Lines Matching full:verb
12 \verb|kuznet@ms2.inr.ac.ru| \\
24 This document presents a comprehensive description of the \verb|ip| utility
25 from the \verb|iproute2| package. It is not a tutorial or user's guide.
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
43 The generic form of an \verb|ip| command is:
47 where \verb|OPTIONS| is a set of optional modifiers affecting the
48 general behaviour of the \verb|ip| utility or changing its output. All options
49 begin with the character \verb|'-'| and may be used in either long or abbreviated
53 \item \verb|-V|, \verb|-Version|
55 --- print the version of the \verb|ip| utility and exit.
58 \item \verb|-s|, \verb|-stats|, \verb|-statistics|
65 \item \verb|-f|, \verb|-family| followed by a protocol family
66 identifier: \verb|inet|, \verb|inet6| or \verb|link|.
70 line does not give enough information to guess the family, \verb|ip| falls back to the default
71 one, usually \verb|inet| or \verb|any|. \verb|link| is a special family
74 \item \verb|-4|
76 --- shortcut for \verb|-family inet|.
78 \item \verb|-6|
80 --- shortcut for \verb|-family inet6|.
82 \item \verb|-0|
84 --- shortcut for \verb|-family link|.
87 \item \verb|-o|, \verb|-oneline|
90 with the \verb|'\'| character. This is convenient when you want to
91 count records with \verb|wc| or to \verb|grep| the output. The trivial
92 script \verb|rtpr| converts the output back into readable form.
94 \item \verb|-r|, \verb|-resolve|
103 \verb|ip| never uses DNS to resolve names to addresses.
108 \verb|OBJECT| is the object to manage or to get information about.
109 The object types currently understood by \verb|ip| are:
112 \item \verb|link| --- network device
113 \item \verb|address| --- protocol (IP or IPv6) address on a device
114 \item \verb|neighbour| --- ARP or NDISC cache entry
115 \item \verb|route| --- routing table entry
116 \item \verb|rule| --- rule in routing policy database
117 \item \verb|maddress| --- multicast address
118 \item \verb|mroute| --- multicast routing cache entry
119 \item \verb|tunnel| --- tunnel over IP
123 abbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr|
124 or just \verb|a|.
126 \verb|COMMAND| specifies the action to perform on the object.
128 As a rule, it is possible to \verb|add|, \verb|delete| and
129 \verb|show| (or \verb|list|) objects, but some objects
131 The \verb|help| command is available for all objects. It prints
135 Usually it is \verb|list| or, if the objects of this class
136 cannot be listed, \verb|help|.
138 \verb|ARGUMENTS| is a list of arguments to the command.
143 which may be omitted. F.e.\ parameter \verb|dev| is the default
150 letters. The shortcuts are convenient when \verb|ip| is used interactively,
159 \verb|ip| may fail for one of the following reasons:
164 IP address {\em et al\/}. In this case \verb|ip| prints an error message
172 \verb|ip| failed to compile a kernel request from the arguments
176 The kernel returned an error to some syscall. In this case \verb|ip|
177 prints the error message, as it is output with \verb|perror(3)|,
182 In this case \verb|ip| prints the error message, as it is output
183 with \verb|perror(3)| prefixed with ``RTNETLINK answers:''.
188 if the \verb|ip| utility fails, it does not change anything
189 in the system. One harmful exception is \verb|ip link| command
213 \item The \verb|CONFIG_IP_MULTIPLE_TABLES| option was not selected
215 \verb|ip| \verb|rule| command will fail, f.e.
228 \paragraph{Object:} A \verb|link| is a network device and the corresponding
231 \paragraph{Commands:} \verb|set| and \verb|show| (or \verb|list|).
235 \paragraph{Abbreviations:} \verb|set|, \verb|s|.
240 \item \verb|dev NAME| (default)
242 --- \verb|NAME| specifies the network device on which to operate.
244 \item \verb|up| and \verb|down|
246 --- change the state of the device to \verb|UP| or \verb|DOWN|.
248 \item \verb|arp on| or \verb|arp off|
250 --- change the \verb|NOARP| flag on the device.
253 This operation is {\em not allowed\/} if the device is in state \verb|UP|.
254 Though neither the \verb|ip| utility nor the kernel check for this condition.
259 \item \verb|multicast on| or \verb|multicast off|
261 --- change the \verb|MULTICAST| flag on the device.
263 \item \verb|dynamic on| or \verb|dynamic off|
265 --- change the \verb|DYNAMIC| flag on the device.
267 \item \verb|name NAME|
273 \item \verb|txqueuelen NUMBER| or \verb|txqlen NUMBER|
277 \item \verb|mtu NUMBER|
281 \item \verb|address LLADDRESS|
285 \item \verb|broadcast LLADDRESS|, \verb|brd LLADDRESS| or \verb|peer LLADDRESS|
288 the interface is \verb|POINTOPOINT|.
297 \item \verb|netns PID|
305 The \verb|PROMISC| and \verb|ALLMULTI| flags are considered
311 \verb|ip| aborts immediately after any of the changes have failed.
312 This is the only case when \verb|ip| can move the system to
318 \item \verb|ip link set dummy address 00:00:00:00:00:01|
320 --- change the station address of the interface \verb|dummy|.
322 \item \verb|ip link set dummy up|
324 --- start the interface \verb|dummy|.
332 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
333 \verb|l|.
337 \item \verb|dev NAME| (default)
339 --- \verb|NAME| specifies the network device to show.
342 \item \verb|up|
367 (\verb|eth0|, \verb|sit0| etc.). The interface name is also
372 \verb|ip| \verb|link| \verb|set| \verb|name|
375 The interface name may have another name or \verb|NONE| appended
376 after the \verb|@| sign. This means that this device is bound to some other
379 device. If the name is \verb|NONE|, the master is unknown.
385 on the interface. Particularly, \verb|noqueue| means that this interface
386 does not queue anything and \verb|noop| means that the interface is in blackhole
394 \item \verb|UP| --- the device is turned on. It is ready to accept
398 \item \verb|LOOPBACK| --- the interface does not communicate with other
402 \item \verb|BROADCAST| --- the device has the facility to send packets
405 \item \verb|POINTOPOINT| --- the link has only two ends with one node
409 If neither \verb|LOOPBACK| nor \verb|BROADCAST| nor \verb|POINTOPOINT|
415 \item \verb|MULTICAST| --- is an advisory flag indicating that the interface
420 to use multicasting on this interface. Any \verb|POINTOPOINT| and
421 \verb|BROADCAST| link is multicasting by definition, because we have
427 \item \verb|PROMISC| --- the device listens to and feeds to the kernel all
433 \item \verb|ALLMULTI| --- the device receives all multicast packets
436 \item \verb|NOARP| --- this flag is different from the other ones. It has
442 \item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is
445 \item \verb|SLAVE| --- this interface is bonded to some other interfaces
452 There are other flags but they are either obsolete (\verb|NOTRAILERS|)
453 or not implemented (\verb|DEBUG|) or specific to some devices
454 (\verb|MASTER|, \verb|AUTOMEDIA| and \verb|PORTSEL|). We do not discuss
460 associated with the device. The first word (\verb|ether|, \verb|sit|)
477 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
482 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
495 \verb|RX:| and \verb|TX:| lines summarize receiver and transmitter
498 \item \verb|bytes| --- the total number of bytes received or transmitted
502 \item \verb|packets| --- the total number of packets received or transmitted
504 \item \verb|errors| --- the total number of receiver or transmitter errors.
505 \item \verb|dropped| --- the total number of packets dropped due to lack
507 \item \verb|overrun| --- the total number of receiver overruns resulting
511 \item \verb|mcast| --- the total number of received multicast packets. This option
513 \item \verb|carrier| --- total number of link media failures f.e.\ because
515 \item \verb|collsns| --- the total number of collision events
518 \item \verb|compressed| --- the total number of compressed packets. This is
523 If the \verb|-s| option is entered twice or more,
524 \verb|ip| prints more detailed statistics on receiver
548 \paragraph{Abbreviations:} \verb|address|, \verb|addr|, \verb|a|.
550 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
557 The \verb|ip addr| command displays addresses and their properties,
560 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|flush| and \verb|show|
561 (or \verb|list|).
567 \paragraph{Abbreviations:} \verb|add|, \verb|a|.
572 \item \verb|dev NAME|
576 \item \verb|local ADDRESS| (default)
580 separated by colons for IPv6. The \verb|ADDRESS| may be followed by
584 \item \verb|peer ADDRESS|
587 Again, the \verb|ADDRESS| may be followed by a slash and a decimal number,
593 \item \verb|broadcast ADDRESS|
597 It is possible to use the special symbols \verb|'+'| and \verb|'-'|
603 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
608 \item \verb|label NAME|
616 \item \verb|scope SCOPE_VALUE|
619 The available scopes are listed in file \verb|/etc/iproute2/rt_scopes|.
623 \item \verb|global| --- the address is globally valid.
624 \item \verb|site| --- (IPv6 only) the address is site local,
626 \item \verb|link| --- the address is link local, i.e.\
628 \item \verb|host| --- the address is valid only inside this host.
638 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
642 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
645 \verb|255.255.255.0|), standard broadcast and label \verb|eth0:Alias|
646 to the interface \verb|eth0|.
652 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
654 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
660 \item \verb|ip addr del 127.0.0.1/8 dev lo|
665 \item Disable IP on the interface \verb|eth0|:
679 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
680 \verb|l|.
685 \item \verb|dev NAME| (default)
689 \item \verb|scope SCOPE_VAL|
693 \item \verb|to PREFIX|
697 \item \verb|label PATTERN|
699 --- only list addresses with labels matching the \verb|PATTERN|.
700 \verb|PATTERN| is a usual shell style pattern.
703 \item \verb|dynamic| and \verb|permanent|
708 \item \verb|tentative|
713 \item \verb|deprecated|
718 \item \verb|primary| and \verb|secondary|
738 The first two lines coincide with the output of \verb|ip link ls|.
740 as addresses of the protocol family \verb|AF_PACKET|.
750 \item \verb|secondary|
758 There is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries|
761 \verb|net.ipv4.conf.all.promote_secondaries=1| to \verb|/etc/sysctl.conf|.
765 \item \verb|dynamic|
769 the address is still valid. After \verb|preferred_lft| expires the address is
770 moved to the deprecated state. After \verb|valid_lft| expires the address
773 \item \verb|deprecated|
778 \item \verb|tentative|
789 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
794 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
797 \paragraph{Warning:} This command (and other \verb|flush| commands
801 \paragraph{Statistics:} With the \verb|-statistics| option, the command
804 twice, \verb|ip addr flush| also dumps all the deleted addresses
834 \paragraph{Abbreviations:} \verb|neighbour|, \verb|neighbor|, \verb|neigh|,
835 \verb|n|.
837 \paragraph{Object:} \verb|neighbour| objects establish bindings between protocol
845 \paragraph{Commands:} \verb|add|, \verb|change|, \verb|replace|,
846 \verb|delete|, \verb|flush| and \verb|show| (or \verb|list|).
849 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
856 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
857 \verb|replace|, \verb|repl|.
865 \item \verb|to ADDRESS| (default)
869 \item \verb|dev NAME|
874 \item \verb|lladdr LLADDRESS|
876 --- the link layer address of the neighbour. \verb|LLADDRESS| can also be
877 \verb|null|.
879 \item \verb|nud NUD_STATE|
881 --- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour
885 \item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed
887 \item \verb|noarp| --- the neighbour entry is valid. No attempts to validate
889 \item \verb|reachable| --- the neighbour entry is valid until the reachability
891 \item \verb|stale| --- the neighbour entry is valid but suspicious.
892 This option to \verb|ip neigh| does not change the neighbour state if
900 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
902 --- add a permanent ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
904 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
906 --- change its state to \verb|reachable|.
912 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
916 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
917 except that \verb|lladdr| and \verb|nud| are ignored.
922 \item \verb|ip neigh del 10.0.0.3 dev eth0|
924 --- invalidate an ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
937 a \verb|noarp| entry created by the kernel may result in unpredictable behaviour.
939 on a \verb|NOARP| interface or if the address is multicast or broadcast.
944 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|.
952 \item \verb|to ADDRESS| (default)
956 \item \verb|dev NAME|
960 \item \verb|unused|
964 \item \verb|nud NUD_STATE|
966 --- only list neighbour entries in this state. \verb|NUD_STATE| takes
967 values listed below or the special value \verb|all| which means all states.
968 This option may occur more than once. If this option is absent, \verb|ip|
969 lists all entries except for \verb|none| and \verb|noarp|.
991 \verb|lladdr| is the link layer address of the neighbour.
993 \verb|nud| is the state of the ``neighbour unreachability detection'' machine
999 \item\verb|none| --- the state of the neighbour is void.
1000 \item\verb|incomplete| --- the neighbour is in the process of resolution.
1001 \item\verb|reachable| --- the neighbour is valid and apparently reachable.
1002 \item\verb|stale| --- the neighbour is valid, but is probably already
1004 \item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting
1006 \item\verb|probe| --- the delay timer expired but no confirmation was received.
1008 \item\verb|failed| --- resolution has failed.
1009 \item\verb|noarp| --- the neighbour is valid. No attempts to check the entry
1011 \item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator
1015 The link layer address is valid in all states except for \verb|none|,
1016 \verb|failed| and \verb|incomplete|.
1018 IPv6 neighbours can be marked with the additional flag \verb|router|
1021 \paragraph{Statistics:} The \verb|-statistics| option displays some usage
1031 Here \verb|ref| is the number of users of this entry
1032 and \verb|used| is a triplet of time intervals in seconds
1043 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1048 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
1051 \verb|permanent| and \verb|noarp|.
1054 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1057 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1075 \paragraph{Abbreviations:} \verb|route|, \verb|ro|, \verb|r|.
1077 \paragraph{Object:} \verb|route| entries in the kernel routing tables keep
1117 non-unique routes with \verb|ip| commands described in this section.
1152 is \verb|unicast|. It describes real paths to other hosts.
1157 \item \verb|unicast| --- the route entry describes real paths to the
1159 \item \verb|unreachable| --- these destinations are unreachable. Packets
1161 The local senders get an \verb|EHOSTUNREACH| error.
1162 \item \verb|blackhole| --- these destinations are unreachable. Packets
1163 are discarded silently. The local senders get an \verb|EINVAL| error.
1164 \item \verb|prohibit| --- these destinations are unreachable. Packets
1166 prohibited\/} is generated. The local senders get an \verb|EACCES| error.
1167 \item \verb|local| --- the destinations are assigned to this
1169 \item \verb|broadcast| --- the destinations are broadcast addresses.
1171 \item \verb|throw| --- a special control route used together with policy
1176 is generated. The local senders get an \verb|ENETUNREACH| error.
1177 \item \verb|nat| --- a special NAT route. Destinations covered by the prefix
1180 are selected with the attribute \verb|via|. More about NAT is
1182 \item \verb|anycast| --- ({\em not implemented\/}) the destinations are
1184 to \verb|local| with one difference: such addresses are invalid when used
1186 \item \verb|multicast| --- a special type used for multicast routing.
1192 name from the file \verb|/etc/iproute2/rt_tables|. By default all normal
1193 routes are inserted into the \verb|main| table (ID 254) and the kernel only uses
1197 even more important. It is the \verb|local| table (ID 255). This table
1214 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
1215 \verb|replace|, \verb|repl|.
1220 \item \verb|to PREFIX| or \verb|to TYPE PREFIX| (default)
1222 --- the destination prefix of the route. If \verb|TYPE| is omitted,
1223 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1224 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1226 \verb|ip| assumes a full-length host route. There is also a special
1227 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1228 to IPv6 \verb|::/0|.
1230 \item \verb|tos TOS| or \verb|dsfield TOS|
1235 may still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal
1239 \item \verb|metric NUMBER| or \verb|preference NUMBER|
1241 --- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number.
1243 \item \verb|table TABLEID|
1246 \verb|TABLEID| may be a number or a string from the file
1247 \verb|/etc/iproute2/rt_tables|. If this parameter is omitted,
1248 \verb|ip| assumes the \verb|main| table, with the exception of
1249 \verb|local|, \verb|broadcast| and \verb|nat| routes, which are
1250 put into the \verb|local| table by default.
1252 \item \verb|dev NAME|
1256 \item \verb|via ADDRESS|
1259 on the route type. For normal \verb|unicast| routes it is either the true nexthop
1264 \item \verb|src ADDRESS|
1269 \item \verb|realm REALMID|
1272 \verb|REALMID| may be a number or a string from the file
1273 \verb|/etc/iproute2/rt_realms|. Sec.\ref{RT-REALMS} (p.\pageref{RT-REALMS})
1276 \item \verb|mtu MTU| or \verb|mtu lock MTU|
1278 --- the MTU along the path to the destination. If the modifier \verb|lock| is
1280 If the modifier \verb|lock| is used, no path MTU discovery will be tried,
1284 \item \verb|window NUMBER|
1290 \item \verb|rtt NUMBER|
1295 \item \verb|rttvar NUMBER|
1300 \item \verb|ssthresh NUMBER|
1305 \item \verb|cwnd NUMBER|
1307 --- \threeonly the clamp for congestion window. It is ignored if the \verb|lock|
1311 \item \verb|advmss NUMBER|
1321 \item \verb|reordering NUMBER|
1324 If it is not given, Linux uses the value selected with \verb|sysctl|
1325 variable \verb|net/ipv4/tcp_reordering|.
1327 \item \verb|hoplimit NUMBER|
1330 The default is the value selected with the \verb|sysctl| variable
1331 \verb|net/ipv4/ip_default_ttl|.
1333 \item \verb|initcwnd NUMBER|
1339 +\item \verb|initrwnd NUMBER|
1346 \item \verb|nexthop NEXTHOP|
1348 verb|NEXTHOP| is a complex value
1351 \item \verb|via ADDRESS| is the nexthop router.
1352 \item \verb|dev NAME| is the output device.
1353 \item \verb|weight NUMBER| is a weight for this element of a multipath
1357 \item \verb|scope SCOPE_VAL|
1360 \verb|SCOPE_VAL| may be a number or a string from the file
1361 \verb|/etc/iproute2/rt_scopes|.
1363 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1364 routes, scope \verb|link| for direct \verb|unicast| and \verb|broadcast| routes
1365 and scope \verb|host| for \verb|local| routes.
1367 \item \verb|protocol RTPROTO|
1370 \verb|RTPROTO| may be a number or a string from the file
1371 \verb|/etc/iproute2/rt_protos|. If the routing protocol ID is
1372 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1377 \item \verb|redirect| --- the route was installed due to an ICMP redirect.
1378 \item \verb|kernel| --- the route was installed by the kernel during
1380 \item \verb|boot| --- the route was installed during the bootup sequence.
1382 \item \verb|static| --- the route was installed by the administrator
1385 \item \verb|ra| --- the route was installed by Router Discovery protocol.
1390 f.e.\ as they are assigned in \verb|rtnetlink.h| or in \verb|rt_protos|
1394 \item \verb|onlink|
1404 Actually there are more commands: \verb|prepend| does the same
1405 thing as classic \verb|route add|, i.e.\ adds a route, even if another
1406 route to the same destination exists. Its opposite case is \verb|append|,
1411 More sad news, IPv6 only understands the \verb|append| command correctly.
1412 All the others are translated into \verb|append| commands. Certainly,
1422 \item change it to a direct route via the \verb|dummy| device
1426 \item add a default multipath route splitting the load between \verb|ppp0|
1427 and \verb|ppp1|
1435 \verb|via| parameter.
1447 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
1449 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1450 \verb|ip route add|, but their semantics are a bit different.
1452 Key values (\verb|to|, \verb|tos|, \verb|preference| and \verb|table|)
1453 select the route to delete. If optional attributes are present, \verb|ip|
1455 If no route with the given key and attributes was found, \verb|ip route del|
1478 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
1486 \item \verb|to SELECTOR| (default)
1488 --- only select routes from the given range of destinations. \verb|SELECTOR|
1489 consists of an optional modifier (\verb|root|, \verb|match| or \verb|exact|)
1490 and a prefix. \verb|root PREFIX| selects routes with prefixes not shorter
1491 than \verb|PREFIX|. F.e.\ \verb|root 0/0| selects the entire routing table.
1492 \verb|match PREFIX| selects routes with prefixes not longer than
1493 \verb|PREFIX|. F.e.\ \verb|match 10.0/16| selects \verb|10.0/16|,
1494 \verb|10/8| and \verb|0/0|, but it does not select \verb|10.1/16| and
1495 \verb|10.0.0/24|. And \verb|exact PREFIX| (or just \verb|PREFIX|)
1497 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1500 \item \verb|tos TOS| or \verb|dsfield TOS|
1505 \item \verb|table TABLEID|
1508 \verb|table| \verb|main|. \verb|TABLEID| may either be the ID of a real table
1511 \item \verb|all| --- list all of the tables.
1512 \item \verb|cache| --- dump the routing cache.
1515 IPv6 has a single table. However, splitting it into \verb|main|, \verb|local|
1516 and \verb|cache| is emulated by the \verb|ip| utility.
1519 \item \verb|cloned| or \verb|cached|
1523 Actually, it is equivalent to \verb|table cache|.
1525 \item \verb|from SELECTOR|
1527 --- the same syntax as for \verb|to|, but it binds the source address range
1528 rather than destinations. Note that the \verb|from| option only works with
1531 \item \verb|protocol RTPROTO|
1536 \item \verb|scope SCOPE_VAL|
1540 \item \verb|type TYPE|
1544 \item \verb|dev NAME|
1548 \item \verb|via PREFIX|
1550 --- only list routes going via the nexthop routers selected by \verb|PREFIX|.
1552 \item \verb|src PREFIX|
1555 by \verb|PREFIX|.
1557 \item \verb|realm REALMID| or \verb|realms FROMREALM/TOREALM|
1563 \paragraph{Examples:} Let us count routes of protocol \verb|gated/bgp|
1570 To count the size of the routing cache, we have to use the \verb|-o| option
1584 \verb|-o| option was given, then line feeds separating lines inside
1612 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1615 The second line, starting with the word \verb|cache|, shows
1619 \item \verb|local| --- packets are delivered locally.
1624 \item \verb|reject| --- the path is bad. Any attempt to use it results
1625 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1627 \item \verb|mc| --- the destination is multicast.
1629 \item \verb|brd| --- the destination is broadcast.
1631 \item \verb|src-direct| --- the source is on a directly connected
1634 \item \verb|redirected| --- the route was created by an ICMP Redirect.
1636 \item \verb|redirect| --- packets going via this route will
1639 \item \verb|fastroute| --- the route is eligible to be used for fastroute.
1641 \item \verb|equalize| --- make packet by packet randomization
1644 \item \verb|dst-nat| --- the destination address requires translation.
1646 \item \verb|src-nat| --- the source address requires translation.
1648 \item \verb|masq| --- the source address requires masquerading.
1651 \item \verb|notify| --- ({\em not implemented}) change/deletion
1657 \item \verb|error| --- on \verb|reject| routes it is error code
1664 \item \verb|expires| --- this entry will expire after this timeout.
1666 \item \verb|iif| --- the packets for this path are expected to arrive
1670 \paragraph{Statistics:} With the \verb|-statistics| option, more
1673 \item \verb|users| --- the number of users of this entry.
1674 \item \verb|age| --- shows when this route was last used.
1675 \item \verb|used| --- the number of lookups of this route since its creation.
1684 \paragraph{Arguments:} \verb|ip route save| has the same arguments as
1685 \verb|ip route show|.
1694 \verb|ip route save| is that of \verb|rtnetlink|. See
1695 \verb|rtnetlink(7)| for more information.
1701 tables according to a data stream as provided by \verb|ip route save| via
1717 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1723 as the arguments of \verb|ip route show|, but routing tables are not
1724 listed but purged. The only difference is the default action: \verb|show|
1725 dumps all the IP main routing table but \verb|flush| prints the helper page.
1729 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1732 twice, \verb|ip route flush| also dumps all the deleted routes
1740 This option deserves to be put into a scriptlet \verb|routef|.
1742 This option was described in the \verb|route(8)| man page borrowed
1774 The third example flushes BGP routing tables after a \verb|gated|
1793 \paragraph{Abbreviations:} \verb|get|, \verb|g|.
1800 \item \verb|to ADDRESS| (default)
1804 \item \verb|from ADDRESS|
1808 \item \verb|tos TOS| or \verb|dsfield TOS|
1812 \item \verb|iif NAME|
1816 \item \verb|oif NAME|
1820 \item \verb|connected|
1822 --- if no source address (option \verb|from|) was given, relookup
1828 Note that this operation is not equivalent to \verb|ip route show|.
1829 \verb|show| shows existing routes. \verb|get| resolves them and
1830 creates new clones if necessary. Essentially, \verb|get|
1832 If the \verb|iif| argument is not given, the kernel creates a route
1836 actually sent. With the \verb|iif| argument, the kernel pretends
1841 format as \verb|ip route ls|.
1853 \item Find a route to forward packets arriving on \verb|eth0|
1866 Note the \verb|redirect| flag on it.
1869 \item Find a multicast route for packets arriving on \verb|eth0|
1872 In this case, it is \verb|pimd|)
1884 of this group, so that route has no \verb|local| flag and only
1886 The multicast part consists of an additional \verb|Oifs:| list showing
1919 We may retry \verb|ip route get| to see what we have in the routing
1933 \paragraph{Abbreviations:} \verb|rule|, \verb|ru|.
1935 \paragraph{Object:} \verb|rule|s in the routing policy database control
1973 indirectly, via \verb|ipchains|, by exploiting their ability
1974 to mark some classes of packets with \verb|fwmark|. Therefore,
1975 \verb|fwmark| is also included in the set of keys checked by rules.
1995 managed with the \verb|ip route| command, described in the previous section.
2002 table \verb|local| (ID 255).
2003 The \verb|local| table is a special routing table containing
2010 table \verb|main| (ID 254).
2011 The \verb|main| table is the normal routing table containing all non-policy
2016 table \verb|default| (ID 253).
2017 The \verb|default| table is empty. It is reserved for some
2034 optional attributes, which routes have, namely \verb|realms|.
2042 \item \verb|unicast| --- the rule prescribes to return the route found
2044 \item \verb|blackhole| --- the rule prescribes to silently drop the packet.
2045 \item \verb|unreachable| --- the rule prescribes to generate a ``Network
2047 \item \verb|prohibit| --- the rule prescribes to generate
2049 \item \verb|nat| --- the rule prescribes to translate the source address
2055 \paragraph{Commands:} \verb|add|, \verb|delete| and \verb|show|
2056 (or \verb|list|).
2062 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|,
2063 \verb|d|.
2068 \item \verb|type TYPE| (default)
2073 \item \verb|from PREFIX|
2077 \item \verb|to PREFIX|
2081 \item \verb|iif NAME|
2088 \item \verb|tos TOS| or \verb|dsfield TOS|
2092 \item \verb|fwmark MARK|
2094 --- select the \verb|fwmark| value to match.
2096 \item \verb|priority PREFERENCE|
2101 Really, for historical reasons \verb|ip rule add| does not require a
2113 \item \verb|table TABLEID|
2117 \item \verb|realms FROM/TO|
2120 succeeded. Realm \verb|TO| is only used if the route did not select
2123 \item \verb|nat ADDRESS|
2126 The \verb|ADDRESS| may be either the start of the block of NAT addresses
2138 with \verb|ip route flush cache|.
2143 according to routing table \verb|inr.ruhep|:
2149 and route it according to table \#1 (actually, it is \verb|inr.ruhep|):
2166 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2190 The keyword \verb|lookup| is followed by a routing table identifier,
2191 as it is recorded in the file \verb|/etc/iproute2/rt_tables|.
2194 \verb|map-to| followed by the start of the block of addresses to map.
2208 \paragraph{Object:} \verb|maddress| objects are multicast addresses.
2210 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|show| (or \verb|list|).
2214 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2220 \item \verb|dev NAME| (default)
2240 protocol identifier. The word \verb|link| denotes a link layer
2244 of users is shown after the \verb|users| keyword.
2247 is the \verb|static| flag, which indicates that the address was joined
2248 with \verb|ip maddr add|. See the following subsection.
2255 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, \verb|d|.
2266 \item \verb|address LLADDRESS| (default)
2270 \item \verb|dev NAME|
2289 Neither \verb|ip| nor the kernel check for multicast address validity.
2308 \paragraph{Abbreviations:} \verb|mroute|, \verb|mr|.
2310 \paragraph{Object:} \verb|mroute| objects are multicast routing cache
2312 (f.e.\ \verb|pimd| or \verb|mrouted|).
2315 engine, it is impossible to change \verb|mroute| objects administratively,
2319 \paragraph{Commands:} \verb|show| (or \verb|list|).
2324 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2329 \item \verb|to PREFIX| (default)
2334 \item \verb|iif NAME|
2339 \item \verb|from PREFIX|
2357 where S is the source address and G is the multicast group. \verb|Iif| is
2359 If the word \verb|unresolved| is there instead of the interface name,
2361 The keyword \verb|oifs| is followed by a list of output interfaces, separated
2364 in the \verb|oifs| list.
2366 \paragraph{Statistics:} The \verb|-statistics| option also prints the
2381 \paragraph{Abbreviations:} \verb|tunnel|, \verb|tunl|.
2383 \paragraph{Object:} \verb|tunnel| objects are tunnels, encapsulating
2386 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|change|, \verb|show|
2387 (or \verb|list|).
2390 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2396 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
2397 \verb|delete|, \verb|del|, \verb|d|.
2404 \item \verb|name NAME| (default)
2408 \item \verb|mode MODE|
2411 \verb|ipip|, \verb|sit| and \verb|gre|.
2413 \item \verb|remote ADDRESS|
2417 \item \verb|local ADDRESS|
2422 \item \verb|ttl N|
2424 --- set a fixed TTL \verb|N| on tunneled packets.
2425 \verb|N| is a number in the range 1--255. 0 is a special value
2427 The default value is: \verb|inherit|.
2429 \item \verb|tos T| or \verb|dsfield T|
2431 --- set a fixed TOS \verb|T| on tunneled packets.
2432 The default value is: \verb|inherit|.
2436 \item \verb|dev NAME|
2438 --- bind the tunnel to the device \verb|NAME| so that
2442 \item \verb|nopmtudisc|
2448 \item \verb|key K|, \verb|ikey K|, \verb|okey K|
2450 --- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is
2452 The \verb|key| parameter sets the key to use in both directions.
2453 The \verb|ikey| and \verb|okey| parameters set different keys for input and output.
2456 \item \verb|csum|, \verb|icsum|, \verb|ocsum|
2459 The \verb|ocsum| flag calculates checksums for outgoing packets.
2460 The \verb|icsum| flag requires that all input packets have the correct
2461 checksum. The \verb|csum| flag is equivalent to the combination
2462 ``\verb|icsum| \verb|ocsum|''.
2464 \item \verb|seq|, \verb|iseq|, \verb|oseq|
2467 The \verb|oseq| flag enables sequencing of outgoing packets.
2468 The \verb|iseq| flag requires that all input packets are serialized.
2469 The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''.
2489 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2520 \item \verb|CsumErrs| --- the total number of packets dropped
2522 \item \verb|OutOfSeq| --- the total number of packets dropped
2525 \item \verb|Mcasts| --- the total number of multicast packets
2527 \item \verb|DeadLoop| --- the total number of packets which were not
2529 \item \verb|NoRoute| --- the total number of packets which were not
2531 \item \verb|NoBufs| --- the total number of packets which were not
2539 The \verb|ip| utility can monitor the state of devices, addresses
2542 the \verb|monitor| command is the first in the command line and then
2547 \verb|OBJECT-LIST| is the list of object types that we want to monitor.
2548 It may contain \verb|link|, \verb|address| and \verb|route|.
2549 If no \verb|file| argument is given, \verb|ip| opens RTNETLINK,
2556 \verb|rtmon| utility. This utility has a command line syntax similar to
2557 \verb|ip monitor|.
2558 Ideally, \verb|rtmon| should be started before
2567 Certainly, it is possible to start \verb|rtmon| at any time.
2606 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2609 There is a patch to \verb|gated|, allowing classification of routes
2610 to realms with all the set of policy rules implemented in \verb|gated|:
2636 (or realm \verb|unknown|).
2638 The main application of realms is the TC \verb|route| classifier~\cite{TC-CREF},
2645 which can be viewed with the \verb|rtacct| utility.
2653 the realm \verb|russia| and forwarded 169176 packets to \verb|russia|.
2654 The realm \verb|russia| consists of routes with ASPATHs not leaving
2658 \verb|rtacct| shows incoming packets only. Using the \verb|route|
2726 The application may select a source address explicitly with \verb|bind(2)|
2727 syscall or supplying it to \verb|sendmsg(2)| via the ancillary data object
2728 \verb|IP_PKTINFO|. In this case the kernel only checks the validity
2732 Never say ``Never''. The sysctl option \verb|ip_dynaddr| breaks
2741 address hint for this destination. The hint is set with the \verb|src| parameter
2742 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2758 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2764 \item Otherwise, if the scope of the destination is \verb|link| or \verb|host|,
2768 with an appropriate scope. The loopback device \verb|lo| is always the first
2780 by setting the kernel \verb|sysctl| variable
2781 \verb|/proc/sys/net/ipv4/conf/<dev>/proxy_arp| to 1. After this, the router
2782 starts to answer ARP requests on the interface \verb|<dev>|, provided
2786 The variable \verb|/proc/sys/net/ipv4/conf/all/proxy_arp| enables proxy
2804 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2805 with the \verb|ip neigh| command, namely:
2816 for address \verb|ADDRESS| on all devices, otherwise it will only serve
2817 the device \verb|NAME|. Even if the proxy entry is created with
2818 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2879 These addresses are selected by the \verb|ip route| command
2909 It is important that the address after the \verb|nat| keyword
2934 and 192.203.80/24. Also, if the \verb|inr.ruhep| table does not
2941 and leave the rest intact, you may use \verb|ipchains|
2942 to \verb|fwmark| a class of packets.
2964 \item \verb|ip| --- package \verb|iproute2|.
2965 \item \verb|arping| --- package \verb|iputils|.
2966 \item \verb|rdisc| --- package \verb|iputils|.
2969 It also refers to a DHCP client, \verb|dhcpcd|. I should refrain from
2971 say is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that
2972 can be found in the \verb|dhcp.bootp.rarp| subdirectory of
2981 \# {\bf Usage: \verb|ifone ADDRESS[/PREFIX-LENGTH] [DEVICE]|}\\
2984 \# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\
2985 \# F.e. \verb|ifone 193.233.7.90|
3029 \noindent\# {\bf Step 1} --- enable device \verb|$dev|
3038 \# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\
3127 This is a simplistic script replacing one option of \verb|ifconfig|,
3134 I strongly recommend using it {\em instead\/} of \verb|ifconfig| both
3141 \# {\bf Usage: \verb?ifcfg DEVICE[:ALIAS] [add|del] ADDRESS[/LENGTH] [PEER]?}\\
3147 \# F.e. \verb|ifcfg eth0 193.233.7.90/24|
3286 \# {\bf Step 0} --- enable device \verb|$dev|
