icmp 中文man頁面
NAME 名稱
icmp, IPPROTO_ICMP - Linux IPv4 ICMP 核心模塊.
DESCRIPTION 描述
本網絡核心協議模塊實現了基于 RFC792 協議中定義的《互聯網控制報文協議》。它針對網絡主機間通訊出錯的情況作出回應并給出診斷信息。用戶不能直接使用本模塊。相反本模塊需與核心中的其他協議進行通訊,而這些協議將 ICMP 出錯信息返回到網絡協議的應用層。ICMP 核心模塊也回應 ICMP 請求。
如果用 IPPROTP_ICMP 打開原始套接字(raw socket)時,用戶協議有可以收到任意本地套接字 ICMP 包。 IPPROTO_ICMP. 請參閱 raw(7) 傳遞到套接字的 ICMP 包可以用 ICMP_FILTER 套接字選項進行過濾。核心會處理所有 ICMP 包,包括傳遞到用戶的套接字去的。
Linux 對可以到達每個目標主機出錯信息包的比率設立了限制。 ICMP_REDIRECT 及 ICMP_DEST_UNREACH 也受進入包的目標路由的限制。
SYSCTLS
ICMP 支持通過 sysctl 接口來設置一些全局 IP 參數。對 Sysctl 的訪問可以通過讀、寫 /proc/sys/net/ipv4/* 下的文件通過 sysctl(2) 接口進行. 大多數這些 sysctls 對特定 ICMP 類型的數據包數量進行了限制。 Linux 2.2 使用記號單元過濾器對 ICMP 包進行限制。 此值表示超時錯誤,以秒計,直到到頂后記號單元過濾器被清除為止。
- icmp_destunreach_rate
- 發送目的地不可到達 ICMP 消息包的***數據包比率。這限制了發送到任意一個路由或目的地的數據包的比率。這個限制不影響發送用來發現數據鏈路***傳送單位(MTU)的 ICMP_FRAG_NEEDED包 數據包。
- icmp_echo_ignore_all
- 如果該值不為零,Linux將忽略所有的 ICMP_ECHO 請求。
- icmp_echo_ignore_broadcasts
- 如果該值不為零,Linux將忽略所有發送到廣播地址的 ICMP_ECHO 數據包。
- icmp_echoreply_rate
- 發送響應 ICMP_ECHOREQUEST 請求的 ICMP_ECHOREPLY 數據包比率的***值。
- icmp_paramprob_rate
- 發送 ICMP_PARAMETERPROB 數據包比率的***值。當一個具有非法 IP 報頭數據包到達時將發送這些包。
- icmp_timeexceed_rate
- 發送 ICMP_TIME_EXCEEDED 包比率的***值。當一個數據包通過太多網段時,這些包用作防止路由回環。
NOTES
由于在許多其他實現中不支持 IPPROTO_ICMP 原始套接字(raw socket),可移植程序不能依靠這一特性。
當Linux不作為路由器時,將不被發送 ICMP_REDIRECT 包。內核也只有在路由表中的舊網關和路由重新定向超時時才接受這些包。
ICMP_TIMESTAMP 返回的 64 位毫秒為單位的時間戳是自1970年1月1日以來的時間.
Linux 的 ICMP 在內部使用原始套接字(raw socket)來發送ICMP包。這個原始套接字可能在 netstat(8) 消息輸出中出現,帶著一個“zero inode”信息。
VERSIONS
在2.2版本中將再不支持 ICMP_ADDRESS 請求。
在2.2版本中將不再支持 ICMP_SOURCE_QUENCH
參見
ip(7)
RFC792 對ICMP協議進行了詳細的敘述。
#p#
NAME
icmp, IPPROTO_ICMP - Linux IPv4 ICMP kernel module.
DESCRIPTION
This kernel protocol module implements the Internet Control Message Protocol defined in RFC792. It is used to signal error conditions and for diagnosis. The user doesn't interact directly with this module; instead it communicates with the other protocols in the kernel and these pass the ICMP errors to the application layers. The kernel ICMP module also answers ICMP requests.
A user protocol may receive ICMP packets for all local sockets by opening a raw socket with the protocol IPPROTO_ICMP. See raw(7) for more information. The types of ICMP packets passed to the socket can be filtered using the ICMP_FILTER socket option. ICMP packets are always processed by the kernel too, even when passed to a user socket.
Linux limits the rate of ICMP error packets to each destination. ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the destination route of the incoming packets.
SYSCTLS
ICMP supports a sysctl interface to configure some global IP parameters. The sysctls can be accessed by reading or writing the /proc/sys/net/ipv4/* files or with the sysctl(2) interface. Most of these sysctls are rate limitations for specific ICMP types. Linux 2.2 uses a token bucket filter to limit ICMPs. The value is the timeout in jiffies until the token bucket filter is cleared after a burst. A jiffy is a system dependent unit, usually 10ms on x86 and about 1ms on alpha and IA64.
- icmp_destunreach_rate
- Maximum rate to send ICMP Destination Unreachable packets. This limits the rate at which packets are sent to any individual route or destination. The limit does not affect sending of ICMP_FRAG_NEEDED packets needed for path MTU discovery.
- icmp_echo_ignore_all
- If this value is non-zero, Linux will ignore all ICMP_ECHO requests.
- icmp_echo_ignore_broadcasts
- If this value is non-zero, Linux will ignore all ICMP_ECHO packets sent to broadcast addresses.
- icmp_echoreply_rate
- Maximum rate for sending ICMP_ECHOREPLY packets in response to ICMP_ECHOREQUEST packets.
- icmp_paramprob_rate
- Maximum rate for sending ICMP_PARAMETERPROB packets. These packets are sent when a packet arrives with an invalid IP header.
- icmp_timeexceed_rate
- Maximum rate for sending ICMP_TIME_EXCEEDED packets. These packets are sent to prevent loops when a packet has crossed too many hops.
NOTES
As many other implementations don't support IPPROTO_ICMP raw sockets, this feature should not be relied on in portable programs.
ICMP_REDIRECT packets are not sent when Linux is not acting as a router. They are also only accepted from the old gateway defined in the routing table and the redirect routes are expired after some time.
The 64-bit timestamp returned by ICMP_TIMESTAMP is in milliseconds since January 1, 1970.
Linux ICMP internally uses a raw socket to send ICMPs. This raw socket may appear in netstat(8) output with a zero inode.
VERSIONS
Support for the ICMP_ADDRESS request was removed in 2.2.
Support for ICMP_SOURCE_QUENCH was removed in Linux 2.2.
SEE ALSO
ip(7)
RFC792 for a description of the ICMP protocol.
