Penguin

Differences between current version and predecessor to the previous major change of ip(8).

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 2 Last edited on Wednesday, August 10, 2005 10:41:07 am by AdrianKitto
Older page: version 1 Last edited on Tuesday, June 4, 2002 12:31:13 am by perry Revert
@@ -8,49 +8,1197 @@
 ---- 
 !!NAME 
  
  
-ip, rtmon , rtacct, routef, routel - No manpage available.  
-!!DESCRIPTION  
+ip - show / manipulate routing , devices , policy routing and tunnels  
+!!SYNOPSIS  
+<verbatim>  
+ ip [ OPTIONS ] OBJECT { COMMAND | help }  
  
  
-This program does not have a useful manpage. When a manpage  
-becomes available it will be included. If you are a  
-competent and accurate writer and are willing to spend the  
-time reading the source code and writing good manpages  
-please write a better man page than this one. Please  
-__contact__ the __package maintainer__ in order to  
-avoid several people working on the same  
-manpage.  
+ OBJECT := { link | addr | route | rule | neigh | tunnel | maddr |  
+ mroute | monitor }  
  
  
-You can start reading the very good documents available in  
-the /usr/share/doc/iproute/ directory, in __.ps, .dvi__  
-and __.tex__ formats.  
+ OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet  
+ | inet6 | ipx | dnet | link } | -o[neline] }  
  
+ ip link set DEVICE { up | down | arp { on | off } |  
+ promisc { on | off } |  
+ allmulti { on | off } |  
+ dynamic { on | off } |  
+ multicast { on | off } |  
+ txqueuelen PACKETS |  
+ name NEWNAME |  
+ address LLADDR | broadcast LLADDR |  
+ mtu MTU }  
  
-In particular, you can find the __IP command reference  
-manual__ in the __/usr/share/doc/iproute/ ip-cref.*__  
-files.  
+ ip link show [ DEVICE ]  
  
+ ip addr { add | del } IFADDR dev STRING  
  
-To read __ ip-cref.dvi__ run __xdvi ip-cref.ps__ and to  
-read __ip -cref.ps__ run __gv  
-ip-cref.ps.__  
-!!SEE ALSO  
+ ip addr { show | flush } [ dev STRING ] [ scope SCOPE -ID ] [ to PREFIX  
+ ] [ FLAG -LIST ] [ label PATTERN ]  
  
+ IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ]  
+ [ label STRING ] [ scope SCOPE-ID ]  
  
-dvips(1), gv(1x), latex(1),  
-undocumented(7).  
-!!AUTHOR  
+ SCOPE-ID := [ host | link | global | NUMBER ]  
  
+ FLAG-LIST := [ FLAG-LIST ] FLAG  
  
-This manpage has been written by Roberto Lumbreras  
-undocumented__(7)  
-manpage, written by Erick Branderhorst  
-__  
-!!THANKS  
+ FLAG := [ permanent | dynamic | secondary | primary | tentative | dep-  
+ recated ]  
  
+ ip route { list | flush } SELECTOR  
  
-Kai Henningsen , Ian Jackson , David H . Silber , Carl  
-Streeter .  
----- 
+ ip route get ADDRESS [ from ADDRESS iif STRING ] [ oif STRING ] [ tos  
+ TOS ]  
+  
+ ip route { add | del | change | append | replace | monitor } ROUTE  
+  
+ SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table  
+ TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]  
+  
+ ROUTE := NODE_SPEC [ INFO_SPEC ]  
+  
+ NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto  
+ RTPROTO ] [ scope SCOPE ] [ metric METRIC ]  
+  
+ INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ] ...  
+  
+ NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS  
+  
+ OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt NUMBER ] [  
+ rttvar NUMBER ] [ window NUMBER ] [ cwnd NUMBER ] [ ssthresh  
+ REALM ] [ realms REALM ]  
+  
+ TYPE := [ unicast | local | broadcast | multicast | throw | unreachable  
+ | prohibit | blackhole | nat ]  
+  
+ TABLE_ID := [ local| main | default | all | NUMBER ]  
+  
+ SCOPE := [ host | link | global | NUMBER ]  
+  
+ FLAGS := [ equalize ]  
+  
+ NHFLAGS := [ onlink | pervasive ]  
+  
+ RTPROTO := [ kernel | boot | static | NUMBER ]  
+  
+ ip rule [ list | add | del ] SELECTOR ACTION  
+  
+ SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ]  
+ [ dev STRING ] [ pref NUMBER ]  
+  
+ ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ prohibit | reject |  
+ unreachable ] [ realms [SRCREALM/]DSTREALM ]  
+  
+ TABLE_ID := [ local | main | default | NUMBER ]  
+  
+ ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [  
+ nud { permanent | noarp | stale | reachable } ] | proxy ADDR }  
+ [ dev DEV ]  
+  
+ ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]  
+  
+ ip tunnel { add | change | del | show } [ NAME ]  
+ [ mode { ipip | gre | sit } ]  
+ [ remote ADDR ] [ local ADDR ]  
+ [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]  
+ [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ]  
+ [ dev PHYS_DEV ]  
+  
+ ADDR := { IP_ADDRESS | any }  
+  
+ TOS := { NUMBER | inherit }  
+  
+ TTL := { 1..255 | inherit }  
+  
+ KEY := { DOTTED_QUAD | NUMBER }  
+  
+ ip maddr [ add | del ] MULTIADDR dev STRING  
+  
+ ip maddr show [ dev STRING ]  
+  
+ ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]  
+  
+ ip monitor [ all | LISTofOBJECTS ]  
+</verbatim>  
+!!OPTIONS  
+  
+ -V , -Version  
+ print the version of the ip utility and exit.  
+  
+  
+ -s , -stats, -statistics  
+ output more information . If the option appears twice or more ,  
+ the amount of information increases . As a rule, the information  
+ is statistics or some time values.  
+  
+  
+ -f, -family  
+ followed by protocol family identifier: inet, inet6 or link  
+ ,enforce the protocol family to use. If the option is not  
+ present, the protocol family is guessed from other arguments.  
+ If the rest of the command line does not give enough information  
+ to guess the family, ip falls back to the default one, usually  
+ inet or any. link is a special family identifier meaning that  
+ no networking protocol is involved.  
+  
+  
+ -4 shortcut for -family inet.  
+  
+  
+ -6 shortcut for -family inet6.  
+  
+  
+ -0 shortcut for -family link.  
+  
+  
+ -o, -oneline  
+ output each record on a single line, replacing line feeds with  
+ the '\' character. This is convenient when you want to count  
+ records with wc(1)  
+ or to grep(1) the output.  
+  
+  
+ -r, -resolve  
+ use the system's name resolver to print DNS names instead of  
+ host addresses.  
+  
+!!IP - COMMAND SYNTAX  
+ OBJECT  
+ link - network device.  
+  
+  
+ address  
+ - protocol (IP or IPv6) address on a device.  
+  
+ neighbour  
+ - ARP or NDISC cache entry.  
+  
+  
+ route - routing table entry.  
+  
+  
+ rule - rule in routing policy database.  
+  
+  
+ maddress  
+ - multicast address.  
+  
+  
+ mroute - multicast routing cache entry.  
+  
+  
+ tunnel - tunnel over IP.  
+  
+  
+ The names of all objects may be written in full or abbreviated form,  
+ f.e. address is abbreviated as addr or just a.  
+  
+  
+ COMMAND  
+ Specifies the action to perform on the object. The set of possible  
+ actions depends on the object type. As a rule, it is possible to add,  
+ delete and show (or list ) objects, but some objects do not allow all  
+ of these operations or have some additional commands. The help command  
+ is available for all objects. It prints out a list of available com-  
+ mands and argument syntax conventions.  
+  
+ If no command is given, some default command is assumed. Usually it is  
+ list or, if the objects of this class cannot be listed, help.  
+  
+  
+ip link - network device configuration  
+ link is a network device and the corresponding commands display and  
+ change the state of devices.  
+  
+  
+ ip link set - change device attributes  
+ dev NAME (default)  
+ NAME specifies network device to operate on.  
+  
+  
+ up and down  
+ change the state of the device to UP or DOWN.  
+  
+ arp on or arp off  
+ change the NOARP flag on the device.  
+  
+  
+ multicast on or multicast off  
+ change the MULTICAST flag on the device.  
+  
+  
+ dynamic on or dynamic off  
+ change the DYNAMIC flag on the device.  
+  
+  
+ name NAME  
+ change the name of the device. This operation is not recom-  
+ mended if the device is running or has some addresses already  
+ configured.  
+  
+  
+ txqueuelen NUMBER  
+  
+ txqlen NUMBER  
+ change the transmit queue length of the device.  
+  
+  
+ mtu NUMBER  
+ change the MTU of the device.  
+  
+  
+ address LLADDRESS  
+ change the station address of the interface.  
+  
+  
+ broadcast LLADDRESS  
+  
+ brd LLADDRESS  
+  
+ peer LLADDRESS  
+ change the link layer broadcast address or the peer address when  
+ the interface is POINTOPOINT.  
+  
+  
+ Warning: If multiple parameter changes are requested, ip aborts immedi-  
+ ately after any of the changes have failed. This is the only case when  
+ ip can move the system to an unpredictable state. The solution is to  
+ avoid changing several parameters with one ip link set call.  
+  
+  
+ ip link show - display device attributes  
+ dev NAME (default)  
+ NAME specifies the network device to show. If this argument is  
+ omitted all devices are listed.  
+  
+ up only display running interfaces.  
+  
+  
+ip address - protocol address management.  
+ The address is a protocol (IP or IPv6) address attached to a network  
+ device. Each device must have at least one address to use the corre-  
+ sponding protocol. It is possible to have several different addresses  
+ attached to one device. These addresses are not discriminated, so that  
+ the term alias is not quite appropriate for them and we do not use it  
+ in this document.  
+  
+ The ip addr command displays addresses and their properties, adds new  
+ addresses and deletes old ones.  
+  
+  
+ ip address add - add new protocol address.  
+ dev NAME  
+ the name of the device to add the address to.  
+  
+  
+ local ADDRESS (default)  
+ the address of the interface. The format of the address depends  
+ on the protocol. It is a dotted quad for IP and a sequence of  
+ hexadecimal halfwords separated by colons for IPv6. The ADDRESS  
+ may be followed by a slash and a decimal number which encodes  
+ the network prefix length.  
+  
+  
+ peer ADDRESS  
+ the address of the remote endpoint for pointopoint interfaces.  
+ Again, the ADDRESS may be followed by a slash and a decimal num-  
+ ber, encoding the network prefix length. If a peer address is  
+ specified, the local address cannot have a prefix length. The  
+ network prefix is associated with the peer rather than with the  
+ local address.  
+  
+  
+ broadcast ADDRESS  
+ the broadcast address on the interface.  
+  
+ It is possible to use the special symbols '+' and '-' instead of  
+ the broadcast address. In this case, the broadcast address is  
+ derived by setting/resetting the host bits of the interface pre-  
+ fix.  
+  
+  
+ label NAME  
+ Each address may be tagged with a label string. In order to  
+ preserve compatibility with Linux-2.0 net aliases, this string  
+ must coincide with the name of the device or must be prefixed  
+ with the device name followed by colon.  
+  
+  
+ scope SCOPE_VALUE  
+ the scope of the area where this address is valid. The avail-  
+ able scopes are listed in file /etc/iproute2/rt_scopes.  
+ to PREFIX  
+ only list addresses matching this prefix.  
+  
+  
+ label PATTERN  
+ only list addresses with labels matching the PATTERN. PATTERN  
+ is a usual shell style pattern.  
+  
+  
+ dynamic and permanent  
+ (IPv6 only) only list addresses installed due to stateless  
+ address configuration or only list permanent (not dynamic)  
+ addresses.  
+  
+  
+ tentative  
+ (IPv6 only) only list addresses which did not pass duplicate  
+ address detection.  
+  
+  
+ deprecated  
+ (IPv6 only) only list deprecated addresses.  
+  
+  
+ primary and secondary  
+ only list primary (or secondary) addresses.  
+  
+  
+ ip address flush - flush protocol addresses  
+ This command flushes the protocol addresses selected by some criteria.  
+  
+  
+ This command has the same arguments as show. The difference is that it  
+ does not run when no arguments are given.  
+  
+  
+ Warning: This command (and other flush commands described below) is  
+ pretty dangerous. If you make a mistake, it will not forgive it, but  
+ will cruelly purge all the addresses.  
+  
+  
+ With the -statistics option, the command becomes verbose. It prints out  
+ the number of deleted addresses and the number of rounds made to flush  
+ the address list. If this option is given twice, ip addr flush also  
+ dumps all the deleted addresses in the format described in the previous  
+ subsection.  
+  
+  
+ip neighbour - neighbour/arp tables management.  
+ neighbour objects establish bindings between protocol addresses and  
+ link layer addresses for hosts sharing the same link. Neighbour  
+ entries are organized into tables. The IPv4 neighbour table is known by  
+ another name - the ARP table.  
+  
+  
+ The corresponding commands display neighbour bindings and their proper-  
+ ties, add new neighbour entries and delete old ones.  
+  
+  
+ ip neighbour add - add a new neighbour entry  
+ ip neighbour change - change an existing entry  
+ ip neighbour replace - add a new entry or change an existing one  
+ These commands create new neighbour records or update existing ones.  
+  
+  
+ to ADDRESS (default)  
+ the protocol address of the neighbour. It is either an IPv4 or  
+ IPv6 address.  
+  
+  
+ dev NAME  
+ the interface to which this neighbour is attached.  
+  
+  
+ lladdr LLADDRESS  
+ the link layer address of the neighbour. LLADDRESS can also be  
+ null.  
+  
+  
+ nud NUD_STATE  
+ the state of the neighbour entry. nud is an abbreviation for  
+ 'Neigh bour Unreachability Detection'. The state can take one  
+ of the following values:  
+  
+ permanent - the neighbour entry is valid forever and can  
+ be only be removed administratively.  
+  
+  
+ noarp - the neighbour entry is valid. No attempts to  
+ validate this entry will be made but it can be removed  
+ when its lifetime expires.  
+  
+  
+ reachable - the neighbour entry is valid until the  
+ reachability timeout expires.  
+  
+  
+ stale - the neighbour entry is valid but suspicious.  
+ This option to ip neigh does not change the neighbour  
+ state if it was valid and the address is not changed by  
+ this command.  
+  
+  
+ ip neighbour delete - delete a neighbour entry  
+ This command invalidates a neighbour entry.  
+  
+  
+ The arguments are the same as with ip neigh add, except that lladdr and  
+ nud are ignored.  
+  
+  
+ Warning: Attempts to delete or manually change a noarp entry created by  
+ the kernel may result in unpredictable behaviour. Particularly, the  
+ kernel may try to resolve this address even on a NOARP interface or if  
+ the address is multicast or broadcast.  
+  
+  
+ ip neighbour show - list neighbour entries  
+ This commands displays neighbour tables.  
+  
+  
+ to ADDRESS (default)  
+ the prefix selecting the neighbours to list.  
+  
+  
+ dev NAME  
+ only list the neighbours attached to this device.  
+  
+  
+ unused only list neighbours which are not currently in use.  
+  
+  
+ nud NUD_STATE  
+ only list neighbour entries in this state. NUD_STATE takes val-  
+ ues listed below or the special value all which means all  
+ states. This option may occur more than once. If this option  
+ is absent, ip lists all entries except for none and noarp.  
+  
+  
+ ip neighbour flush - flush neighbour entries  
+ This command flushes neighbour tables, selecting entries to flush by  
+ some criteria.  
+  
+  
+ This command has the same arguments as show. The differences are that  
+ it does not run when no arguments are given, and that the default  
+ neighbour states to be flushed do not include permanent and noarp.  
+  
+  
+ With the -statistics option, the command becomes verbose. It prints  
+ out the number of deleted neighbours and the number of rounds made to  
+ flush the neighbour table. If the option is given twice, ip neigh  
+ flush also dumps all the deleted neighbours.  
+  
+  
+ip route - routing table management  
+ Manipulate route entries in the kernel routing tables keep information  
+ about paths to other networked nodes.  
+  
+ Route types:  
+ unicast - the route entry describes real paths to the destina-  
+ tions covered by the route prefix.  
+  
+  
+ unreachable - these destinations are unreachable. Packets are  
+ discarded and the ICMP message host unreachable is generated.  
+ The local senders get an EHOSTUNREACH error.  
+  
+  
+ blackhole - these destinations are unreachable. Packets are  
+ discarded silently. The local senders get an EINVAL error.  
+  
+  
+ prohibit - these destinations are unreachable. Packets are  
+ discarded and the ICMP message communication administratively  
+ prohibited is generated. The local senders get an EACCES  
+ error.  
+  
+  
+ local - the destinations are assigned to this host. The pack-  
+ ets are looped back and delivered locally.  
+  
+  
+ broadcast - the destinations are broadcast addresses. The  
+ packets are sent as link broadcasts.  
+  
+  
+ throw - a special control route used together with policy  
+ rules. If such a route is selected, lookup in this table is  
+ terminated pretending that no route was found. Without policy  
+ routing it is equivalent to the absence of the route in the  
+ routing table. The packets are dropped and the ICMP message  
+ net unreachable is generated. The local senders get an ENETUN-  
+ REACH error.  
+  
+  
+ nat - a special NAT route. Destinations covered by the prefix  
+ are considered to be dummy (or external) addresses which  
+ require translation to real (or internal) ones before forward-  
+ ing. The addresses to translate to are selected with the  
+ attribute via.  
+  
+  
+ anycast - not implemented the destinations are anycast  
+ addresses assigned to this host. They are mainly equivalent to  
+ local with one difference: such addresses are invalid when used  
+ as the source address of any packet.  
+  
+  
+ multicast - a special type used for multicast routing. It is  
+ not present in normal routing tables.  
+  
+  
+ Route tables: Linux-2.x can pack routes into several routing tables  
+ identified by a number in the range from 1 to 255 or by name from the  
+ file /etc/iproute2/rt_tables main table (ID 254) and the kernel only  
+ uses this table when calculating routes.  
+  
+  
+ Actually, one other table always exists, which is invisible but even  
+ more important. It is the local table (ID 255). This table consists  
+ of routes for local and broadcast addresses. The kernel maintains this  
+ table automatically and the administrator usually need not modify it or  
+ even look at it.  
+  
+ The multiple routing tables enter the game when policy routing is used.  
+  
+  
+ ip route add - add new route  
+ ip route change - change route  
+ ip route replace - change or add new one  
+ to TYPE PREFIX (default)  
+ the destination prefix of the route. If TYPE is omitted, ip  
+ assumes type unicast. Other values of TYPE are listed above.  
+ PREFIX is an IP or IPv6 address optionally followed by a slash  
+ and the prefix length. If the length of the prefix is missing,  
+ ip assumes a full-length host route. There is also a special  
+ PREFIX default - which is equivalent to IP /0 or to IPv6 ::/.  
+  
+  
+ tos TOS  
+  
+ dsfield TOS  
+ the Type Of Service (TOS) key. This key has no associated mask  
+ and the longest match is understood as: First, compare the TOS  
+ of the route and of the packet. If they are not equal, then the  
+ packet may still match a route with a zero TOS. TOS is either  
+ an 8 bit hexadecimal number or an identifier from  
+ /etc/iproute2/rt_dsfield.  
+  
+  
+ metric NUMBER  
+  
+ preference NUMBER  
+ the preference value of the route. NUMBER is an arbitrary 32bit  
+ number.  
+  
+  
+ table TABLEID  
+ the table to add this route to. TABLEID may be a number or a  
+ string from the file /etc/iproute2/rt_tables. If this parameter  
+ is omitted, ip assumes the main table, with the exception of  
+ local , broadcast and nat routes, which are put into the local  
+ table by default.  
+  
+  
+ dev NAME  
+ the output device name.  
+  
+  
+ via ADDRESS  
+ the address of the nexthop router. Actually, the sense of this  
+ field depends on the route type. For normal unicast routes it  
+ is either the true next hop router or, if it is a direct route  
+ installed in BSD compatibility mode, it can be a local address  
+ of the interface. For NAT routes it is the first address of the  
+ block of translated IP destinations.  
+  
+  
+ src ADDRESS  
+ the source address to prefer when sending to the destinations  
+ covered by the route prefix.  
+  
+  
+ realm REALMID  
+ the realm to which this route is assigned. REALMID may be a  
+ number or a string from the file /etc/iproute2/rt_realms.  
+  
+  
+ mtu MTU  
+  
+ mtu lock MTU  
+ the MTU along the path to the destination. If the modifier lock  
+ is not used, the MTU may be updated by the kernel due to Path  
+ MTU Discovery. If the modifier lock is used, no path MTU dis-  
+ covery will be tried, all packets will be sent without the DF  
+ bit in IPv4 case or fragmented to MTU for IPv6.  
+  
+  
+ window NUMBER  
+ the maximal window for TCP to advertise to these destinations,  
+ measured in bytes. It limits maximal data bursts that our TCP  
+ peers are allowed to send to us.  
+  
+  
+ rtt NUMBER  
+ the initial RTT ('Round Trip Time') estimate.  
+  
+  
+ rttvar NUMBER (2.3.15+ only)  
+ the initial RTT variance estimate.  
+  
+  
+ ssthresh NUMBER (2.3.15+ only)  
+ an estimate for the initial slow start threshold.  
+  
+  
+ cwnd NUMBER (2.3.15+ only)  
+ the clamp for congestion window. It is ignored if the lock flag  
+ is not used.  
+  
+  
+ advmss NUMBER (2.3.15+ only)  
+ the MSS ('Maximal Segment Size') to advertise to these destina-  
+ tions when establishing TCP connections. If it is not given,  
+ Linux uses a default value calculated from the first hop device  
+ MTU. (If the path to these destination is asymmetric, this  
+ guess may be wrong.)  
+  
+  
+ reordering NUMBER (2.3.15+ only)  
+ Maximal reordering on the path to this destination. If it is  
+ not given, Linux uses the value selected with sysctl variable  
+ net/ipv4/tcp_reordering.  
+  
+  
+ nexthop NEXTHOP  
+ the nexthop of a multipath route. NEXTHOP is a complex value  
+ with its own syntax similar to the top level argument lists:  
+  
+ via ADDRESS - is the nexthop router.  
+  
+  
+ dev NAME - is the output device.  
+  
+  
+ weight NUMBER - is a weight for this element of a multi-  
+ path route reflecting its relative bandwidth or quality.  
+  
+  
+ scope SCOPE_VAL  
+ the scope of the destinations covered by the route prefix.  
+ SCOPE_VAL may be a number or a string from the file  
+ /etc/iproute2/rt_scopes. If this parameter is omitted, ip  
+ assumes scope global for all gatewayed unicast routes, scope  
+ link for direct unicast and broadcast routes and scope host for  
+ local routes.  
+  
+  
+ protocol RTPROTO  
+ the routing protocol identifier of this route. RTPROTO may be a  
+ number or a string from the file /etc/iproute2/rt_protos. If  
+ the routing protocol ID is not given, ip assumes protocol boot  
+ (i.e. it assumes the route was added by someone who doesn't  
+ understand what they are doing). Several protocol values have a  
+ fixed interpretation. Namely:  
+  
+ redirect - the route was installed due to an ICMP redi-  
+ rect.  
+  
+  
+ kernel - the route was installed by the kernel during  
+ autoconfiguration.  
+  
+  
+ boot - the route was installed during the bootup  
+ sequence. If a routing daemon starts, it will purge all  
+ of them.  
+  
+  
+ static - the route was installed by the administrator to  
+ override dynamic routing. Routing daemon will respect  
+ them and, probably, even advertise them to its peers.  
+  
+  
+ ra - the route was installed by Router Discovery proto-  
+ col.  
+  
+ The rest of the values are not reserved and the administrator is  
+ free to assign (or not to assign) protocol tags.  
+  
+  
+ onlink pretend that the nexthop is directly attached to this link, even  
+ if it does not match any interface prefix.  
+  
+  
+ equalize  
+ allow packet by packet randomization on multipath routes. With-  
+ out this modifier, the route will be frozen to one selected nex-  
+ thop, so that load splitting will only occur on per-flow base.  
+ equalize only works if the kernel is patched.  
+  
+  
+ ip route delete - delete route  
+ ip route del has the same arguments as ip route add, but their seman-  
+ tics are a bit different.  
+  
+ Key values (to, tos, preference and table) select the route to delete.  
+ If optional attributes are present, ip verifies that they coincide with  
+ the attributes of the route to delete. If no route with the given key  
+ and attributes was found, ip route del fails.  
+  
+  
+ ip route show - list routes  
+ the command displays the contents of the routing tables or the route(s)  
+ selected by some criteria.  
+  
+  
+ to SELECTOR (default)  
+ only select routes from the given range of destinations. SELEC-  
+ TOR consists of an optional modifier (root, match or exact) and  
+ a prefix. root PREFIX selects routes with prefixes not shorter  
+ than PREFIX. F.e. root /0 selects the entire routing table.  
+ match PREFIX selects routes with prefixes not longer than PRE-  
+ FIX. F.e. match 10./16 selects 10./16, 10/8 and /, but it  
+ does not select 10.1/16 and 10../24. And exact PREFIX (or  
+ just PREFIX) selects routes with this exact prefix. If neither  
+ of these options are present, ip assumes root /0 i.e. it lists  
+ the entire table.  
+  
+  
+ tos TOS  
+ dsfield TOS only select routes with the given TOS.  
+  
+  
+ table TABLEID  
+ show the routes from this table(s). The default setting is to  
+ show tablemain. TABLEID may either be the ID of a real table or  
+ one of the special values:  
+ all - list all of the tables.  
+  
+ cache - dump the routing cache.  
+  
+  
+ cloned  
+  
+ cached list cloned routes i.e. routes which were dynamically forked  
+ from other routes because some route attribute (f.e. MTU) was  
+ updated. Actually, it is equivalent to table cache.  
+  
+  
+ from SELECTOR  
+ the same syntax as for to, but it binds the source address range  
+ rather than destinations. Note that the from option only works  
+ with cloned routes.  
+  
+  
+ protocol RTPROTO  
+ only list routes of this protocol.  
+  
+  
+ scope SCOPE_VAL  
+ only list routes with this scope.  
+  
+  
+ type TYPE  
+ only list routes of this type.  
+  
+  
+ dev NAME  
+ only list routes going via this device.  
+  
+  
+ via PREFIX  
+ only list routes going via the nexthop routers selected by PRE-  
+ FIX.  
+  
+  
+ src PREFIX  
+ only list routes with preferred source addresses selected by  
+ PREFIX.  
+  
+  
+ realm REALMID  
+  
+ realms FROMREALM/TOREALM  
+ only list routes with these realms.  
+  
+  
+ ip route flush - flush routing tables  
+ this command flushes routes selected by some criteria.  
+  
+ The arguments have the same syntax and semantics as the arguments of ip  
+ route show, but routing tables are not listed but purged. The only  
+ difference is the default action: show dumps all the IP main routing  
+ table but flush prints the helper page.  
+  
+  
+ With the -statistics option, the command becomes verbose. It prints out  
+ the number of deleted routes and the number of rounds made to flush the  
+ routing table. If the option is given twice, ip route flush also dumps  
+ all the deleted routes in the format described in the previous subsec-  
+ tion.  
+  
+  
+ ip route get - get a single route  
+ this command gets a single route to a destination and prints its con-  
+ tents exactly as the kernel sees it.  
+  
+  
+ to ADDRESS (default)  
+ the destination address.  
+  
+  
+ from ADDRESS  
+ the source address.  
+  
+  
+ tos TOS  
+  
+ dsfield TOS  
+ the Type Of Service.  
+  
+  
+ iif NAME  
+ the device from which this packet is expected to arrive.  
+  
+  
+ oif NAME  
+ force the output device on which this packet will be routed.  
+  
+  
+ connected  
+ if no source address (option from) was given, relookup the route  
+ with the source set to the preferred address received from the  
+ first lookup. If policy routing is used, it may be a different  
+ route.  
+  
+  
+ Note that this operation is not equivalent to ip route show. show  
+ shows existing routes. get resolves them and creates new clones if  
+ necessary. Essentially, get is equivalent to sending a packet along  
+ this path. If the iif argument is not given, the kernel creates a  
+ route to output packets towards the requested destination. This is  
+ equivalent to pinging the destination with a subsequent ip route ls  
+ cache, however, no packets are actually sent. With the iif argument,  
+ the kernel pretends that a packet arrived from this interface and  
+ searches for a path to forward the packet.  
+  
+  
+ip rule - routing policy database management  
+ Rules in the routing policy database control the route selection algo-  
+ rithm.  
+  
+  
+ Classic routing algorithms used in the Internet make routing decisions  
+ based only on the destination address of packets (and in theory, but  
+ not in practice, on the TOS field).  
+  
+  
+ In some circumstances we want to route packets differently depending  
+ not only on destination addresses, but also on other packet fields:  
+ source address, IP protocol, transport protocol ports or even packet  
+ payload. This task is called 'policy routing'.  
+  
+  
+ To solve this task, the conventional destination based routing table,  
+ ordered according to the longest match rule, is replaced with a 'rout-  
+ ing policy database' (or RPDB), which selects routes by executing some  
+ set of rules.  
+  
+  
+ Each policy routing rule consists of a selector and an action predi-  
+ cate. The RPDB is scanned in the order of increasing priority. The  
+ selector of each rule is applied to {source address, destination  
+ address, incoming interface, tos, fwmark} and, if the selector matches  
+ the packet, the action is performed. The action predicate may return  
+ with success. In this case, it will either give a route or failure  
+ indication and the RPDB lookup is terminated. Otherwise, the RPDB pro-  
+ gram continues on the next rule.  
+  
+  
+ Semantically, natural action is to select the nexthop and the output  
+ device.  
+  
+  
+ At startup time the kernel configures the default RPDB consisting of  
+ three rules:  
+  
+  
+ 1. Priority: , Selector: match anything, Action: lookup routing  
+ table local (ID 255). The local table is a special routing ta-  
+ ble containing high priority control routes for local and broad-  
+ cast addresses.  
+  
+ Rule 0 is special. It cannot be deleted or overridden.  
+  
+  
+ 2. Priority: 32766, Selector: match anything, Action: lookup rout-  
+ ing table main (ID 254). The main table is the normal routing  
+ table containing all non-policy routes. This rule may be deleted  
+ and/or overridden with other ones by the administrator.  
+  
+  
+ 3. Priority: 32767, Selector: match anything, Action: lookup rout-  
+ ing table default (ID 253). The default table is empty. It is  
+ reserved for some post-processing if no previous default rules  
+ selected the packet. This rule may also be deleted.  
+  
+  
+ Each RPDB entry has additional attributes. F.e. each rule has a  
+ pointer to some routing table. NAT and masquerading rules have an  
+ attribute to select new IP address to translate/masquerade. Besides  
+ that, rules have some optional attributes, which routes have, namely  
+ realms. These values do not override those contained in the routing  
+ tables. They are only used if the route did not select any attributes.  
+  
+  
+ The RPDB may contain rules of the following types:  
+  
+ unicast - the rule prescribes to return the route found in the  
+ routing table referenced by the rule.  
+  
+ blackhole - the rule prescribes to silently drop the packet.  
+  
+ unreachable - the rule prescribes to generate a 'Network is  
+ unreachable' error.  
+  
+ prohibit - the rule prescribes to generate 'Communication is  
+ administratively prohibited' error.  
+  
+ nat - the rule prescribes to translate the source address of  
+ the IP packet into some other value.  
+  
+  
+ ip rule add - insert a new rule  
+ ip rule delete - delete a rule  
+ type TYPE (default)  
+ the type of this rule. The list of valid types was given in the  
+ previous subsection.  
+  
+  
+ from PREFIX  
+ select the source prefix to match.  
+  
+  
+ to PREFIX  
+ select the destination prefix to match.  
+  
+  
+ iif NAME  
+ select the incoming device to match. If the interface is loop-  
+ back, the rule only matches packets originating from this host.  
+ This means that you may create separate routing tables for for-  
+ warded and local packets and, hence, completely segregate them.  
+  
+  
+ tos TOS  
+  
+ dsfield TOS  
+ select the TOS value to match.  
+  
+  
+ fwmark MARK  
+ select the fwmark value to match.  
+  
+  
+ priority PREFERENCE  
+ the priority of this rule. Each rule should have an explicitly  
+ set unique priority value.  
+  
+  
+ table TABLEID  
+ the routing table identifier to lookup if the rule selector  
+ matches.  
+  
+  
+ realms FROM/TO  
+ Realms to select if the rule matched and the routing table  
+ lookup succeeded. Realm TO is only used if the route did not  
+ select any realm.  
+  
+  
+ nat ADDRESS  
+ The base of the IP address block to translate (for source  
+ addresses). The ADDRESS may be either the start of the block of  
+ NAT addresses (selected by NAT routes) or a local host address  
+ (or even zero). In the last case the router does not translate  
+ the packets, but masquerades them to this address.  
+  
+ Warning: Changes to the RPDB made with these commands do not  
+ become active immediately. It is assumed that after a script  
+ finishes a batch of updates, it flushes the routing cache with  
+ ip route flush cache.  
+  
+  
+ ip rule show - list rules  
+ This command has no arguments.  
+  
+  
+ip maddress - multicast addresses management  
+ maddress objects are multicast addresses.  
+  
+  
+ ip maddress show - list multicast addresses  
+ dev NAME (default)  
+ the device name.  
+  
+  
+ ip maddress add - add a multicast address  
+ ip maddress delete - delete a multicast address  
+ these commands attach/detach a static link layer multicast address to  
+ listen on the interface. Note that it is impossible to join protocol  
+ multicast groups statically. This command only manages link layer  
+ addresses.  
+  
+  
+ address LLADDRESS (default)  
+ the link layer multicast address.  
+  
+  
+ dev NAME  
+ the device to join/leave this multicast address.  
+  
+  
+ip mroute - multicast routing cache management  
+ mroute objects are multicast routing cache entries created by a user  
+ level mrouting daemon (f.e. pimd or mrouted ).  
+  
+ Due to the limitations of the current interface to the multicast rout-  
+ ing engine, it is impossible to change mroute objects administratively,  
+ so we may only display them. This limitation will be removed in the  
+ future.  
+  
+  
+ ip mroute show - list mroute cache entries  
+ to PREFIX (default)  
+ the prefix selecting the destination multicast addresses to  
+ list.  
+  
+  
+ iif NAME  
+ the interface on which multicast packets are received.  
+  
+  
+ from PREFIX  
+ the prefix selecting the IP source addresses of the multicast  
+ route.  
+  
+  
+ip tunnel - tunnel configuration  
+ tunnel objects are tunnels, encapsulating packets in IPv4 packets and  
+ then sending them over the IP infrastructure.  
+  
+  
+ ip tunnel add - add a new tunnel  
+ ip tunnel change - change an existing tunnel  
+ ip tunnel delete - destroy a tunnel  
+ name NAME (default)  
+ select the tunnel device name.  
+  
+  
+ mode MODE  
+ set the tunnel mode. Three modes are currently available: ipip,  
+ sit and gre.  
+  
+  
+ remote ADDRESS  
+ set the remote endpoint of the tunnel.  
+  
+  
+ local ADDRESS  
+ set the fixed local address for tunneled packets. It must be an  
+ address on another interface of this host.  
+  
+  
+ ttl N set a fixed TTL N on tunneled packets. N is a number in the  
+ range 1--255. 0 is a special value meaning that packets inherit  
+ the TTL value. The default value is: inherit.  
+  
+  
+ tos T  
+  
+ dsfield T  
+ set a fixed TOS T on tunneled packets. The default value is:  
+ inherit.  
+  
+  
+ dev NAME  
+ bind the tunnel to the device NAME so that tunneled packets will  
+ only be routed via this device and will not be able to escape to  
+ another device when the route to endpoint changes.  
+  
+  
+ nopmtudisc  
+ disable Path MTU Discovery on this tunnel. It is enabled by  
+ default. Note that a fixed ttl is incompatible with this  
+ option: tunnelling with a fixed ttl always makes pmtu discovery.  
+  
+  
+ key K  
+  
+ ikey K  
+  
+ okey K ( only GRE tunnels ) use keyed GRE with key K. K is either a  
+ number or an IP address-like dotted quad. The key parameter  
+ sets the key to use in both directions. The ikey and okey  
+ parameters set different keys for input and output.  
+  
+  
+ csum, icsum, ocsum  
+ ( only GRE tunnels ) generate/require checksums for tunneled  
+ packets. The ocsum flag calculates checksums for outgoing pack-  
+ ets. The icsum flag requires that all input packets have the  
+ correct checksum. The csum flag is equivalent to the combina-  
+ tion icsum ocsum.  
+  
+  
+ seq, iseq, oseq  
+ ( only GRE tunnels ) serialize packets. The oseq flag enables  
+ sequencing of outgoing packets. The iseq flag requires that all  
+ input packets are serialized. The seq flag is equivalent to the  
+ combination iseq oseq. It isn't work. Don't use it.  
+  
+  
+ ip tunnel show - list tunnels  
+ This command has no arguments.  
+  
+  
+ip monitor and rtmon - state monitoring  
+ The ip utility can monitor the state of devices, addresses and routes  
+ continuously. This option has a slightly different format. Namely,  
+ the monitor command is the first in the command line and then the  
+ object list follows:  
+  
+ ip monitor [ all | LISTofOBJECTS ]  
+  
+ OBJECT-LIST is the list of object types that we want to monitor. It  
+ may contain link, address and route. If no file argument is given, ip  
+ opens RTNETLINK, listens on it and dumps state changes in the format  
+ described in previous sections.  
+  
+  
+ If a file name is given, it does not listen on RTNETLINK, but opens the  
+ file containing RTNETLINK messages saved in binary format and dumps  
+ them. Such a history file can be generated with the rtmon utility.  
+ This utility has a command line syntax similar to ip monitor. Ideally,  
+ rtmon should be started before the first network configuration command  
+ is issued. F.e. if you insert:  
+  
+ rtmon file /var/log/rtmon.log  
+  
+ in a startup script, you will be able to view the full history later.  
+  
+  
+ Certainly, it is possible to start rtmon at any time. It prepends the  
+ history with the state snapshot dumped at the moment of starting.  
+  
+  
+!!HISTORY  
+ ip was written by Alexey N. Kuznetsov and added in Linux 2.2.  
+  
+!!SEE ALSO  
+ [tc(8)]  
+ IP Command reference ip-cref.ps  
+ IP tunnels ip-cref.ps  
+ http://lartc.org/  
+  
+  
+!!AUTHOR  
+ Manpage maintained by Michail Litvak <mci@owl.openwall.com>  
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.