xref: /freebsd/share/man/man4/icmp.4 (revision ace68b1f362953edef79809accb128ad05ffab33)

.\" Copyright (c) 1986, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)icmp.4	8.1 (Berkeley) 6/5/93
.\" $FreeBSD$
.\"
.Dd July 20, 2022
.Dt ICMP 4
.Os
.Sh NAME
.Nm icmp
.Nd Internet Control Message Protocol
.Sh SYNOPSIS
.In sys/types.h
.In sys/socket.h
.In netinet/in.h
.Ft int
.Fn socket AF_INET SOCK_RAW proto
.Sh DESCRIPTION
.Tn ICMP
is the error and control message protocol used
by
.Tn IP
and the Internet protocol family.
It may be accessed
through a
.Dq raw socket
for network monitoring
and diagnostic functions.
The
.Fa proto
parameter to the socket call to create an
.Tn ICMP
socket
is obtained from
.Xr getprotobyname 3 .
.Tn ICMP
sockets are connectionless,
and are normally used with the
.Xr sendto 2
and
.Xr recvfrom 2
calls, though the
.Xr connect 2
call may also be used to fix the destination for future
packets (in which case the
.Xr read 2
or
.Xr recv 2
and
.Xr write 2
or
.Xr send 2
system calls may be used).
.Pp
Outgoing packets automatically have an
.Tn IP
header prepended to
them (based on the destination address).
Incoming packets are received with the
.Tn IP
header and options intact.
.Ss Types
ICMP messages are classified according to the type and code fields
present in the ICMP header.
The abbreviations for the types and codes may be used in rules in
.Xr pf.conf 5 .
The following types are defined:
.Bl -column x xxxxxxxxxxxx -offset indent
.It Sy Num Ta Sy Abbrev. Ta Sy Description
.It 0 Ta echorep Ta "Echo reply"
.It 3 Ta unreach Ta "Destination unreachable"
.It 4 Ta squench Ta "Packet loss, slow down"
.It 5 Ta redir Ta "Shorter route exists"
.It 6 Ta althost Ta "Alternate host address"
.It 8 Ta echoreq Ta "Echo request"
.It 9 Ta routeradv Ta "Router advertisement"
.It 10 Ta routersol Ta "Router solicitation"
.It 11 Ta timex Ta "Time exceeded"
.It 12 Ta paramprob Ta "Invalid IP header"
.It 13 Ta timereq Ta "Timestamp request"
.It 14 Ta timerep Ta "Timestamp reply"
.It 15 Ta inforeq Ta "Information request"
.It 16 Ta inforep Ta "Information reply"
.It 17 Ta maskreq Ta "Address mask request"
.It 18 Ta maskrep Ta "Address mask reply"
.It 30 Ta trace Ta Traceroute
.It 31 Ta dataconv Ta "Data conversion problem"
.It 32 Ta mobredir Ta "Mobile host redirection"
.It 33 Ta ipv6-where Ta "IPv6 where-are-you"
.It 34 Ta ipv6-here Ta "IPv6 i-am-here"
.It 35 Ta mobregreq Ta "Mobile registration request"
.It 36 Ta mobregrep Ta "Mobile registration reply"
.It 39 Ta skip Ta SKIP
.It 40 Ta photuris Ta Photuris
.El
.Pp
The following codes are defined:
.Bl -column x xxxxxxxxxxxx xxxxxxxx -offset indent
.It Sy Num Ta Sy Abbrev. Ta Sy Type Ta Sy Description
.It 0 Ta net-unr Ta unreach Ta "Network unreachable"
.It 1 Ta host-unr Ta unreach Ta "Host unreachable"
.It 2 Ta proto-unr Ta unreach Ta "Protocol unreachable"
.It 3 Ta port-unr Ta unreach Ta "Port unreachable"
.It 4 Ta needfrag Ta unreach Ta "Fragmentation needed but DF bit set"
.It 5 Ta srcfail Ta unreach Ta "Source routing failed"
.It 6 Ta net-unk Ta unreach Ta "Network unknown"
.It 7 Ta host-unk Ta unreach Ta "Host unknown"
.It 8 Ta isolate Ta unreach Ta "Host isolated"
.It 9 Ta net-prohib Ta unreach Ta "Network administratively prohibited"
.It 10 Ta host-prohib Ta unreach Ta "Host administratively prohibited"
.It 11 Ta net-tos Ta unreach Ta "Invalid TOS for network"
.It 12 Ta host-tos Ta unreach Ta "Invalid TOS for host"
.It 13 Ta filter-prohib Ta unreach Ta "Prohibited access"
.It 14 Ta host-preced Ta unreach Ta "Precedence violation"
.It 15 Ta cutoff-preced Ta unreach Ta "Precedence cutoff"
.It 0 Ta redir-net Ta redir Ta "Shorter route for network"
.It 1 Ta redir-host Ta redir Ta "Shorter route for host"
.It 2 Ta redir-tos-net Ta redir Ta "Shorter route for TOS and network"
.It 3 Ta redir-tos-host Ta redir Ta "Shorter route for TOS and host"
.It 0 Ta normal-adv Ta routeradv Ta "Normal advertisement"
.It 16 Ta common-adv Ta routeradv Ta "Selective advertisement"
.It 0 Ta transit Ta timex Ta "Time exceeded in transit"
.It 1 Ta reassemb Ta timex Ta "Time exceeded in reassembly"
.It 0 Ta badhead Ta paramprob Ta "Invalid option pointer"
.It 1 Ta optmiss Ta paramprob Ta "Missing option"
.It 2 Ta badlen Ta paramprob Ta "Invalid length"
.It 1 Ta unknown-ind Ta photuris Ta "Unknown security index"
.It 2 Ta auth-fail Ta photuris Ta "Authentication failed"
.It 3 Ta decrypt-fail Ta photuris Ta "Decryption failed"
.El
.Ss MIB Variables
The
.Tn ICMP
protocol implements a number of variables in the
.Va net.inet.icmp
branch of the
.Xr sysctl 3
MIB.
.Bl -tag -width ".Va icmplim_output"
.It Va bmcastecho
.Pq Vt boolean
Enable/disable ICMP replies received via broadcast or multicast.
Defaults to false.
.It Va drop_redirect
.Pq Vt boolean
Enable/disable dropping of ICMP Redirect packets.
Defaults to false.
.It Va icmplim
.Pq Vt integer
Bandwidth limit for ICMP replies in packets/second.
If set to zero, no limiting will occur.
Defaults to 200.
.It Va icmplim_output
.Pq Vt boolean
Enable/disable logging of ICMP replies bandwidth limiting.
Defaults to true.
.It Va log_redirect
.Pq Vt boolean
Enable/disable logging of ICMP Redirect packets.
Defaults to false.
.It Va maskfake
.Pq Vt "unsigned integer"
When
.Va maskrepl
is set and this value is non-zero,
it will be used instead of the real address mask when
the system replies to an ICMP Address Mask Request packet.
Defaults to 0.
.It Va maskrepl
.Pq Vt boolean
Enable/disable replies to ICMP Address Mask Request packets.
Defaults to false.
.It Va quotelen
.Pq Vt integer
Number of bytes from original packet to quote in ICMP reply.
This number is internally enforced to be at least 8 bytes (per RFC792)
and at most the maximal space left in the ICMP reply mbuf.
.It Va reply_from_interface
.Pq Vt boolean
Use the IP address of the interface the packet came through in for
responses to packets which are not directly addressed to us.
If enabled, this rule is processed before all others.
By default, continue with normal source selection.
Enabling this option is particularly useful on routers because it
makes external traceroutes show the actual path a packet has taken
instead of the possibly different return path.
.It Va reply_src
.Pq Vt str
An interface name used for the ICMP reply source in response to packets
which are not directly addressed to us.
By default continue with normal source selection.
.It Va tstamprepl
.Pq Vt boolean
Enable/disable replies to ICMP Timestamp packets.
Defaults to true.
.El
.Sh ERRORS
A socket operation may fail with one of the following errors returned:
.Bl -tag -width Er
.It Bq Er EISCONN
when trying to establish a connection on a socket which
already has one, or when trying to send a datagram with the destination
address specified and the socket is already connected;
.It Bq Er ENOTCONN
when trying to send a datagram, but
no destination address is specified, and the socket has not been
connected;
.It Bq Er ENOBUFS
when the system runs out of memory for
an internal data structure;
.It Bq Er EADDRNOTAVAIL
when an attempt is made to create a
socket with a network address for which no network interface
exists.
.El
.Sh SEE ALSO
.Xr recv 2 ,
.Xr send 2 ,
.Xr inet 4 ,
.Xr intro 4 ,
.Xr ip 4 ,
.Xr pf.conf 5
.Sh HISTORY
The
.Nm
protocol appeared in
.Bx 4.3 .