xref: /freebsd/sbin/route/route.8 (revision e1e636193db45630c7881246d25902e57c43d24e)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd June 16, 2023
29.Dt ROUTE 8
30.Os
31.Sh NAME
32.Nm route
33.Nd manually manipulate the routing tables
34.Sh SYNOPSIS
35.Nm
36.Op Fl j Ar jail
37.Op Fl dnqtv
38.Ar command
39.Oo
40.Op Ar modifiers
41.Ar args
42.Oc
43.Sh DESCRIPTION
44The
45.Nm
46utility is used to manually manipulate the network
47routing tables.
48It normally is not needed, as a
49system routing table management daemon, such as
50.Xr routed 8 ,
51should tend to this task.
52.Pp
53The
54.Nm
55utility supports a limited number of general options,
56but a rich command language, enabling the user to specify
57any arbitrary request that could be delivered via the
58programmatic interface discussed in
59.Xr route 4 .
60.Pp
61The following options are available:
62.Bl -tag -width indent
63.It Fl 4
64Specify
65.Cm inet
66address family as family hint for subcommands.
67.It Fl 6
68Specify
69.Cm inet6
70address family as family hint for subcommands.
71.It Fl d
72Run in debug-only mode, i.e., do not actually modify the routing table.
73.It Fl n
74Bypass attempts to print host and network names symbolically
75when reporting actions.
76(The process of translating between symbolic
77names and numerical equivalents can be quite time consuming, and
78may require correct operation of the network; thus it may be expedient
79to forget this, especially when attempting to repair networking operations).
80.It Fl t
81Run in test-only mode.
82.Pa /dev/null
83is used instead of a socket.
84.It Fl v
85(verbose) Print additional details.
86.It Fl q
87Suppress all output from the
88.Cm add , change , delete ,
89and
90.Cm flush
91commands.
92.It Fl j Ar jail
93Run inside a jail.
94.El
95.Pp
96The
97.Nm
98utility provides the following commands:
99.Pp
100.Bl -tag -width Fl -compact
101.It Cm add
102Add a route.
103.It Cm flush
104Remove all routes.
105.It Cm delete
106Delete a specific route.
107.It Cm del
108Another name for the
109.Cm delete
110command.
111.It Cm change
112Change aspects of a route (such as its gateway).
113.It Cm get
114Lookup and display the route for a destination.
115.It Cm monitor
116Continuously report any changes to the routing information base,
117routing lookup misses, or suspected network partitionings.
118.It Cm show
119Another name for the
120.Cm get
121command.
122.El
123.Pp
124The monitor command has the syntax:
125.Pp
126.Bd -ragged -offset indent -compact
127.Nm
128.Op Fl n
129.Cm monitor Op Fl fib Ar number
130.Ed
131.Pp
132The flush command has the syntax:
133.Pp
134.Bd -ragged -offset indent -compact
135.Nm
136.Op Fl n
137.Cm flush Oo Ar family Oc Op Fl fib Ar number
138.Ed
139.Pp
140If the
141.Cm flush
142command is specified,
143.Nm
144will ``flush'' the routing tables of all gateway entries.
145When the address family may is specified by any of the
146.Fl inet6 ,
147or
148.Fl inet
149modifiers, only routes having destinations with addresses in the
150delineated family will be deleted.
151Additionally,
152.Fl 4
153or
154.Fl 6
155can be used as aliases for
156.Fl inet
157and
158.Fl inet6
159modifiers.
160When a
161.Fl fib
162option is specified, the operation will be applied to
163the specified FIB
164.Pq routing table .
165.Pp
166The add command has the following syntax:
167.Pp
168.Bd -ragged -offset indent -compact
169.Nm
170.Op Fl n
171.Cm add
172.Op Fl net No \&| Fl host
173.Ar destination gateway
174.Op Ar netmask
175.Op Fl fib Ar number
176.Ed
177.Pp
178and the other commands have the following syntax:
179.Pp
180.Bd -ragged -offset indent -compact
181.Nm
182.Op Fl n
183.Ar command
184.Op Fl net No \&| Fl host
185.Ar destination
186.Op Ar gateway Op Ar netmask
187.Op Fl fib Ar number
188.Ed
189.Pp
190where
191.Ar destination
192is the destination host or network,
193.Ar gateway
194is the next-hop intermediary via which packets should be routed.
195Routes to a particular host may be distinguished from those to
196a network by interpreting the Internet address specified as the
197.Ar destination
198argument.
199The optional modifiers
200.Fl net
201and
202.Fl host
203force the destination to be interpreted as a network or a host, respectively.
204Otherwise, if the
205.Ar destination
206has a
207.Dq local address part
208of
209INADDR_ANY
210.Pq Li 0.0.0.0 ,
211or if the
212.Ar destination
213is the symbolic name of a network, then the route is
214assumed to be to a network; otherwise, it is presumed to be a
215route to a host.
216Optionally, the
217.Ar destination
218could also be specified in the
219.Ar net Ns / Ns Ar bits
220format.
221.Pp
222For example,
223.Li 128.32
224is interpreted as
225.Fl host Li 128.0.0.32 ;
226.Li 128.32.130
227is interpreted as
228.Fl host Li 128.32.0.130 ;
229.Fl net Li 128.32
230is interpreted as
231.Li 128.32.0.0 ;
232.Fl net Li 128.32.130
233is interpreted as
234.Li 128.32.130.0 ;
235and
236.Li 192.168.64/20
237is interpreted as
238.Fl net Li 192.168.64 Fl netmask Li 255.255.240.0 .
239.Pp
240A
241.Ar destination
242of
243.Ar default
244is a synonym for the default route.
245For
246.Li IPv4
247it is
248.Fl net Fl inet Li 0.0.0.0 ,
249and for
250.Li IPv6
251it is
252.Fl net Fl inet6 Li :: .
253.Pp
254If the destination is directly reachable
255via an interface requiring
256no intermediary system to act as a gateway, the
257.Fl interface
258modifier should be specified;
259the gateway given is the address of this host on the common network,
260indicating the interface to be used for transmission.
261Alternately, if the interface is point to point the name of the interface
262itself may be given, in which case the route remains valid even
263if the local or remote addresses change.
264.Pp
265The optional
266.Fl netmask
267modifier is intended
268to achieve the effect of an OSI ESIS
269redirect with the netmask option,
270or to manually add subnet routes with
271netmasks different from that of the implied network interface
272(as would otherwise be communicated using the OSPF or ISIS routing protocols).
273One specifies an additional ensuing address parameter
274(to be interpreted as a network mask).
275The implicit network mask generated in the AF_INET case
276can be overridden by making sure this option follows the destination parameter.
277.Pp
278For
279.Dv AF_INET6 ,
280the
281.Fl prefixlen
282qualifier
283is available instead of the
284.Fl mask
285qualifier because non-continuous masks are not allowed in IPv6.
286For example,
287.Fl prefixlen Li 32
288specifies that a network mask of
289.Li ffff:ffff:0000:0000:0000:0000:0000:0000
290will be used.
291The default prefixlen is 64.
292However, it is assumed to be 0 if
293.Cm default
294is specified for
295.Ar destination .
296Note that the qualifier works only for
297.Dv AF_INET6
298address family.
299.Pp
300Routes have associated flags which influence operation of the protocols
301when sending to destinations matched by the routes.
302These flags may be set (or sometimes cleared)
303by indicating the following corresponding modifiers:
304.Bd -literal
305-xresolve  RTF_XRESOLVE   - emit mesg on use (for external lookup)
306-iface    ~RTF_GATEWAY    - destination is directly reachable
307-static    RTF_STATIC     - manually added route
308-nostatic ~RTF_STATIC     - pretend route added by kernel or daemon
309-reject    RTF_REJECT     - emit an ICMP unreachable when matched
310-blackhole RTF_BLACKHOLE  - silently discard pkts (during updates)
311-proto1    RTF_PROTO1     - set protocol specific routing flag #1
312-proto2    RTF_PROTO2     - set protocol specific routing flag #2
313.Ed
314.Pp
315The optional modifiers
316.Fl rtt ,
317.Fl rttvar ,
318.Fl sendpipe ,
319.Fl recvpipe ,
320.Fl mtu ,
321.Fl hopcount ,
322.Fl expire ,
323and
324.Fl ssthresh
325provide initial values to quantities maintained in the routing entry
326by transport level protocols, such as TCP or TP4.
327These may be individually locked by preceding each such modifier to
328be locked by
329the
330.Fl lock
331meta-modifier, or one can
332specify that all ensuing metrics may be locked by the
333.Fl lockrest
334meta-modifier.
335.Pp
336Note that
337.Fl expire
338accepts expiration time of the route as the number of seconds since the
339Epoch
340.Pq see Xr time 3 .
341When the first character of the number is
342.Dq +
343or
344.Dq - ,
345it is interpreted as a value relative to the current time.
346.Pp
347The optional modifier
348.Fl fib Ar number
349specifies that the command will be applied to a non-default FIB.
350The
351.Ar number
352must be smaller than the
353.Va net.fibs
354.Xr sysctl 8
355MIB.
356When this modifier is not specified,
357or a negative number is specified,
358the default FIB shown in the
359.Va net.my_fibnum
360.Xr sysctl 8
361MIB will be used.
362.Pp
363The
364.Ar number
365allows multiple FIBs by a comma-separeted list and/or range
366specification.
367The
368.Qq Fl fib Li 2,4,6
369means the FIB number 2, 4, and 6.
370The
371.Qq Fl fib Li 1,3-5,6
372means the 1, 3, 4, 5, and 6.
373.Pp
374In a
375.Cm change
376or
377.Cm add
378command where the destination and gateway are not sufficient to specify
379the route (as in the ISO case where several interfaces may have the
380same address), the
381.Fl ifp
382or
383.Fl ifa
384modifiers may be used to determine the interface or interface address.
385.Pp
386All symbolic names specified for a
387.Ar destination
388or
389.Ar gateway
390are looked up first as a host name using
391.Xr gethostbyname 3 .
392If this lookup fails,
393.Xr getnetbyname 3
394is then used to interpret the name as that of a network.
395.Pp
396The
397.Nm
398utility uses a routing socket and the new message types
399.Dv RTM_ADD , RTM_DELETE , RTM_GET ,
400and
401.Dv RTM_CHANGE .
402As such, only the super-user may modify
403the routing tables.
404.Pp
405.Fx provides support for scalable multipath routing.
406It is activated by default, but can be turned off by setting the
407.Va net.route.multipath
408.Xr sysctl 8
409MIB to 0.
410.Pp
411There are multiple route lookup algorithms available.
412They can be configured by setting
413.Va net.route.algo.inet.algo
414for IPv4 and
415.Va net.route.algo.inet6.algo
416for IPv6
417.Xr sysctl 8
418MIBs.
419.Pp
420A list of available algorithms can be obtained by accessing the
421following
422.Xr sysctl 8
423MIBs
424.Va net.route.algo.inet.algo_list
425for IPv4 and
426.Va net.route.algo.inet6.algo_list
427for IPv6.
428.Pp
429The following algorithms are available:
430.Bl -tag -width radix_lockless
431.It radix
432Base system radix backend.
433.It bsearch
434Lockless binary search in a special IP array, tailored for a small FIB
435with <16 routes.
436This algorithm is only available for IPv4.
437.It radix_lockless
438Lockless immutable radix, re-created on every rtable change,
439tailored for a small FIB with <1000 routes.
440.It dpdk_lpm
441DPDK DIR24-8-based lookups, lockless datastructure, optimized
442for large FIBs.
443DIR24-8 relies on a large flat lookup table (64 MB with IPv4) which is
444directly indexed by the more significant portion of the lookup key.
445In order to use the dpdk_lpm algorithm one or both of the
446following kernel modules must be loaded via
447.Xr loader.conf 5 :
448.Bl -tag -width dpdk_lpm6.ko -compact
449.It dpdk_lpm4.ko
450DPDK implementation for IPv4.
451.It dpdk_lpm6.ko
452DPDK implementation for IPv6.
453.El
454.It dxr
455IPv4 only, lockless, compressed lookup structure
456(below 2.5 Bytes per IPv4 prefix for large BGP FIBs)
457which easily fits into modern CPU cache hierarchies,
458lookup throughput scales linearly with CPU cores.
459Loadable as a kernel module at runtime or via
460.Xr loader.conf 5 :
461.Bl -tag -width fib_dxr.ko -compact
462.It fib_dxr.ko
463.El
464.El
465.Pp
466The algorithms are selected automatically based on the size of the routing
467table of the system.
468They can be changed, but not every algorithm performs best for every
469FIB size.
470.Sh EXIT STATUS
471.Ex -std
472.Sh EXAMPLES
473Add a default route to the network routing table.
474This will send all packets for destinations not available in the routing table
475to the default gateway at 192.168.1.1:
476.Pp
477.Dl route add -net 0.0.0.0/0 192.168.1.1
478.Pp
479A shorter version of adding a default route can also be written as:
480.Pp
481.Dl route add default 192.168.1.1
482.Pp
483Add a static route to the 172.16.10.0/24 network via the 172.16.1.1 gateway:
484.Pp
485.Dl route add -net 172.16.10.0/24 172.16.1.1
486.Pp
487Change the gateway of an already established static route in the routing table:
488.Pp
489.Dl route change -net 172.16.10.0/24 172.16.1.2
490.Pp
491Display the route for a destination network:
492.Pp
493.Dl route show 172.16.10.0
494.Pp
495Delete a static route from the routing table:
496.Pp
497.Dl route delete -net 172.16.10.0/24 172.16.1.2
498.Pp
499Remove all routes from the routing table:
500.Pp
501.Dl route flush
502.Pp
503The routing table can be listed with
504.Xr netstat 1 .
505.Sh DIAGNOSTICS
506.Bl -diag
507.It "add [host \&| network ] %s: gateway %s flags %x"
508The specified route is being added to the tables.
509The
510values printed are from the routing table entry supplied
511in the
512.Xr ioctl 2
513call.
514If the gateway address used was not the primary address of the gateway
515(the first one returned by
516.Xr gethostbyname 3 ) ,
517the gateway address is printed numerically as well as symbolically.
518.It "delete [ host \&| network ] %s: gateway %s flags %x"
519As above, but when deleting an entry.
520.It "%s %s done"
521When the
522.Cm flush
523command is specified, each routing table entry deleted
524is indicated with a message of this form.
525.It "Network is unreachable"
526An attempt to add a route failed because the gateway listed was not
527on a directly-connected network.
528The next-hop gateway must be given.
529.It "not in table"
530A delete operation was attempted for an entry which
531was not present in the tables.
532.It "routing table overflow"
533An add operation was attempted, but the system was
534low on resources and was unable to allocate memory
535to create the new entry.
536.It "gateway uses the same route"
537A
538.Cm change
539operation resulted in a route whose gateway uses the
540same route as the one being changed.
541The next-hop gateway should be reachable through a different route.
542.El
543.Sh SEE ALSO
544.Xr netstat 1 ,
545.Xr netintro 4 ,
546.Xr route 4 ,
547.Xr loader.conf 5 ,
548.Xr arp 8 ,
549.Xr routed 8
550.Sh HISTORY
551The
552.Nm
553utility appeared in
554.Bx 4.2 .
555.Sh BUGS
556The first paragraph may have slightly exaggerated
557.Xr routed 8 Ns 's
558abilities.
559.Pp
560Currently, routes with the
561.Dv RTF_BLACKHOLE
562flag set need to have the gateway set to an instance of the
563.Xr lo 4
564driver, using the
565.Fl iface
566option, for the flag to have any effect; unless IP fast forwarding
567is enabled, in which case the meaning of the flag will always
568be honored.
569