NAME
arp - Linux的ARP核心模块
描述
这个核心协议模块实现RFC826中定义的 Address Resolution Protocol [译注:即TCP/IP的第三层到第一层的地址转换协议],用于在直接相连的网络中换第二层硬件地址和 Ipv4 协议地址之间的转换。用户除非想对其进行配置,否则一般不会直接操作这个模块。
实际上,它提供对核心中其它协议的服务。
用户进程可以使用 packet(7) 的 sockets,收到 ARP 包(译注:一译分组)。还有一种机制是使用 netlink(7) sockets,在用户空间管理 ARP 缓存的机制。我们也可以通过 ioctl (2) 控制任意 PF_INET socket上的 ARP 表
ARP 模块维护一个硬件地址到协议地址映射的缓存。这个缓存有大小限制,所以不常用的和旧的记录(Entry)将被垃圾收集器清除(garbage-collected),垃圾收集器永远不能删除标为永久的记录。我们可以使用ioctls直接操纵缓冲,并且其性状可以用下面定义的 sysctl 调节。
如果在限定的时间(见下面的sysctl)内,一条现存映射没有肯定反馈时,则认为相邻层的缓存记录失效。为了再次向目标发送数据,ARP将首先试着询问本地arp进程 app_solicit 次,获取更新了的 MAC(介质访问控制)地址。如果失败,并且旧的MAC地址是已知的,则发送 ucast_solicit 次的 unicast probe。如果仍然失败,则将向网络广播一个新的ARP请求,此时要有待发送数据的队列
如果 Linux 接到一个地址请求,而且该地址指向 Linux 转发的地址,并且接收接口打开了代理 arp 时,Linux 将自动添加一条非永久的代理 arp 记录;如果存在拒绝到目标的路由,则不添加代理 arp 记录。
IOCTLS
有三个 ioctl 可以用于所有 PF_INET 的 sockets 中。它们以一个指向 struct arpreq 的指针作为它们的参数。
struct arpreq
{
struct sockaddr arp_pa; /* 协议地址(protocol address)*/
struct sockaddr arp_ha; /* 硬件地址(hardware address) */
int arp_flags; /* 标志(flags) */
struct sockaddr arp_netmask;
/* 协议地址的网络掩码(netmask of protocol address)*/
char arp_dev[16];
};
SIOCSARP, SIOCDARP 和 SIOCGARP 可分贝设置、删除和获取 ARP 映射。设置和删除 ARP 映射是特许操作,只有拥有 CAP_NET_ADMIN 权限的进程或有效UID为0的进程可以执行。
arp_pa 必须是 AF_INET socket,并且 arp_ha 必须有和 arp_dev. 指定的设备相同的类型。 arp_dev 是个以null结束的设备名字符串。
| arp_flags |
|
| 标志(flag) | 含义(meaning) |
| ATF_COM | 查找完成(Lookup complete) |
| ATF_PERM | 永久记录(Permanent entry) |
| ATF_PUBL | 张贴记录(Publish entry) |
| ATF_USETRAILERS | 要求使用后缀(Trailers requested) |
| ATF_NETMASK | 使用网络掩码(Use a netmask) |
| ATF_DONTPUB | 不回复(Don't answer) |
如果设置了 ATF_NETMASK 标志,那么 arp_netmask 必须有效。 Linux 2.2 不支持代理网络 ARP 记录,因此,要设成0xffffffff或者0,以删除现存代理arp记录。这里不使用现存代理arp记录。 ATF_USETRAILERS 已经过时了,不应该继续使用。
SYSCTLS
ARP 支持一个 sysctl 接口,可以用以配置全局参数或逐个网络接口地进行配制。该 sysctl 可以通过 /proc/sys/net/ipv4/neigh/*/* 文件或者使用 sysctl(2) 接口来访问。系统中每个接口都在 /proc/sys/net/ipv4/neigh/. 中有自己的目录。`default'目录中的设置用于所有新建的设备。 sysctl 相关的时间是以秒为单位,除非特别声明过.
- anycast_delay
- 对 IPv6 相邻请求信息的回复的最大延迟时间;目前还不支持 anycast。缺省值为1秒。
- app_solicit
- 这是在使用多路广播探测(multicast probe)前,经过网络连接送到用户间隙ARP端口监控程序的探测(probe)最大数目(见 mcast_solicit )。缺省值为0。
- base_reachable_time
- 一旦发现相邻记录,至少在一段介于 base_reachable_time/2和3*base_reachable_time/2 之间的随机时间内,该记录是有效的。如果收到上层协议的肯定反馈,那么记录的有效期将延长。缺省值是30秒。
- delay_first_probe_time
- 发现某个相邻层记录无效(stale)后,发出第一个探测要等待的时间。 缺省值是5秒。
- gc_interval
- 收集相邻层记录的无用记录的垃圾收集程序的运行周期,缺省为30秒。
- gc_stale_time
- 决定检查一次相邻层记录的有效性的周期。当相邻层记录失效时,将在给它发送数据前,再解析一次。缺省值是60秒。
- gc_thresh1
- 存在于ARP高速缓存中的最少层数,如果少于这个数,垃圾收集器将不会运行。缺省值是128。
- gc_thresh2
- 保存在 ARP 高速缓存中的最多的记录软限制。垃圾收集器在开始收集前,允许记录数超过这个数字 5 秒。缺省值是 512。
- gc_thresh3
- 保存在 ARP 高速缓存中的最多记录的硬限制,一旦高速缓存中的数目高于此,垃圾收集器将马上运行。缺省值是1024。
- locktime
- ARP 记录保存在高速缓存内的最短时间(jiffy数),以防止存在多个可能的映射(potential mapping)时, ARP 高速缓存系统的颠簸 (经常是由于网络的错误配置而引起)。缺省值是 1 秒。
- mcast_solicit
- 在把记录标记为不可抵达的之前,用多路广播/广播(multicast/broadcast)方式解析地址的最大次数。缺省值是3。
- proxy_delay
- 当接收到有一个请求已知的代理 ARP 地址的 ARP 请求时,在回应前可以延迟的 jiffy(时间单位,见BUG)数目。这样,以防止网络风暴。缺省值是0.8秒。
- proxy_qlen
- 能放入代理 ARP 地址队列(proxy-ARP addresses)的数据包最大数目。缺省值是64。
- retrans_time
- 重发一个请求前的等待 jiffy(时间单位,见BUG)的数目。缺省值是1秒。
- ucast_solicit
- 询问ARP端口监控程序前,试图发送单探测(unicast probe)的次数。 (见 app_solicit). 缺省值是3秒。
- unres_qlen
- 每个没有被其它网络层解析的地址,在队列中可存放包的最大数目。缺省值是3.
BUGS
时钟设置的时间单位 jiffy,跟硬件体系有关。在 Alpha 上,一个 jiffy 是 1/1024 秒,而在其它机器上,是 1/100 秒。
目前还没有办法从用户空间发送肯定反馈。这意味着在用户空间实现的面向连接的协议(connection oriented protocols)将产生大量的 ARP 通讯。因为ndisc将重新探测MAC地址。内核 NFS 的实现也存在同样的问题。
这个手册页主要讲 IPv4 规范并且共享 IPv4 和 IPv6 的功能.
版本
Linux 2.0中的 struct arpreq, 添加了 arp_dev ,同时 ioctl 数目也改变了。在 Linux 2.2 中将不再支持旧的ioctl。
在 Linux 2.2 中,取消了对网络代理 arp 记录(网络掩码不是0xffffffff)的支持。这个功能被内核设置的一个自动代理 arp 取代,这个自动代理 arp 用于所有位于其它接上的可到达的主机(如果该接口的转发和代理 arp 打开了)。
另见
ip(7)
#p#
NAME
arp - Linux ARP kernel module.
DESCRIPTION
This kernel protocol module implements the Address Resolution Protocol defined in RFC 826. It is used to convert between Layer2 hardware addresses and IPv4 protocol addresses on directly connected networks. The user normally doesn't interact directly with this module except to configure it; instead it provides a service for other protocols in the kernel.
A user process can receive ARP packets by using packet(7) sockets. There is also a mechanism for managing the ARP cache in user-space by using netlink(7) sockets. The ARP table can also be controlled via ioctl (2) on any PF_INET socket.
The ARP module maintains a cache of mappings between hardware addresses and protocol addresses. The cache has a limited size so old and less frequently used entries are garbage-collected. Entries which are marked as permanent are never deleted by the garbage-collector. The cache can be directly manipulated by the use of ioctls and its behaviour can be tuned by the sysctls defined below.
When there is no positive feedback for an existing mapping after some time (see the sysctls below) a neighbour cache entry is considered stale. Positive feedback can be gotten from a higher layer; for example from a successful TCP ACK. Other protocols can signal forward progress using the MSG_CONFIRM flag to sendmsg(2). When there is no forward progress ARP tries to reprobe. It first tries to ask a local arp daemon app_solicit times for an updated MAC address. If that fails and an old MAC address is known an unicast probe is send ucast_solicit times. If that fails too it will broadcast a new ARP request to the network. Requests are only send when there is data queued for sending.
Linux will automatically add a non-permanent proxy arp entry when it receives a request for an address it forwards to and proxy arp is enabled on the receiving interface. When there is a reject route for the target no proxy arp entry is added.
IOCTLS
Three ioctls are available on all PF_INET sockets. They take a pointer to a struct arpreq as their parameter.
struct arpreq
{
struct sockaddr arp_pa; /* protocol address */
struct sockaddr arp_ha; /* hardware address */
int arp_flags; /* flags */
struct sockaddr arp_netmask; /* netmask of protocol address */
char arp_dev[16];
};
SIOCSARP, SIOCDARP and SIOCGARP respectively set, delete and get an ARP mapping. Setting & deleting ARP maps are privileged operations and may only be performed by a process with the CAP_NET_ADMIN capability or an effective UID of 0.
arp_pa must be an AF_INET socket and arp_ha must have the same type as the device which is specified in arp_dev. arp_dev is a zero-terminated string which names a device.
| arp_flags |
|
| flag | meaning |
| ATF_COM | Lookup complete |
| ATF_PERM | Permanent entry |
| ATF_PUBL | Publish entry |
| ATF_USETRAILERS | Trailers requested |
| ATF_NETMASK | Use a netmask |
| ATF_DONTPUB | Don't answer |
If the ATF_NETMASK flag is set, then arp_netmask should be valid. Linux 2.2 does not support proxy network ARP entries, so this should be set to 0xffffffff, or 0 to remove an existing proxy arp entry. ATF_USETRAILERS is obsolete and should not be used.
SYSCTLS
ARP supports a sysctl interface to configure parameters on a global or per-interface basis. The sysctls can be accessed by reading or writing the /proc/sys/net/ipv4/neigh/*/* files or with the sysctl(2) interface. Each interface in the system has its own directory in /proc/sys/net/ipv4/neigh/. The setting in the `default' directory is used for all newly created devices. Unless otherwise specified time related sysctls are specified in seconds.
- anycast_delay
- The maximum number of jiffies to delay before replying to a IPv6 neighbour solicitation message. Anycast support is not yet implemented. Defaults to 1 second.
- app_solicit
- The maximum number of probes to send to the user space ARP daemon via netlink before dropping back to multicast probes (see mcast_solicit). Defaults to 0.
- base_reachable_time
- Once a neighbour has been found, the entry is considered to be valid for at least a random value between base_reachable_time/2 and 3*base_reachable_time/2. An entry's validity will be extended if it receives positive feedback from higher level protocols. Defaults to 30 seconds.
- delay_first_probe_time
- Delay before first probe after it has been decided that a neighbour is stale. Defaults to 5 seconds.
- gc_interval
- How frequently the garbage collector for neighbour entries should attempt to run. Defaults to 30 seconds.
- gc_stale_time
- Determines how often to check for stale neighbour entries. When a neighbour entry is considered stale it is resolved again before sending data to it. Defaults to 60 seconds.
- gc_thresh1
- The minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. Defaults to 128.
- gc_thresh2
- The soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. Defaults to 512.
- gc_thresh3
- The hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. Defaults to 1024.
- locktime
- The minimum number of jiffies to keep an ARP entry in the cache. This prevents ARP cache thrashing if there is more than one potential mapping (generally due to network misconfiguration). Defaults to 1 second.
- mcast_solicit
- The maximum number of attempts to resolve an address by multicast/broadcast before marking the entry as unreachable. Defaults to 3.
- proxy_delay
- When an ARP request for a known proxy-ARP address is received, delay up to proxy_delay jiffies before replying. This is used to prevent network flooding in some cases. Defaults to 0.8 seconds.
- proxy_qlen
- The maximum number of packets which may be queued to proxy-ARP addresses. Defaults to 64.
- retrans_time
- The number of jiffies to delay before retransmitting a request. Defaults to 1 second.
- ucast_solicit
- The maximum number of attempts to send unicast probes before asking the ARP daemon (see app_solicit). Defaults to 3.
- unres_qlen
- The maximum number of packets which may be queued for each unresolved address by other network layers. Defaults to 3.
BUGS
Some timer settings are specified in jiffies, which is architecture related. On the Alpha a jiffy is 1/1024 of a second, on most other architectures it is 1/100s.
There is no way to signal positive feedback from user space. This means connection oriented protocols implemented in user space will generate excessive ARP traffic, because ndisc will regularly reprobe the MAC address. The same problem applies for some kernel protocols (e.g. NFS over UDP).
This man page mashes IPv4 specific and shared between IPv4 and IPv6 functionality together.
VERSIONS
The struct arpreq changed in Linux 2.0 to include the arp_dev member and the ioctl numbers changed at the same time. Support for the old ioctls was dropped in Linux 2.2.
Support for proxy arp entries for networks (netmask not equal 0xffffffff) was dropped in Linux 2.2. It is replaced by automatic proxy arp setup by the kernel for all reachable hosts on other interfaces (when forwarding and proxy arp is enabled for the interface).
The neigh/* sysctls did not exist before Linux 2.2.
SEE ALSO
ip(7)
