xref: /freebsd/sbin/route/route.8 (revision 66fd12cf4896eb08ad8e7a2627537f84ead84dd3)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     @(#)route.8	8.3 (Berkeley) 3/19/94
29.\" $FreeBSD$
30.\"
31.Dd June 16, 2023
32.Dt ROUTE 8
33.Os
34.Sh NAME
35.Nm route
36.Nd manually manipulate the routing tables
37.Sh SYNOPSIS
38.Nm
39.Op Fl j Ar jail
40.Op Fl dnqtv
41.Ar command
42.Oo
43.Op Ar modifiers
44.Ar args
45.Oc
46.Sh DESCRIPTION
47The
48.Nm
49utility is used to manually manipulate the network
50routing tables.
51It normally is not needed, as a
52system routing table management daemon, such as
53.Xr routed 8 ,
54should tend to this task.
55.Pp
56The
57.Nm
58utility supports a limited number of general options,
59but a rich command language, enabling the user to specify
60any arbitrary request that could be delivered via the
61programmatic interface discussed in
62.Xr route 4 .
63.Pp
64The following options are available:
65.Bl -tag -width indent
66.It Fl 4
67Specify
68.Cm inet
69address family as family hint for subcommands.
70.It Fl 6
71Specify
72.Cm inet6
73address family as family hint for subcommands.
74.It Fl d
75Run in debug-only mode, i.e., do not actually modify the routing table.
76.It Fl n
77Bypass attempts to print host and network names symbolically
78when reporting actions.
79(The process of translating between symbolic
80names and numerical equivalents can be quite time consuming, and
81may require correct operation of the network; thus it may be expedient
82to forget this, especially when attempting to repair networking operations).
83.It Fl t
84Run in test-only mode.
85.Pa /dev/null
86is used instead of a socket.
87.It Fl v
88(verbose) Print additional details.
89.It Fl q
90Suppress all output from the
91.Cm add , change , delete ,
92and
93.Cm flush
94commands.
95.It Fl j Ar jail
96Run inside a jail.
97.El
98.Pp
99The
100.Nm
101utility provides the following commands:
102.Pp
103.Bl -tag -width Fl -compact
104.It Cm add
105Add a route.
106.It Cm flush
107Remove all routes.
108.It Cm delete
109Delete a specific route.
110.It Cm del
111Another name for the
112.Cm delete
113command.
114.It Cm change
115Change aspects of a route (such as its gateway).
116.It Cm get
117Lookup and display the route for a destination.
118.It Cm monitor
119Continuously report any changes to the routing information base,
120routing lookup misses, or suspected network partitionings.
121.It Cm show
122Another name for the
123.Cm get
124command.
125.El
126.Pp
127The monitor command has the syntax:
128.Pp
129.Bd -ragged -offset indent -compact
130.Nm
131.Op Fl n
132.Cm monitor Op Fl fib Ar number
133.Ed
134.Pp
135The flush command has the syntax:
136.Pp
137.Bd -ragged -offset indent -compact
138.Nm
139.Op Fl n
140.Cm flush Oo Ar family Oc Op Fl fib Ar number
141.Ed
142.Pp
143If the
144.Cm flush
145command is specified,
146.Nm
147will ``flush'' the routing tables of all gateway entries.
148When the address family may is specified by any of the
149.Fl inet6 ,
150or
151.Fl inet
152modifiers, only routes having destinations with addresses in the
153delineated family will be deleted.
154Additionally,
155.Fl 4
156or
157.Fl 6
158can be used as aliases for
159.Fl inet
160and
161.Fl inet6
162modifiers.
163When a
164.Fl fib
165option is specified, the operation will be applied to
166the specified FIB
167.Pq routing table .
168.Pp
169The add command has the following syntax:
170.Pp
171.Bd -ragged -offset indent -compact
172.Nm
173.Op Fl n
174.Cm add
175.Op Fl net No \&| Fl host
176.Ar destination gateway
177.Op Ar netmask
178.Op Fl fib Ar number
179.Ed
180.Pp
181and the other commands have the following syntax:
182.Pp
183.Bd -ragged -offset indent -compact
184.Nm
185.Op Fl n
186.Ar command
187.Op Fl net No \&| Fl host
188.Ar destination
189.Op Ar gateway Op Ar netmask
190.Op Fl fib Ar number
191.Ed
192.Pp
193where
194.Ar destination
195is the destination host or network,
196.Ar gateway
197is the next-hop intermediary via which packets should be routed.
198Routes to a particular host may be distinguished from those to
199a network by interpreting the Internet address specified as the
200.Ar destination
201argument.
202The optional modifiers
203.Fl net
204and
205.Fl host
206force the destination to be interpreted as a network or a host, respectively.
207Otherwise, if the
208.Ar destination
209has a
210.Dq local address part
211of
212INADDR_ANY
213.Pq Li 0.0.0.0 ,
214or if the
215.Ar destination
216is the symbolic name of a network, then the route is
217assumed to be to a network; otherwise, it is presumed to be a
218route to a host.
219Optionally, the
220.Ar destination
221could also be specified in the
222.Ar net Ns / Ns Ar bits
223format.
224.Pp
225For example,
226.Li 128.32
227is interpreted as
228.Fl host Li 128.0.0.32 ;
229.Li 128.32.130
230is interpreted as
231.Fl host Li 128.32.0.130 ;
232.Fl net Li 128.32
233is interpreted as
234.Li 128.32.0.0 ;
235.Fl net Li 128.32.130
236is interpreted as
237.Li 128.32.130.0 ;
238and
239.Li 192.168.64/20
240is interpreted as
241.Fl net Li 192.168.64 Fl netmask Li 255.255.240.0 .
242.Pp
243A
244.Ar destination
245of
246.Ar default
247is a synonym for the default route.
248For
249.Li IPv4
250it is
251.Fl net Fl inet Li 0.0.0.0 ,
252and for
253.Li IPv6
254it is
255.Fl net Fl inet6 Li :: .
256.Pp
257If the destination is directly reachable
258via an interface requiring
259no intermediary system to act as a gateway, the
260.Fl interface
261modifier should be specified;
262the gateway given is the address of this host on the common network,
263indicating the interface to be used for transmission.
264Alternately, if the interface is point to point the name of the interface
265itself may be given, in which case the route remains valid even
266if the local or remote addresses change.
267.Pp
268The optional
269.Fl netmask
270modifier is intended
271to achieve the effect of an OSI ESIS
272redirect with the netmask option,
273or to manually add subnet routes with
274netmasks different from that of the implied network interface
275(as would otherwise be communicated using the OSPF or ISIS routing protocols).
276One specifies an additional ensuing address parameter
277(to be interpreted as a network mask).
278The implicit network mask generated in the AF_INET case
279can be overridden by making sure this option follows the destination parameter.
280.Pp
281For
282.Dv AF_INET6 ,
283the
284.Fl prefixlen
285qualifier
286is available instead of the
287.Fl mask
288qualifier because non-continuous masks are not allowed in IPv6.
289For example,
290.Fl prefixlen Li 32
291specifies that a network mask of
292.Li ffff:ffff:0000:0000:0000:0000:0000:0000
293will be used.
294The default prefixlen is 64.
295However, it is assumed to be 0 if
296.Cm default
297is specified for
298.Ar destination .
299Note that the qualifier works only for
300.Dv AF_INET6
301address family.
302.Pp
303Routes have associated flags which influence operation of the protocols
304when sending to destinations matched by the routes.
305These flags may be set (or sometimes cleared)
306by indicating the following corresponding modifiers:
307.Bd -literal
308-xresolve  RTF_XRESOLVE   - emit mesg on use (for external lookup)
309-iface    ~RTF_GATEWAY    - destination is directly reachable
310-static    RTF_STATIC     - manually added route
311-nostatic ~RTF_STATIC     - pretend route added by kernel or daemon
312-reject    RTF_REJECT     - emit an ICMP unreachable when matched
313-blackhole RTF_BLACKHOLE  - silently discard pkts (during updates)
314-proto1    RTF_PROTO1     - set protocol specific routing flag #1
315-proto2    RTF_PROTO2     - set protocol specific routing flag #2
316.Ed
317.Pp
318The optional modifiers
319.Fl rtt ,
320.Fl rttvar ,
321.Fl sendpipe ,
322.Fl recvpipe ,
323.Fl mtu ,
324.Fl hopcount ,
325.Fl expire ,
326and
327.Fl ssthresh
328provide initial values to quantities maintained in the routing entry
329by transport level protocols, such as TCP or TP4.
330These may be individually locked by preceding each such modifier to
331be locked by
332the
333.Fl lock
334meta-modifier, or one can
335specify that all ensuing metrics may be locked by the
336.Fl lockrest
337meta-modifier.
338.Pp
339Note that
340.Fl expire
341accepts expiration time of the route as the number of seconds since the
342Epoch
343.Pq see Xr time 3 .
344When the first character of the number is
345.Dq +
346or
347.Dq - ,
348it is interpreted as a value relative to the current time.
349.Pp
350The optional modifier
351.Fl fib Ar number
352specifies that the command will be applied to a non-default FIB.
353The
354.Ar number
355must be smaller than the
356.Va net.fibs
357.Xr sysctl 8
358MIB.
359When this modifier is not specified,
360or a negative number is specified,
361the default FIB shown in the
362.Va net.my_fibnum
363.Xr sysctl 8
364MIB will be used.
365.Pp
366The
367.Ar number
368allows multiple FIBs by a comma-separeted list and/or range
369specification.
370The
371.Qq Fl fib Li 2,4,6
372means the FIB number 2, 4, and 6.
373The
374.Qq Fl fib Li 1,3-5,6
375means the 1, 3, 4, 5, and 6.
376.Pp
377In a
378.Cm change
379or
380.Cm add
381command where the destination and gateway are not sufficient to specify
382the route (as in the ISO case where several interfaces may have the
383same address), the
384.Fl ifp
385or
386.Fl ifa
387modifiers may be used to determine the interface or interface address.
388.Pp
389All symbolic names specified for a
390.Ar destination
391or
392.Ar gateway
393are looked up first as a host name using
394.Xr gethostbyname 3 .
395If this lookup fails,
396.Xr getnetbyname 3
397is then used to interpret the name as that of a network.
398.Pp
399The
400.Nm
401utility uses a routing socket and the new message types
402.Dv RTM_ADD , RTM_DELETE , RTM_GET ,
403and
404.Dv RTM_CHANGE .
405As such, only the super-user may modify
406the routing tables.
407.Pp
408.Fx provides support for scalable multipath routing.
409It is activated by default, but can be turned off by setting the
410.Va net.route.multipath
411.Xr sysctl 8
412MIB to 0.
413.Pp
414There are multiple route lookup algorithms available.
415They can be configured by setting
416.Va net.route.algo.inet.algo
417for IPv4 and
418.Va net.route.algo.inet6.algo
419for IPv6
420.Xr sysctl 8
421MIBs.
422.Pp
423A list of available algorithms can be obtained by accessing the
424following
425.Xr sysctl 8
426MIBs
427.Va net.route.algo.inet.algo_list
428for IPv4 and
429.Va net.route.algo.inet6.algo_list
430for IPv6.
431.Pp
432The following algorithms are available:
433.Bl -tag -width radix_lockless
434.It radix
435Base system radix backend.
436.It bsearch
437Lockless binary search in a special IP array, tailored for a small FIB
438with <16 routes.
439This algorithm is only available for IPv4.
440.It radix_lockless
441Lockless immutable radix, re-created on every rtable change,
442tailored for a small FIB with <1000 routes.
443.It dpdk_lpm
444DPDK DIR24-8-based lookups, lockless datastructure, optimized
445for large FIBs.
446DIR24-8 relies on a large flat lookup table (64 MB with IPv4) which is
447directly indexed by the more significant portion of the lookup key.
448In order to use the dpdk_lpm algorithm one or both of the
449following kernel modules must be loaded via
450.Xr loader.conf 5 :
451.Bl -tag -width dpdk_lpm6.ko -compact
452.It dpdk_lpm4.ko
453DPDK implementation for IPv4.
454.It dpdk_lpm6.ko
455DPDK implementation for IPv6.
456.El
457.It dxr
458IPv4 only, lockless, compressed lookup structure
459(below 2.5 Bytes per IPv4 prefix for large BGP FIBs)
460which easily fits into modern CPU cache hierarchies,
461lookup throughput scales linearly with CPU cores.
462Loadable as a kernel module at runtime or via
463.Xr loader.conf 5 :
464.Bl -tag -width fib_dxr.ko -compact
465.It fib_dxr.ko
466.El
467.El
468.Pp
469The algorithms are selected automatically based on the size of the routing
470table of the system.
471They can be changed, but not every algorithm performs best for every
472FIB size.
473.Sh EXIT STATUS
474.Ex -std
475.Sh EXAMPLES
476Add a default route to the network routing table.
477This will send all packets for destinations not available in the routing table
478to the default gateway at 192.168.1.1:
479.Pp
480.Dl route add -net 0.0.0.0/0 192.168.1.1
481.Pp
482A shorter version of adding a default route can also be written as:
483.Pp
484.Dl route add default 192.168.1.1
485.Pp
486Add a static route to the 172.16.10.0/24 network via the 172.16.1.1 gateway:
487.Pp
488.Dl route add -net 172.16.10.0/24 172.16.1.1
489.Pp
490Change the gateway of an already established static route in the routing table:
491.Pp
492.Dl route change -net 172.16.10.0/24 172.16.1.2
493.Pp
494Display the route for a destination network:
495.Pp
496.Dl route show 172.16.10.0
497.Pp
498Delete a static route from the routing table:
499.Pp
500.Dl route delete -net 172.16.10.0/24 172.16.1.2
501.Pp
502Remove all routes from the routing table:
503.Pp
504.Dl route flush
505.Pp
506The routing table can be listed with
507.Xr netstat 1 .
508.Sh DIAGNOSTICS
509.Bl -diag
510.It "add [host \&| network ] %s: gateway %s flags %x"
511The specified route is being added to the tables.
512The
513values printed are from the routing table entry supplied
514in the
515.Xr ioctl 2
516call.
517If the gateway address used was not the primary address of the gateway
518(the first one returned by
519.Xr gethostbyname 3 ) ,
520the gateway address is printed numerically as well as symbolically.
521.It "delete [ host \&| network ] %s: gateway %s flags %x"
522As above, but when deleting an entry.
523.It "%s %s done"
524When the
525.Cm flush
526command is specified, each routing table entry deleted
527is indicated with a message of this form.
528.It "Network is unreachable"
529An attempt to add a route failed because the gateway listed was not
530on a directly-connected network.
531The next-hop gateway must be given.
532.It "not in table"
533A delete operation was attempted for an entry which
534was not present in the tables.
535.It "routing table overflow"
536An add operation was attempted, but the system was
537low on resources and was unable to allocate memory
538to create the new entry.
539.It "gateway uses the same route"
540A
541.Cm change
542operation resulted in a route whose gateway uses the
543same route as the one being changed.
544The next-hop gateway should be reachable through a different route.
545.El
546.Sh SEE ALSO
547.Xr netstat 1 ,
548.Xr netintro 4 ,
549.Xr route 4 ,
550.Xr loader.conf 5 ,
551.Xr arp 8 ,
552.Xr routed 8
553.Sh HISTORY
554The
555.Nm
556utility appeared in
557.Bx 4.2 .
558.Sh BUGS
559The first paragraph may have slightly exaggerated
560.Xr routed 8 Ns 's
561abilities.
562.Pp
563Currently, routes with the
564.Dv RTF_BLACKHOLE
565flag set need to have the gateway set to an instance of the
566.Xr lo 4
567driver, using the
568.Fl iface
569option, for the flag to have any effect; unless IP fast forwarding
570is enabled, in which case the meaning of the flag will always
571be honored.
572