1IP(7) Linux Programmer's Manual IP(7)
2
6 ip - Linux IPv4 protocol implementation
7
9 #include <sys/socket.h>
10 #include <netinet/in.h>
11 #include <netinet/ip.h> /* superset of previous */
12 tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
14 udp_socket = socket(AF_INET, SOCK_DGRAM, 0);
15 raw_socket = socket(AF_INET, SOCK_RAW, protocol);
16
18 Linux implements the Internet Protocol, version 4, described in RFC 791
19 and RFC 1122. ip contains a level 2 multicasting implementation con‐
20 forming to RFC 1112. It also contains an IP router including a packet
21 filter.
22 The programming interface is BSD-sockets compatible. For more informa‐
24 tion on sockets, see socket(7).
25 An IP socket is created by calling the socket(2) function as
27 socket(AF_INET, socket_type, protocol). Valid socket types are
28 SOCK_STREAM to open a tcp(7) socket, SOCK_DGRAM to open a udp(7)
29 socket, or SOCK_RAW to open a raw(7) socket to access the IP protocol
30 directly. protocol is the IP protocol in the IP header to be received
31 or sent. The only valid values for protocol are 0 and IPPROTO_TCP for
32 TCP sockets, and 0 and IPPROTO_UDP for UDP sockets. For SOCK_RAW you
33 may specify a valid IANA IP protocol defined in RFC 1700 assigned num‐
34 bers.
35 When a process wants to receive new incoming packets or connections, it
37 should bind a socket to a local interface address using bind(2). In
38 this case, only one IP socket may be bound to any given local (address,
39 port) pair. When INADDR_ANY is specified in the bind call, the socket
40 will be bound to all local interfaces. When listen(2) is called on an
41 unbound socket, the socket is automatically bound to a random free port
42 with the local address set to INADDR_ANY. When connect(2) is called on
43 an unbound socket, the socket is automatically bound to a random free
44 port or to a usable shared port with the local address set to
45 INADDR_ANY.
46 A TCP local socket address that has been bound is unavailable for some
48 time after closing, unless the SO_REUSEADDR flag has been set. Care
49 should be taken when using this flag as it makes TCP less reliable.
50 Address format
52 An IP socket address is defined as a combination of an IP interface
53 address and a 16-bit port number. The basic IP protocol does not sup‐
54 ply port numbers, they are implemented by higher level protocols like
55 udp(7) and tcp(7). On raw sockets sin_port is set to the IP protocol.
56 struct sockaddr_in {
58 sa_family_t sin_family; /* address family: AF_INET */
59 in_port_t sin_port; /* port in network byte order */
60 struct in_addr sin_addr; /* internet address */
61 };
62 /* Internet address. */
64 struct in_addr {
65 uint32_t s_addr; /* address in network byte order */
66 };
67 sin_family is always set to AF_INET. This is required; in Linux 2.2
69 most networking functions return EINVAL when this setting is missing.
70 sin_port contains the port in network byte order. The port numbers
71 below 1024 are called privileged ports (or sometimes: reserved ports).
72 Only privileged processes (i.e., those having the CAP_NET_BIND_SERVICE
73 capability) may bind(2) to these sockets. Note that the raw IPv4 pro‐
74 tocol as such has no concept of a port, they are implemented only by
75 higher protocols like tcp(7) and udp(7).
76 sin_addr is the IP host address. The s_addr member of struct in_addr
78 contains the host interface address in network byte order. in_addr
79 should be assigned one of the INADDR_* values (e.g., INADDR_ANY) or set
80 using the inet_aton(3), inet_addr(3), inet_makeaddr(3) library func‐
81 tions or directly with the name resolver (see gethostbyname(3)).
82 IPv4 addresses are divided into unicast, broadcast and multicast
84 addresses. Unicast addresses specify a single interface of a host,
85 broadcast addresses specify all hosts on a network and multicast
86 addresses address all hosts in a multicast group. Datagrams to broad‐
87 cast addresses can be sent or received only when the SO_BROADCAST
88 socket flag is set. In the current implementation, connection-oriented
89 sockets are allowed to use only unicast addresses.
90 Note that the address and the port are always stored in network byte
92 order. In particular, this means that you need to call htons(3) on the
93 number that is assigned to a port. All address/port manipulation func‐
94 tions in the standard library work in network byte order.
95 There are several special addresses: INADDR_LOOPBACK (127.0.0.1) always
97 refers to the local host via the loopback device; INADDR_ANY (0.0.0.0)
98 means any address for binding; INADDR_BROADCAST (255.255.255.255) means
99 any host and has the same effect on bind as INADDR_ANY for historical
100 reasons.
101 Socket options
103 IP supports some protocol-specific socket options that can be set with
104 setsockopt(2) and read with getsockopt(2). The socket option level for
105 IP is IPPROTO_IP. A boolean integer flag is zero when it is false,
106 otherwise true.
107 IP_ADD_MEMBERSHIP (since Linux 1.2)
109 Join a multicast group. Argument is an ip_mreqn structure.
110 struct ip_mreqn {
112 struct in_addr imr_multiaddr; /* IP multicast group
113 address */
114 struct in_addr imr_address; /* IP address of local
115 interface */
116 int imr_ifindex; /* interface index */
117 };
118 imr_multiaddr contains the address of the multicast group the
120 application wants to join or leave. It must be a valid multi‐
121 cast address (or setsockopt(2) fails with the error EINVAL).
122 imr_address is the address of the local interface with which the
123 system should join the multicast group; if it is equal to
124 INADDR_ANY an appropriate interface is chosen by the system.
125 imr_ifindex is the interface index of the interface that should
126 join/leave the imr_multiaddr group, or 0 to indicate any inter‐
127 face.
128 The ip_mreqn structure is available only since Linux 2.2. For
130 compatibility, the old ip_mreq structure (present since Linux
131 1.2) is still supported; it differs from ip_mreqn only by not
132 including the imr_ifindex field. Only valid as a setsockopt(2).
133 IP_ADD_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
135 Join a multicast group and allow receiving data only from a
136 specified source. Argument is an ip_mreq_source structure.
137 struct ip_mreq_source {
139 struct in_addr imr_multiaddr; /* IP multicast group
140 address */
141 struct in_addr imr_interface; /* IP address of local
142 interface */
143 struct in_addr imr_sourceaddr; /* IP address of
144 multicast source */
145 };
146 The ip_mreq_source structure is similar to ip_mreqn described
148 under IP_ADD_MEMBERSIP. The imr_multiaddr field contains the
149 address of the multicast group the application wants to join or
150 leave. The imr_interface field is the address of the local
151 interface with which the system should join the multicast group.
152 Finally, the imr_sourceaddr field contains the address of the
153 source the application wants to receive data from.
154 This option can be used multiple times to allow receiving data
156 from more than one source.
157 IP_BLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
159 Stop receiving multicast data from a specific source in a given
160 group. This is valid only after the application has subscribed
161 to the multicast group using either IP_ADD_MEMBERSHIP or
162 IP_ADD_SOURCE_MEMBERSHIP.
163 Argument is an ip_mreq_source structure as described under
165 IP_ADD_SOURCE_MEMBERSHIP.
166 IP_DROP_MEMBERSHIP (since Linux 1.2)
168 Leave a multicast group. Argument is an ip_mreqn or ip_mreq
169 structure similar to IP_ADD_MEMBERSHIP.
170 IP_DROP_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
172 Leave a source-specific group—that is, stop receiving data from
173 a given multicast group that come from a given source. If the
174 application has subscribed to multiple sources within the same
175 group, data from the remaining sources will still be delivered.
176 To stop receiving data from all sources at once, use
177 IP_LEAVE_GROUP.
178 Argument is an ip_mreq_source structure as described under
180 IP_ADD_SOURCE_MEMBERSHIP.
181 IP_FREEBIND (since Linux 2.4)
183 If enabled, this boolean option allows binding to an IP address
184 that is nonlocal or does not (yet) exist. This permits listen‐
185 ing on a socket, without requiring the underlying network inter‐
186 face or the specified dynamic IP address to be up at the time
187 that the application is trying to bind to it. This option is
188 the per-socket equivalent of the ip_nonlocal_bind /proc inter‐
189 face described below.
190 IP_HDRINCL (since Linux 2.0)
192 If enabled, the user supplies an IP header in front of the user
193 data. Only valid for SOCK_RAW sockets. See raw(7) for more
194 information. When this flag is enabled the values set by
195 IP_OPTIONS, IP_TTL and IP_TOS are ignored.
196 IP_MSFILTER (since Linux 2.4.22 / 2.5.68)
198 This option provides access to the advanced full-state filtering
199 API. Argument is an ip_msfilter structure.
200 struct ip_msfilter {
202 struct in_addr imsf_multiaddr; /* IP multicast group
203 address */
204 struct in_addr imsf_interface; /* IP address of local
205 interface */
206 uint32_t imsf_fmode; /* Filter-mode */
207 uint32_t imsf_numsrc; /* Number of sources in
209 the following array */
210 struct in_addr imsf_slist[1]; /* Array of source
211 addresses */
212 };
213 There are two macros, MCAST_INCLUDE and MCAST_EXCLUDE, which can
215 be used to specify the filtering mode. Additionally, the
216 IP_MSFILTER_SIZE(n) macro exists to determine how much memory is
217 needed to store ip_msfilter structure with n sources in the
218 source list.
219 For the full description of multicast source filtering refer to
221 RFC 3376.
222 IP_MTU (since Linux 2.2)
224 Retrieve the current known path MTU of the current socket.
225 Valid only when the socket has been connected. Returns an inte‐
226 ger. Only valid as a getsockopt(2).
227 IP_MTU_DISCOVER (since Linux 2.2)
229 Set or receive the Path MTU Discovery setting for a socket.
230 When enabled, Linux will perform Path MTU Discovery as defined
231 in RFC 1191 on SOCK_STREAM sockets. For non-SOCK_STREAM sock‐
232 ets, IP_PMTUDISC_DO forces the don't-fragment flag to be set on
233 all outgoing packets. It is the user's responsibility to packe‐
234 tize the data in MTU-sized chunks and to do the retransmits if
235 necessary. The kernel will reject (with EMSGSIZE) datagrams
236 that are bigger than the known path MTU. IP_PMTUDISC_WANT will
237 fragment a datagram if needed according to the path MTU, or will
238 set the don't-fragment flag otherwise.
239 The system-wide default can be toggled between IP_PMTUDISC_WANT
241 and IP_PMTUDISC_DONT by writing (respectively, zero and nonzero
242 values) to the /proc/sys/net/ipv4/ip_no_pmtu_disc file.
243 Path MTU discovery value Meaning
245 IP_PMTUDISC_WANT Use per-route settings.
246 IP_PMTUDISC_DONT Never do Path MTU Discovery.
247 IP_PMTUDISC_DO Always do Path MTU Discovery.
248 IP_PMTUDISC_PROBE Set DF but ignore Path MTU.
249 When PMTU discovery is enabled, the kernel automatically keeps
251 track of the path MTU per destination host. When it is con‐
252 nected to a specific peer with connect(2), the currently known
253 path MTU can be retrieved conveniently using the IP_MTU socket
254 option (e.g., after an EMSGSIZE error occurred). The path MTU
255 may change over time. For connectionless sockets with many des‐
256 tinations, the new MTU for a given destination can also be
257 accessed using the error queue (see IP_RECVERR). A new error
258 will be queued for every incoming MTU update.
259 While MTU discovery is in progress, initial packets from data‐
261 gram sockets may be dropped. Applications using UDP should be
262 aware of this and not take it into account for their packet
263 retransmit strategy.
264 To bootstrap the path MTU discovery process on unconnected sock‐
266 ets, it is possible to start with a big datagram size (up to
267 64K-headers bytes long) and let it shrink by updates of the path
268 MTU.
269 To get an initial estimate of the path MTU, connect a datagram
271 socket to the destination address using connect(2) and retrieve
272 the MTU by calling getsockopt(2) with the IP_MTU option.
273 It is possible to implement RFC 4821 MTU probing with SOCK_DGRAM
275 or SOCK_RAW sockets by setting a value of IP_PMTUDISC_PROBE
276 (available since Linux 2.6.22). This is also particularly use‐
277 ful for diagnostic tools such as tracepath(8) that wish to
278 deliberately send probe packets larger than the observed Path
279 MTU.
280 IP_MULTICAST_ALL (since Linux 2.6.31)
282 This option can be used to modify the delivery policy of multi‐
283 cast messages to sockets bound to the wildcard INADDR_ANY
284 address. The argument is a boolean integer (defaults to 1). If
285 set to 1, the socket will receive messages from all the groups
286 that have been joined globally on the whole system. Otherwise,
287 it will deliver messages only from the groups that have been
288 explicitly joined (for example via the IP_ADD_MEMBERSHIP option)
289 on this particular socket.
290 IP_MULTICAST_IF (since Linux 1.2)
292 Set the local device for a multicast socket. Argument is an
293 ip_mreqn or ip_mreq structure similar to IP_ADD_MEMBERSHIP.
294 When an invalid socket option is passed, ENOPROTOOPT is
296 returned.
297 IP_MULTICAST_LOOP (since Linux 1.2)
299 Set or read a boolean integer argument that determines whether
300 sent multicast packets should be looped back to the local sock‐
301 ets.
302 IP_MULTICAST_TTL (since Linux 1.2)
304 Set or read the time-to-live value of outgoing multicast packets
305 for this socket. It is very important for multicast packets to
306 set the smallest TTL possible. The default is 1 which means
307 that multicast packets don't leave the local network unless the
308 user program explicitly requests it. Argument is an integer.
309 IP_NODEFRAG (since Linux 2.6.36)
311 If enabled (argument is nonzero), the reassembly of outgoing
312 packets is disabled in the netfilter layer. This option is
313 valid only for SOCK_RAW sockets. The argument is an integer.
314 IP_OPTIONS (since Linux 2.0)
316 Set or get the IP options to be sent with every packet from this
317 socket. The arguments are a pointer to a memory buffer contain‐
318 ing the options and the option length. The setsockopt(2) call
319 sets the IP options associated with a socket. The maximum
320 option size for IPv4 is 40 bytes. See RFC 791 for the allowed
321 options. When the initial connection request packet for a
322 SOCK_STREAM socket contains IP options, the IP options will be
323 set automatically to the options from the initial packet with
324 routing headers reversed. Incoming packets are not allowed to
325 change options after the connection is established. The pro‐
326 cessing of all incoming source routing options is disabled by
327 default and can be enabled by using the accept_source_route
328 /proc interface. Other options like timestamps are still han‐
329 dled. For datagram sockets, IP options can be only set by the
330 local user. Calling getsockopt(2) with IP_OPTIONS puts the cur‐
331 rent IP options used for sending into the supplied buffer.
332 IP_PKTINFO (since Linux 2.2)
334 Pass an IP_PKTINFO ancillary message that contains a pktinfo
335 structure that supplies some information about the incoming
336 packet. This only works for datagram oriented sockets. The
337 argument is a flag that tells the socket whether the IP_PKTINFO
338 message should be passed or not. The message itself can only be
339 sent/retrieved as control message with a packet using recvmsg(2)
340 or sendmsg(2).
341 struct in_pktinfo {
343 unsigned int ipi_ifindex; /* Interface index */
344 struct in_addr ipi_spec_dst; /* Local address */
345 struct in_addr ipi_addr; /* Header Destination
346 address */
347 };
348 ipi_ifindex is the unique index of the interface the packet was
350 received on. ipi_spec_dst is the local address of the packet
351 and ipi_addr is the destination address in the packet header.
352 If IP_PKTINFO is passed to sendmsg(2) and ipi_spec_dst is not
353 zero, then it is used as the local source address for the rout‐
354 ing table lookup and for setting up IP source route options.
355 When ipi_ifindex is not zero, the primary local address of the
356 interface specified by the index overwrites ipi_spec_dst for the
357 routing table lookup.
358 IP_RECVERR (since Linux 2.2)
360 Enable extended reliable error message passing. When enabled on
361 a datagram socket, all generated errors will be queued in a per-
362 socket error queue. When the user receives an error from a
363 socket operation, the errors can be received by calling
364 recvmsg(2) with the MSG_ERRQUEUE flag set. The
365 sock_extended_err structure describing the error will be passed
366 in an ancillary message with the type IP_RECVERR and the level
367 IPPROTO_IP. This is useful for reliable error handling on
368 unconnected sockets. The received data portion of the error
369 queue contains the error packet.
370 The IP_RECVERR control message contains a sock_extended_err
372 structure:
373 #define SO_EE_ORIGIN_NONE 0
375 #define SO_EE_ORIGIN_LOCAL 1
376 #define SO_EE_ORIGIN_ICMP 2
377 #define SO_EE_ORIGIN_ICMP6 3
378 struct sock_extended_err {
380 uint32_t ee_errno; /* error number */
381 uint8_t ee_origin; /* where the error originated */
382 uint8_t ee_type; /* type */
383 uint8_t ee_code; /* code */
384 uint8_t ee_pad;
385 uint32_t ee_info; /* additional information */
386 uint32_t ee_data; /* other data */
387 /* More data may follow */
388 };
389 struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);
391 ee_errno contains the errno number of the queued error. ee_ori‐
393 gin is the origin code of where the error originated. The other
394 fields are protocol-specific. The macro SO_EE_OFFENDER returns
395 a pointer to the address of the network object where the error
396 originated from given a pointer to the ancillary message. If
397 this address is not known, the sa_family member of the sockaddr
398 contains AF_UNSPEC and the other fields of the sockaddr are
399 undefined.
400 IP uses the sock_extended_err structure as follows: ee_origin is
402 set to SO_EE_ORIGIN_ICMP for errors received as an ICMP packet,
403 or SO_EE_ORIGIN_LOCAL for locally generated errors. Unknown
404 values should be ignored. ee_type and ee_code are set from the
405 type and code fields of the ICMP header. ee_info contains the
406 discovered MTU for EMSGSIZE errors. The message also contains
407 the sockaddr_in of the node caused the error, which can be
408 accessed with the SO_EE_OFFENDER macro. The sin_family field of
409 the SO_EE_OFFENDER address is AF_UNSPEC when the source was
410 unknown. When the error originated from the network, all IP
411 options (IP_OPTIONS, IP_TTL, etc.) enabled on the socket and
412 contained in the error packet are passed as control messages.
413 The payload of the packet causing the error is returned as nor‐
414 mal payload. Note that TCP has no error queue; MSG_ERRQUEUE is
415 not permitted on SOCK_STREAM sockets. IP_RECVERR is valid for
416 TCP, but all errors are returned by socket function return or
417 SO_ERROR only.
418 For raw sockets, IP_RECVERR enables passing of all received ICMP
420 errors to the application, otherwise errors are only reported on
421 connected sockets
422 It sets or retrieves an integer boolean flag. IP_RECVERR
424 defaults to off.
425 IP_RECVOPTS (since Linux 2.2)
427 Pass all incoming IP options to the user in a IP_OPTIONS control
428 message. The routing header and other options are already
429 filled in for the local host. Not supported for SOCK_STREAM
430 sockets.
431 IP_RECVORIGDSTADDR (since Linux 2.6.29)
433 This boolean option enables the IP_ORIGDSTADDR ancillary message
434 in recvmsg(2), in which the kernel returns the original destina‐
435 tion address of the datagram being received. The ancillary mes‐
436 sage contains a struct sockaddr_in.
437 IP_RECVTOS (since Linux 2.2)
439 If enabled the IP_TOS ancillary message is passed with incoming
440 packets. It contains a byte which specifies the Type of Ser‐
441 vice/Precedence field of the packet header. Expects a boolean
442 integer flag.
443 IP_RECVTTL (since Linux 2.2)
445 When this flag is set, pass a IP_TTL control message with the
446 time to live field of the received packet as a byte. Not sup‐
447 ported for SOCK_STREAM sockets.
448 IP_RETOPTS (since Linux 2.2)
450 Identical to IP_RECVOPTS, but returns raw unprocessed options
451 with timestamp and route record options not filled in for this
452 hop.
453 IP_ROUTER_ALERT (since Linux 2.2)
455 Pass all to-be forwarded packets with the IP Router Alert option
456 set to this socket. Only valid for raw sockets. This is use‐
457 ful, for instance, for user-space RSVP daemons. The tapped
458 packets are not forwarded by the kernel; it is the user's
459 responsibility to send them out again. Socket binding is
460 ignored, such packets are only filtered by protocol. Expects an
461 integer flag.
462 IP_TOS (since Linux 1.0)
464 Set or receive the Type-Of-Service (TOS) field that is sent with
465 every IP packet originating from this socket. It is used to
466 prioritize packets on the network. TOS is a byte. There are
467 some standard TOS flags defined: IPTOS_LOWDELAY to minimize
468 delays for interactive traffic, IPTOS_THROUGHPUT to optimize
469 throughput, IPTOS_RELIABILITY to optimize for reliability,
470 IPTOS_MINCOST should be used for "filler data" where slow trans‐
471 mission doesn't matter. At most one of these TOS values can be
472 specified. Other bits are invalid and shall be cleared. Linux
473 sends IPTOS_LOWDELAY datagrams first by default, but the exact
474 behavior depends on the configured queueing discipline. Some
475 high priority levels may require superuser privileges (the
476 CAP_NET_ADMIN capability). The priority can also be set in a
477 protocol independent way by the (SOL_SOCKET, SO_PRIORITY) socket
478 option (see socket(7)).
479 IP_TRANSPARENT (since Linux 2.6.24)
481 Setting this boolean option enables transparent proxying on this
482 socket. This socket option allows the calling application to
483 bind to a nonlocal IP address and operate both as a client and a
484 server with the foreign address as the local endpoint. NOTE:
485 this requires that routing be set up in a way that packets going
486 to the foreign address are routed through the TProxy box.
487 Enabling this socket option requires superuser privileges (the
488 CAP_NET_ADMIN capability).
489 TProxy redirection with the iptables TPROXY target also requires
491 that this option be set on the redirected socket.
492 IP_TTL (since Linux 1.0)
494 Set or retrieve the current time-to-live field that is used in
495 every packet sent from this socket.
496 IP_UNBLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
498 Unblock previously blocked multicast source. Returns EADDRNO‐
499 TAVAIL when given source is not being blocked.
500 Argument is an ip_mreq_source structure as described under
502 IP_ADD_SOURCE_MEMBERSHIP.
503 /proc interfaces
505 The IP protocol supports a set of /proc interfaces to configure some
506 global parameters. The parameters can be accessed by reading or writ‐
507 ing files in the directory /proc/sys/net/ipv4/. Interfaces described
508 as Boolean take an integer value, with a nonzero value ("true") meaning
509 that the corresponding option is enabled, and a zero value ("false")
510 meaning that the option is disabled.
511 ip_always_defrag (Boolean; since Linux 2.2.13)
513 [New with kernel 2.2.13; in earlier kernel versions this feature
514 was controlled at compile time by the CONFIG_IP_ALWAYS_DEFRAG
515 option; this option is not present in 2.4.x and later]
516 When this boolean flag is enabled (not equal 0), incoming frag‐
518 ments (parts of IP packets that arose when some host between
519 origin and destination decided that the packets were too large
520 and cut them into pieces) will be reassembled (defragmented)
521 before being processed, even if they are about to be forwarded.
522 Only enable if running either a firewall that is the sole link
524 to your network or a transparent proxy; never ever use it for a
525 normal router or host. Otherwise fragmented communication can
526 be disturbed if the fragments travel over different links.
527 Defragmentation also has a large memory and CPU time cost.
528 This is automagically turned on when masquerading or transparent
530 proxying are configured.
531 ip_autoconfig (since Linux 2.2 to 2.6.17)
533 Not documented.
534 ip_default_ttl (integer; default: 64; since Linux 2.2)
536 Set the default time-to-live value of outgoing packets. This
537 can be changed per socket with the IP_TTL option.
538 ip_dynaddr (Boolean; default: disabled; since Linux 2.0.31)
540 Enable dynamic socket address and masquerading entry rewriting
541 on interface address change. This is useful for dialup inter‐
542 face with changing IP addresses. 0 means no rewriting, 1 turns
543 it on and 2 enables verbose mode.
544 ip_forward (Boolean; default: disabled; since Linux 1.2)
546 Enable IP forwarding with a boolean flag. IP forwarding can be
547 also set on a per-interface basis.
548 ip_local_port_range (since Linux 2.2)
550 Contains two integers that define the default local port range
551 allocated to sockets. Allocation starts with the first number
552 and ends with the second number. Note that these should not
553 conflict with the ports used by masquerading (although the case
554 is handled). Also arbitrary choices may cause problems with
555 some firewall packet filters that make assumptions about the
556 local ports in use. First number should be at least greater
557 than 1024, or better, greater than 4096, to avoid clashes with
558 well known ports and to minimize firewall problems.
559 ip_no_pmtu_disc (Boolean; default: disabled; since Linux 2.2)
561 If enabled, don't do Path MTU Discovery for TCP sockets by
562 default. Path MTU discovery may fail if misconfigured firewalls
563 (that drop all ICMP packets) or misconfigured interfaces (e.g.,
564 a point-to-point link where the both ends don't agree on the
565 MTU) are on the path. It is better to fix the broken routers on
566 the path than to turn off Path MTU Discovery globally, because
567 not doing it incurs a high cost to the network.
568 ip_nonlocal_bind (Boolean; default: disabled; since Linux 2.4)
570 If set, allows processes to bind(2) to nonlocal IP addresses,
571 which can be quite useful, but may break some applications.
572 ip6frag_time (integer; default: 30)
574 Time in seconds to keep an IPv6 fragment in memory.
575 ip6frag_secret_interval (integer; default: 600)
577 Regeneration interval (in seconds) of the hash secret (or life‐
578 time for the hash secret) for IPv6 fragments.
579 ipfrag_high_thresh (integer), ipfrag_low_thresh (integer)
581 If the amount of queued IP fragments reaches ipfrag_high_thresh,
582 the queue is pruned down to ipfrag_low_thresh. Contains an
583 integer with the number of bytes.
584 neigh/*
586 See arp(7).
587 Ioctls
589 All ioctls described in socket(7) apply to ip.
590 Ioctls to configure generic device parameters are described in netde‐
592 vice(7).
593
595 EACCES The user tried to execute an operation without the necessary
596 permissions. These include: sending a packet to a broadcast
597 address without having the SO_BROADCAST flag set; sending a
598 packet via a prohibit route; modifying firewall settings without
599 superuser privileges (the CAP_NET_ADMIN capability); binding to
600 a privileged port without superuser privileges (the
601 CAP_NET_BIND_SERVICE capability).
602 EADDRINUSE
604 Tried to bind to an address already in use.
605 EADDRNOTAVAIL
607 A nonexistent interface was requested or the requested source
608 address was not local.
609 EAGAIN Operation on a nonblocking socket would block.
611 EALREADY
613 An connection operation on a nonblocking socket is already in
614 progress.
615 ECONNABORTED
617 A connection was closed during an accept(2).
618 EHOSTUNREACH
620 No valid routing table entry matches the destination address.
621 This error can be caused by a ICMP message from a remote router
622 or for the local routing table.
623 EINVAL Invalid argument passed. For send operations this can be caused
625 by sending to a blackhole route.
626 EISCONN
628 connect(2) was called on an already connected socket.
629 EMSGSIZE
631 Datagram is bigger than an MTU on the path and it cannot be
632 fragmented.
633 ENOBUFS, ENOMEM
635 Not enough free memory. This often means that the memory allo‐
636 cation is limited by the socket buffer limits, not by the system
637 memory, but this is not 100% consistent.
638 ENOENT SIOCGSTAMP was called on a socket where no packet arrived.
640 ENOPKG A kernel subsystem was not configured.
642 ENOPROTOOPT and EOPNOTSUPP
644 Invalid socket option passed.
645 ENOTCONN
647 The operation is defined only on a connected socket, but the
648 socket wasn't connected.
649 EPERM User doesn't have permission to set high priority, change con‐
651 figuration, or send signals to the requested process or group.
652 EPIPE The connection was unexpectedly closed or shut down by the other
654 end.
655 ESOCKTNOSUPPORT
657 The socket is not configured or an unknown socket type was
658 requested.
659 Other errors may be generated by the overlaying protocols; see tcp(7),
661 raw(7), udp(7) and socket(7).
662
664 IP_FREEBIND, IP_MSFILTER, IP_MTU, IP_MTU_DISCOVER, IP_RECVORIGDSTADDR,
665 IP_PKTINFO, IP_RECVERR, IP_ROUTER_ALERT, and IP_TRANSPARENT are Linux-
666 specific.
667 Be very careful with the SO_BROADCAST option - it is not privileged in
669 Linux. It is easy to overload the network with careless broadcasts.
670 For new application protocols it is better to use a multicast group
671 instead of broadcasting. Broadcasting is discouraged.
672 Some other BSD sockets implementations provide IP_RCVDSTADDR and
674 IP_RECVIF socket options to get the destination address and the inter‐
675 face of received datagrams. Linux has the more general IP_PKTINFO for
676 the same task.
677 Some BSD sockets implementations also provide an IP_RECVTTL option, but
679 an ancillary message with type IP_RECVTTL is passed with the incoming
680 packet. This is different from the IP_TTL option used in Linux.
681 Using SOL_IP socket options level isn't portable, BSD-based stacks use
683 IPPROTO_IP level.
684 Compatibility
686 For compatibility with Linux 2.0, the obsolete socket(AF_INET,
687 SOCK_PACKET, protocol) syntax is still supported to open a packet(7)
688 socket. This is deprecated and should be replaced by socket(AF_PACKET,
689 SOCK_RAW, protocol) instead. The main difference is the new sock‐
690 addr_ll address structure for generic link layer information instead of
691 the old sockaddr_pkt.
692
694 There are too many inconsistent error values.
695 The ioctls to configure IP-specific interface options and ARP tables
697 are not described.
698 Some versions of glibc forget to declare in_pktinfo. Workaround cur‐
700 rently is to copy it into your program from this man page.
701 Receiving the original destination address with MSG_ERRQUEUE in
703 msg_name by recvmsg(2) does not work in some 2.2 kernels.
704
706 recvmsg(2), sendmsg(2), byteorder(3), ipfw(4), capabilities(7),
707 icmp(7), ipv6(7), netlink(7), raw(7), socket(7), tcp(7), udp(7)
708 RFC 791 for the original IP specification. RFC 1122 for the IPv4 host
710 requirements. RFC 1812 for the IPv4 router requirements.
711
713 This page is part of release 3.53 of the Linux man-pages project. A
714 description of the project, and information about reporting bugs, can
715 be found at http://www.kernel.org/doc/man-pages/.
716Linux 2013-04-16 IP(7)