ICMP(7) (2017-11-26) ICMP(7)
NAME
icmp - Linux IPv4 ICMP kernel module.
DESCRIPTION
This kernel protocol module implements the Internet Control
Message Protocol defined in RFC 792. It is used to signal
error conditions and for diagnosis. The user doesn't
interact directly with this module; instead it communicates
with the other protocols in the kernel and these pass the
ICMP errors to the application layers. The kernel ICMP
module also answers ICMP requests.
A user protocol may receive ICMP packets for all local
sockets by opening a raw socket with the protocol
IPPROTO_ICMP. See raw(7) for more information. The types
of ICMP packets passed to the socket can be filtered using
the ICMP_FILTER socket option. ICMP packets are always pro-
cessed by the kernel too, even when passed to a user socket.
Linux limits the rate of ICMP error packets to each destina-
tion. ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited
by the destination route of the incoming packets.
/proc interfaces
ICMP supports a set of /proc interfaces to configure some
global IP parameters. The parameters can be accessed by
reading or writing files in the directory
/proc/sys/net/ipv4/. Most of these parameters are rate limi-
tations for specific ICMP types. Linux 2.2 uses a token
bucket filter to limit ICMPs. The value is the timeout in
jiffies until the token bucket filter is cleared after a
burst. A jiffy is a system dependent unit, usually 10ms on
i386 and about 1ms on alpha and ia64.
Maximum rate to send ICMP Destination Unreachable pack-
ets. This limits the rate at which packets are sent to
any individual route or destination. The limit does
not affect sending of ICMP_FRAG_NEEDED packets needed
for path MTU discovery.
If this value is nonzero, Linux will ignore all
ICMP_ECHO requests.
If this value is nonzero, Linux will ignore all
ICMP_ECHO packets sent to broadcast addresses.
Page 1 Linux (printed 5/24/22)
ICMP(7) (2017-11-26) ICMP(7)
Maximum rate for sending ICMP_ECHOREPLY packets in
response to ICMP_ECHOREQUEST packets.
Linux 2.6.12)
h�t�m
h�t�m�l�m�a�n�r�e�f�s�t�a�r�t�i�c�m�p�_�i�g�n�o�r�e�_�b�o�g�u�s�_�e�r�r�o�r�_�r�e�s�p�o�n�s�e�s�(�B�o�o�l�e�a�n�;�d�e�f�a�u�l�t�:�d�i�s�a�b�l�e�d�;�s�i�n�c�e�L�i�n�u�x�2�.�2�) .}f Some routers violate RFC1122 by sending bogus
responses to broadcast frames. Such violations are
normally logged via a kernel warning. If this parame-
ter is enabled, the kernel will not give such warnings,
which will avoid log file clutter.
Maximum rate for sending ICMP_PARAMETERPROB packets.
These packets are sent when a packet arrives with an
invalid IP header.
h�t�m�l�m�a�n�r�e�f�e�n�d�i�c�m�p�_�r�a�t�e�l�i�m�i�t�(�i�n�t�e�g�e�r�;�d
h�t�m�l�m�a�n�r�e�f�s�t�a�r�t�i�c�m�p�_�r�a�t�e�m�a�s�k�h�t�m�l�m�a�n�r�e�f�e�n�d�i�c�m�p�_�r�a�t�e�m�a�s�k
h�t�m�l�m�a�n�r�e�f�s�t�a�r�t�i�c�m�p�_�r�a�t�e�m�a�s�k�(�i�n�t�e�g�e�r�;�d�e�f�a�u�l�t�:�s�e�e�b�e�l�o�w�;�s�i�n�c�e�L�i�n�u�x�2�.�4�.�1�0�)
.}f Mask made of ICMP types for which rates are being
limited.
Significant bits: IHGFEDCBA9876543210
Default mask: 0000001100000011000 (0x1818)
Bit definitions (see the Linux kernel source file
include/linux/icmp.h):
l l. 0 Echo Reply 3 Destination Unreachable * 4
Source Quench * 5 Redirect 8 Echo Request B Time
Exceeded * C Parameter Problem * D Timestamp
Request E Timestamp Reply F Info Request G Info
Reply H Address Mask Request I Address Mask
Page 2 Linux (printed 5/24/22)
ICMP(7) (2017-11-26) ICMP(7)
Reply
The bits marked with an asterisk are rate limited by default
(see the default mask above).
Maximum rate for sending ICMP_TIME_EXCEEDED packets.
These packets are sent to prevent loops when a packet
has crossed too many hops.
2.6.39)
h�t�m�l�m�a�n�r�e�f�e�n�d�p�i�n
h�t�m�l�<�H�4�> h�t�m�l�<�/�H�4�>
h�t�m�l�<�H�4�> h�t�m�l�<�/�H�4�>
h�t�m�l�<�H�4�> h�t�m�l�<�/�H�4�>
h�t�m�l�<�H�4�> h�t�m�l�<�/�H�4�>