3135aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 2} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\ 3136aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Send two probes and wait for result for 3 seconds.\\ 3137aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If the interface opens slower f.e.\ due to long media detection,\\ 3138aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# you want to increase the timeout.\\ 3139aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3140aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3141aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! arping -q -c 2 -w 3 -D -I $dev $ipaddr ; then 3142aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Address $ipaddr is busy, trying DHCP..." 1>&2 3143aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dhcpcd 3144aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit $? 3145aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3146aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3147aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3148aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# OK, the address is unique, we may add it on the interface.\\ 3149aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3150aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 3} --- Configure the address on the interface. 3151aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3152aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3153aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3154aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! ip address add $pfx brd + dev $dev; then 3155aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Failed to add $pfx on $dev, trying DHCP..." 1>&2 3156aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger dhcpcd 3157aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit $? 3158aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3159aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3160aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3161aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent\# {\bf Step 4} --- Announce our presence on the link. 3162aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3163aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerarping -A -c 1 -I $dev $ipaddr 3164aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernoarp=$? 3165aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger( sleep 2; 3166aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger arping -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null & 3167aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3168aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3169aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3170aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 5} (optional) --- Add some control routes.\\ 3171aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3172aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 1. Prohibit link local multicast addresses.\\ 3173aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 2. Prohibit link local (alias, limited) broadcast.\\ 3174aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 3. Add default multicast route. 3175aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3176aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3177aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip route add unreachable 224.0.0.0/24 3178aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip route add unreachable 255.255.255.255 3179aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then 3180aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add 224.0.0.0/4 dev $dev scope global 3181aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3182aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3183aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3184aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3185aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 6} --- Add fallback default route with huge metric.\\ 3186aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If a proxy ARP server is present on the interface, we will be\\ 3187aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# able to talk to all the Internet without further configuration.\\ 3188aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# It is not so cheap though and we still hope that this route\\ 3189aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# will be overridden by more correct one by rdisc.\\ 3190aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Do not make this step if the device is not ARPable,\\ 3191aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# because dead nexthop detection does not work on them. 3192aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3193aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3194aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$noarp" = "0" ]; then 3195aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip ro add default dev $dev metric 30000 scope global 3196aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3197aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3198aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3199aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3200aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 7} --- Restart router discovery and exit. 3201aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3202aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3203aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerkillall -HUP rdisc || rdisc -fs 3204aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerexit 0 3205aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3206aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3207aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3208aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\section{Example: {\protect\tt ifcfg} --- interface address management} 3209aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\label{EXAMPLE-IFCFG} 3210aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3211aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerThis is a simplistic script replacing one option of \verb|ifconfig|, 3212aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernamely, IP address management. It not only adds 3213aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeraddresses, but also carries out Duplicate Address Detection~\cite{RFC-DHCP}, 3214aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingersends unsolicited ARP to update the caches of other hosts sharing 3215aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerthe interface, adds some control routes and restarts Router Discovery 3216aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerwhen it is necessary. 3217aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3218aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerI strongly recommend using it {\em instead\/} of \verb|ifconfig| both 3219aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeron hosts and on routers. 3220aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3221aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3222aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#! /bin/bash 3223aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3224aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3225aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Usage: \verb?ifcfg DEVICE[:ALIAS] [add|del] ADDRESS[/LENGTH] [PEER]?}\\ 3226aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Parameters:}\\ 3227aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# ---Device name. It may have alias suffix, separated by colon.\\ 3228aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# ---Command: add, delete or stop.\\ 3229aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# ---IP address, optionally followed by prefix length.\\ 3230aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# ---Optional peer address for pointopoint interfaces.\\ 3231aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# F.e. \verb|ifcfg eth0 193.233.7.90/24| 3232aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3233aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent\# This function determines, whether it is router or host.\\ 3234aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# It returns 0, if the host is apparently not router. 3235aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3236aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3237aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCheckForwarding () { 3238aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger local sbase fwd 3239aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger sbase=/proc/sys/net/ipv4/conf 3240aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fwd=0 3241aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ -d $sbase ]; then 3242aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger for dir in $sbase/*/forwarding; do 3243aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fwd=$[$fwd + `cat $dir`] 3244aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger done 3245aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger else 3246aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fwd=2 3247aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3248aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger return $fwd 3249aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger} 3250aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3251aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3252aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# This function restarts Router Discovery.\\ 3253aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3254aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3255aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerRestartRDISC () { 3256aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger killall -HUP rdisc || rdisc -fs 3257aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger} 3258aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3259aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3260aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Calculate ABC "natural" mask length\\ 3261aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Arg: \$1 = dotquad address 3262aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3263aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3264aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerABCMaskLen () { 3265aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger local class; 3266aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger class=${1%%.*} 3267aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ $class -eq 0 -o $class -ge 224 ]; then return 0 3268aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger elif [ $class -ge 192 ]; then return 24 3269aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger elif [ $class -ge 128 ]; then return 16 3270aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger else return 8 ; fi 3271aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger} 3272aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3273aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3274aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3275aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3276aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf MAIN()}\\ 3277aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3278aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Strip alias suffix separated by colon. 3279aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3280aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3281aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerlabel="label $1" 3282aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerldev=$1 3283aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdev=${1%:*} 3284aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$dev" = "" -o "$1" = "help" ]; then 3285aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Usage: ifcfg DEV [[add|del [ADDR[/LEN]] [PEER] | stop]" 1>&2 3286aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo " add - add new address" 1>&2 3287aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo " del - delete address" 1>&2 3288aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo " stop - completely disable IP" 1>&2 3289aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3290aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3291aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingershift 3292aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3293aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCheckForwarding 3294aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfwd=$? 3295aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3296aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3297aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Parse command. If it is ``stop'', flush and exit. 3298aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3299aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3300aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdeleting=0 3301aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercase "$1" in 3302aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeradd) shift ;; 3303aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerstop) 3304aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$ldev" != "$dev" ]; then 3305aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Cannot stop alias $ldev" 1>&2 3306aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1; 3307aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3308aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip -4 addr flush dev $dev $label || exit 1 3309aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ $fwd -eq 0 ]; then RestartRDISC; fi 3310aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 0 ;; 3311aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdel*) 3312aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger deleting=1; shift ;; 3313aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger*) 3314aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeresac 3315aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3316aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3317aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Parse prefix, split prefix length, separated by slash. 3318aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3319aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3320aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingeripaddr= 3321aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpfxlen= 3322aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$1" != "" ]; then 3323aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ipaddr=${1%/*} 3324aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$1" != "$ipaddr" ]; then 3325aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger pfxlen=${1#*/} 3326aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3327aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$ipaddr" = "" ]; then 3328aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "$1 is bad IP address." 1>&2 3329aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3330aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3331aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3332aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingershift 3333aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3334aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3335aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If peer address is present, prefix length is 32.\\ 3336aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Otherwise, if prefix length was not given, guess it. 3337aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3338aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3339aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerpeer=$1 3340aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$peer" != "" ]; then 3341aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$pfxlen" != "" -a "$pfxlen" != "32" ]; then 3342aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Peer address with non-trivial netmask." 1>&2 3343aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3344aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3345aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger pfx="$ipaddr peer $peer" 3346aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerelse 3347aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ "$pfxlen" = "" ]; then 3348aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ABCMaskLen $ipaddr 3349aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger pfxlen=$? 3350aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3351aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger pfx="$ipaddr/$pfxlen" 3352aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3353aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$ldev" = "$dev" -a "$ipaddr" != "" ]; then 3354aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger label= 3355aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3356aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3357aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3358aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If deletion was requested, delete the address and restart RDISC 3359aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3360aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3361aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ $deleting -ne 0 ]; then 3362aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip addr del $pfx dev $dev $label || exit 1 3363aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ $fwd -eq 0 ]; then RestartRDISC; fi 3364aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 0 3365aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3366aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3367aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3368aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Start interface initialization.\\ 3369aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3370aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 0} --- enable device \verb|$dev| 3371aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3372aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3373aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! ip link set up dev $dev ; then 3374aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Error: cannot enable interface $dev." 1>&2 3375aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3376aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3377aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ "$ipaddr" = "" ]; then exit 0; fi 3378aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3379aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3380aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 1} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\ 3381aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Send two probes and wait for result for 3 seconds.\\ 3382aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If the interface opens slower f.e.\ due to long media detection,\\ 3383aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# you want to increase the timeout.\\ 3384aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3385aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3386aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! arping -q -c 2 -w 3 -D -I $dev $ipaddr ; then 3387aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Error: some host already uses address $ipaddr on $dev." 1>&2 3388aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3389aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3390aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3391aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3392aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# OK, the address is unique. We may add it to the interface.\\ 3393aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3394aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 2} --- Configure the address on the interface. 3395aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3396aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3397aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif ! ip address add $pfx brd + dev $dev $label; then 3398aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger echo "Error: failed to add $pfx on $dev." 1>&2 3399aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger exit 1 3400aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3401aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3402aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\noindent\# {\bf Step 3} --- Announce our presence on the link 3403aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3404aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerarping -q -A -c 1 -I $dev $ipaddr 3405aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingernoarp=$? 3406aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger( sleep 2 ; 3407aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null & 3408aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3409aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3410aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 4} (optional) --- Add some control routes.\\ 3411aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\#\\ 3412aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 1. Prohibit link local multicast addresses.\\ 3413aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 2. Prohibit link local (alias, limited) broadcast.\\ 3414aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# 3. Add default multicast route. 3415aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3416aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3417aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip route add unreachable 224.0.0.0/24 >& /dev/null 3418aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerip route add unreachable 255.255.255.255 >& /dev/null 3419aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then 3420aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null 3421aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3422aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3423aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3424aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# {\bf Step 5} --- Add fallback default route with huge metric.\\ 3425aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# If a proxy ARP server is present on the interface, we will be\\ 3426aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# able to talk to all the Internet without further configuration.\\ 3427aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# Do not make this step on router or if the device is not ARPable.\\ 3428aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# because dead nexthop detection does not work on them. 3429aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3430aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{verbatim} 3431aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerif [ $fwd -eq 0 ]; then 3432aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if [ $noarp -eq 0 ]; then 3433aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip ro append default dev $dev metric 30000 scope global 3434aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger elif [ "$peer" != "" ]; then 3435aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger if ping -q -c 2 -w 4 $peer ; then 3436aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger ip ro append default via $peer dev $dev metric 30001 3437aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3438aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger fi 3439aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger RestartRDISC 3440aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerfi 3441aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3442aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerexit 0 3443aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{verbatim} 3444aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\begin{flushleft} 3445aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\# End of {\bf MAIN()} 3446aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{flushleft} 3447aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3448aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger 3449aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger\end{document} 3450