Lines Matching defs:ip
2 \def\TITLE{IP Command Reference}
5 \Large\bf IP Command Reference.
24 This document presents a comprehensive description of the \verb|ip| utility
30 and examples to understand and configure Linux-2.2 IP and IPv6
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
41 \section{{\tt ip} --- command syntax}
43 The generic form of an \verb|ip| command is:
45 ip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]]
48 general behaviour of the \verb|ip| utility or changing its output. All options
55 --- print the version of the \verb|ip| utility and exit.
73 line does not give enough information to guess the family, \verb|ip| falls back to the default
106 \verb|ip| never uses DNS to resolve names to addresses.
112 First failure will cause termination of \verb|ip|.
117 kuznet@kaiser $ cat /tmp/ip_batch.ip
122 kuznet@kaiser $ sudo ip -b /tmp/ip_batch.ip
126 kuznet@kaiser $ cat /tmp/ip_batch.ip | sudo ip -b -
131 --- don't terminate ip on errors in batch mode.
137 --- specify maximum number of loops the 'ip addr flush' logic will attempt
144 The object types currently understood by \verb|ip| are:
148 \item \verb|address| --- protocol (IP or IPv6) address on a device
154 \item \verb|tunnel| --- tunnel over IP
179 for the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent
180 to {\tt ip link ls dev eth0}.
185 letters. The shortcuts are convenient when \verb|ip| is used interactively,
192 \section{{\tt ip} --- error messages}
194 \verb|ip| may fail for one of the following reasons:
199 IP address {\em et al\/}. In this case \verb|ip| prints an error message
207 \verb|ip| failed to compile a kernel request from the arguments
211 The kernel returned an error to some syscall. In this case \verb|ip|
217 In this case \verb|ip| prints the error message, as it is output
223 if the \verb|ip| utility fails, it does not change anything
224 in the system. One harmful exception is \verb|ip link| command
225 (Sec.\ref{IP-LINK}, p.\pageref{IP-LINK}),
250 \verb|ip| \verb|rule| command will fail, f.e.
252 kuznet@kaiser $ ip rule list
260 \section{{\tt ip link} --- network device configuration}
261 \label{IP-LINK}
268 \subsection{{\tt ip link set} --- change device attributes}
289 Though neither the \verb|ip| utility nor the kernel check for this condition.
342 the {\tt ip} utility will allow that.
346 \verb|ip| aborts immediately after any of the changes have failed.
347 This is the only case when \verb|ip| can move the system to
349 several parameters with one {\tt ip link set} call.
353 \item \verb|ip link set dummy address 00:00:00:00:00:01|
357 \item \verb|ip link set dummy up|
364 \subsection{{\tt ip link show} --- display device attributes}
365 \label{IP-LINK-SHOW}
387 kuznet@alisa:~ $ ip link ls eth0
390 kuznet@alisa:~ $ ip link ls sit0
393 kuznet@alisa:~ $ ip link ls dummy
407 \verb|ip| \verb|link| \verb|set| \verb|name|
502 of tunnels over IP are printed as dotted-quad IP addresses.
512 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
517 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
521 kuznet@alisa:~ $ ip -s link ls eth0
559 \verb|ip| prints more detailed statistics on receiver
563 kuznet@alisa:~ $ ip -s -s link ls eth0
581 \section{{\tt ip address} --- protocol address management}
585 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
592 The \verb|ip addr| command displays addresses and their properties,
599 \subsection{{\tt ip address add} --- add a new protocol address}
600 \label{IP-ADDR-ADD}
614 on the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords
638 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
673 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
677 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
685 \subsection{{\tt ip address delete} --- delete a protocol address}
689 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
695 \item \verb|ip addr del 127.0.0.1/8 dev lo|
700 \item Disable IP on the interface \verb|eth0|:
702 while ip -f inet addr del dev eth0; do
706 Another method to disable IP on an interface using {\tt ip addr flush}
707 may be found in sec.\ref{IP-ADDR-FLUSH}, p.\pageref{IP-ADDR-FLUSH}.
712 \subsection{{\tt ip address show} --- display protocol addresses}
763 kuznet@alisa:~ $ ip addr ls eth0
773 The first two lines coincide with the output of \verb|ip link ls|.
777 Then the list of IP and IPv6 addresses follows, accompanied by
778 additional address attributes: scope value (see Sec.\ref{IP-ADDR-ADD},
779 p.\pageref{IP-ADDR-ADD} above), flags and the address label.
789 An IP address becomes secondary if another address with the same
821 \subsection{{\tt ip address flush} --- flush protocol addresses}
822 \label{IP-ADDR-FLUSH}
839 twice, \verb|ip addr flush| also dumps all the deleted addresses
845 netadm@amber:~ # ip -s -s a f to 10/8
854 Another instructive example is disabling IP on all the Ethernets:
856 netadm@amber:~ # ip -4 addr flush label "eth*"
862 netadm@amber:~ # ip -6 addr flush dynamic
867 \section{{\tt ip neighbour} --- neighbour/arp tables management}
884 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
887 \subsection{{\tt ip neighbour add} --- add a new neighbour entry\\
888 {\tt ip neighbour change} --- change an existing entry\\
889 {\tt ip neighbour replace} --- add a new entry or change an existing one}
927 This option to \verb|ip neigh| does not change the neighbour state if
935 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
939 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
945 \subsection{{\tt ip neighbour delete} --- delete a neighbour entry}
951 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
957 \item \verb|ip neigh del 10.0.0.3 dev eth0|
977 \subsection{{\tt ip neighbour show} --- list neighbour entries}
1003 This option may occur more than once. If this option is absent, \verb|ip|
1012 kuznet@alisa:~ $ ip neigh ls
1060 kuznet@alisa:~ $ ip -s n ls 193.233.7.254
1076 \subsection{{\tt ip neighbour flush} --- flush neighbour entries}
1092 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1097 netadm@alisa:~ # ip -s -s n f 193.233.7.254
1107 \section{{\tt ip route} --- routing table management}
1108 \label{IP-ROUTE}
1117 optionally, the TOS value. An IP packet matches the route if the highest
1152 non-unique routes with \verb|ip| commands described in this section.
1178 the data required to deliver IP packets (f.e.\ output device and
1183 \paragraph{Route types:} \label{IP-ROUTE-TYPES}
1207 rules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup
1238 is used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}.
1244 \subsection{{\tt ip route add} --- add a new route\\
1245 {\tt ip route change} --- change a route\\
1246 {\tt ip route replace} --- change a route or add a new one}
1247 \label{IP-ROUTE-ADD}
1258 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1259 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1261 \verb|ip| assumes a full-length host route. There is also a special
1262 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1283 \verb|ip| assumes the \verb|main| table, with the exception of
1297 For NAT routes it is the first address of the block of translated IP destinations.
1398 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1407 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1433 option may be found in~\cite{IP-TUNNELS}.
1466 ip route add 10.0.0/24 via 193.233.7.65
1470 ip ro chg 10.0.0/24 dev dummy
1475 ip route add default scope global nexthop dev ppp0 \
1485 ip route add nat 192.203.80.144 via 193.233.7.83
1488 in the following section (sec.\ref{IP-RULE}, p.\pageref{IP-RULE}).
1491 \subsection{{\tt ip route delete} --- delete a route}
1495 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1496 \verb|ip route add|, but their semantics are a bit different.
1499 select the route to delete. If optional attributes are present, \verb|ip|
1501 If no route with the given key and attributes was found, \verb|ip route del|
1506 because it was ambiguous. However, look at {\tt ip route flush}
1507 (sec.\ref{IP-ROUTE-FLUSH}, p.\pageref{IP-ROUTE-FLUSH}) which
1515 ip route del default scope global nexthop dev ppp0 \
1522 \subsection{{\tt ip route show} --- list routes}
1543 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1562 and \verb|cache| is emulated by the \verb|ip| utility.
1612 kuznet@amber:~ $ ip ro ls proto gated/bgp | wc
1619 kuznet@amber:~ $ ip -o ro ls cloned | wc
1633 The output has the same syntax as arguments given to {\tt ip route add},
1636 kuznet@amber:~ $ ip ro ls 193.233.7/24
1646 kuznet@amber:~ $ ip ro ls 193.233.7.82 tab cache
1658 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1671 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1707 devoted to route types (p.\pageref{IP-ROUTE-TYPES}).
1708 \label{IP-ROUTE-GET-error}
1724 \subsection{{\tt ip route save} -- save routing tables}
1725 \label{IP-ROUTE-SAVE}
1730 \paragraph{Arguments:} \verb|ip route save| has the same arguments as
1731 \verb|ip route show|.
1736 dan@caffeine:~ # ip route save > saved_routes
1740 \verb|ip route save| is that of \verb|rtnetlink|. See
1743 \subsection{{\tt ip route restore} -- restore routing tables}
1744 \label{IP-ROUTE-RESTORE}
1747 tables according to a data stream as provided by \verb|ip route save| via
1757 dan@caffeine:~ # ip route restore < saved_routes
1760 \subsection{{\tt ip route flush} --- flush routing tables}
1761 \label{IP-ROUTE-FLUSH}
1769 as the arguments of \verb|ip route show|, but routing tables are not
1771 dumps all the IP main routing table but \verb|flush| prints the helper page.
1778 twice, \verb|ip route flush| also dumps all the deleted routes
1784 netadm@amber:~ # ip -4 ro flush scope global type unicast
1794 netadm@amber:~ # ip -6 -s -s ro flush cache
1815 netadm@amber:~ # ip -6 -s -s ro flush cache
1823 netadm@amber:~ # ip ro ls proto gated/bgp | wc
1825 netadm@amber:~ # ip -s ro f proto gated/bgp
1829 netadm@amber:~ # ip ro f proto gated/bgp
1831 netadm@amber:~ # ip ro ls proto gated/bgp
1836 \subsection{{\tt ip route get} --- get a single route}
1837 \label{IP-ROUTE-GET}
1874 Note that this operation is not equivalent to \verb|ip route show|.
1881 with a subsequent {\tt ip route ls cache}, however, no packets are
1887 format as \verb|ip route ls|.
1893 kuznet@amber:~ $ ip route get 193.233.7.82
1902 kuznet@amber:~ $ ip r g 193.233.7.82 from 193.233.7.82 iif eth0
1920 kuznet@amber:~ $ ip r g 224.2.127.254 from 193.233.7.82 iif eth0
1928 deliver) the packet to local IP listeners. In this case the router
1940 netadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254
1941 netadm@alisa:~ # ip route get 193.233.7.98
1965 We may retry \verb|ip route get| to see what we have in the routing
1968 netadm@alisa:~ # ip route get 193.233.7.98
1976 \section{{\tt ip rule} --- routing policy database management}
1977 \label{IP-RULE}
1991 IP protocol, transport protocol ports or even packet payload.
2018 Matching IP protocols and transport ports is also possible,
2041 managed with the \verb|ip route| command, described in the previous section.
2078 table. NAT and masquerading rules have an attribute to select new IP
2096 of the IP packet into some other value. More about NAT is
2104 \subsection{{\tt ip rule add} --- insert a new rule\\
2105 {\tt ip rule delete} --- delete a rule}
2106 \label{IP-RULE-ADD}
2147 Really, for historical reasons \verb|ip rule add| does not require a
2171 --- The base of the IP address block to translate (for source addresses).
2184 with \verb|ip route flush cache|.
2191 ip ru add from 192.203.80.0/24 table inr.ruhep prio 220
2197 ip ru add from 193.233.7.83 nat 192.203.80.144 table 1 prio 320
2202 ip ru del prio 32767
2209 \subsection{{\tt ip rule show} --- list rules}
2210 \label{IP-RULE-SHOW}
2220 kuznet@amber:~ $ ip ru ls
2249 \subsection{{\tt ip rule save} -- save rules tables}
2250 \label{IP-RULE-SAVE}
2255 \paragraph{Arguments:} \verb|ip rule save| has the same arguments as
2256 \verb|ip rule show|.
2261 dan@caffeine:~ # ip rule save > saved_rules
2265 \verb|ip rule save| is that of \verb|rtnetlink|. See
2268 \subsection{{\tt ip rule restore} -- restore rules tables}
2269 \label{IP-RULE-RESTORE}
2272 tables according to a data stream as provided by \verb|ip rule save| via
2282 dan@caffeine:~ # ip rule restore < saved_rules
2287 \section{{\tt ip maddress} --- multicast addresses management}
2288 \label{IP-MADDR}
2294 \subsection{{\tt ip maddress show} --- list multicast addresses}
2311 kuznet@alisa:~ $ ip maddr ls dummy
2330 with \verb|ip maddr add|. See the following subsection.
2334 \subsection{{\tt ip maddress add} --- add a multicast address\\
2335 {\tt ip maddress delete} --- delete a multicast address}
2362 netadm@alisa:~ # ip maddr add 33:33:00:00:00:01 dev dummy
2363 netadm@alisa:~ # ip -0 maddr ls dummy
2367 netadm@alisa:~ # ip maddr del 33:33:00:00:00:01 dev dummy
2371 Neither \verb|ip| nor the kernel check for multicast address validity.
2387 \section{{\tt ip mroute} --- multicast routing cache management}
2388 \label{IP-MROUTE}
2404 \subsection{{\tt ip mroute show} --- list mroute cache entries}
2423 --- the prefix selecting the IP source addresses of the multicast route.
2431 kuznet@amber:~ $ ip mroute ls
2453 kuznet@amber:~ $ ip -s mr ls 224.66/16
2460 \section{{\tt ip tunnel} --- tunnel configuration}
2461 \label{IP-TUNNEL}
2466 packets in IPv4 packets and then sending them over the IP infrastructure.
2472 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2474 \subsection{{\tt ip tunnel add} --- add a new tunnel\\
2475 {\tt ip tunnel change} --- change an existing tunnel\\
2476 {\tt ip tunnel delete} --- destroy a tunnel}
2533 either a number or an IP address-like dotted quad.
2565 netadm@amber:~ # ip tunl add Cisco mode sit remote 192.31.7.104 \
2569 \subsection{{\tt ip tunnel show} --- list tunnels}
2578 kuznet@amber:~ $ ip tunl ls Cisco
2579 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2589 kuznet@amber:~ $ ip -s tunl ls Cisco
2590 Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
2598 printed with {\tt ip -s link show}
2599 (sec.\ref{IP-LINK-SHOW}, p.\pageref{IP-LINK-SHOW}) but the tags are different
2612 transmitted because there is no IP route to the remote endpoint.
2618 \section{{\tt ip monitor} and {\tt rtmon} --- state monitoring}
2619 \label{IP-MONITOR}
2621 The \verb|ip| utility can monitor the state of devices, addresses
2627 ip monitor [ file FILE ] [ all | OBJECT-LIST ] [ label ]
2634 \verb|ip| opens RTNETLINK, listens on it and dumps state changes in
2641 \verb|ip monitor|.
2690 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2691 p.\pageref{IP-ROUTE}).
2700 with routing policy rules, see sec.~\ref{IP-RULE}, p.\pageref{IP-RULE}.
2752 ``Neighbor Discovery for IP Version 6 (IPv6)'', RFC-2461.
2758 ``Requirements for IP Version 4 Routers'', RFC-1812.
2769 \bibitem{IP-TUNNELS} A.~N.~Kuznetsov.
2770 ``Tunnels over IP in Linux-2.2'', \\
2771 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2774 In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
2798 When a host creates an IP packet, it must select some source
2824 \item Otherwise, IP routing tables can contain an explicit source
2826 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2831 The search strategies are different for IP and IPv6. Namely:
2837 \item IP searches for the first valid address with a scope wider
2842 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2843 sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}).
2871 ARP on all the IP devices.
2888 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2889 with the \verb|ip neigh| command, namely:
2891 ip neigh add proxy ADDRESS [ dev NAME ]
2895 ip neigh del proxy ADDRESS [ dev NAME ]
2902 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2907 parameters other than these (IP/IPv6 address and optional device).
2916 of the IP address space into other ones. Linux-2.2 route NAT is supposed
2940 through its data and mangling it. It mangles IP addresses,
2941 only IP addresses and nothing but IP addresses.
2949 http://www.suse.com/\~mha/HyperNews/get/linux-ip-nat.html
2963 These addresses are selected by the \verb|ip route| command
2964 (sec.\ref{IP-ROUTE-ADD}, p.\pageref{IP-ROUTE-ADD}). F.e.\
2966 ip route add nat 192.203.80.144 via 193.233.7.83
2978 ip route add nat 192.203.80.192/26 via 193.233.7.64
2987 policy rule (sec.\ref{IP-RULE-ADD}, p.\pageref{IP-RULE-ADD}):
2989 ip rule add prio 320 from 193.233.7.83 nat 192.203.80.144
2994 is some NAT address, declared by {\tt ip route add nat}.
3010 example from sec.\ref{IP-RULE-SHOW} (p.\pageref{IP-RULE-SHOW}).
3039 setup of IP (and IPv6, if it is compiled into the kernel)
3046 directory ftp://ftp.inr.ac.ru/ip-routing/:
3048 \item \verb|ip| --- package \verb|iproute2|.
3067 \# \$1 --- Static IP address, optionally followed by prefix length.\\
3076 \# Parse IP address, splitting prefix length.
3095 ip link set up dev lo
3096 ip addr add 127.0.0.1/8 dev lo brd + scope host
3106 ip address add $ipaddr dev $dev
3116 if ! ip link set up dev $dev ; then
3124 \# IP still needs some static preconfigured address.
3135 \# {\bf Step 2} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3154 if ! ip address add $pfx brd + dev $dev; then
3177 ip route add unreachable 224.0.0.0/24
3178 ip route add unreachable 255.255.255.255
3179 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3180 ip route add 224.0.0.0/4 dev $dev scope global
3195 ip ro add default dev $dev metric 30000 scope global
3212 namely, IP address management. It not only adds
3229 \# ---IP address, optionally followed by prefix length.\\
3288 echo " stop - completely disable IP" 1>&2
3308 ip -4 addr flush dev $dev $label || exit 1
3328 echo "$1 is bad IP address." 1>&2
3362 ip addr del $pfx dev $dev $label || exit 1
3373 if ! ip link set up dev $dev ; then
3380 \# {\bf Step 1} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
3397 if ! ip address add $pfx brd + dev $dev $label; then
3417 ip route add unreachable 224.0.0.0/24 >& /dev/null
3418 ip route add unreachable 255.255.255.255 >& /dev/null
3419 if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
3420 ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
3433 ip ro append default dev $dev metric 30000 scope global
3436 ip ro append default via $peer dev $dev metric 30001
