icmp, IPPROTO_ICMP - Linux IPv4 ICMP kernel module.
DESCRIPTION
This kernel protocol module implements the Internet Control Message Protocol
defined in RFC792. It is used to signal error conditions and for diagnosis.
The user doesn't interact directly with this module; instead it communicates
with the other protocols in the kernel and these pass the ICMP
errors to the application layers. The kernel ICMP module also
answers to ICMP requests.
A user protocol may receive ICMP packets for all local sockets by opening
a RAW socket with the protocol
IPPROTO_ICMP.
See
raw(4)
for more information.
The types of ICMP packets passed to the socket can be filtered using the
ICMP_FILTER
socket option. ICMP packets are always processed by the kernel too, even
when passed to a user socket.
Linux rate limits ICMP error packets per destination. ICMP_REDIRECT and
ICMP_DEST_UNREACH are limited per destination route of the incoming
packets.
SYSCTLS
ICMP supports a sysctl interface to configure some global IP parameters. The sysctls
can be accessed by reading or writing the
/proc/sys/net/ipv4/*
files or with the
sysctl(2)
interface. Most of these sysctls are rate limitations for specific ICMP types.
Linux 2.2 uses a token bucket filter to limit ICMPs.
The value is the timeout in seconds until the token bucket filter is cleared.
icmp_destunreach_rate
Maximum rate to send ICMP Destination Unreachable packets.
They are are limited per route and additionally
per destination. This sysctl limits the per destination rate and are local per
destination. The limit does not
affect sending of ICMP_FRAG_NEEDED packets needed for path mtu discovery.
icmp_echo_ignore_all
Ignore all ICMP_ECHO requests if not zero.
icmp_echo_ignore_broadcasts
Ignore ICMP_ECHO packets sent to broadcast addresses if not zero.
icmp_echoreply_rate
Maximum rate for outgoing
ICMP_ECHOREPLY
packets sent in response to
ICMP_ECHOREQUEST
packets.
icmp_paramprob_rate
Maximum rate for outgoing
ICMP_PARAMETERPROB
packets sent. These packets are
sent when a packet arrives with an invalid IP header.
icmp_timeexceed_rate
Maximum rate for outgoing
ICMP_TIME_EXCEEDED
packets sent. These packets are
sent to prevent loops when a packet has crossed too many hops.
NOTES
As many other OSes don't support
IPPROTO_ICMP
raw sockets, this feature
should not be relied on in portable programs.
ICMP_REDIRECT
packets are not sent when Linux is not acting as a router.
They are also only accepted from the old gateway defined in the routing table and
the redirect routes are expired after some time.
The 64-bit timestamp returned by
ICMP_TIMESTAMP
is in milliseconds
since January 1, 1970.
Linux ICMP internally uses a raw socket to send ICMPs. This raw socket
may appear in
netstat(8)
output with a zero inode.
VERSIONS
Support for the
ICMP_ADDRESS_MASK
request was removed in 2.2.
Support for
ICMP_SOURCE_QUENCH
was removed in Linux 2.2.
