Lines Matching defs:is
25 from the \verb|iproute2| package. It is not a tutorial or user's guide.
26 It is a {\em dictionary\/}, not explaining terms,
28 However, the document is self-contained and the reader, provided they have a
33 This document is split into sections explaining \verb|ip| commands
43 The generic form of an \verb|ip| command is:
47 where \verb|OPTIONS| is a set of optional modifiers affecting the
62 As a rule, the information is statistics or some time values.
68 --- enforce the protocol family to use. If the option is not present,
69 the protocol family is guessed from other arguments. If the rest of the command
71 one, usually \verb|inet| or \verb|any|. \verb|link| is a special family
72 identifier meaning that no networking protocol is involved.
90 with the \verb|'\'| character. This is convenient when you want to
108 \verb|OBJECT| is the object to manage or to get information about.
123 abbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr|
128 As a rule, it is possible to \verb|add|, \verb|delete| and
131 The \verb|help| command is available for all objects. It prints
134 If no command is given, some default command is assumed.
135 Usually it is \verb|list| or, if the objects of this class
138 \verb|ARGUMENTS| is a list of arguments to the command.
143 which may be omitted. F.e.\ parameter \verb|dev| is the default
144 for the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent
150 letters. The shortcuts are convenient when \verb|ip| is used interactively,
177 prints the error message, as it is output with \verb|perror(3)|,
182 In this case \verb|ip| prints the error message, as it is output
189 in the system. One harmful exception is \verb|ip link| command
194 It is difficult to list all the error messages (especially
195 syntax errors). However, as a rule, their meaning is clear
201 \item Netlink is not configured in the kernel. The message is:
206 \item RTNETLINK is not configured in the kernel. In this case
228 \paragraph{Object:} A \verb|link| is a network device and the corresponding
253 This operation is {\em not allowed\/} if the device is in state \verb|UP|.
256 device is running.
269 --- change the name of the device. This operation is not
270 recommended if the device is running or has some addresses
288 the interface is \verb|POINTOPOINT|.
312 This is the only case when \verb|ip| can move the system to
313 an unpredictable state. The solution is to avoid changing
340 If this argument is omitted all devices are listed.
365 The number before each colon is an {\em interface index\/} or {\em ifindex\/}.
366 This number uniquely identifies the interface. This is followed by the {\em interface name\/}
367 (\verb|eth0|, \verb|sit0| etc.). The interface name is also
369 list (f.e.\ when the corresponding driver module is unloaded) and another
376 after the \verb|@| sign. This means that this device is bound to some other
379 device. If the name is \verb|NONE|, the master is unknown.
386 does not queue anything and \verb|noop| means that the interface is in blackhole
388 {\em qlen\/} is the default transmit queue length of the device measured
394 \item \verb|UP| --- the device is turned on. It is ready to accept
403 to all hosts sharing the same link. A typical example is an Ethernet link.
410 are set, the interface is assumed to be NMBA (Non-Broadcast Multi-Access).
411 This is the most generic type of device and the most complicated one, because
415 \item \verb|MULTICAST| --- is an advisory flag indicating that the interface
416 is aware of multicasting i.e.\ sending packets to some subset of neighbouring
417 nodes. Broadcasting is a particular case of multicasting, where the multicast
418 group consists of all nodes on the link. It is important to emphasize
421 \verb|BROADCAST| link is multicasting by definition, because we have
423 Certainly, the use of high bandwidth multicast transfers is not recommended
424 on broadcast-only links because of high expense, but it is not strictly
428 traffic on the link even if it is not destined for us, not broadcasted
430 this mode exists only on broadcast links and is used by bridges and for network
434 wandering on the link. This mode is used by multicast routers.
436 \item \verb|NOARP| --- this flag is different from the other ones. It has
442 \item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is
445 \item \verb|SLAVE| --- this interface is bonded to some other interfaces
462 of the addresses and is logically part of the address.
464 (or the peer address for pointopoint links) is a
500 natural for the architecture is exceeded, so continuous monitoring requires
508 in dropped packets. As a rule, if the interface is overrun, it means
509 serious problems in the kernel or that your machine is too slow
512 is only supported by a few devices.
518 \item \verb|compressed| --- the total number of compressed packets. This is
523 If the \verb|-s| option is entered twice or more,
550 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
552 to use the corresponding protocol. It is possible to have several
554 discriminated, so that the term {\em alias\/} is not quite appropriate
579 on the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords
588 encoding the network prefix length. If a peer address is specified,
589 the local address {\em cannot\/} have a prefix length. The network prefix is associated
597 It is possible to use the special symbols \verb|'+'| and \verb|'-'|
599 is derived by setting/resetting the host bits of the interface prefix.
618 --- the scope of the area where this address is valid.
623 \item \verb|global| --- the address is globally valid.
624 \item \verb|site| --- (IPv6 only) the address is site local,
625 i.e.\ it is valid inside this site.
626 \item \verb|link| --- the address is link local, i.e.\
627 it is valid only on this device.
628 \item \verb|host| --- the address is valid only inside this host.
655 The device name is a required argument. The rest are optional.
656 If no arguments are given, the first address is deleted.
700 \verb|PATTERN| is a usual shell style pattern.
739 It is natural to interpret link layer addresses
752 --- the address is not used when selecting the default source address
755 prefix bits already exists. The first address is primary.
756 It is the leader of the group of all secondary addresses. When the leader
757 is deleted, all secondaries are purged too.
758 There is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries|
759 which activate secondaries promotion when a primary is deleted.
762 This tweak is available in linux 2.6.15 and later.
769 the address is still valid. After \verb|preferred_lft| expires the address is
771 is finally invalidated.
775 --- the address is deprecated, i.e.\ it is still valid, but cannot
780 --- the address is not used because duplicate address detection~\cite{RFC-ADDRCONF}
781 is still not complete or failed.
795 The difference is that it does not run when no arguments are given.
798 described below) is pretty dangerous. If you make a mistake, it will
803 of rounds made to flush the address list. If this option is given
816 *** Flush is complete after 1 round ***
819 Another instructive example is disabling IP on all the Ethernets:
840 is known by another name --- the ARP table.
867 --- the protocol address of the neighbour. It is either an IPv4 or IPv6 address.
871 --- the interface to which this neighbour is attached.
881 --- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour
885 \item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed
887 \item \verb|noarp| --- the neighbour entry is valid. No attempts to validate
889 \item \verb|reachable| --- the neighbour entry is valid until the reachability
891 \item \verb|stale| --- the neighbour entry is valid but suspicious.
893 it was valid and the address is not changed by this command.
930 immediately. If it is in use it cannot be deleted until the last
939 on a \verb|NOARP| interface or if the address is multicast or broadcast.
968 This option may occur more than once. If this option is absent, \verb|ip|
987 The first word of each line is the protocol address of the neighbour.
991 \verb|lladdr| is the link layer address of the neighbour.
993 \verb|nud| is the state of the ``neighbour unreachability detection'' machine
995 state machine can be found in~\cite{RFC-NDISC}. Here is the full list
999 \item\verb|none| --- the state of the neighbour is void.
1000 \item\verb|incomplete| --- the neighbour is in the process of resolution.
1001 \item\verb|reachable| --- the neighbour is valid and apparently reachable.
1002 \item\verb|stale| --- the neighbour is valid, but is probably already
1004 \item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting
1009 \item\verb|noarp| --- the neighbour is valid. No attempts to check the entry
1011 \item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator
1015 The link layer address is valid in all states except for \verb|none|,
1031 Here \verb|ref| is the number of users of this entry
1032 and \verb|used| is a triplet of time intervals in seconds
1056 of rounds made to flush the neighbour table. If the option is given
1067 *** Flush is complete after 1 round ***
1084 up to the prefix length and if the TOS of the route is zero or equal to
1090 \item The longest matching prefix is selected. All shorter ones
1093 \item If the TOS of some route with the longest prefix is equal to the TOS
1105 is selected.
1110 word ``first'' depends on the order of route additions and it is practically
1115 is impossible and routes are uniquely identified by the triplet
1116 \{prefix, tos, preference\}. Actually, it is impossible to create
1119 One useful exception to this rule is the default route on non-forwarding
1120 hosts. It is ``officially'' allowed to have several fallback routes
1125 of the routes is not essential. However, in this case,
1126 fiddling with default routes manually is not recommended. Use the Router Discovery
1133 in this sequence. Instead, the routing table in the kernel is kept
1137 the statements above as: a route is identified by the triplet
1149 It is important that the set
1152 is \verb|unicast|. It describes real paths to other hosts.
1155 full list of types understood by Linux-2.2 is:
1160 are discarded and the ICMP message {\em host unreachable\/} is generated.
1166 prohibited\/} is generated. The local senders get an \verb|EACCES| error.
1172 rules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup
1173 in this table is terminated pretending that no route was found.
1174 Without policy routing it is equivalent to the absence of the route in the routing
1176 is generated. The local senders get an \verb|ENETUNREACH| error.
1180 are selected with the attribute \verb|via|. More about NAT is
1187 It is not present in normal routing tables.
1196 Actually, one other table always exists, which is invisible but
1197 even more important. It is the \verb|local| table (ID 255). This table
1203 is used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}.
1222 --- the destination prefix of the route. If \verb|TYPE| is omitted,
1224 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1225 by a slash and the prefix length. If the length of the prefix is missing,
1226 \verb|ip| assumes a full-length host route. There is also a special
1227 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1233 the longest match is understood as: First, compare the TOS
1235 may still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal
1241 --- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number.
1247 \verb|/etc/iproute2/rt_tables|. If this parameter is omitted,
1259 on the route type. For normal \verb|unicast| routes it is either the true nexthop
1260 router or, if it is a direct route installed in BSD compatibility mode,
1262 For NAT routes it is the first address of the block of translated IP destinations.
1271 --- the realm to which this route is assigned.
1278 --- the MTU along the path to the destination. If the modifier \verb|lock| is
1280 If the modifier \verb|lock| is used, no path MTU discovery will be tried,
1307 --- \threeonly the clamp for congestion window. It is ignored if the \verb|lock|
1308 flag is not used.
1314 destinations when establishing TCP connections. If it is not given,
1318 If the path to these destination is asymmetric, this guess may be wrong.
1324 If it is not given, Linux uses the value selected with \verb|sysctl|
1330 The default is the value selected with the \verb|sysctl| variable
1335 this destination. Actual window size is this value multiplied by the
1336 MSS (``Maximal Segment Size'') for same connection. The default is
1342 + this destination. The actual window size is this value multiplied
1344 + value is zero, meaning to use Slow Start value.
1348 is a complex value
1351 \item \verb|via ADDRESS| is the nexthop router.
1352 \item \verb|dev NAME| is the output device.
1353 \item \verb|weight NUMBER| is a weight for this element of a multipath
1362 If this parameter is omitted,
1371 \verb|/etc/iproute2/rt_protos|. If the routing protocol ID is
1387 The rest of the values are not reserved and the administrator is free
1396 --- pretend that the nexthop is directly attached to this link,
1406 route to the same destination exists. Its opposite case is \verb|append|,
1432 Note the scope value. It is not necessary but it informs the kernel
1433 that this route is gatewayed rather than direct. Actually, if you
1436 \item announce that the address 192.203.80.144 is not a real one, but
1441 Backward translation is setup with policy rules described
1507 --- show the routes from this table(s). The default setting is to show
1516 and \verb|cache| is emulated by the \verb|ip| utility.
1523 Actually, it is equivalent to \verb|table cache|.
1582 of more than one line: particularly, this is the case when the route
1583 is cloned or you requested additional statistics. If the
1598 lifetime. An example of the output is:
1611 it is a path from 193.233.7.82 back to 193.233.82? Well, you will
1621 and for multicast routes, if this host is a member of the corresponding
1624 \item \verb|reject| --- the path is bad. Any attempt to use it results
1627 \item \verb|mc| --- the destination is multicast.
1629 \item \verb|brd| --- the destination is broadcast.
1631 \item \verb|src-direct| --- the source is on a directly connected
1639 \item \verb|fastroute| --- the route is eligible to be used for fastroute.
1657 \item \verb|error| --- on \verb|reject| routes it is error code
1671 information about this route is shown:
1694 \verb|ip route save| is that of \verb|rtnetlink|. See
1724 listed but purged. The only difference is the default action: \verb|show|
1731 of rounds made to flush the routing table. If the option is given
1768 *** Flush is complete after 1 round ***
1782 *** Flush is complete after 1 round ***
1814 --- the device from which this packet is expected to arrive.
1824 If policy routing is used, it may be a different route.
1828 Note that this operation is not equivalent to \verb|ip route show|.
1831 is equivalent to sending a packet along this path.
1832 If the \verb|iif| argument is not given, the kernel creates a route
1834 This is equivalent to pinging the destination
1864 This is the command that created the funny route from 193.233.7.82
1871 (it is assumed that a multicast routing daemon is running.
1872 In this case, it is \verb|pimd|)
1881 and a ``multicast'' part. The normal part is used to deliver (or not to
1883 is not a member
1885 forwards packets. The output device for such entries is always loopback.
1891 It is time for a more complicated example. Let us add an invalid
1892 gatewayed route for a destination which is really directly connected:
1946 This task is called ``policy routing''.
1957 according to the longest match rule, is replaced with a ``routing policy
1961 by the administrator. Linux-2.2 RPDB is a linear list of rules
1969 \item incoming interface (which is packet metadata, rather than a packet field).
1972 Matching IP protocols and transport ports is also possible,
1975 \verb|fwmark| is also included in the set of keys checked by rules.
1978 predicate. The RPDB is scanned in the order of increasing priority. The selector
1979 of each rule is applied to \{source address, destination address, incoming
1981 the action is performed. The action predicate may return with success.
1983 and the RPDB lookup is terminated. Otherwise, the RPDB program
1986 What is the action, semantically? The natural action is to select the
1987 nexthop and the output device. This is what
1989 The Linux-2.2 approach is more flexible. The action includes
1992 The ``match \& set'' approach is the simplest case of the Linux one. It is realized
2003 The \verb|local| table is a special routing table containing
2006 Rule 0 is special. It cannot be deleted or overridden.
2011 The \verb|main| table is the normal routing table containing all non-policy
2017 The \verb|default| table is empty. It is reserved for some
2026 referring to a table, the table is not used, but it still exists
2046 is unreachable'' error.
2048 ``Communication is administratively prohibited'' error.
2050 of the IP packet into some other value. More about NAT is
2083 --- select the incoming device to match. If the interface is loopback,
2103 If the user does not supplied a priority, it is selected by the kernel.
2108 It is mistake in design, no more. And it will be fixed one day,
2120 succeeded. Realm \verb|TO| is only used if the route did not select
2130 More about NAT is in Appendix~\ref{ROUTE-NAT},
2136 do not become active immediately. It is assumed that after
2149 and route it according to table \#1 (actually, it is \verb|inr.ruhep|):
2169 \paragraph{Arguments:} Good news, this is one command that has no arguments.
2186 In the first column is the rule priority value followed
2187 by a colon. Then the selectors follow. Each key is prefixed
2190 The keyword \verb|lookup| is followed by a routing table identifier,
2191 as it is recorded in the file \verb|/etc/iproute2/rt_tables|.
2193 If the rule does NAT (f.e.\ rule \#320), it is shown by the keyword
2196 The sense of this example is pretty simple. The prefixes
2199 Besides that, the host 193.233.7.83 is translated into
2244 of users is shown after the \verb|users| keyword.
2247 is the \verb|static| flag, which indicates that the address was joined
2259 is impossible to join protocol multicast groups
2296 It is not a bug, but rather a hole in the API and intra-kernel interfaces.
2297 This feature is really more useful for traffic monitoring, but using it
2298 with Linux-2.2 you {\em have to\/} be sure that the host is not
2299 a router and, especially, that it is not a transparent proxy or masquerading
2315 engine, it is impossible to change \verb|mroute| objects administratively,
2357 where S is the source address and G is the multicast group. \verb|Iif| is
2359 If the word \verb|unresolved| is there instead of the interface name,
2361 The keyword \verb|oifs| is followed by a list of output interfaces, separated
2362 by spaces. If a multicast routing entry is created with non-trivial
2368 the number of packets that arrived on the wrong interface, if this number is not zero.
2425 \verb|N| is a number in the range 1--255. 0 is a special value
2427 The default value is: \verb|inherit|.
2432 The default value is: \verb|inherit|.
2445 It is enabled by default. Note that a fixed ttl is incompatible
2450 --- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is
2461 checksum. The \verb|csum| flag is equivalent to the combination
2469 The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''.
2474 do not even understand how it is supposed to work or for what
2528 transmitted because the tunnel is looped back to itself.
2530 transmitted because there is no IP route to the remote endpoint.
2542 the \verb|monitor| command is the first in the command line and then
2547 \verb|OBJECT-LIST| is the list of object types that we want to monitor.
2549 If no \verb|file| argument is given, \verb|ip| opens RTNETLINK,
2553 If a file name is given, it does not listen on RTNETLINK,
2559 the first network configuration command is issued. F.e.\ if
2567 Certainly, it is possible to start \verb|rtmon| at any time.
2580 is physically impossible.
2584 Essentially, Cisco Policy Propagation via BGP is based on the fact
2594 It is to our fortune because there is another solution
2601 aggregates (we call them {\em realms\/}) is low, the task of full
2604 So each route may be assigned to a realm. It is assumed that
2605 this identification is made by a routing daemon, but static routes
2609 There is a patch to \verb|gated|, allowing classification of routes
2615 daemon is not aware of realms), missing realms may be completed
2622 \item If the route has a realm, the destination realm of the packet is set to it.
2623 \item If the rule has a source realm, the source realm of the packet is set to it.
2625 it is also set.
2626 \item If at least one of the realms is still unknown, the kernel finds
2628 \item If the source realm is still unknown, get it from the reversed route.
2629 \item If one of the realms is still unknown, swap the realms of reversed
2633 After this procedure is completed we know what realm the packet
2634 arrived from and the realm where it is going to propagate to.
2638 The main application of realms is the TC \verb|route| classifier~\cite{TC-CREF},
2643 A much simpler but still very useful application is incoming packet
2715 address. Correct source address selection is a critical procedure,
2717 reply. If the source is selected incorrectly, in the best case,
2719 is harmful for performance. In the worst case, when the addresses
2741 address hint for this destination. The hint is set with the \verb|src| parameter
2764 \item Otherwise, if the scope of the destination is \verb|link| or \verb|host|,
2768 with an appropriate scope. The loopback device \verb|lo| is always the first
2770 is configured on loopback, it is always preferred.
2791 NDISC queries. It means that proxy NDISC is possible only on a per destination
2794 Logically, proxy ARP/NDISC is not a kernel task. It can easily be implemented
2797 is standardized in BSD.
2800 It is replaced with the sysctl flag in Linux-2.2.
2815 If the name of the device is not given, the router will answer solicitations
2817 the device \verb|NAME|. Even if the proxy entry is created with
2822 It is important to emphasize that proxy entries have {\em no\/}
2832 of the IP address space into other ones. Linux-2.2 route NAT is supposed
2837 \paragraph{What it is not:}
2838 It is necessary to emphasize that {\em it is not supposed\/}
2840 This is not missing functionality but a design principle.
2841 Route NAT is {\em stateless\/}. It does not hold any state
2843 of sessions flawlessly. But it also means that it is {\em static\/}.
2848 It is a pretty commonly held belief that it is useful to split load between
2849 several servers with NAT. This is a mistake. All you get from this
2850 is the requirement that the router keep the state of all the TCP connections
2851 going via it. Well, if the router is so powerful, run apache on it. 8)
2858 This also, is not missing any functionality.
2861 active FTP clients happy, your choice is not route NAT but masquerading,
2870 Some part of the address space is reserved for dummy addresses
2875 A great advantage of route NAT is that it may be used not
2884 states that the single address 192.203.80.144 is a dummy NAT address.
2890 this address with 193.233.7.83 which is the address of some real
2902 into 192.203.80.144. This task is solved by setting a special
2909 It is important that the address after the \verb|nat| keyword
2910 is some NAT address, declared by {\tt ip route add nat}.
2911 If it is just a random address the router will not map to it.
2913 The exception is when the address is a local address of this
2914 router (or 0.0.0.0) and masquerading is configured in the linux-2.2
2916 If 0.0.0.0 is selected, the result is equivalent to one
2919 NAT mechanism used in linux-2.4 is more flexible than
2923 If the network has non-trivial internal structure, it is
2936 domain owning addresses from 192.203.80/24 is dead), no translation
2955 setup of IP (and IPv6, if it is compiled into the kernel)
2958 hosts and on routers, is described in the following
2971 say is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that
2984 \# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\
3007 \# This step is necessary on any networked box before attempt\\
3038 \# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\
3044 echo "No address for $dev is configured, trying DHCP..." 1>&2
3058 echo "Address $ipaddr is busy, trying DHCP..." 1>&2
3064 \# OK, the address is unique, we may add it on the interface.\\
3102 \# If a proxy ARP server is present on the interface, we will be\\
3104 \# It is not so cheap though and we still hope that this route\\
3106 \# Do not make this step if the device is not ARPable,\\
3127 This is a simplistic script replacing one option of \verb|ifconfig|,
3132 when it is necessary.
3149 \noindent\# This function determines, whether it is router or host.\\
3150 \# It returns 0, if the host is apparently not router.
3213 \# Parse command. If it is ``stop'', flush and exit.
3244 echo "$1 is bad IP address." 1>&2
3251 \# If peer address is present, prefix length is 32.\\
3308 \# OK, the address is unique. We may add it to the interface.\\
3341 \# If a proxy ARP server is present on the interface, we will be\\
3343 \# Do not make this step on router or if the device is not ARPable.\\
