Lines Matching refs:verb

12 \verb|kuznet@ms2.inr.ac.ru| \\
24 This document presents a comprehensive description of the \verb|ip| utility
25 from the \verb|iproute2| package. It is not a tutorial or user's guide.
33 This document is split into sections explaining \verb|ip| commands
34 and options, decrypting \verb|ip| output and containing a few examples.
43 The generic form of an \verb|ip| command is:
47 where \verb|OPTIONS| is a set of optional modifiers affecting the
48 general behaviour of the \verb|ip| utility or changing its output. All options
49 begin with the character \verb|'-'| and may be used in either long or abbreviated
53 \item \verb|-V|, \verb|-Version|
55 --- print the version of the \verb|ip| utility and exit.
58 \item \verb|-s|, \verb|-stats|, \verb|-statistics|
64 \item \verb|-d|, \verb|-details|
68 \item \verb|-f|, \verb|-family| followed by a protocol family
69 identifier: \verb|inet|, \verb|inet6| or \verb|link|.
73 line does not give enough information to guess the family, \verb|ip| falls back to the default
74 one, usually \verb|inet| or \verb|any|. \verb|link| is a special family
77 \item \verb|-4|
79 --- shortcut for \verb|-family inet|.
81 \item \verb|-6|
83 --- shortcut for \verb|-family inet6|.
85 \item \verb|-0|
87 --- shortcut for \verb|-family link|.
90 \item \verb|-o|, \verb|-oneline|
93 with the \verb|'\'| character. This is convenient when you want to
94 count records with \verb|wc| or to \verb|grep| the output. The trivial
95 script \verb|rtpr| converts the output back into readable form.
97 \item \verb|-r|, \verb|-resolve|
106 \verb|ip| never uses DNS to resolve names to addresses.
109 \item \verb|-b|, \verb|-batch FILE|
112 First failure will cause termination of \verb|ip|.
113 In batch \verb|FILE| everything which begins with \verb|#| symbol is
129 \item \verb|-force|
135 \item \verb|-l|, \verb|-loops COUNT|
143 \verb|OBJECT| is the object to manage or to get information about.
144 The object types currently understood by \verb|ip| are:
147 \item \verb|link| --- network device
148 \item \verb|address| --- protocol (IP or IPv6) address on a device
149 \item \verb|neighbour| --- ARP or NDISC cache entry
150 \item \verb|route| --- routing table entry
151 \item \verb|rule| --- rule in routing policy database
152 \item \verb|maddress| --- multicast address
153 \item \verb|mroute| --- multicast routing cache entry
154 \item \verb|tunnel| --- tunnel over IP
158 abbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr|
159 or just \verb|a|.
161 \verb|COMMAND| specifies the action to perform on the object.
163 As a rule, it is possible to \verb|add|, \verb|delete| and
164 \verb|show| (or \verb|list|) objects, but some objects
166 The \verb|help| command is available for all objects. It prints
170 Usually it is \verb|list| or, if the objects of this class
171 cannot be listed, \verb|help|.
173 \verb|ARGUMENTS| is a list of arguments to the command.
178 which may be omitted. F.e.\ parameter \verb|dev| is the default
185 letters. The shortcuts are convenient when \verb|ip| is used interactively,
194 \verb|ip| may fail for one of the following reasons:
199 IP address {\em et al\/}. In this case \verb|ip| prints an error message
207 \verb|ip| failed to compile a kernel request from the arguments
211 The kernel returned an error to some syscall. In this case \verb|ip|
212 prints the error message, as it is output with \verb|perror(3)|,
217 In this case \verb|ip| prints the error message, as it is output
218 with \verb|perror(3)| prefixed with ``RTNETLINK answers:''.
223 if the \verb|ip| utility fails, it does not change anything
224 in the system. One harmful exception is \verb|ip link| command
248 \item The \verb|CONFIG_IP_MULTIPLE_TABLES| option was not selected
250 \verb|ip| \verb|rule| command will fail, f.e.
263 \paragraph{Object:} A \verb|link| is a network device and the corresponding
266 \paragraph{Commands:} \verb|set| and \verb|show| (or \verb|list|).
270 \paragraph{Abbreviations:} \verb|set|, \verb|s|.
275 \item \verb|dev NAME| (default)
277 --- \verb|NAME| specifies the network device on which to operate.
279 \item \verb|up| and \verb|down|
281 --- change the state of the device to \verb|UP| or \verb|DOWN|.
283 \item \verb|arp on| or \verb|arp off|
285 --- change the \verb|NOARP| flag on the device.
288 This operation is {\em not allowed\/} if the device is in state \verb|UP|.
289 Though neither the \verb|ip| utility nor the kernel check for this condition.
294 \item \verb|multicast on| or \verb|multicast off|
296 --- change the \verb|MULTICAST| flag on the device.
298 \item \verb|dynamic on| or \verb|dynamic off|
300 --- change the \verb|DYNAMIC| flag on the device.
302 \item \verb|name NAME|
308 \item \verb|txqueuelen NUMBER| or \verb|txqlen NUMBER|
312 \item \verb|mtu NUMBER|
316 \item \verb|address LLADDRESS|
320 \item \verb|broadcast LLADDRESS|, \verb|brd LLADDRESS| or \verb|peer LLADDRESS|
323 the interface is \verb|POINTOPOINT|.
332 \item \verb|netns PID|
340 The \verb|PROMISC| and \verb|ALLMULTI| flags are considered
346 \verb|ip| aborts immediately after any of the changes have failed.
347 This is the only case when \verb|ip| can move the system to
353 \item \verb|ip link set dummy address 00:00:00:00:00:01|
355 --- change the station address of the interface \verb|dummy|.
357 \item \verb|ip link set dummy up|
359 --- start the interface \verb|dummy|.
367 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
368 \verb|l|.
372 \item \verb|dev NAME| (default)
374 --- \verb|NAME| specifies the network device to show.
377 \item \verb|up|
402 (\verb|eth0|, \verb|sit0| etc.). The interface name is also
407 \verb|ip| \verb|link| \verb|set| \verb|name|
410 The interface name may have another name or \verb|NONE| appended
411 after the \verb|@| sign. This means that this device is bound to some other
414 device. If the name is \verb|NONE|, the master is unknown.
420 on the interface. Particularly, \verb|noqueue| means that this interface
421 does not queue anything and \verb|noop| means that the interface is in blackhole
429 \item \verb|UP| --- the device is turned on. It is ready to accept
433 \item \verb|LOOPBACK| --- the interface does not communicate with other
437 \item \verb|BROADCAST| --- the device has the facility to send packets
440 \item \verb|POINTOPOINT| --- the link has only two ends with one node
444 If neither \verb|LOOPBACK| nor \verb|BROADCAST| nor \verb|POINTOPOINT|
450 \item \verb|MULTICAST| --- is an advisory flag indicating that the interface
455 to use multicasting on this interface. Any \verb|POINTOPOINT| and
456 \verb|BROADCAST| link is multicasting by definition, because we have
462 \item \verb|PROMISC| --- the device listens to and feeds to the kernel all
468 \item \verb|ALLMULTI| --- the device receives all multicast packets
471 \item \verb|NOARP| --- this flag is different from the other ones. It has
477 \item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is
480 \item \verb|SLAVE| --- this interface is bonded to some other interfaces
487 There are other flags but they are either obsolete (\verb|NOTRAILERS|)
488 or not implemented (\verb|DEBUG|) or specific to some devices
489 (\verb|MASTER|, \verb|AUTOMEDIA| and \verb|PORTSEL|). We do not discuss
495 associated with the device. The first word (\verb|ether|, \verb|sit|)
512 \verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
517 \paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
530 \verb|RX:| and \verb|TX:| lines summarize receiver and transmitter
533 \item \verb|bytes| --- the total number of bytes received or transmitted
537 \item \verb|packets| --- the total number of packets received or transmitted
539 \item \verb|errors| --- the total number of receiver or transmitter errors.
540 \item \verb|dropped| --- the total number of packets dropped due to lack
542 \item \verb|overrun| --- the total number of receiver overruns resulting
546 \item \verb|mcast| --- the total number of received multicast packets. This option
548 \item \verb|carrier| --- total number of link media failures f.e.\ because
550 \item \verb|collsns| --- the total number of collision events
553 \item \verb|compressed| --- the total number of compressed packets. This is
558 If the \verb|-s| option is entered twice or more,
559 \verb|ip| prints more detailed statistics on receiver
583 \paragraph{Abbreviations:} \verb|address|, \verb|addr|, \verb|a|.
585 \paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
592 The \verb|ip addr| command displays addresses and their properties,
595 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|flush| and \verb|show|
596 (or \verb|list|).
602 \paragraph{Abbreviations:} \verb|add|, \verb|a|.
607 \item \verb|dev NAME|
611 \item \verb|local ADDRESS| (default)
615 separated by colons for IPv6. The \verb|ADDRESS| may be followed by
619 \item \verb|peer ADDRESS|
622 Again, the \verb|ADDRESS| may be followed by a slash and a decimal number,
628 \item \verb|broadcast ADDRESS|
632 It is possible to use the special symbols \verb|'+'| and \verb|'-'|
638 Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
643 \item \verb|label NAME|
651 \item \verb|scope SCOPE_VALUE|
654 The available scopes are listed in file \verb|/etc/iproute2/rt_scopes|.
658 \item \verb|global| --- the address is globally valid.
659 \item \verb|site| --- (IPv6 only) the address is site local,
661 \item \verb|link| --- the address is link local, i.e.\
663 \item \verb|host| --- the address is valid only inside this host.
673 \item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
677 \item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
680 \verb|255.255.255.0|), standard broadcast and label \verb|eth0:Alias|
681 to the interface \verb|eth0|.
687 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
689 \paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
695 \item \verb|ip addr del 127.0.0.1/8 dev lo|
700 \item Disable IP on the interface \verb|eth0|:
714 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
715 \verb|l|.
720 \item \verb|dev NAME| (default)
724 \item \verb|scope SCOPE_VAL|
728 \item \verb|to PREFIX|
732 \item \verb|label PATTERN|
734 --- only list addresses with labels matching the \verb|PATTERN|.
735 \verb|PATTERN| is a usual shell style pattern.
738 \item \verb|dynamic| and \verb|permanent|
743 \item \verb|tentative|
748 \item \verb|deprecated|
753 \item \verb|primary| and \verb|secondary|
773 The first two lines coincide with the output of \verb|ip link ls|.
775 as addresses of the protocol family \verb|AF_PACKET|.
785 \item \verb|secondary|
793 There is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries|
796 \verb|net.ipv4.conf.all.promote_secondaries=1| to \verb|/etc/sysctl.conf|.
800 \item \verb|dynamic|
804 the address is still valid. After \verb|preferred_lft| expires the address is
805 moved to the deprecated state. After \verb|valid_lft| expires the address
808 \item \verb|deprecated|
813 \item \verb|tentative|
824 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
829 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
832 \paragraph{Warning:} This command (and other \verb|flush| commands
836 \paragraph{Statistics:} With the \verb|-statistics| option, the command
839 twice, \verb|ip addr flush| also dumps all the deleted addresses
869 \paragraph{Abbreviations:} \verb|neighbour|, \verb|neighbor|, \verb|neigh|,
870 \verb|n|.
872 \paragraph{Object:} \verb|neighbour| objects establish bindings between protocol
880 \paragraph{Commands:} \verb|add|, \verb|change|, \verb|replace|,
881 \verb|delete|, \verb|flush| and \verb|show| (or \verb|list|).
884 describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
891 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
892 \verb|replace|, \verb|repl|.
900 \item \verb|to ADDRESS| (default)
904 \item \verb|dev NAME|
909 \item \verb|lladdr LLADDRESS|
911 --- the link layer address of the neighbour. \verb|LLADDRESS| can also be
912 \verb|null|.
914 \item \verb|nud NUD_STATE|
916 --- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour
920 \item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed
922 \item \verb|noarp| --- the neighbour entry is valid. No attempts to validate
924 \item \verb|reachable| --- the neighbour entry is valid until the reachability
926 \item \verb|stale| --- the neighbour entry is valid but suspicious.
927 This option to \verb|ip neigh| does not change the neighbour state if
935 \item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
937 --- add a permanent ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
939 \item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
941 --- change its state to \verb|reachable|.
947 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
951 \paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
952 except that \verb|lladdr| and \verb|nud| are ignored.
957 \item \verb|ip neigh del 10.0.0.3 dev eth0|
959 --- invalidate an ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
972 a \verb|noarp| entry created by the kernel may result in unpredictable behaviour.
974 on a \verb|NOARP| interface or if the address is multicast or broadcast.
979 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|.
987 \item \verb|to ADDRESS| (default)
991 \item \verb|dev NAME|
995 \item \verb|unused|
999 \item \verb|nud NUD_STATE|
1001 --- only list neighbour entries in this state. \verb|NUD_STATE| takes
1002 values listed below or the special value \verb|all| which means all states.
1003 This option may occur more than once. If this option is absent, \verb|ip|
1004 lists all entries except for \verb|none| and \verb|noarp|.
1026 \verb|lladdr| is the link layer address of the neighbour.
1028 \verb|nud| is the state of the ``neighbour unreachability detection'' machine
1034 \item\verb|none| --- the state of the neighbour is void.
1035 \item\verb|incomplete| --- the neighbour is in the process of resolution.
1036 \item\verb|reachable| --- the neighbour is valid and apparently reachable.
1037 \item\verb|stale| --- the neighbour is valid, but is probably already
1039 \item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting
1041 \item\verb|probe| --- the delay timer expired but no confirmation was received.
1043 \item\verb|failed| --- resolution has failed.
1044 \item\verb|noarp| --- the neighbour is valid. No attempts to check the entry
1046 \item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator
1050 The link layer address is valid in all states except for \verb|none|,
1051 \verb|failed| and \verb|incomplete|.
1053 IPv6 neighbours can be marked with the additional flag \verb|router|
1056 \paragraph{Statistics:} The \verb|-statistics| option displays some usage
1066 Here \verb|ref| is the number of users of this entry
1067 and \verb|used| is a triplet of time intervals in seconds
1078 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1083 \paragraph{Arguments:} This command has the same arguments as \verb|show|.
1086 \verb|permanent| and \verb|noarp|.
1089 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1092 twice, \verb|ip neigh flush| also dumps all the deleted neighbours
1110 \paragraph{Abbreviations:} \verb|route|, \verb|ro|, \verb|r|.
1112 \paragraph{Object:} \verb|route| entries in the kernel routing tables keep
1152 non-unique routes with \verb|ip| commands described in this section.
1187 is \verb|unicast|. It describes real paths to other hosts.
1192 \item \verb|unicast| --- the route entry describes real paths to the
1194 \item \verb|unreachable| --- these destinations are unreachable. Packets
1196 The local senders get an \verb|EHOSTUNREACH| error.
1197 \item \verb|blackhole| --- these destinations are unreachable. Packets
1198 are discarded silently. The local senders get an \verb|EINVAL| error.
1199 \item \verb|prohibit| --- these destinations are unreachable. Packets
1201 prohibited\/} is generated. The local senders get an \verb|EACCES| error.
1202 \item \verb|local| --- the destinations are assigned to this
1204 \item \verb|broadcast| --- the destinations are broadcast addresses.
1206 \item \verb|throw| --- a special control route used together with policy
1211 is generated. The local senders get an \verb|ENETUNREACH| error.
1212 \item \verb|nat| --- a special NAT route. Destinations covered by the prefix
1215 are selected with the attribute \verb|via|. More about NAT is
1217 \item \verb|anycast| --- ({\em not implemented\/}) the destinations are
1219 to \verb|local| with one difference: such addresses are invalid when used
1221 \item \verb|multicast| --- a special type used for multicast routing.
1227 name from the file \verb|/etc/iproute2/rt_tables|. By default all normal
1228 routes are inserted into the \verb|main| table (ID 254) and the kernel only uses
1232 even more important. It is the \verb|local| table (ID 255). This table
1249 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
1250 \verb|replace|, \verb|repl|.
1255 \item \verb|to PREFIX| or \verb|to TYPE PREFIX| (default)
1257 --- the destination prefix of the route. If \verb|TYPE| is omitted,
1258 \verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
1259 are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
1261 \verb|ip| assumes a full-length host route. There is also a special
1262 \verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
1263 to IPv6 \verb|::/0|.
1265 \item \verb|tos TOS| or \verb|dsfield TOS|
1270 may still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal
1274 \item \verb|metric NUMBER| or \verb|preference NUMBER|
1276 --- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number.
1278 \item \verb|table TABLEID|
1281 \verb|TABLEID| may be a number or a string from the file
1282 \verb|/etc/iproute2/rt_tables|. If this parameter is omitted,
1283 \verb|ip| assumes the \verb|main| table, with the exception of
1284 \verb|local|, \verb|broadcast| and \verb|nat| routes, which are
1285 put into the \verb|local| table by default.
1287 \item \verb|dev NAME|
1291 \item \verb|via ADDRESS|
1294 on the route type. For normal \verb|unicast| routes it is either the true nexthop
1299 \item \verb|src ADDRESS|
1304 \item \verb|realm REALMID|
1307 \verb|REALMID| may be a number or a string from the file
1308 \verb|/etc/iproute2/rt_realms|. Sec.\ref{RT-REALMS} (p.\pageref{RT-REALMS})
1311 \item \verb|mtu MTU| or \verb|mtu lock MTU|
1313 --- the MTU along the path to the destination. If the modifier \verb|lock| is
1315 If the modifier \verb|lock| is used, no path MTU discovery will be tried,
1319 \item \verb|window NUMBER|
1325 \item \verb|rtt NUMBER|
1330 \item \verb|rttvar NUMBER|
1335 \item \verb|ssthresh NUMBER|
1340 \item \verb|cwnd NUMBER|
1342 --- \threeonly the clamp for congestion window. It is ignored if the \verb|lock|
1346 \item \verb|advmss NUMBER|
1356 \item \verb|reordering NUMBER|
1359 If it is not given, Linux uses the value selected with \verb|sysctl|
1360 variable \verb|net/ipv4/tcp_reordering|.
1362 \item \verb|hoplimit NUMBER|
1365 The default is the value selected with the \verb|sysctl| variable
1366 \verb|net/ipv4/ip_default_ttl|.
1368 \item \verb|initcwnd NUMBER|
1374 +\item \verb|initrwnd NUMBER|
1381 \item \verb|nexthop NEXTHOP|
1383 --- the nexthop of a multipath route. \verb|NEXTHOP| is a complex value
1386 \item \verb|via ADDRESS| is the nexthop router.
1387 \item \verb|dev NAME| is the output device.
1388 \item \verb|weight NUMBER| is a weight for this element of a multipath
1392 \item \verb|scope SCOPE_VAL|
1395 \verb|SCOPE_VAL| may be a number or a string from the file
1396 \verb|/etc/iproute2/rt_scopes|.
1398 \verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
1399 routes, scope \verb|link| for direct \verb|unicast| and \verb|broadcast| routes
1400 and scope \verb|host| for \verb|local| routes.
1402 \item \verb|protocol RTPROTO|
1405 \verb|RTPROTO| may be a number or a string from the file
1406 \verb|/etc/iproute2/rt_protos|. If the routing protocol ID is
1407 not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
1412 \item \verb|redirect| --- the route was installed due to an ICMP redirect.
1413 \item \verb|kernel| --- the route was installed by the kernel during
1415 \item \verb|boot| --- the route was installed during the bootup sequence.
1417 \item \verb|static| --- the route was installed by the administrator
1420 \item \verb|ra| --- the route was installed by Router Discovery protocol.
1425 f.e.\ as they are assigned in \verb|rtnetlink.h| or in \verb|rt_protos|
1429 \item \verb|onlink|
1435 \item \verb|pref PREF|
1438 \verb|PREF| PREF is a string specifying the route preference as defined in
1441 \item \verb|low| --- the route has a lowest priority.
1442 \item \verb|medium| --- the route has a default priority.
1443 \item \verb|high| --- the route has a highest priority.
1450 Actually there are more commands: \verb|prepend| does the same
1451 thing as classic \verb|route add|, i.e.\ adds a route, even if another
1452 route to the same destination exists. Its opposite case is \verb|append|,
1457 More sad news, IPv6 only understands the \verb|append| command correctly.
1458 All the others are translated into \verb|append| commands. Certainly,
1468 \item change it to a direct route via the \verb|dummy| device
1472 \item add a default multipath route splitting the load between \verb|ppp0|
1473 and \verb|ppp1|
1481 \verb|via| parameter.
1493 \paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
1495 \paragraph{Arguments:} \verb|ip route del| has the same arguments as
1496 \verb|ip route add|, but their semantics are a bit different.
1498 Key values (\verb|to|, \verb|tos|, \verb|preference| and \verb|table|)
1499 select the route to delete. If optional attributes are present, \verb|ip|
1501 If no route with the given key and attributes was found, \verb|ip route del|
1524 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
1532 \item \verb|to SELECTOR| (default)
1534 --- only select routes from the given range of destinations. \verb|SELECTOR|
1535 consists of an optional modifier (\verb|root|, \verb|match| or \verb|exact|)
1536 and a prefix. \verb|root PREFIX| selects routes with prefixes not shorter
1537 than \verb|PREFIX|. F.e.\ \verb|root 0/0| selects the entire routing table.
1538 \verb|match PREFIX| selects routes with prefixes not longer than
1539 \verb|PREFIX|. F.e.\ \verb|match 10.0/16| selects \verb|10.0/16|,
1540 \verb|10/8| and \verb|0/0|, but it does not select \verb|10.1/16| and
1541 \verb|10.0.0/24|. And \verb|exact PREFIX| (or just \verb|PREFIX|)
1543 are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
1546 \item \verb|tos TOS| or \verb|dsfield TOS|
1551 \item \verb|table TABLEID|
1554 \verb|table| \verb|main|. \verb|TABLEID| may either be the ID of a real table
1557 \item \verb|all| --- list all of the tables.
1558 \item \verb|cache| --- dump the routing cache.
1561 IPv6 has a single table. However, splitting it into \verb|main|, \verb|local|
1562 and \verb|cache| is emulated by the \verb|ip| utility.
1565 \item \verb|cloned| or \verb|cached|
1569 Actually, it is equivalent to \verb|table cache|.
1571 \item \verb|from SELECTOR|
1573 --- the same syntax as for \verb|to|, but it binds the source address range
1574 rather than destinations. Note that the \verb|from| option only works with
1577 \item \verb|protocol RTPROTO|
1582 \item \verb|scope SCOPE_VAL|
1586 \item \verb|type TYPE|
1590 \item \verb|dev NAME|
1594 \item \verb|via PREFIX|
1596 --- only list routes going via the nexthop routers selected by \verb|PREFIX|.
1598 \item \verb|src PREFIX|
1601 by \verb|PREFIX|.
1603 \item \verb|realm REALMID| or \verb|realms FROMREALM/TOREALM|
1609 \paragraph{Examples:} Let us count routes of protocol \verb|gated/bgp|
1616 To count the size of the routing cache, we have to use the \verb|-o| option
1630 \verb|-o| option was given, then line feeds separating lines inside
1658 see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
1661 The second line, starting with the word \verb|cache|, shows
1665 \item \verb|local| --- packets are delivered locally.
1670 \item \verb|reject| --- the path is bad. Any attempt to use it results
1671 in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
1673 \item \verb|mc| --- the destination is multicast.
1675 \item \verb|brd| --- the destination is broadcast.
1677 \item \verb|src-direct| --- the source is on a directly connected
1680 \item \verb|redirected| --- the route was created by an ICMP Redirect.
1682 \item \verb|redirect| --- packets going via this route will
1685 \item \verb|fastroute| --- the route is eligible to be used for fastroute.
1687 \item \verb|equalize| --- make packet by packet randomization
1690 \item \verb|dst-nat| --- the destination address requires translation.
1692 \item \verb|src-nat| --- the source address requires translation.
1694 \item \verb|masq| --- the source address requires masquerading.
1697 \item \verb|notify| --- ({\em not implemented}) change/deletion
1703 \item \verb|error| --- on \verb|reject| routes it is error code
1710 \item \verb|expires| --- this entry will expire after this timeout.
1712 \item \verb|iif| --- the packets for this path are expected to arrive
1716 \paragraph{Statistics:} With the \verb|-statistics| option, more
1719 \item \verb|users| --- the number of users of this entry.
1720 \item \verb|age| --- shows when this route was last used.
1721 \item \verb|used| --- the number of lookups of this route since its creation.
1730 \paragraph{Arguments:} \verb|ip route save| has the same arguments as
1731 \verb|ip route show|.
1740 \verb|ip route save| is that of \verb|rtnetlink|. See
1741 \verb|rtnetlink(7)| for more information.
1747 tables according to a data stream as provided by \verb|ip route save| via
1763 \paragraph{Abbreviations:} \verb|flush|, \verb|f|.
1769 as the arguments of \verb|ip route show|, but routing tables are not
1770 listed but purged. The only difference is the default action: \verb|show|
1771 dumps all the IP main routing table but \verb|flush| prints the helper page.
1775 \paragraph{Statistics:} With the \verb|-statistics| option, the command
1778 twice, \verb|ip route flush| also dumps all the deleted routes
1786 This option deserves to be put into a scriptlet \verb|routef|.
1788 This option was described in the \verb|route(8)| man page borrowed
1820 The third example flushes BGP routing tables after a \verb|gated|
1839 \paragraph{Abbreviations:} \verb|get|, \verb|g|.
1846 \item \verb|to ADDRESS| (default)
1850 \item \verb|from ADDRESS|
1854 \item \verb|tos TOS| or \verb|dsfield TOS|
1858 \item \verb|iif NAME|
1862 \item \verb|oif NAME|
1866 \item \verb|connected|
1868 --- if no source address (option \verb|from|) was given, relookup
1874 Note that this operation is not equivalent to \verb|ip route show|.
1875 \verb|show| shows existing routes. \verb|get| resolves them and
1876 creates new clones if necessary. Essentially, \verb|get|
1878 If the \verb|iif| argument is not given, the kernel creates a route
1882 actually sent. With the \verb|iif| argument, the kernel pretends
1887 format as \verb|ip route ls|.
1899 \item Find a route to forward packets arriving on \verb|eth0|
1912 Note the \verb|redirect| flag on it.
1915 \item Find a multicast route for packets arriving on \verb|eth0|
1918 In this case, it is \verb|pimd|)
1930 of this group, so that route has no \verb|local| flag and only
1932 The multicast part consists of an additional \verb|Oifs:| list showing
1965 We may retry \verb|ip route get| to see what we have in the routing
1979 \paragraph{Abbreviations:} \verb|rule|, \verb|ru|.
1981 \paragraph{Object:} \verb|rule|s in the routing policy database control
2019 indirectly, via \verb|ipchains|, by exploiting their ability
2020 to mark some classes of packets with \verb|fwmark|. Therefore,
2021 \verb|fwmark| is also included in the set of keys checked by rules.
2041 managed with the \verb|ip route| command, described in the previous section.
2048 table \verb|local| (ID 255).
2049 The \verb|local| table is a special routing table containing
2056 table \verb|main| (ID 254).
2057 The \verb|main| table is the normal routing table containing all non-policy
2062 table \verb|default| (ID 253).
2063 The \verb|default| table is empty. It is reserved for some
2080 optional attributes, which routes have, namely \verb|realms|.
2088 \item \verb|unicast| --- the rule prescribes to return the route found
2090 \item \verb|blackhole| --- the rule prescribes to silently drop the packet.
2091 \item \verb|unreachable| --- the rule prescribes to generate a ``Network
2093 \item \verb|prohibit| --- the rule prescribes to generate
2095 \item \verb|nat| --- the rule prescribes to translate the source address
2101 \paragraph{Commands:} \verb|add|, \verb|delete| and \verb|show|
2102 (or \verb|list|).
2108 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|,
2109 \verb|d|.
2114 \item \verb|type TYPE| (default)
2119 \item \verb|from PREFIX|
2123 \item \verb|to PREFIX|
2127 \item \verb|iif NAME|
2134 \item \verb|tos TOS| or \verb|dsfield TOS|
2138 \item \verb|fwmark MARK|
2140 --- select the \verb|fwmark| value to match.
2142 \item \verb|priority PREFERENCE|
2147 Really, for historical reasons \verb|ip rule add| does not require a
2159 \item \verb|table TABLEID|
2163 \item \verb|realms FROM/TO|
2166 succeeded. Realm \verb|TO| is only used if the route did not select
2169 \item \verb|nat ADDRESS|
2172 The \verb|ADDRESS| may be either the start of the block of NAT addresses
2184 with \verb|ip route flush cache|.
2189 according to routing table \verb|inr.ruhep|:
2195 and route it according to table \#1 (actually, it is \verb|inr.ruhep|):
2212 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2236 The keyword \verb|lookup| is followed by a routing table identifier,
2237 as it is recorded in the file \verb|/etc/iproute2/rt_tables|.
2240 \verb|map-to| followed by the start of the block of addresses to map.
2255 \paragraph{Arguments:} \verb|ip rule save| has the same arguments as
2256 \verb|ip rule show|.
2265 \verb|ip rule save| is that of \verb|rtnetlink|. See
2266 \verb|rtnetlink(7)| for more information.
2272 tables according to a data stream as provided by \verb|ip rule save| via
2290 \paragraph{Object:} \verb|maddress| objects are multicast addresses.
2292 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|show| (or \verb|list|).
2296 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2302 \item \verb|dev NAME| (default)
2322 protocol identifier. The word \verb|link| denotes a link layer
2326 of users is shown after the \verb|users| keyword.
2329 is the \verb|static| flag, which indicates that the address was joined
2330 with \verb|ip maddr add|. See the following subsection.
2337 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, \verb|d|.
2348 \item \verb|address LLADDRESS| (default)
2352 \item \verb|dev NAME|
2371 Neither \verb|ip| nor the kernel check for multicast address validity.
2390 \paragraph{Abbreviations:} \verb|mroute|, \verb|mr|.
2392 \paragraph{Object:} \verb|mroute| objects are multicast routing cache
2394 (f.e.\ \verb|pimd| or \verb|mrouted|).
2397 engine, it is impossible to change \verb|mroute| objects administratively,
2401 \paragraph{Commands:} \verb|show| (or \verb|list|).
2406 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2411 \item \verb|to PREFIX| (default)
2416 \item \verb|iif NAME|
2421 \item \verb|from PREFIX|
2439 where S is the source address and G is the multicast group. \verb|Iif| is
2441 If the word \verb|unresolved| is there instead of the interface name,
2443 The keyword \verb|oifs| is followed by a list of output interfaces, separated
2446 in the \verb|oifs| list.
2448 \paragraph{Statistics:} The \verb|-statistics| option also prints the
2463 \paragraph{Abbreviations:} \verb|tunnel|, \verb|tunl|.
2465 \paragraph{Object:} \verb|tunnel| objects are tunnels, encapsulating
2468 \paragraph{Commands:} \verb|add|, \verb|delete|, \verb|change|, \verb|show|
2469 (or \verb|list|).
2472 over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
2478 \paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
2479 \verb|delete|, \verb|del|, \verb|d|.
2486 \item \verb|name NAME| (default)
2490 \item \verb|mode MODE|
2493 \verb|ipip|, \verb|sit| and \verb|gre|.
2495 \item \verb|remote ADDRESS|
2499 \item \verb|local ADDRESS|
2504 \item \verb|ttl N|
2506 --- set a fixed TTL \verb|N| on tunneled packets.
2507 \verb|N| is a number in the range 1--255. 0 is a special value
2509 The default value is: \verb|inherit|.
2511 \item \verb|tos T| or \verb|dsfield T|
2513 --- set a fixed TOS \verb|T| on tunneled packets.
2514 The default value is: \verb|inherit|.
2518 \item \verb|dev NAME|
2520 --- bind the tunnel to the device \verb|NAME| so that
2524 \item \verb|nopmtudisc|
2530 \item \verb|key K|, \verb|ikey K|, \verb|okey K|
2532 --- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is
2534 The \verb|key| parameter sets the key to use in both directions.
2535 The \verb|ikey| and \verb|okey| parameters set different keys for input and output.
2538 \item \verb|csum|, \verb|icsum|, \verb|ocsum|
2541 The \verb|ocsum| flag calculates checksums for outgoing packets.
2542 The \verb|icsum| flag requires that all input packets have the correct
2543 checksum. The \verb|csum| flag is equivalent to the combination
2544 ``\verb|icsum| \verb|ocsum|''.
2546 \item \verb|seq|, \verb|iseq|, \verb|oseq|
2549 The \verb|oseq| flag enables sequencing of outgoing packets.
2550 The \verb|iseq| flag requires that all input packets are serialized.
2551 The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''.
2571 \paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
2602 \item \verb|CsumErrs| --- the total number of packets dropped
2604 \item \verb|OutOfSeq| --- the total number of packets dropped
2607 \item \verb|Mcasts| --- the total number of multicast packets
2609 \item \verb|DeadLoop| --- the total number of packets which were not
2611 \item \verb|NoRoute| --- the total number of packets which were not
2613 \item \verb|NoBufs| --- the total number of packets which were not
2621 The \verb|ip| utility can monitor the state of devices, addresses
2624 the \verb|monitor| command is the first in the command line and then
2629 \verb|OBJECT-LIST| is the list of object types that we want to
2630 monitor. It may contain \verb|link|, \verb|address| and \verb|route|.
2631 Specifying \verb|label| indicates that output lines should be labelled
2633 \verb|all| is specified. If no \verb|file| argument is given,
2634 \verb|ip| opens RTNETLINK, listens on it and dumps state changes in
2640 \verb|rtmon| utility. This utility has a command line syntax similar to
2641 \verb|ip monitor|.
2642 Ideally, \verb|rtmon| should be started before
2651 Certainly, it is possible to start \verb|rtmon| at any time.
2690 can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
2693 There is a patch to \verb|gated|, allowing classification of routes
2694 to realms with all the set of policy rules implemented in \verb|gated|:
2720 (or realm \verb|unknown|).
2722 The main application of realms is the TC \verb|route| classifier~\cite{TC-CREF},
2729 which can be viewed with the \verb|rtacct| utility.
2737 the realm \verb|russia| and forwarded 169176 packets to \verb|russia|.
2738 The realm \verb|russia| consists of routes with ASPATHs not leaving
2742 \verb|rtacct| shows incoming packets only. Using the \verb|route|
2810 The application may select a source address explicitly with \verb|bind(2)|
2811 syscall or supplying it to \verb|sendmsg(2)| via the ancillary data object
2812 \verb|IP_PKTINFO|. In this case the kernel only checks the validity
2816 Never say ``Never''. The sysctl option \verb|ip_dynaddr| breaks
2825 address hint for this destination. The hint is set with the \verb|src| parameter
2826 to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
2842 in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
2848 \item Otherwise, if the scope of the destination is \verb|link| or \verb|host|,
2852 with an appropriate scope. The loopback device \verb|lo| is always the first
2864 by setting the kernel \verb|sysctl| variable
2865 \verb|/proc/sys/net/ipv4/conf/<dev>/proxy_arp| to 1. After this, the router
2866 starts to answer ARP requests on the interface \verb|<dev>|, provided
2870 The variable \verb|/proc/sys/net/ipv4/conf/all/proxy_arp| enables proxy
2888 The \verb|ip| utility provides a way to manage proxy ARP/NDISC
2889 with the \verb|ip neigh| command, namely:
2900 for address \verb|ADDRESS| on all devices, otherwise it will only serve
2901 the device \verb|NAME|. Even if the proxy entry is created with
2902 \verb|ip neigh|, the router {\em will not\/} answer a query if the route
2963 These addresses are selected by the \verb|ip route| command
2993 It is important that the address after the \verb|nat| keyword
3018 and 192.203.80/24. Also, if the \verb|inr.ruhep| table does not
3025 and leave the rest intact, you may use \verb|ipchains|
3026 to \verb|fwmark| a class of packets.
3048 \item \verb|ip| --- package \verb|iproute2|.
3049 \item \verb|arping| --- package \verb|iputils|.
3050 \item \verb|rdisc| --- package \verb|iputils|.
3053 It also refers to a DHCP client, \verb|dhcpcd|. I should refrain from
3055 say is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that
3056 can be found in the \verb|dhcp.bootp.rarp| subdirectory of
3065 \# {\bf Usage: \verb|ifone ADDRESS[/PREFIX-LENGTH] [DEVICE]|}\\
3068 \# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\
3069 \# F.e. \verb|ifone 193.233.7.90|
3113 \noindent\# {\bf Step 1} --- enable device \verb|$dev|
3122 \# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\
3211 This is a simplistic script replacing one option of \verb|ifconfig|,
3218 I strongly recommend using it {\em instead\/} of \verb|ifconfig| both
3225 \# {\bf Usage: \verb?ifcfg DEVICE[:ALIAS] [add|del] ADDRESS[/LENGTH] [PEER]?}\\
3231 \# F.e. \verb|ifcfg eth0 193.233.7.90/24|
3370 \# {\bf Step 0} --- enable device \verb|$dev|