Originální popis anglicky:
icmp, IPPROTO_ICMP - Linux IPv4 ICMP kernel module.
This kernel protocol module implements the Internet Control Message Protocol
defined in RFC792. It is used to signal error conditions and for diagnosis.
The user doesn't interact directly with this module; instead it communicates
with the other protocols in the kernel and these pass the ICMP errors to the
application layers. The kernel ICMP module also answers ICMP requests.
A user protocol may receive ICMP packets for all local sockets by opening a raw
socket with the protocol
IPPROTO_ICMP. See
raw(7) for more
information. The types of ICMP packets passed to the socket can be filtered
using the
ICMP_FILTER socket option. ICMP packets are always processed
by the kernel too, even when passed to a user socket.
Linux limits the rate of ICMP error packets to each destination.
ICMP_REDIRECT and
ICMP_DEST_UNREACH are also limited by the
destination route of the incoming packets.
ICMP supports a sysctl interface to configure some global IP parameters. The
sysctls can be accessed by reading or writing the
/proc/sys/net/ipv4/*
files or with the
sysctl(2) interface. Most of these sysctls are rate
limitations for specific ICMP types. Linux 2.2 uses a token bucket filter to
limit ICMPs. The value is the timeout in jiffies until the token bucket filter
is cleared after a burst. A jiffy is a system dependent unit, usually 10ms on
x86 and about 1ms on alpha and IA64.
- icmp_destunreach_rate
- Maximum rate to send ICMP Destination Unreachable packets.
This limits the rate at which packets are sent to any individual route or
destination. The limit does not affect sending of ICMP_FRAG_NEEDED
packets needed for path MTU discovery.
- icmp_echo_ignore_all
- If this value is non-zero, Linux will ignore all
ICMP_ECHO requests.
- icmp_echo_ignore_broadcasts
- If this value is non-zero, Linux will ignore all
ICMP_ECHO packets sent to broadcast addresses.
- icmp_echoreply_rate
- Maximum rate for sending ICMP_ECHOREPLY packets in
response to ICMP_ECHOREQUEST packets.
- icmp_paramprob_rate
- Maximum rate for sending ICMP_PARAMETERPROB packets.
These packets are sent when a packet arrives with an invalid IP
header.
- icmp_timeexceed_rate
- Maximum rate for sending ICMP_TIME_EXCEEDED packets.
These packets are sent to prevent loops when a packet has crossed too many
hops.
As many other implementations don't support
IPPROTO_ICMP raw sockets,
this feature should not be relied on in portable programs.
ICMP_REDIRECT packets are not sent when Linux is not acting as a router.
They are also only accepted from the old gateway defined in the routing table
and the redirect routes are expired after some time.
The 64-bit timestamp returned by
ICMP_TIMESTAMP is in milliseconds since
January 1, 1970.
Linux ICMP internally uses a raw socket to send ICMPs. This raw socket may
appear in
netstat(8) output with a zero inode.
Support for the
ICMP_ADDRESS request was removed in 2.2.
Support for
ICMP_SOURCE_QUENCH was removed in Linux 2.2.
ip(7)
RFC792 for a description of the ICMP protocol.
