Lines Matching defs:ip
2 \def\TITLE{IP Command Reference}
5 \Large\bf IP Command Reference.
24 This document presents a comprehensive description of the \verb|ip| utility
30 and examples to understand and configure Linux-2.2 IP and IPv6
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
41 \section{{\tt ip} --- command syntax}
43 The generic form of an \verb|ip| command is:
45 ip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]]
48 general behaviour of the \verb|ip| utility or changing its output. All options
55 --- print the version of the \verb|ip| utility and exit.
70 line does not give enough information to guess the family, \verb|ip| falls back to the default
103 \verb|ip| never uses DNS to resolve names to addresses.
109 The object types currently understood by \verb|ip| are:
113 \item \verb|address| --- protocol (IP or IPv6) address on a device
119 \item \verb|tunnel| --- tunnel over IP
144 for the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent
145 to {\tt ip link ls dev eth0}.
150 letters. The shortcuts are convenient when \verb|ip| is used interactively,
157 \section{{\tt ip} --- error messages}
159 \verb|ip| may fail for one of the following reasons:
164 IP address {\em et al\/}. In this case \verb|ip| prints an error message
172 \verb|ip| failed to compile a kernel request from the arguments
176 The kernel returned an error to some syscall. In this case \verb|ip|
182 In this case \verb|ip| prints the error message, as it is output
188 if the \verb|ip| utility fails, it does not change anything
189 in the system. One harmful exception is \verb|ip link| command
190 (Sec.\ref{IP-LINK}, p.\pageref{IP-LINK}),
215 \verb|ip| \verb|rule| command will fail, f.e.
217 kuznet@kaiser $ ip rule list
225 \section{{\tt ip link} --- network device configuration}
226 \label{IP-LINK}
233 \subsection{{\tt ip link set} --- change device attributes}
254 Though neither the \verb|ip| utility nor the kernel check for this condition.
307 the {\tt ip} utility will allow that.
311 \verb|ip| aborts immediately after any of the changes have failed.
312 This is the only case when \verb|ip| can move the system to
314 several parameters with one {\tt ip link set} call.
318 \item \verb|ip link set dummy address 00:00:00:00:00:01|
322 \item \verb|ip link set dummy up|
329 \subsection{{\tt ip link show} --- display device attributes}
330 \label{IP-LINK-SHOW}
352 kuznet@alisa:~ $ ip link ls eth0
355 kuznet@alisa:~ $ ip link ls sit0
358 kuznet@alisa:~ $ ip link ls dummy
372 \verb|ip| \verb|link| \verb|set| \verb|name|
467 of tunnels over IP are printed as dotted-quad IP addresses.
477 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
482 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
486 kuznet@alisa:~ $ ip -s link ls eth0
524 \verb|ip| prints more detailed statistics on receiver
528 kuznet@alisa:~ $ ip -s -s link ls eth0
546 \section{{\tt ip address} --- protocol address management}
550 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
557 The \verb|ip addr| command displays addresses and their properties,
564 \subsection{{\tt ip address add} --- add a new protocol address}
565 \label{IP-ADDR-ADD}
579 on the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords
603 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
638 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
642 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
650 \subsection{{\tt ip address delete} --- delete a protocol address}
654 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
660 \item \verb|ip addr del 127.0.0.1/8 dev lo|
665 \item Disable IP on the interface \verb|eth0|:
667 while ip -f inet addr del dev eth0; do
671 Another method to disable IP on an interface using {\tt ip addr flush}
672 may be found in sec.\ref{IP-ADDR-FLUSH}, p.\pageref{IP-ADDR-FLUSH}.
677 \subsection{{\tt ip address show} --- display protocol addresses}
728 kuznet@alisa:~ $ ip addr ls eth0
738 The first two lines coincide with the output of \verb|ip link ls|.
742 Then the list of IP and IPv6 addresses follows, accompanied by
743 additional address attributes: scope value (see Sec.\ref{IP-ADDR-ADD},
744 p.\pageref{IP-ADDR-ADD} above), flags and the address label.
754 An IP address becomes secondary if another address with the same
786 \subsection{{\tt ip address flush} --- flush protocol addresses}
787 \label{IP-ADDR-FLUSH}
804 twice, \verb|ip addr flush| also dumps all the deleted addresses
810 netadm@amber:~ # ip -s -s a f to 10/8
819 Another instructive example is disabling IP on all the Ethernets:
821 netadm@amber:~ # ip -4 addr flush label "eth*"
827 netadm@amber:~ # ip -6 addr flush dynamic
832 \section{{\tt ip neighbour} --- neighbour/arp tables management}
849 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
852 \subsection{{\tt ip neighbour add} --- add a new neighbour entry\\
853 {\tt ip neighbour change} --- change an existing entry\\
854 {\tt ip neighbour replace} --- add a new entry or change an existing one}
892 This option to \verb|ip neigh| does not change the neighbour state if
900 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
904 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
910 \subsection{{\tt ip neighbour delete} --- delete a neighbour entry}
916 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
922 \item \verb|ip neigh del 10.0.0.3 dev eth0|
942 ip neighbour show} --- list neighbour entries}
968 This option may occur more than once. If this option is absent, \verb|ip|
977 kuznet@alisa:~ $ ip neigh ls
1025 kuznet@alisa:~ $ ip -s n ls 193.233.7.254
1041 \subsection{{\tt ip neighbour flush} --- flush neighbour entries}
1057 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1062 netadm@alisa:~ # ip -s -s n f 193.233.7.254
1072 \section{{\tt ip route} --- routing table management}
1073 \label{IP-ROUTE}
1082 optionally, the TOS value. An IP packet matches the route if the highest
1117 non-unique routes with \verb|ip| commands described in this section.
1143 the data required to deliver IP packets (f.e.\ output device and
1148 \paragraph{Route types:} \label{IP-ROUTE-TYPES}
1172 rules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup
1203 is used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}.
1209 \subsection{{\tt ip route add} --- add a new route\\
1210 {\tt ip route change} --- change a route\\
1211 {\tt ip route replace} --- change a route or add a new one}
1212 \label{IP-ROUTE-ADD}
1223 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1224 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1226 \verb|ip| assumes a full-length host route. There is also a special
1227 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1248 \verb|ip| assumes the \verb|main| table, with the exception of
1262 For NAT routes it is the first address of the block of translated IP destinations.
1363 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1372 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1398 option may be found in~\cite{IP-TUNNELS}.
1420 ip route add 10.0.0/24 via 193.233.7.65
1424 ip ro chg 10.0.0/24 dev dummy
1429 ip route add default scope global nexthop dev ppp0 \
1439 ip route add nat 192.203.80.144 via 193.233.7.83
1442 in the following section (sec.\ref{IP-RULE}, p.\pageref{IP-RULE}).
1445 \subsection{{\tt ip route delete} --- delete a route}
1449 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1450 \verb|ip route add|, but their semantics are a bit different.
1453 select the route to delete. If optional attributes are present, \verb|ip|
1455 If no route with the given key and attributes was found, \verb|ip route del|
1460 because it was ambiguous. However, look at {\tt ip route flush}
1461 (sec.\ref{IP-ROUTE-FLUSH}, p.\pageref{IP-ROUTE-FLUSH}) which
1469 ip route del default scope global nexthop dev ppp0 \
1476 \subsection{{\tt ip route show} --- list routes}
1497 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1516 and \verb|cache| is emulated by the \verb|ip| utility.
1566 kuznet@amber:~ $ ip ro ls proto gated/bgp | wc
1573 kuznet@amber:~ $ ip -o ro ls cloned | wc
1587 The output has the same syntax as arguments given to {\tt ip route add},
1590 kuznet@amber:~ $ ip ro ls 193.233.7/24
1600 kuznet@amber:~ $ ip ro ls 193.233.7.82 tab cache
1612 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1625 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1661 devoted to route types (p.\pageref{IP-ROUTE-TYPES}).
1662 \label{IP-ROUTE-GET-error}
1679 \subsection{{\tt ip route flush} --- flush routing tables}
1680 \label{IP-ROUTE-FLUSH}
1688 as the arguments of \verb|ip route show|, but routing tables are not
1690 dumps all the IP main routing table but \verb|flush| prints the helper page.
1697 twice, \verb|ip route flush| also dumps all the deleted routes
1703 netadm@amber:~ # ip -4 ro flush scope global type unicast
1713 netadm@amber:~ # ip -6 -s -s ro flush cache
1734 netadm@amber:~ # ip -6 -s -s ro flush cache
1742 netadm@amber:~ # ip ro ls proto gated/bgp | wc
1744 netadm@amber:~ # ip -s ro f proto gated/bgp
1748 netadm@amber:~ # ip ro f proto gated/bgp
1750 netadm@amber:~ # ip ro ls proto gated/bgp
1755 \subsection{{\tt ip route get} --- get a single route}
1756 \label{IP-ROUTE-GET}
1793 Note that this operation is not equivalent to \verb|ip route show|.
1800 with a subsequent {\tt ip route ls cache}, however, no packets are
1806 format as \verb|ip route ls|.
1812 kuznet@amber:~ $ ip route get 193.233.7.82
1821 kuznet@amber:~ $ ip r g 193.233.7.82 from 193.233.7.82 iif eth0
1839 kuznet@amber:~ $ ip r g 224.2.127.254 from 193.233.7.82 iif eth0
1847 deliver) the packet to local IP listeners. In this case the router
1859 netadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254
1860 netadm@alisa:~ # ip route get 193.233.7.98
1884 We may retry \verb|ip route get| to see what we have in the routing
1887 netadm@alisa:~ # ip route get 193.233.7.98
1895 \section{{\tt ip rule} --- routing policy database management}
1896 \label{IP-RULE}
1910 IP protocol, transport protocol ports or even packet payload.
1937 Matching IP protocols and transport ports is also possible,
1960 managed with the \verb|ip route| command, described in the previous section.
1997 table. NAT and masquerading rules have an attribute to select new IP
2015 of the IP packet into some other value. More about NAT is
2023 \subsection{{\tt ip rule add} --- insert a new rule\\
2024 {\tt ip rule delete} --- delete a rule}
2025 \label{IP-RULE-ADD}
2066 Really, for historical reasons \verb|ip rule add| does not require a
2090 --- The base of the IP address block to translate (for source addresses).
2103 with \verb|ip route flush cache|.
2110 ip ru add from 192.203.80.0/24 table inr.ruhep prio 220
2116 ip ru add from 193.233.7.83 nat 192.203.80.144 table 1 prio 320
2121 ip ru del prio 32767
2128 \subsection{{\tt ip rule show} --- list rules}
2129 \label{IP-RULE-SHOW}
2139 kuznet@amber:~ $ ip ru ls
2170 \section{{\tt ip maddress} --- multicast addresses management}
2171 \label{IP-MADDR}
2177 \subsection{{\tt ip maddress show} --- list multicast addresses}
2194 kuznet@alisa:~ $ ip maddr ls dummy
2213 with \verb|ip maddr add|. See the following subsection.
2217 \subsection{{\tt ip maddress add} --- add a multicast address\\
2218 {\tt ip maddress delete} --- delete a multicast address}
2245 netadm@alisa:~ # ip maddr add 33:33:00:00:00:01 dev dummy
2246 netadm@alisa:~ # ip -0 maddr ls dummy
2250 netadm@alisa:~ # ip maddr del 33:33:00:00:00:01 dev dummy
2254 Neither \verb|ip| nor the kernel check for multicast address validity.
2270 \section{{\tt ip mroute} --- multicast routing cache management}
2271 \label{IP-MROUTE}
2287 \subsection{{\tt ip mroute show} --- list mroute cache entries}
2306 --- the prefix selecting the IP source addresses of the multicast route.
2314 kuznet@amber:~ $ ip mroute ls
2336 kuznet@amber:~ $ ip -s mr ls 224.66/16
2343 \section{{\tt ip tunnel} --- tunnel configuration}
2344 \label{IP-TUNNEL}
2349 packets in IPv4 packets and then sending them over the IP infrastructure.
2355 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2357 \subsection{{\tt ip tunnel add} --- add a new tunnel\\
2358 {\tt ip tunnel change} --- change an existing tunnel\\
2359 {\tt ip tunnel delete} --- destroy a tunnel}
2416 either a number or an IP address-like dotted quad.
2448 netadm@amber:~ # ip tunl add Cisco mode sit remote 192.31.7.104 \
2452 \subsection{{\tt ip tunnel show} --- list tunnels}
2461 kuznet@amber:~ $ ip tunl ls Cisco
2462 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2472 kuznet@amber:~ $ ip -s tunl ls Cisco
2473 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2481 printed with {\tt ip -s link show}
2482 (sec.\ref{IP-LINK-SHOW}, p.\pageref{IP-LINK-SHOW}) but the tags are different
2495 transmitted because there is no IP route to the remote endpoint.
2501 \section{{\tt ip monitor} and {\tt rtmon} --- state monitoring}
2502 \label{IP-MONITOR}
2504 The \verb|ip| utility can monitor the state of devices, addresses
2510 ip monitor [ file FILE ] [ all | OBJECT-LIST ]
2514 If no \verb|file| argument is given, \verb|ip| opens RTNETLINK,
2522 \verb|ip monitor|.
2571 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2572 p.\pageref{IP-ROUTE}).
2581 with routing policy rules, see sec.~\ref{IP-RULE}, p.\pageref{IP-RULE}.
2633 ``Neighbor Discovery for IP Version 6 (IPv6)'', RFC-2461.
2639 ``Requirements for IP Version 4 Routers'', RFC-1812.
2650 \bibitem{IP-TUNNELS} A.~N.~Kuznetsov.
2651 ``Tunnels over IP in Linux-2.2'', \\
2652 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2655 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2679 When a host creates an IP packet, it must select some source
2705 \item Otherwise, IP routing tables can contain an explicit source
2707 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2712 The search strategies are different for IP and IPv6. Namely:
2718 \item IP searches for the first valid address with a scope wider
2723 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2724 sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}).
2752 ARP on all the IP devices.
2769 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2770 with the \verb|ip neigh| command, namely:
2772 ip neigh add proxy ADDRESS [ dev NAME ]
2776 ip neigh del proxy ADDRESS [ dev NAME ]
2783 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2788 parameters other than these (IP/IPv6 address and optional device).
2797 of the IP address space into other ones. Linux-2.2 route NAT is supposed
2821 through its data and mangling it. It mangles IP addresses,
2822 only IP addresses and nothing but IP addresses.
2830 http://www.suse.com/\~mha/HyperNews/get/linux-ip-nat.html
2844 These addresses are selected by the \verb|ip route| command
2845 (sec.\ref{IP-ROUTE-ADD}, p.\pageref{IP-ROUTE-ADD}). F.e.\
2847 ip route add nat 192.203.80.144 via 193.233.7.83
2859 ip route add nat 192.203.80.192/26 via 193.233.7.64
2868 policy rule (sec.\ref{IP-RULE-ADD}, p.\pageref{IP-RULE-ADD}):
2870 ip rule add prio 320 from 193.233.7.83 nat 192.203.80.144
2875 is some NAT address, declared by {\tt ip route add nat}.
2891 example from sec.\ref{IP-RULE-SHOW} (p.\pageref{IP-RULE-SHOW}).
2920 setup of IP (and IPv6, if it is compiled into the kernel)
2927 directory ftp://ftp.inr.ac.ru/ip-routing/:
2929 \item \verb|ip| --- package \verb|iproute2|.
2948 \# \$1 --- Static IP address, optionally followed by prefix length.\\
2957 \# Parse IP address, splitting prefix length.
2976 ip link set up dev lo
2977 ip addr add 127.0.0.1/8 dev lo brd + scope host
2987 ip address add $ipaddr dev $dev
2997 if ! ip link set up dev $dev ; then
3005 \# IP still needs some static preconfigured address.
3016 \# {\bf Step 2} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3035 if ! ip address add $pfx brd + dev $dev; then
3058 ip route add unreachable 224.0.0.0/24
3059 ip route add unreachable 255.255.255.255
3060 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3061 ip route add 224.0.0.0/4 dev $dev scope global
3076 ip ro add default dev $dev metric 30000 scope global
3093 namely, IP address management. It not only adds
3110 \# ---IP address, optionally followed by prefix length.\\
3169 echo " stop - completely disable IP" 1>&2
3189 ip -4 addr flush dev $dev $label || exit 1
3209 echo "$1 is bad IP address." 1>&2
3243 ip addr del $pfx dev $dev $label || exit 1
3254 if ! ip link set up dev $dev ; then
3261 \# {\bf Step 1} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3278 if ! ip address add $pfx brd + dev $dev $label; then
3298 ip route add unreachable 224.0.0.0/24 >& /dev/null
3299 ip route add unreachable 255.255.255.255 >& /dev/null
3300 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3301 ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
3314 ip ro append default dev $dev metric 30000 scope global
3317 ip ro append default via $peer dev $dev metric 30001
