arp - Linux ARP kernel module.
This kernel protocol module implements the Address Resolution Protocol defined
in RFC 826. It is used to convert between Layer2 hardware addresses and
IPv4 protocol addresses on directly connected networks. The user normally
doesn't interact directly with this module except to configure it; instead it
provides a service for other protocols in the kernel.
A user process can receive ARP packets by using
packet(7) sockets. There
is also a mechanism for managing the ARP cache in user-space by using
netlink(7) sockets. The ARP table can also be controlled via
ioctl(2) on any
AF_INET socket.
The ARP module maintains a cache of mappings between hardware addresses and
protocol addresses. The cache has a limited size so old and less frequently
used entries are garbage-collected. Entries which are marked as permanent are
never deleted by the garbage-collector. The cache can be directly manipulated
by the use of ioctls and its behavior can be tuned by the
/proc
interfaces described below.
When there is no positive feedback for an existing mapping after some time (see
the
/proc interfaces below), a neighbor cache entry is considered
stale. Positive feedback can be gotten from a higher layer; for example from a
successful TCP ACK. Other protocols can signal forward progress using the
MSG_CONFIRM flag to
sendmsg(2). When there is no forward
progress, ARP tries to reprobe. It first tries to ask a local arp daemon
app_solicit times for an updated MAC address. If that fails and an old
MAC address is known, a unicast probe is sent
ucast_solicit times. If
that fails too, it will broadcast a new ARP request to the network. Requests
are sent only when there is data queued for sending.
Linux will automatically add a nonpermanent proxy arp entry when it receives a
request for an address it forwards to and proxy arp is enabled on the
receiving interface. When there is a reject route for the target, no proxy arp
entry is added.
Three ioctls are available on all
AF_INET sockets. They take a pointer to
a
struct arpreq as their argument.
struct arpreq {
struct sockaddr arp_pa; /* protocol address */
struct sockaddr arp_ha; /* hardware address */
int arp_flags; /* flags */
struct sockaddr arp_netmask; /* netmask of protocol address */
char arp_dev[16];
};
SIOCSARP,
SIOCDARP and
SIOCGARP respectively set, delete
and get an ARP mapping. Setting and deleting ARP maps are privileged
operations and may be performed only by a process with the
CAP_NET_ADMIN capability or an effective UID of 0.
arp_pa must be an
AF_INET address and
arp_ha must have the
same type as the device which is specified in
arp_dev.
arp_dev
is a zero-terminated string which names a device.
arp_flags |
|
flag |
meaning |
ATF_COM |
Lookup complete |
ATF_PERM |
Permanent entry |
ATF_PUBL |
Publish entry |
ATF_USETRAILERS |
Trailers requested |
ATF_NETMASK |
Use a netmask |
ATF_DONTPUB |
Don't answer |
If the
ATF_NETMASK flag is set, then
arp_netmask should be valid.
Linux 2.2 does not support proxy network ARP entries, so this should be set to
0xffffffff, or 0 to remove an existing proxy arp entry.
ATF_USETRAILERS
is obsolete and should not be used.
ARP supports a range of
/proc interfaces to configure parameters on a
global or per-interface basis. The interfaces can be accessed by reading or
writing the
/proc/sys/net/ipv4/neigh/*/* files. Each interface in the
system has its own directory in
/proc/sys/net/ipv4/neigh/. The setting
in the "default" directory is used for all newly created devices.
Unless otherwise specified, time-related interfaces are specified in seconds.
- anycast_delay (since Linux 2.2)
- The maximum number of jiffies to delay before replying to a IPv6 neighbor
solicitation message. Anycast support is not yet implemented. Defaults to
1 second.
- app_solicit (since Linux 2.2)
- The maximum number of probes to send to the user space ARP daemon via
netlink before dropping back to multicast probes (see
mcast_solicit). Defaults to 0.
- base_reachable_time (since Linux 2.2)
- Once a neighbor has been found, the entry is considered to be valid for at
least a random value between base_reachable_time/2 and
3*base_reachable_time/2. An entry's validity will be extended if it
receives positive feedback from higher level protocols. Defaults to 30
seconds. This file is now obsolete in favor of
base_reachable_time_ms.
- base_reachable_time_ms (since Linux 2.6.12)
- As for base_reachable_time, but measures time in milliseconds.
Defaults to 30000 milliseconds.
- delay_first_probe_time (since Linux 2.2)
- Delay before first probe after it has been decided that a neighbor is
stale. Defaults to 5 seconds.
- gc_interval (since Linux 2.2)
- How frequently the garbage collector for neighbor entries should attempt
to run. Defaults to 30 seconds.
- gc_stale_time (since Linux 2.2)
- Determines how often to check for stale neighbor entries. When a neighbor
entry is considered stale, it is resolved again before sending data to it.
Defaults to 60 seconds.
- gc_thresh1 (since Linux 2.2)
- The minimum number of entries to keep in the ARP cache. The garbage
collector will not run if there are fewer than this number of entries in
the cache. Defaults to 128.
- gc_thresh2 (since Linux 2.2)
- The soft maximum number of entries to keep in the ARP cache. The garbage
collector will allow the number of entries to exceed this for 5 seconds
before collection will be performed. Defaults to 512.
- gc_thresh3 (since Linux 2.2)
- The hard maximum number of entries to keep in the ARP cache. The garbage
collector will always run if there are more than this number of entries in
the cache. Defaults to 1024.
- locktime (since Linux 2.2)
- The minimum number of jiffies to keep an ARP entry in the cache. This
prevents ARP cache thrashing if there is more than one potential mapping
(generally due to network misconfiguration). Defaults to 1 second.
- mcast_solicit (since Linux 2.2)
- The maximum number of attempts to resolve an address by
multicast/broadcast before marking the entry as unreachable. Defaults to
3.
- proxy_delay (since Linux 2.2)
- When an ARP request for a known proxy-ARP address is received, delay up to
proxy_delay jiffies before replying. This is used to prevent
network flooding in some cases. Defaults to 0.8 seconds.
- proxy_qlen (since Linux 2.2)
- The maximum number of packets which may be queued to proxy-ARP addresses.
Defaults to 64.
- retrans_time (since Linux 2.2)
- The number of jiffies to delay before retransmitting a request. Defaults
to 1 second. This file is now obsolete in favor of
retrans_time_ms.
- retrans_time_ms (since Linux 2.6.12)
- The number of milliseconds to delay before retransmitting a request.
Defaults to 1000 milliseconds.
- ucast_solicit (since Linux 2.2)
- The maximum number of attempts to send unicast probes before asking the
ARP daemon (see app_solicit). Defaults to 3.
- unres_qlen (since Linux 2.2)
- The maximum number of packets which may be queued for each unresolved
address by other network layers. Defaults to 3.
The
struct arpreq changed in Linux 2.0 to include the
arp_dev
member and the ioctl numbers changed at the same time. Support for the old
ioctls was dropped in Linux 2.2.
Support for proxy arp entries for networks (netmask not equal 0xffffffff) was
dropped in Linux 2.2. It is replaced by automatic proxy arp setup by the
kernel for all reachable hosts on other interfaces (when forwarding and proxy
arp is enabled for the interface).
The
neigh/* interfaces did not exist before Linux 2.2.
Some timer settings are specified in jiffies, which is architecture- and kernel
version-dependent; see
time(7).
There is no way to signal positive feedback from user space. This means
connection-oriented protocols implemented in user space will generate
excessive ARP traffic, because ndisc will regularly reprobe the MAC address.
The same problem applies for some kernel protocols (e.g., NFS over UDP).
This man page mashes together functionality that is IPv4-specific with
functionality that is shared between IPv4 and IPv6.
capabilities(7),
ip(7),
arpd(8)
RFC 826 for a description of ARP. RFC 2461 for a description of
IPv6 neighbor discovery and the base algorithms used. Linux 2.2+ IPv4 ARP uses
the IPv6 algorithms when applicable.