f171a45bf6
Cross-reference pf.conf(5) which is able to use these definitions. PR: 85243 Submitted by: Daniel Gerzo Obtained from: OpenBSD MFC after: 1 day
255 lines
8.7 KiB
Groff
255 lines
8.7 KiB
Groff
.\" Copyright (c) 1986, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)icmp.4 8.1 (Berkeley) 6/5/93
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd February 9, 2007
|
|
.Dt ICMP 4
|
|
.Os
|
|
.Sh NAME
|
|
.Nm icmp
|
|
.Nd Internet Control Message Protocol
|
|
.Sh SYNOPSIS
|
|
.In sys/types.h
|
|
.In sys/socket.h
|
|
.In netinet/in.h
|
|
.Ft int
|
|
.Fn socket AF_INET SOCK_RAW proto
|
|
.Sh DESCRIPTION
|
|
.Tn ICMP
|
|
is the error and control message protocol used
|
|
by
|
|
.Tn IP
|
|
and the Internet protocol family.
|
|
It may be accessed
|
|
through a
|
|
.Dq raw socket
|
|
for network monitoring
|
|
and diagnostic functions.
|
|
The
|
|
.Fa proto
|
|
parameter to the socket call to create an
|
|
.Tn ICMP
|
|
socket
|
|
is obtained from
|
|
.Xr getprotobyname 3 .
|
|
.Tn ICMP
|
|
sockets are connectionless,
|
|
and are normally used with the
|
|
.Xr sendto 2
|
|
and
|
|
.Xr recvfrom 2
|
|
calls, though the
|
|
.Xr connect 2
|
|
call may also be used to fix the destination for future
|
|
packets (in which case the
|
|
.Xr read 2
|
|
or
|
|
.Xr recv 2
|
|
and
|
|
.Xr write 2
|
|
or
|
|
.Xr send 2
|
|
system calls may be used).
|
|
.Pp
|
|
Outgoing packets automatically have an
|
|
.Tn IP
|
|
header prepended to
|
|
them (based on the destination address).
|
|
Incoming packets are received with the
|
|
.Tn IP
|
|
header and options intact.
|
|
.Ss Types
|
|
ICMP messages are classified according to the type and code fields
|
|
present in the ICMP header.
|
|
The abbreviations for the types and codes may be used in rules in
|
|
.Xr pf.conf 5 .
|
|
The following types are defined:
|
|
.Bl -column x xxxxxxxxxxxx -offset indent
|
|
.It Sy Num Ta Sy Abbrev. Ta Sy Description
|
|
.It 0 Ta echorep Ta "Echo reply"
|
|
.It 3 Ta unreach Ta "Destination unreachable"
|
|
.It 4 Ta squench Ta "Packet loss, slow down"
|
|
.It 5 Ta redir Ta "Shorter route exists"
|
|
.It 6 Ta althost Ta "Alternate host address"
|
|
.It 8 Ta echoreq Ta "Echo request"
|
|
.It 9 Ta routeradv Ta "Router advertisement"
|
|
.It 10 Ta routersol Ta "Router solicitation"
|
|
.It 11 Ta timex Ta "Time exceeded"
|
|
.It 12 Ta paramprob Ta "Invalid IP header"
|
|
.It 13 Ta timereq Ta "Timestamp request"
|
|
.It 14 Ta timerep Ta "Timestamp reply"
|
|
.It 15 Ta inforeq Ta "Information request"
|
|
.It 16 Ta inforep Ta "Information reply"
|
|
.It 17 Ta maskreq Ta "Address mask request"
|
|
.It 18 Ta maskrep Ta "Address mask reply"
|
|
.It 30 Ta trace Ta Traceroute
|
|
.It 31 Ta dataconv Ta "Data conversion problem"
|
|
.It 32 Ta mobredir Ta "Mobile host redirection"
|
|
.It 33 Ta ipv6-where Ta "IPv6 where-are-you"
|
|
.It 34 Ta ipv6-here Ta "IPv6 i-am-here"
|
|
.It 35 Ta mobregreq Ta "Mobile registration request"
|
|
.It 36 Ta mobregrep Ta "Mobile registration reply"
|
|
.It 39 Ta skip Ta SKIP
|
|
.It 40 Ta photuris Ta Photuris
|
|
.El
|
|
.Pp
|
|
The following codes are defined:
|
|
.Bl -column x xxxxxxxxxxxx xxxxxxxx -offset indent
|
|
.It Sy Num Ta Sy Abbrev. Ta Sy Type Ta Sy Description
|
|
.It 0 Ta net-unr Ta unreach Ta "Network unreachable"
|
|
.It 1 Ta host-unr Ta unreach Ta "Host unreachable"
|
|
.It 2 Ta proto-unr Ta unreach Ta "Protocol unreachable"
|
|
.It 3 Ta port-unr Ta unreach Ta "Port unreachable"
|
|
.It 4 Ta needfrag Ta unreach Ta "Fragmentation needed but DF bit set"
|
|
.It 5 Ta srcfail Ta unreach Ta "Source routing failed"
|
|
.It 6 Ta net-unk Ta unreach Ta "Network unknown"
|
|
.It 7 Ta host-unk Ta unreach Ta "Host unknown"
|
|
.It 8 Ta isolate Ta unreach Ta "Host isolated"
|
|
.It 9 Ta net-prohib Ta unreach Ta "Network administratively prohibited"
|
|
.It 10 Ta host-prohib Ta unreach Ta "Host administratively prohibited"
|
|
.It 11 Ta net-tos Ta unreach Ta "Invalid TOS for network"
|
|
.It 12 Ta host-tos Ta unreach Ta "Invalid TOS for host"
|
|
.It 13 Ta filter-prohib Ta unreach Ta "Prohibited access"
|
|
.It 14 Ta host-preced Ta unreach Ta "Precedence violation"
|
|
.It 15 Ta cutoff-preced Ta unreach Ta "Precedence cutoff"
|
|
.It 0 Ta redir-net Ta redir Ta "Shorter route for network"
|
|
.It 1 Ta redir-host Ta redir Ta "Shorter route for host"
|
|
.It 2 Ta redir-tos-net Ta redir Ta "Shorter route for TOS and network"
|
|
.It 3 Ta redir-tos-host Ta redir Ta "Shorter route for TOS and host"
|
|
.It 0 Ta normal-adv Ta routeradv Ta "Normal advertisement"
|
|
.It 16 Ta common-adv Ta routeradv Ta "Selective advertisement"
|
|
.It 0 Ta transit Ta timex Ta "Time exceeded in transit"
|
|
.It 1 Ta reassemb Ta timex Ta "Time exceeded in reassembly"
|
|
.It 0 Ta badhead Ta paramprob Ta "Invalid option pointer"
|
|
.It 1 Ta optmiss Ta paramprob Ta "Missing option"
|
|
.It 2 Ta badlen Ta paramprob Ta "Invalid length"
|
|
.It 1 Ta unknown-ind Ta photuris Ta "Unknown security index"
|
|
.It 2 Ta auth-fail Ta photuris Ta "Authentication failed"
|
|
.It 3 Ta decrypt-fail Ta photuris Ta "Decryption failed"
|
|
.El
|
|
.Ss MIB Variables
|
|
The
|
|
.Tn ICMP
|
|
protocol implements a number of variables in the
|
|
.Va net.inet.icmp
|
|
branch of the
|
|
.Xr sysctl 3
|
|
MIB.
|
|
.Bl -tag -width ".Va icmplim_output"
|
|
.It Va maskrepl
|
|
.Pq Vt boolean
|
|
Enable/disable replies to ICMP Address Mask Request packets.
|
|
Defaults to false.
|
|
.It Va maskfake
|
|
.Pq Vt "unsigned integer"
|
|
When
|
|
.Va maskrepl
|
|
is set and this value is non-zero,
|
|
it will be used instead of the real address mask when
|
|
the system replies to an ICMP Address Mask Request packet.
|
|
Defaults to 0.
|
|
.It Va icmplim
|
|
.Pq Vt integer
|
|
Bandwidth limit for ICMP replies in packets/second.
|
|
Used when
|
|
.Va icmplim_output
|
|
is non-zero.
|
|
Defaults to 200.
|
|
.It Va icmplim_output
|
|
.Pq Vt boolean
|
|
Enable/disable bandwidth limiting of ICMP replies.
|
|
Defaults to true.
|
|
.It Va drop_redirect
|
|
.Pq Vt boolean
|
|
Enable/disable dropping of ICMP Redirect packets.
|
|
Defaults to false.
|
|
.It Va log_redirect
|
|
.Pq Vt boolean
|
|
Enable/disable logging of ICMP Redirect packets.
|
|
Defaults to false.
|
|
.It Va bmcastecho
|
|
.Pq Vt boolean
|
|
Enable/disable ICMP replies received via broadcast or multicast.
|
|
Defaults to false.
|
|
.It Va reply_src
|
|
.Pq Vt str
|
|
An interface name used for the ICMP reply source in response to packets
|
|
which are not directly addressed to us.
|
|
By default continue with normal source selection.
|
|
.It Va reply_from_interface
|
|
.Pq Vt boolean
|
|
Use the IP address of the interface the packet came through in for
|
|
responses to packets which are not directly addressed to us.
|
|
If enabled, this rule is processed before all others.
|
|
By default, continue with normal source selection.
|
|
Enabling this option is particularly useful on routers because it
|
|
makes external traceroutes show the actual path a packet has taken
|
|
instead of the possibly different return path.
|
|
.It Va quotelen
|
|
.Pq Vt integer
|
|
Number of bytes from original packet to quote in ICMP reply.
|
|
This number is internally enforced to be at least 8 bytes (per RFC792)
|
|
and at most the maximal space left in the ICMP reply mbuf.
|
|
.El
|
|
.Sh ERRORS
|
|
A socket operation may fail with one of the following errors returned:
|
|
.Bl -tag -width Er
|
|
.It Bq Er EISCONN
|
|
when trying to establish a connection on a socket which
|
|
already has one, or when trying to send a datagram with the destination
|
|
address specified and the socket is already connected;
|
|
.It Bq Er ENOTCONN
|
|
when trying to send a datagram, but
|
|
no destination address is specified, and the socket has not been
|
|
connected;
|
|
.It Bq Er ENOBUFS
|
|
when the system runs out of memory for
|
|
an internal data structure;
|
|
.It Bq Er EADDRNOTAVAIL
|
|
when an attempt is made to create a
|
|
socket with a network address for which no network interface
|
|
exists.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr recv 2 ,
|
|
.Xr send 2 ,
|
|
.Xr inet 4 ,
|
|
.Xr intro 4 ,
|
|
.Xr ip 4 ,
|
|
.Xr pf.conf 5
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
protocol appeared in
|
|
.Bx 4.3 .
|