Lines Matching defs:ip
2 \def\TITLE{IP Command Reference}
5 \Large\bf IP Command Reference.
24 This document presents a comprehensive description of the \verb|ip| utility
30 and examples to understand and configure Linux-2.2 IP and IPv6
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
41 \section{{\tt ip} --- command syntax}
43 The generic form of an \verb|ip| command is:
45 ip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]]
48 general behaviour of the \verb|ip| utility or changing its output. All options
55 --- print the version of the \verb|ip| utility and exit.
70 line does not give enough information to guess the family, \verb|ip| falls back to the default
103 \verb|ip| never uses DNS to resolve names to addresses.
109 The object types currently understood by \verb|ip| are:
113 \item \verb|address| --- protocol (IP or IPv6) address on a device
119 \item \verb|tunnel| --- tunnel over IP
144 for the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent
145 to {\tt ip link ls dev eth0}.
150 letters. The shortcuts are convenient when \verb|ip| is used interactively,
157 \section{{\tt ip} --- error messages}
159 \verb|ip| may fail for one of the following reasons:
164 IP address {\em et al\/}. In this case \verb|ip| prints an error message
172 \verb|ip| failed to compile a kernel request from the arguments
176 The kernel returned an error to some syscall. In this case \verb|ip|
182 In this case \verb|ip| prints the error message, as it is output
188 if the \verb|ip| utility fails, it does not change anything
189 in the system. One harmful exception is \verb|ip link| command
190 (Sec.\ref{IP-LINK}, p.\pageref{IP-LINK}),
215 \verb|ip| \verb|rule| command will fail, f.e.
217 kuznet@kaiser $ ip rule list
225 \section{{\tt ip link} --- network device configuration}
226 \label{IP-LINK}
233 \subsection{{\tt ip link set} --- change device attributes}
254 Though neither the \verb|ip| utility nor the kernel check for this condition.
307 the {\tt ip} utility will allow that.
311 \verb|ip| aborts immediately after any of the changes have failed.
312 This is the only case when \verb|ip| can move the system to
314 several parameters with one {\tt ip link set} call.
318 \item \verb|ip link set dummy address 00:00:00:00:00:01|
322 \item \verb|ip link set dummy up|
329 \subsection{{\tt ip link show} --- display device attributes}
330 \label{IP-LINK-SHOW}
352 kuznet@alisa:~ $ ip link ls eth0
355 kuznet@alisa:~ $ ip link ls sit0
358 kuznet@alisa:~ $ ip link ls dummy
372 \verb|ip| \verb|link| \verb|set| \verb|name|
467 of tunnels over IP are printed as dotted-quad IP addresses.
477 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
482 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
486 kuznet@alisa:~ $ ip -s link ls eth0
524 \verb|ip| prints more detailed statistics on receiver
528 kuznet@alisa:~ $ ip -s -s link ls eth0
546 \section{{\tt ip address} --- protocol address management}
550 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
557 The \verb|ip addr| command displays addresses and their properties,
564 \subsection{{\tt ip address add} --- add a new protocol address}
565 \label{IP-ADDR-ADD}
579 on the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords
603 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
638 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
642 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
650 \subsection{{\tt ip address delete} --- delete a protocol address}
654 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
660 \item \verb|ip addr del 127.0.0.1/8 dev lo|
665 \item Disable IP on the interface \verb|eth0|:
667 while ip -f inet addr del dev eth0; do
671 Another method to disable IP on an interface using {\tt ip addr flush}
672 may be found in sec.\ref{IP-ADDR-FLUSH}, p.\pageref{IP-ADDR-FLUSH}.
677 \subsection{{\tt ip address show} --- display protocol addresses}
728 kuznet@alisa:~ $ ip addr ls eth0
738 The first two lines coincide with the output of \verb|ip link ls|.
742 Then the list of IP and IPv6 addresses follows, accompanied by
743 additional address attributes: scope value (see Sec.\ref{IP-ADDR-ADD},
744 p.\pageref{IP-ADDR-ADD} above), flags and the address label.
754 An IP address becomes secondary if another address with the same
786 \subsection{{\tt ip address flush} --- flush protocol addresses}
787 \label{IP-ADDR-FLUSH}
804 twice, \verb|ip addr flush| also dumps all the deleted addresses
810 netadm@amber:~ # ip -s -s a f to 10/8
819 Another instructive example is disabling IP on all the Ethernets:
821 netadm@amber:~ # ip -4 addr flush label "eth*"
827 netadm@amber:~ # ip -6 addr flush dynamic
832 \section{{\tt ip neighbour} --- neighbour/arp tables management}
849 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
852 \subsection{{\tt ip neighbour add} --- add a new neighbour entry\\
853 {\tt ip neighbour change} --- change an existing entry\\
854 {\tt ip neighbour replace} --- add a new entry or change an existing one}
892 This option to \verb|ip neigh| does not change the neighbour state if
900 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
904 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
910 \subsection{{\tt ip neighbour delete} --- delete a neighbour entry}
916 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
922 \item \verb|ip neigh del 10.0.0.3 dev eth0|
942 ip neighbour show} --- list neighbour entries}
968 This option may occur more than once. If this option is absent, \verb|ip|
977 kuznet@alisa:~ $ ip neigh ls
1025 kuznet@alisa:~ $ ip -s n ls 193.233.7.254
1041 \subsection{{\tt ip neighbour flush} --- flush neighbour entries}
1057 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1062 netadm@alisa:~ # ip -s -s n f 193.233.7.254
1072 \section{{\tt ip route} --- routing table management}
1073 \label{IP-ROUTE}
1082 optionally, the TOS value. An IP packet matches the route if the highest
1117 non-unique routes with \verb|ip| commands described in this section.
1143 the data required to deliver IP packets (f.e.\ output device and
1148 \paragraph{Route types:} \label{IP-ROUTE-TYPES}
1172 rules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup
1203 is used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}.
1209 \subsection{{\tt ip route add} --- add a new route\\
1210 {\tt ip route change} --- change a route\\
1211 {\tt ip route replace} --- change a route or add a new one}
1212 \label{IP-ROUTE-ADD}
1223 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1224 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1226 \verb|ip| assumes a full-length host route. There is also a special
1227 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1248 \verb|ip| assumes the \verb|main| table, with the exception of
1262 For NAT routes it is the first address of the block of translated IP destinations.
1363 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1372 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1398 option may be found in~\cite{IP-TUNNELS}.
1420 ip route add 10.0.0/24 via 193.233.7.65
1424 ip ro chg 10.0.0/24 dev dummy
1429 ip route add default scope global nexthop dev ppp0 \
1439 ip route add nat 192.203.80.144 via 193.233.7.83
1442 in the following section (sec.\ref{IP-RULE}, p.\pageref{IP-RULE}).
1445 \subsection{{\tt ip route delete} --- delete a route}
1449 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1450 \verb|ip route add|, but their semantics are a bit different.
1453 select the route to delete. If optional attributes are present, \verb|ip|
1455 If no route with the given key and attributes was found, \verb|ip route del|
1460 because it was ambiguous. However, look at {\tt ip route flush}
1461 (sec.\ref{IP-ROUTE-FLUSH}, p.\pageref{IP-ROUTE-FLUSH}) which
1469 ip route del default scope global nexthop dev ppp0 \
1476 \subsection{{\tt ip route show} --- list routes}
1497 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1516 and \verb|cache| is emulated by the \verb|ip| utility.
1566 kuznet@amber:~ $ ip ro ls proto gated/bgp | wc
1573 kuznet@amber:~ $ ip -o ro ls cloned | wc
1587 The output has the same syntax as arguments given to {\tt ip route add},
1590 kuznet@amber:~ $ ip ro ls 193.233.7/24
1600 kuznet@amber:~ $ ip ro ls 193.233.7.82 tab cache
1612 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1625 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1661 devoted to route types (p.\pageref{IP-ROUTE-TYPES}).
1662 \label{IP-ROUTE-GET-error}
1678 \subsection{{\tt ip route save} -- save routing tables}
1679 \label{IP-ROUTE-SAVE}
1684 \paragraph{Arguments:} \verb|ip route save| has the same arguments as
1685 \verb|ip route show|.
1690 dan@caffeine:~ # ip route save > saved_routes
1694 \verb|ip route save| is that of \verb|rtnetlink|. See
1697 \subsection{{\tt ip route restore} -- restore routing tables}
1698 \label{IP-ROUTE-RESTORE}
1701 tables according to a data stream as provided by \verb|ip route save| via
1711 dan@caffeine:~ # ip route restore < saved_routes
1714 \subsection{{\tt ip route flush} --- flush routing tables}
1715 \label{IP-ROUTE-FLUSH}
1723 as the arguments of \verb|ip route show|, but routing tables are not
1725 dumps all the IP main routing table but \verb|flush| prints the helper page.
1732 twice, \verb|ip route flush| also dumps all the deleted routes
1738 netadm@amber:~ # ip -4 ro flush scope global type unicast
1748 netadm@amber:~ # ip -6 -s -s ro flush cache
1769 netadm@amber:~ # ip -6 -s -s ro flush cache
1777 netadm@amber:~ # ip ro ls proto gated/bgp | wc
1779 netadm@amber:~ # ip -s ro f proto gated/bgp
1783 netadm@amber:~ # ip ro f proto gated/bgp
1785 netadm@amber:~ # ip ro ls proto gated/bgp
1790 \subsection{{\tt ip route get} --- get a single route}
1791 \label{IP-ROUTE-GET}
1828 Note that this operation is not equivalent to \verb|ip route show|.
1835 with a subsequent {\tt ip route ls cache}, however, no packets are
1841 format as \verb|ip route ls|.
1847 kuznet@amber:~ $ ip route get 193.233.7.82
1856 kuznet@amber:~ $ ip r g 193.233.7.82 from 193.233.7.82 iif eth0
1874 kuznet@amber:~ $ ip r g 224.2.127.254 from 193.233.7.82 iif eth0
1882 deliver) the packet to local IP listeners. In this case the router
1894 netadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254
1895 netadm@alisa:~ # ip route get 193.233.7.98
1919 We may retry \verb|ip route get| to see what we have in the routing
1922 netadm@alisa:~ # ip route get 193.233.7.98
1930 \section{{\tt ip rule} --- routing policy database management}
1931 \label{IP-RULE}
1945 IP protocol, transport protocol ports or even packet payload.
1972 Matching IP protocols and transport ports is also possible,
1995 managed with the \verb|ip route| command, described in the previous section.
2032 table. NAT and masquerading rules have an attribute to select new IP
2050 of the IP packet into some other value. More about NAT is
2058 \subsection{{\tt ip rule add} --- insert a new rule\\
2059 {\tt ip rule delete} --- delete a rule}
2060 \label{IP-RULE-ADD}
2101 Really, for historical reasons \verb|ip rule add| does not require a
2125 --- The base of the IP address block to translate (for source addresses).
2138 with \verb|ip route flush cache|.
2145 ip ru add from 192.203.80.0/24 table inr.ruhep prio 220
2151 ip ru add from 193.233.7.83 nat 192.203.80.144 table 1 prio 320
2156 ip ru del prio 32767
2163 \subsection{{\tt ip rule show} --- list rules}
2164 \label{IP-RULE-SHOW}
2174 kuznet@amber:~ $ ip ru ls
2205 \section{{\tt ip maddress} --- multicast addresses management}
2206 \label{IP-MADDR}
2212 \subsection{{\tt ip maddress show} --- list multicast addresses}
2229 kuznet@alisa:~ $ ip maddr ls dummy
2248 with \verb|ip maddr add|. See the following subsection.
2252 \subsection{{\tt ip maddress add} --- add a multicast address\\
2253 {\tt ip maddress delete} --- delete a multicast address}
2280 netadm@alisa:~ # ip maddr add 33:33:00:00:00:01 dev dummy
2281 netadm@alisa:~ # ip -0 maddr ls dummy
2285 netadm@alisa:~ # ip maddr del 33:33:00:00:00:01 dev dummy
2289 Neither \verb|ip| nor the kernel check for multicast address validity.
2305 \section{{\tt ip mroute} --- multicast routing cache management}
2306 \label{IP-MROUTE}
2322 \subsection{{\tt ip mroute show} --- list mroute cache entries}
2341 --- the prefix selecting the IP source addresses of the multicast route.
2349 kuznet@amber:~ $ ip mroute ls
2371 kuznet@amber:~ $ ip -s mr ls 224.66/16
2378 \section{{\tt ip tunnel} --- tunnel configuration}
2379 \label{IP-TUNNEL}
2384 packets in IPv4 packets and then sending them over the IP infrastructure.
2390 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2392 \subsection{{\tt ip tunnel add} --- add a new tunnel\\
2393 {\tt ip tunnel change} --- change an existing tunnel\\
2394 {\tt ip tunnel delete} --- destroy a tunnel}
2451 either a number or an IP address-like dotted quad.
2483 netadm@amber:~ # ip tunl add Cisco mode sit remote 192.31.7.104 \
2487 \subsection{{\tt ip tunnel show} --- list tunnels}
2496 kuznet@amber:~ $ ip tunl ls Cisco
2497 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2507 kuznet@amber:~ $ ip -s tunl ls Cisco
2508 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2516 printed with {\tt ip -s link show}
2517 (sec.\ref{IP-LINK-SHOW}, p.\pageref{IP-LINK-SHOW}) but the tags are different
2530 transmitted because there is no IP route to the remote endpoint.
2536 \section{{\tt ip monitor} and {\tt rtmon} --- state monitoring}
2537 \label{IP-MONITOR}
2539 The \verb|ip| utility can monitor the state of devices, addresses
2545 ip monitor [ file FILE ] [ all | OBJECT-LIST ]
2549 If no \verb|file| argument is given, \verb|ip| opens RTNETLINK,
2557 \verb|ip monitor|.
2606 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2607 p.\pageref{IP-ROUTE}).
2616 with routing policy rules, see sec.~\ref{IP-RULE}, p.\pageref{IP-RULE}.
2668 ``Neighbor Discovery for IP Version 6 (IPv6)'', RFC-2461.
2674 ``Requirements for IP Version 4 Routers'', RFC-1812.
2685 \bibitem{IP-TUNNELS} A.~N.~Kuznetsov.
2686 ``Tunnels over IP in Linux-2.2'', \\
2687 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2690 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2714 When a host creates an IP packet, it must select some source
2740 \item Otherwise, IP routing tables can contain an explicit source
2742 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2747 The search strategies are different for IP and IPv6. Namely:
2753 \item IP searches for the first valid address with a scope wider
2758 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2759 sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}).
2787 ARP on all the IP devices.
2804 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2805 with the \verb|ip neigh| command, namely:
2807 ip neigh add proxy ADDRESS [ dev NAME ]
2811 ip neigh del proxy ADDRESS [ dev NAME ]
2818 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2823 parameters other than these (IP/IPv6 address and optional device).
2832 of the IP address space into other ones. Linux-2.2 route NAT is supposed
2856 through its data and mangling it. It mangles IP addresses,
2857 only IP addresses and nothing but IP addresses.
2865 http://www.suse.com/\~mha/HyperNews/get/linux-ip-nat.html
2879 These addresses are selected by the \verb|ip route| command
2880 (sec.\ref{IP-ROUTE-ADD}, p.\pageref{IP-ROUTE-ADD}). F.e.\
2882 ip route add nat 192.203.80.144 via 193.233.7.83
2894 ip route add nat 192.203.80.192/26 via 193.233.7.64
2903 policy rule (sec.\ref{IP-RULE-ADD}, p.\pageref{IP-RULE-ADD}):
2905 ip rule add prio 320 from 193.233.7.83 nat 192.203.80.144
2910 is some NAT address, declared by {\tt ip route add nat}.
2926 example from sec.\ref{IP-RULE-SHOW} (p.\pageref{IP-RULE-SHOW}).
2955 setup of IP (and IPv6, if it is compiled into the kernel)
2962 directory ftp://ftp.inr.ac.ru/ip-routing/:
2964 \item \verb|ip| --- package \verb|iproute2|.
2983 \# \$1 --- Static IP address, optionally followed by prefix length.\\
2992 \# Parse IP address, splitting prefix length.
3011 ip link set up dev lo
3012 ip addr add 127.0.0.1/8 dev lo brd + scope host
3022 ip address add $ipaddr dev $dev
3032 if ! ip link set up dev $dev ; then
3040 \# IP still needs some static preconfigured address.
3051 \# {\bf Step 2} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3070 if ! ip address add $pfx brd + dev $dev; then
3093 ip route add unreachable 224.0.0.0/24
3094 ip route add unreachable 255.255.255.255
3095 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3096 ip route add 224.0.0.0/4 dev $dev scope global
3111 ip ro add default dev $dev metric 30000 scope global
3128 namely, IP address management. It not only adds
3145 \# ---IP
3204 echo " stop - completely disable IP" 1>&2
3224 ip -4 addr flush dev $dev $label || exit 1
3244 echo "$1 is bad IP address." 1>&2
3278 ip addr del $pfx dev $dev $label || exit 1
3289 if ! ip link set up dev $dev ; then
3296 \# {\bf Step 1} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3313 if ! ip address add $pfx brd + dev $dev $label; then
3333 ip route add unreachable 224.0.0.0/24 >& /dev/null
3334 ip route add unreachable 255.255.255.255 >& /dev/null
3335 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3336 ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
3349 ip ro append default dev $dev metric 30000 scope global
3352 ip ro append default via $peer dev $dev metric 30001
