Lines Matching full:verb
12 \verb|kuznet@ms2.inr.ac.ru| \\
24 This document presents a comprehensive description of the \verb|ip| utility
25 from the \verb|iproute2| package. It is not a tutorial or user's guide.
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
43 The generic form of an \verb|ip| command is:
47 where \verb|OPTIONS| is a set of optional modifiers affecting the
48 general behaviour of the \verb|ip| utility or changing its output. All options
49 begin with the character \verb|'-'| and may be used in either long or abbreviated
53 \item \verb|-V|, \verb|-Version|
55 --- print the version of the \verb|ip| utility and exit.
58 \item \verb|-s|, \verb|-stats|, \verb|-statistics|
65 \item \verb|-f|, \verb|-family| followed by a protocol family
66 identifier: \verb|inet|, \verb|inet6| or \verb|link|.
70 line does not give enough information to guess the family, \verb|ip| falls back to the default
71 one, usually \verb|inet| or \verb|any|. \verb|link| is a special family
74 \item \verb|-4|
76 --- shortcut for \verb|-family inet|.
78 \item \verb|-6|
80 --- shortcut for \verb|-family inet6|.
82 \item \verb|-0|
84 --- shortcut for \verb|-family link|.
87 \item \verb|-o|, \verb|-oneline|
90 with the \verb|'\'| character. This is convenient when you want to
91 count records with \verb|wc| or to \verb|grep| the output. The trivial
92 script \verb|rtpr| converts the output back into readable form.
94 \item \verb|-r|, \verb|-resolve|
103 \verb|ip| never uses DNS to resolve names to addresses.
108 \verb|OBJECT| is the object to manage or to get information about.
109 The object types currently understood by \verb|ip| are:
112 \item \verb|link| --- network device
113 \item \verb|address| --- protocol (IP or IPv6) address on a device
114 \item \verb|neighbour| --- ARP or NDISC cache entry
115 \item \verb|route| --- routing table entry
116 \item \verb|rule| --- rule in routing policy database
117 \item \verb|maddress| --- multicast address
118 \item \verb|mroute| --- multicast routing cache entry
119 \item \verb|tunnel| --- tunnel over IP
123 abbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr|
124 or just \verb|a|.
126 \verb|COMMAND| specifies the action to perform on the object.
128 As a rule, it is possible to \verb|add|, \verb|delete| and
129 \verb|show| (or \verb|list|) objects, but some objects
131 The \verb|help| command is available for all objects. It prints
135 Usually it is \verb|list| or, if the objects of this class
136 cannot be listed, \verb|help|.
138 \verb|ARGUMENTS| is a list of arguments to the command.
143 which may be omitted. F.e.\ parameter \verb|dev| is the default
150 letters. The shortcuts are convenient when \verb|ip| is used interactively,
159 \verb|ip| may fail for one of the following reasons:
164 IP address {\em et al\/}. In this case \verb|ip| prints an error message
172 \verb|ip| failed to compile a kernel request from the arguments
176 The kernel returned an error to some syscall. In this case \verb|ip|
177 prints the error message, as it is output with \verb|perror(3)|,
182 In this case \verb|ip| prints the error message, as it is output
183 with \verb|perror(3)| prefixed with ``RTNETLINK answers:''.
188 if the \verb|ip| utility fails, it does not change anything
189 in the system. One harmful exception is \verb|ip link| command
213 \item The \verb|CONFIG_IP_MULTIPLE_TABLES| option was not selected
215 \verb|ip| \verb|rule| command will fail, f.e.
228 \paragraph{Object:} A \verb|link| is a network device and the corresponding
231 \paragraph{Commands:} \verb|set| and \verb|show| (or \verb|list|).
235 \paragraph{Abbreviations:} \verb|set|, \verb|s|.
240 \item \verb|dev NAME| (default)
242 --- \verb|NAME| specifies the network device on which to operate.
244 \item \verb|up| and \verb|down|
246 --- change the state of the device to \verb|UP| or \verb|DOWN|.
248 \item \verb|arp on| or \verb|arp off|
250 --- change the \verb|NOARP| flag on the device.
253 This operation is {\em not allowed\/} if the device is in state \verb|UP|.
254 Though neither the \verb|ip| utility nor the kernel check for this condition.
259 \item \verb|multicast on| or \verb|multicast off|
261 --- change the \verb|MULTICAST| flag on the device.
263 \item \verb|dynamic on| or \verb|dynamic off|
265 --- change the \verb|DYNAMIC| flag on the device.
267 \item \verb|name NAME|
273 \item \verb|txqueuelen NUMBER| or \verb|txqlen NUMBER|
277 \item \verb|mtu NUMBER|
281 \item \verb|address LLADDRESS|
285 \item \verb|broadcast LLADDRESS|, \verb|brd LLADDRESS| or \verb|peer LLADDRESS|
288 the interface is \verb|POINTOPOINT|.
297 \item \verb|netns PID|
305 The \verb|PROMISC| and \verb|ALLMULTI| flags are considered
311 \verb|ip| aborts immediately after any of the changes have failed.
312 This is the only case when \verb|ip| can move the system to
318 \item \verb|ip link set dummy address 00:00:00:00:00:01|
320 --- change the station address of the interface \verb|dummy|.
322 \item \verb|ip link set dummy up|
324 --- start the interface \verb|dummy|.
332 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
333 \verb|l|.
337 \item \verb|dev NAME| (default)
339 --- \verb|NAME| specifies the network device to show.
342 \item \verb|up|
367 (\verb|eth0|, \verb|sit0| etc.). The interface name is also
372 \verb|ip| \verb|link| \verb|set| \verb|name|
375 The interface name may have another name or \verb|NONE| appended
376 after the \verb|@| sign. This means that this device is bound to some other
379 device. If the name is \verb|NONE|, the master is unknown.
385 on the interface. Particularly, \verb|noqueue| means that this interface
386 does not queue anything and \verb|noop| means that the interface is in blackhole
394 \item \verb|UP| --- the device is turned on. It is ready to accept
398 \item \verb|LOOPBACK| --- the interface does not communicate with other
402 \item \verb|BROADCAST| --- the device has the facility to send packets
405 \item \verb|POINTOPOINT| --- the link has only two ends with one node
409 If neither \verb|LOOPBACK| nor \verb|BROADCAST| nor \verb|POINTOPOINT|
415 \item \verb|MULTICAST| --- is an advisory flag indicating that the interface
420 to use multicasting on this interface. Any \verb|POINTOPOINT| and
421 \verb|BROADCAST| link is multicasting by definition, because we have
427 \item \verb|PROMISC| --- the device listens to and feeds to the kernel all
433 \item \verb|ALLMULTI| --- the device receives all multicast packets
436 \item \verb|NOARP| --- this flag is different from the other ones. It has
442 \item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is
445 \item \verb|SLAVE| --- this interface is bonded to some other interfaces
452 There are other flags but they are either obsolete (\verb|NOTRAILERS|)
453 or not implemented (\verb|DEBUG|) or specific to some devices
454 (\verb|MASTER|, \verb|AUTOMEDIA| and \verb|PORTSEL|). We do not discuss
460 associated with the device. The first word (\verb|ether|, \verb|sit|)
477 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
482 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
495 \verb|RX:| and \verb|TX:| lines summarize receiver and transmitter
498 \item \verb|bytes| --- the total number of bytes received or transmitted
502 \item \verb|packets| --- the total number of packets received or transmitted
504 \item \verb|errors| --- the total number of receiver or transmitter errors.
505 \item \verb|dropped| --- the total number of packets dropped due to lack
507 \item \verb|overrun| --- the total number of receiver overruns resulting
511 \item \verb|mcast| --- the total number of received multicast packets. This option
513 \item \verb|carrier| --- total number of link media failures f.e.\ because
515 \item \verb|collsns| --- the total number of collision events
518 \item \verb|compressed| --- the total number of compressed packets. This is
523 If the \verb|-s| option is entered twice or more,
524 \verb|ip| prints more detailed statistics on receiver
548 \paragraph{Abbreviations:} \verb|address|, \verb|addr|, \verb|a|.
550 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
557 The \verb|ip addr| command displays addresses and their properties,
560 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|flush| and \verb|show|
561 (or \verb|list|).
567 \paragraph{Abbreviations:} \verb|add|, \verb|a|.
572 \item \verb|dev NAME|
576 \item \verb|local ADDRESS| (default)
580 separated by colons for IPv6. The \verb|ADDRESS| may be followed by
584 \item \verb|peer ADDRESS|
587 Again, the \verb|ADDRESS| may be followed by a slash and a decimal number,
593 \item \verb|broadcast ADDRESS|
597 It is possible to use the special symbols \verb|'+'| and \verb|'-'|
603 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
608 \item \verb|label NAME|
616 \item \verb|scope SCOPE_VALUE|
619 The available scopes are listed in file \verb|/etc/iproute2/rt_scopes|.
623 \item \verb|global| --- the address is globally valid.
624 \item \verb|site| --- (IPv6 only) the address is site local,
626 \item \verb|link| --- the address is link local, i.e.\
628 \item \verb|host| --- the address is valid only inside this host.
638 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
642 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
645 \verb|255.255.255.0|), standard broadcast and label \verb|eth0:Alias|
646 to the interface \verb|eth0|.
652 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
654 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
660 \item \verb|ip addr del 127.0.0.1/8 dev lo|
665 \item Disable IP on the interface \verb|eth0|:
679 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
680 \verb|l|.
685 \item \verb|dev NAME| (default)
689 \item \verb|scope SCOPE_VAL|
693 \item \verb|to PREFIX|
697 \item \verb|label PATTERN|
699 --- only list addresses with labels matching the \verb|PATTERN|.
700 \verb|PATTERN| is a usual shell style pattern.
703 \item \verb|dynamic| and \verb|permanent|
708 \item \verb|tentative|
713 \item \verb|deprecated|
718 \item \verb|primary| and \verb|secondary|
738 The first two lines coincide with the output of \verb|ip link ls|.
740 as addresses of the protocol family \verb|AF_PACKET|.
750 \item \verb|secondary|
758 There is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries|
761 \verb|net.ipv4.conf.all.promote_secondaries=1| to \verb|/etc/sysctl.conf|.
765 \item \verb|dynamic|
769 the address is still valid. After \verb|preferred_lft| expires the address is
770 moved to the deprecated state. After \verb|valid_lft| expires the address
773 \item \verb|deprecated|
778 \item \verb|tentative|
789 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
794 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
797 \paragraph{Warning:} This command (and other \verb|flush| commands
801 \paragraph{Statistics:} With the \verb|-statistics| option, the command
804 twice, \verb|ip addr flush| also dumps all the deleted addresses
834 \paragraph{Abbreviations:} \verb|neighbour|, \verb|neighbor|, \verb|neigh|,
835 \verb|n|.
837 \paragraph{Object:} \verb|neighbour| objects establish bindings between protocol
845 \paragraph{Commands:} \verb|add|, \verb|change|, \verb|replace|,
846 \verb|delete|, \verb|flush| and \verb|show| (or \verb|list|).
849 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
856 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
857 \verb|replace|, \verb|repl|.
865 \item \verb|to ADDRESS| (default)
869 \item \verb|dev NAME|
874 \item \verb|lladdr LLADDRESS|
876 --- the link layer address of the neighbour. \verb|LLADDRESS| can also be
877 \verb|null|.
879 \item \verb|nud NUD_STATE|
881 --- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour
885 \item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed
887 \item \verb|noarp| --- the neighbour entry is valid. No attempts to validate
889 \item \verb|reachable| --- the neighbour entry is valid until the reachability
891 \item \verb|stale| --- the neighbour entry is valid but suspicious.
892 This option to \verb|ip neigh| does not change the neighbour state if
900 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
902 --- add a permanent ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
904 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
906 --- change its state to \verb|reachable|.
912 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
916 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
917 except that \verb|lladdr| and \verb|nud| are ignored.
922 \item \verb|ip neigh del 10.0.0.3 dev eth0|
924 --- invalidate an ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
937 a \verb|noarp| entry created by the kernel may result in unpredictable behaviour.
939 on a \verb|NOARP| interface or if the address is multicast or broadcast.
944 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|.
952 \item \verb|to ADDRESS| (default)
956 \item \verb|dev NAME|
960 \item \verb|unused|
964 \item \verb|nud NUD_STATE|
966 --- only list neighbour entries in this state. \verb|NUD_STATE| takes
967 values listed below or the special value \verb|all| which means all states.
968 This option may occur more than once. If this option is absent, \verb|ip|
969 lists all entries except for \verb|none| and \verb|noarp|.
991 \verb|lladdr| is the link layer address of the neighbour.
993 \verb|nud| is the state of the ``neighbour unreachability detection'' machine
999 \item\verb|none| --- the state of the neighbour is void.
1000 \item\verb|incomplete| --- the neighbour is in the process of resolution.
1001 \item\verb|reachable| --- the neighbour is valid and apparently reachable.
1002 \item\verb|stale| --- the neighbour is valid, but is probably already
1004 \item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting
1006 \item\verb|probe| --- the delay timer expired but no confirmation was received.
1008 \item\verb|failed| --- resolution has failed.
1009 \item\verb|noarp| --- the neighbour is valid. No attempts to check the entry
1011 \item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator
1015 The link layer address is valid in all states except for \verb|none|,
1016 \verb|failed| and \verb|incomplete|.
1018 IPv6 neighbours can be marked with the additional flag \verb|router|
1021 \paragraph{Statistics:} The \verb|-statistics| option displays some usage
1031 Here \verb|ref| is the number of users of this entry
1032 and \verb|used| is a triplet of time intervals in seconds
1043 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1048 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
1051 \verb|permanent| and \verb|noarp|.
1054 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1057 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1075 \paragraph{Abbreviations:} \verb|route|, \verb|ro|, \verb|r|.
1077 \paragraph{Object:} \verb|route| entries in the kernel routing tables keep
1117 non-unique routes with \verb|ip| commands described in this section.
1152 is \verb|unicast|. It describes real paths to other hosts.
1157 \item \verb|unicast| --- the route entry describes real paths to the
1159 \item \verb|unreachable| --- these destinations are unreachable. Packets
1161 The local senders get an \verb|EHOSTUNREACH| error.
1162 \item \verb|blackhole| --- these destinations are unreachable. Packets
1163 are discarded silently. The local senders get an \verb|EINVAL| error.
1164 \item \verb|prohibit| --- these destinations are unreachable. Packets
1166 prohibited\/} is generated. The local senders get an \verb|EACCES| error.
1167 \item \verb|local| --- the destinations are assigned to this
1169 \item \verb|broadcast| --- the destinations are broadcast addresses.
1171 \item \verb|throw| --- a special control route used together with policy
1176 is generated. The local senders get an \verb|ENETUNREACH| error.
1177 \item \verb|nat| --- a special NAT route. Destinations covered by the prefix
1180 are selected with the attribute \verb|via|. More about NAT is
1182 \item \verb|anycast| --- ({\em not implemented\/}) the destinations are
1184 to \verb|local| with one difference: such addresses are invalid when used
1186 \item \verb|multicast| --- a special type used for multicast routing.
1192 name from the file \verb|/etc/iproute2/rt_tables|. By default all normal
1193 routes are inserted into the \verb|main| table (ID 254) and the kernel only uses
1197 even more important. It is the \verb|local| table (ID 255). This table
1214 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
1215 \verb|replace|, \verb|repl|.
1220 \item \verb|to PREFIX| or \verb|to TYPE PREFIX| (default)
1222 --- the destination prefix of the route. If \verb|TYPE| is omitted,
1223 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1224 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1226 \verb|ip| assumes a full-length host route. There is also a special
1227 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1228 to IPv6 \verb|::/0|.
1230 \item \verb|tos TOS| or \verb|dsfield TOS|
1235 may still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal
1239 \item \verb|metric NUMBER| or \verb|preference NUMBER|
1241 --- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number.
1243 \item \verb|table TABLEID|
1246 \verb|TABLEID| may be a number or a string from the file
1247 \verb|/etc/iproute2/rt_tables|. If this parameter is omitted,
1248 \verb|ip| assumes the \verb|main| table, with the exception of
1249 \verb|local|, \verb|broadcast| and \verb|nat| routes, which are
1250 put into the \verb|local| table by default.
1252 \item \verb|dev NAME|
1256 \item \verb|via ADDRESS|
1259 on the route type. For normal \verb|unicast| routes it is either the true nexthop
1264 \item \verb|src ADDRESS|
1269 \item \verb|realm REALMID|
1272 \verb|REALMID| may be a number or a string from the file
1273 \verb|/etc/iproute2/rt_realms|. Sec.\ref{RT-REALMS} (p.\pageref{RT-REALMS})
1276 \item \verb|mtu MTU| or \verb|mtu lock MTU|
1278 --- the MTU along the path to the destination. If the modifier \verb|lock| is
1280 If the modifier \verb|lock| is used, no path MTU discovery will be tried,
1284 \item \verb|window NUMBER|
1290 \item \verb|rtt NUMBER|
1295 \item \verb|rttvar NUMBER|
1300 \item \verb|ssthresh NUMBER|
1305 \item \verb|cwnd NUMBER|
1307 --- \threeonly the clamp for congestion window. It is ignored if the \verb|lock|
1311 \item \verb|advmss NUMBER|
1321 \item \verb|reordering NUMBER|
1324 If it is not given, Linux uses the value selected with \verb|sysctl|
1325 variable \verb|net/ipv4/tcp_reordering|.
1327 \item \verb|hoplimit NUMBER|
1330 The default is the value selected with the \verb|sysctl| variable
1331 \verb|net/ipv4/ip_default_ttl|.
1333 \item \verb|initcwnd NUMBER|
1339 \item \verb|nexthop NEXTHOP|
1341 --- the nexthop of a multipath route. \verb|NEXTHOP| is a complex value
1344 \item \verb|via ADDRESS| is the nexthop router.
1345 \item \verb|dev NAME| is the output device.
1346 \item \verb|weight NUMBER| is a weight for this element of a multipath
1350 \item \verb|scope SCOPE_VAL|
1353 \verb|SCOPE_VAL| may be a number or a string from the file
1354 \verb|/etc/iproute2/rt_scopes|.
1356 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1357 routes, scope \verb|link| for direct \verb|unicast| and \verb|broadcast| routes
1358 and scope \verb|host| for \verb|local| routes.
1360 \item \verb|protocol RTPROTO|
1363 \verb|RTPROTO| may be a number or a string from the file
1364 \verb|/etc/iproute2/rt_protos|. If the routing protocol ID is
1365 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1370 \item \verb|redirect| --- the route was installed due to an ICMP redirect.
1371 \item \verb|kernel| --- the route was installed by the kernel during
1373 \item \verb|boot| --- the route was installed during the bootup sequence.
1375 \item \verb|static| --- the route was installed by the administrator
1378 \item \verb|ra| --- the route was installed by Router Discovery protocol.
1383 f.e.\ as they are assigned in \verb|rtnetlink.h| or in \verb|rt_protos|
1387 \item \verb|onlink|
1393 \item \verb|equalize|
1398 \verb|equalize| only works if the kernel is patched.
1405 Actually there are more commands: \verb|prepend| does the same
1406 thing as classic \verb|route add|, i.e.\ adds a route, even if another
1407 route to the same destination exists. Its opposite case is \verb|append|,
1412 More sad news, IPv6 only understands the \verb|append| command correctly.
1413 All the others are translated into \verb|append| commands. Certainly,
1423 \item change it to a direct route via the \verb|dummy| device
1427 \item add a default multipath route splitting the load between \verb|ppp0|
1428 and \verb|ppp1|
1436 \verb|via| parameter.
1448 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
1450 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1451 \verb|ip route add|, but their semantics are a bit different.
1453 Key values (\verb|to|, \verb|tos|, \verb|preference| and \verb|table|)
1454 select the route to delete. If optional attributes are present, \verb|ip|
1456 If no route with the given key and attributes was found, \verb|ip route del|
1479 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
1487 \item \verb|to SELECTOR| (default)
1489 --- only select routes from the given range of destinations. \verb|SELECTOR|
1490 consists of an optional modifier (\verb|root|, \verb|match| or \verb|exact|)
1491 and a prefix. \verb|root PREFIX| selects routes with prefixes not shorter
1492 than \verb|PREFIX|. F.e.\ \verb|root 0/0| selects the entire routing table.
1493 \verb|match PREFIX| selects routes with prefixes not longer than
1494 \verb|PREFIX|. F.e.\ \verb|match 10.0/16| selects \verb|10.0/16|,
1495 \verb|10/8| and \verb|0/0|, but it does not select \verb|10.1/16| and
1496 \verb|10.0.0/24|. And \verb|exact PREFIX| (or just \verb|PREFIX|)
1498 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1501 \item \verb|tos TOS| or \verb|dsfield TOS|
1506 \item \verb|table TABLEID|
1509 \verb|table| \verb|main|. \verb|TABLEID| may either be the ID of a real table
1512 \item \verb|all| --- list all of the tables.
1513 \item \verb|cache| --- dump the routing cache.
1516 IPv6 has a single table. However, splitting it into \verb|main|, \verb|local|
1517 and \verb|cache| is emulated by the \verb|ip| utility.
1520 \item \verb|cloned| or \verb|cached|
1524 Actually, it is equivalent to \verb|table cache|.
1526 \item \verb|from SELECTOR|
1528 --- the same syntax as for \verb|to|, but it binds the source address range
1529 rather than destinations. Note that the \verb|from| option only works with
1532 \item \verb|protocol RTPROTO|
1537 \item \verb|scope SCOPE_VAL|
1541 \item \verb|type TYPE|
1545 \item \verb|dev NAME|
1549 \item \verb|via PREFIX|
1551 --- only list routes going via the nexthop routers selected by \verb|PREFIX|.
1553 \item \verb|src PREFIX|
1556 by \verb|PREFIX|.
1558 \item \verb|realm REALMID| or \verb|realms FROMREALM/TOREALM|
1564 \paragraph{Examples:} Let us count routes of protocol \verb|gated/bgp|
1571 To count the size of the routing cache, we have to use the \verb|-o| option
1585 \verb|-o| option was given, then line feeds separating lines inside
1613 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1616 The second line, starting with the word \verb|cache|, shows
1620 \item \verb|local| --- packets are delivered locally.
1625 \item \verb|reject| --- the path is bad. Any attempt to use it results
1626 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1628 \item \verb|mc| --- the destination is multicast.
1630 \item \verb|brd| --- the destination is broadcast.
1632 \item \verb|src-direct| --- the source is on a directly connected
1635 \item \verb|redirected| --- the route was created by an ICMP Redirect.
1637 \item \verb|redirect| --- packets going via this route will
1640 \item \verb|fastroute| --- the route is eligible to be used for fastroute.
1642 \item \verb|equalize| --- make packet by packet randomization
1645 \item \verb|dst-nat| --- the destination address requires translation.
1647 \item \verb|src-nat| --- the source address requires translation.
1649 \item \verb|masq| --- the source address requires masquerading.
1652 \item \verb|notify| --- ({\em not implemented}) change/deletion
1658 \item \verb|error| --- on \verb|reject| routes it is error code
1665 \item \verb|expires| --- this entry will expire after this timeout.
1667 \item \verb|iif| --- the packets for this path are expected to arrive
1671 \paragraph{Statistics:} With the \verb|-statistics| option, more
1674 \item \verb|users| --- the number of users of this entry.
1675 \item \verb|age| --- shows when this route was last used.
1676 \item \verb|used| --- the number of lookups of this route since its creation.
1683 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1689 as the arguments of \verb|ip route show|, but routing tables are not
1690 listed but purged. The only difference is the default action: \verb|show|
1691 dumps all the IP main routing table but \verb|flush| prints the helper page.
1695 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1698 twice, \verb|ip route flush| also dumps all the deleted routes
1706 This option deserves to be put into a scriptlet \verb|routef|.
1708 This option was described in the \verb|route(8)| man page borrowed
1740 The third example flushes BGP routing tables after a \verb|gated|
1759 \paragraph{Abbreviations:} \verb|get|, \verb|g|.
1766 \item \verb|to ADDRESS| (default)
1770 \item \verb|from ADDRESS|
1774 \item \verb|tos TOS| or \verb|dsfield TOS|
1778 \item \verb|iif NAME|
1782 \item \verb|oif NAME|
1786 \item \verb|connected|
1788 --- if no source address (option \verb|from|) was given, relookup
1794 Note that this operation is not equivalent to \verb|ip route show|.
1795 \verb|show| shows existing routes. \verb|get| resolves them and
1796 creates new clones if necessary. Essentially, \verb|get|
1798 If the \verb|iif| argument is not given, the kernel creates a route
1802 actually sent. With the \verb|iif| argument, the kernel pretends
1807 format as \verb|ip route ls|.
1819 \item Find a route to forward packets arriving on \verb|eth0|
1832 Note the \verb|redirect| flag on it.
1835 \item Find a multicast route for packets arriving on \verb|eth0|
1838 In this case, it is \verb|pimd|)
1850 of this group, so that route has no \verb|local| flag and only
1852 The multicast part consists of an additional \verb|Oifs:| list showing
1885 We may retry \verb|ip route get| to see what we have in the routing
1899 \paragraph{Abbreviations:} \verb|rule|, \verb|ru|.
1901 \paragraph{Object:} \verb|rule|s in the routing policy database control
1939 indirectly, via \verb|ipchains|, by exploiting their ability
1940 to mark some classes of packets with \verb|fwmark|. Therefore,
1941 \verb|fwmark| is also included in the set of keys checked by rules.
1961 managed with the \verb|ip route| command, described in the previous section.
1968 table \verb|local| (ID 255).
1969 The \verb|local| table is a special routing table containing
1976 table \verb|main| (ID 254).
1977 The \verb|main| table is the normal routing table containing all non-policy
1982 table \verb|default| (ID 253).
1983 The \verb|default| table is empty. It is reserved for some
2000 optional attributes, which routes have, namely \verb|realms|.
2008 \item \verb|unicast| --- the rule prescribes to return the route found
2010 \item \verb|blackhole| --- the rule prescribes to silently drop the packet.
2011 \item \verb|unreachable| --- the rule prescribes to generate a ``Network
2013 \item \verb|prohibit| --- the rule prescribes to generate
2015 \item \verb|nat| --- the rule prescribes to translate the source address
2021 \paragraph{Commands:} \verb|add|, \verb|delete| and \verb|show|
2022 (or \verb|list|).
2028 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|,
2029 \verb|d|.
2034 \item \verb|type TYPE| (default)
2039 \item \verb|from PREFIX|
2043 \item \verb|to PREFIX|
2047 \item \verb|iif NAME|
2054 \item \verb|tos TOS| or \verb|dsfield TOS|
2058 \item \verb|fwmark MARK|
2060 --- select the \verb|fwmark| value to match.
2062 \item \verb|priority PREFERENCE|
2067 Really, for historical reasons \verb|ip rule add| does not require a
2079 \item \verb|table TABLEID|
2083 \item \verb|realms FROM/TO|
2086 succeeded. Realm \verb|TO| is only used if the route did not select
2089 \item \verb|nat ADDRESS|
2092 The \verb|ADDRESS| may be either the start of the block of NAT addresses
2104 with \verb|ip route flush cache|.
2109 according to routing table \verb|inr.ruhep|:
2115 and route it according to table \#1 (actually, it is \verb|inr.ruhep|):
2132 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2156 The keyword \verb|lookup| is followed by a routing table identifier,
2157 as it is recorded in the file \verb|/etc/iproute2/rt_tables|.
2160 \verb|map-to| followed by the start of the block of addresses to map.
2174 \paragraph{Object:} \verb|maddress| objects are multicast addresses.
2176 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|show| (or \verb|list|).
2180 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2186 \item \verb|dev NAME| (default)
2206 protocol identifier. The word \verb|link| denotes a link layer
2210 of users is shown after the \verb|users| keyword.
2213 is the \verb|static| flag, which indicates that the address was joined
2214 with \verb|ip maddr add|. See the following subsection.
2221 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, \verb|d|.
2232 \item \verb|address LLADDRESS| (default)
2236 \item \verb|dev NAME|
2255 Neither \verb|ip| nor the kernel check for multicast address validity.
2274 \paragraph{Abbreviations:} \verb|mroute|, \verb|mr|.
2276 \paragraph{Object:} \verb|mroute| objects are multicast routing cache
2278 (f.e.\ \verb|pimd| or \verb|mrouted|).
2281 engine, it is impossible to change \verb|mroute| objects administratively,
2285 \paragraph{Commands:} \verb|show| (or \verb|list|).
2290 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2295 \item \verb|to PREFIX| (default)
2300 \item \verb|iif NAME|
2305 \item \verb|from PREFIX|
2323 where S is the source address and G is the multicast group. \verb|Iif| is
2325 If the word \verb|unresolved| is there instead of the interface name,
2327 The keyword \verb|oifs| is followed by a list of output interfaces, separated
2330 in the \verb|oifs| list.
2332 \paragraph{Statistics:} The \verb|-statistics| option also prints the
2347 \paragraph{Abbreviations:} \verb|tunnel|, \verb|tunl|.
2349 \paragraph{Object:} \verb|tunnel| objects are tunnels, encapsulating
2352 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|change|, \verb|show|
2353 (or \verb|list|).
2356 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2362 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
2363 \verb|delete|, \verb|del|, \verb|d|.
2370 \item \verb|name NAME| (default)
2374 \item \verb|mode MODE|
2377 \verb|ipip|, \verb|sit| and \verb|gre|.
2379 \item \verb|remote ADDRESS|
2383 \item \verb|local ADDRESS|
2388 \item \verb|ttl N|
2390 --- set a fixed TTL \verb|N| on tunneled packets.
2391 \verb|N| is a number in the range 1--255. 0 is a special value
2393 The default value is: \verb|inherit|.
2395 \item \verb|tos T| or \verb|dsfield T|
2397 --- set a fixed TOS \verb|T| on tunneled packets.
2398 The default value is: \verb|inherit|.
2402 \item \verb|dev NAME|
2404 --- bind the tunnel to the device \verb|NAME| so that
2408 \item \verb|nopmtudisc|
2414 \item \verb|key K|, \verb|ikey K|, \verb|okey K|
2416 --- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is
2418 The \verb|key| parameter sets the key to use in both directions.
2419 The \verb|ikey| and \verb|okey| parameters set different keys for input and output.
2422 \item \verb|csum|, \verb|icsum|, \verb|ocsum|
2425 The \verb|ocsum| flag calculates checksums for outgoing packets.
2426 The \verb|icsum| flag requires that all input packets have the correct
2427 checksum. The \verb|csum| flag is equivalent to the combination
2428 ``\verb|icsum| \verb|ocsum|''.
2430 \item \verb|seq|, \verb|iseq|, \verb|oseq|
2433 The \verb|oseq| flag enables sequencing of outgoing packets.
2434 The \verb|iseq| flag requires that all input packets are serialized.
2435 The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''.
2455 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2486 \item \verb|CsumErrs| --- the total number of packets dropped
2488 \item \verb|OutOfSeq| --- the total number of packets dropped
2491 \item \verb|Mcasts| --- the total number of multicast packets
2493 \item \verb|DeadLoop| --- the total number of packets which were not
2495 \item \verb|NoRoute| --- the total number of packets which were not
2497 \item \verb|NoBufs| --- the total number of packets which were not
2505 The \verb|ip| utility can monitor the state of devices, addresses
2508 the \verb|monitor| command is the first in the command line and then
2513 \verb|OBJECT-LIST| is the list of object types that we want to monitor.
2514 It may contain \verb|link|, \verb|address| and \verb|route|.
2515 If no \verb|file| argument is given, \verb|ip| opens RTNETLINK,
2522 \verb|rtmon| utility. This utility has a command line syntax similar to
2523 \verb|ip monitor|.
2524 Ideally, \verb|rtmon| should be started before
2533 Certainly, it is possible to start \verb|rtmon| at any time.
2572 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2575 There is a patch to \verb|gated|, allowing classification of routes
2576 to realms with all the set of policy rules implemented in \verb|gated|:
2602 (or realm \verb|unknown|).
2604 The main application of realms is the TC \verb|route| classifier~\cite{TC-CREF},
2611 which can be viewed with the \verb|rtacct| utility.
2619 the realm \verb|russia| and forwarded 169176 packets to \verb|russia|.
2620 The realm \verb|russia| consists of routes with ASPATHs not leaving
2624 \verb|rtacct| shows incoming packets only. Using the \verb|route|
2692 The application may select a source address explicitly with \verb|bind(2)|
2693 syscall or supplying it to \verb|sendmsg(2)| via the ancillary data object
2694 \verb|IP_PKTINFO|. In this case the kernel only checks the validity
2698 Never say ``Never''. The sysctl option \verb|ip_dynaddr| breaks
2707 address hint for this destination. The hint is set with the \verb|src| parameter
2708 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2724 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2730 \item Otherwise, if the scope of the destination is \verb|link| or \verb|host|,
2734 with an appropriate scope. The loopback device \verb|lo| is always the first
2746 by setting the kernel \verb|sysctl| variable
2747 \verb|/proc/sys/net/ipv4/conf/<dev>/proxy_arp| to 1. After this, the router
2748 starts to answer ARP requests on the interface \verb|<dev>|, provided
2752 The variable \verb|/proc/sys/net/ipv4/conf/all/proxy_arp| enables proxy
2770 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2771 with the \verb|ip neigh| command, namely:
2782 for address \verb|ADDRESS| on all devices, otherwise it will only serve
2783 the device \verb|NAME|. Even if the proxy entry is created with
2784 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2845 These addresses are selected by the \verb|ip route| command
2875 It is important that the address after the \verb|nat| keyword
2900 and 192.203.80/24. Also, if the \verb|inr.ruhep| table does not
2907 and leave the rest intact, you may use \verb|ipchains|
2908 to \verb|fwmark| a class of packets.
2930 \item \verb|ip| --- package \verb|iproute2|.
2931 \item \verb|arping| --- package \verb|iputils|.
2932 \item \verb|rdisc| --- package \verb|iputils|.
2935 It also refers to a DHCP client, \verb|dhcpcd|. I should refrain from
2937 say is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that
2938 can be found in the \verb|dhcp.bootp.rarp| subdirectory of
2947 \# {\bf Usage: \verb|ifone ADDRESS[/PREFIX-LENGTH] [DEVICE]|}\\
2950 \# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\
2951 \# F.e. \verb|ifone 193.233.7.90|
2995 \noindent\# {\bf Step 1} --- enable device \verb|$dev|
3004 \# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\
3093 This is a simplistic script replacing one option of \verb|ifconfig|,
3100 I strongly recommend using it {\em instead\/} of \verb|ifconfig| both
3107 \# {\bf Usage: \verb?ifcfg DEVICE[:ALIAS] [add|del] ADDRESS[/LENGTH] [PEER]?}\\
3113 \# F.e. \verb|ifcfg eth0 193.233.7.90/24|
3252 \# {\bf Step 0} --- enable device \verb|$dev|
