1IP(7) Linux Programmer's Manual IP(7)
2
6 ip - Linux IPv4 protocol implementation
7
9 #include <sys/socket.h>
10 #include <netinet/in.h>
11 #include <netinet/ip.h> /* superset of previous */
12 tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
14 udp_socket = socket(AF_INET, SOCK_DGRAM, 0);
15 raw_socket = socket(AF_INET, SOCK_RAW, protocol);
16
18 Linux implements the Internet Protocol, version 4, described in RFC 791
19 and RFC 1122. ip contains a level 2 multicasting implementation con‐
20 forming to RFC 1112. It also contains an IP router including a packet
21 filter.
22 The programming interface is BSD-sockets compatible. For more informa‐
24 tion on sockets, see socket(7).
25 An IP socket is created by calling the socket(2) function as
27 socket(AF_INET, socket_type, protocol). Valid socket types are
28 SOCK_STREAM to open a tcp(7) socket, SOCK_DGRAM to open a udp(7)
29 socket, or SOCK_RAW to open a raw(7) socket to access the IP protocol
30 directly. protocol is the IP protocol in the IP header to be received
31 or sent. The only valid values for protocol are 0 and IPPROTO_TCP for
32 TCP sockets, and 0 and IPPROTO_UDP for UDP sockets. For SOCK_RAW you
33 may specify a valid IANA IP protocol defined in RFC 1700 assigned num‐
34 bers.
35 When a process wants to receive new incoming packets or connections, it
37 should bind a socket to a local interface address using bind(2). In
38 this case, only one IP socket may be bound to any given local (address,
39 port) pair. When INADDR_ANY is specified in the bind call, the socket
40 will be bound to all local interfaces. When listen(2) is called on an
41 unbound socket, the socket is automatically bound to a random free port
42 with the local address set to INADDR_ANY. When connect(2) is called on
43 an unbound socket, the socket is automatically bound to a random free
44 port or an usable shared port with the local address set to INADDR_ANY.
45 A TCP local socket address that has been bound is unavailable for some
47 time after closing, unless the SO_REUSEADDR flag has been set. Care
48 should be taken when using this flag as it makes TCP less reliable.
49 Address Format
51 An IP socket address is defined as a combination of an IP interface
52 address and a 16-bit port number. The basic IP protocol does not sup‐
53 ply port numbers, they are implemented by higher level protocols like
54 udp(7) and tcp(7). On raw sockets sin_port is set to the IP protocol.
55 struct sockaddr_in {
57 sa_family_t sin_family; /* address family: AF_INET */
58 in_port_t sin_port; /* port in network byte order */
59 struct in_addr sin_addr; /* internet address */
60 };
61 /* Internet address. */
63 struct in_addr {
64 uint32_t s_addr; /* address in network byte order */
65 };
66 sin_family is always set to AF_INET. This is required; in Linux 2.2
68 most networking functions return EINVAL when this setting is missing.
69 sin_port contains the port in network byte order. The port numbers
70 below 1024 are called privileged ports (or sometimes: reserved ports).
71 Only privileged processes (i.e., those having the CAP_NET_BIND_SERVICE
72 capability) may bind(2) to these sockets. Note that the raw IPv4 pro‐
73 tocol as such has no concept of a port, they are only implemented by
74 higher protocols like tcp(7) and udp(7).
75 sin_addr is the IP host address. The s_addr member of struct in_addr
77 contains the host interface address in network byte order. in_addr
78 should be assigned one of the INADDR_* values (e.g., INADDR_ANY) or set
79 using the inet_aton(3), inet_addr(3), inet_makeaddr(3) library func‐
80 tions or directly with the name resolver (see gethostbyname(3)).
81 IPv4 addresses are divided into unicast, broadcast and multicast
83 addresses. Unicast addresses specify a single interface of a host,
84 broadcast addresses specify all hosts on a network and multicast
85 addresses address all hosts in a multicast group. Datagrams to broad‐
86 cast addresses can be only sent or received when the SO_BROADCAST
87 socket flag is set. In the current implementation, connection-oriented
88 sockets are only allowed to use unicast addresses.
89 Note that the address and the port are always stored in network byte
91 order. In particular, this means that you need to call htons(3) on the
92 number that is assigned to a port. All address/port manipulation func‐
93 tions in the standard library work in network byte order.
94 There are several special addresses: INADDR_LOOPBACK (127.0.0.1) always
96 refers to the local host via the loopback device; INADDR_ANY (0.0.0.0)
97 means any address for binding; INADDR_BROADCAST (255.255.255.255) means
98 any host and has the same effect on bind as INADDR_ANY for historical
99 reasons.
100 Socket Options
102 IP supports some protocol-specific socket options that can be set with
103 setsockopt(2) and read with getsockopt(2). The socket option level for
104 IP is IPPROTO_IP. A boolean integer flag is zero when it is false,
105 otherwise true.
106 IP_ADD_MEMBERSHIP (since Linux 1.2)
108 Join a multicast group. Argument is an ip_mreqn structure.
109 struct ip_mreqn {
111 struct in_addr imr_multiaddr; /* IP multicast group
112 address */
113 struct in_addr imr_address; /* IP address of local
114 interface */
115 int imr_ifindex; /* interface index */
116 };
117 imr_multiaddr contains the address of the multicast group the
119 application wants to join or leave. It must be a valid multi‐
120 cast address (or setsockopt(2) fails with the error EINVAL).
121 imr_address is the address of the local interface with which the
122 system should join the multicast group; if it is equal to
123 INADDR_ANY an appropriate interface is chosen by the system.
124 imr_ifindex is the interface index of the interface that should
125 join/leave the imr_multiaddr group, or 0 to indicate any inter‐
126 face.
127 The ip_mreqn is available only since Linux 2.2. For compatibil‐
129 ity, the old ip_mreq structure (present since Linux 1.2) is
130 still supported. It differs from ip_mreqn only by not including
131 the imr_ifindex field. Only valid as a setsockopt(2).
132 IP_ADD_SOURCE_MEMBERSHIP (since Linux 2.5.68)
134 Join a multicast group and allow receiving data only from a
135 specified source. Argument is an ip_mreq_source structure.
136 struct ip_mreq_source {
138 struct in_addr imr_multiaddr; /* IP multicast group
139 address */
140 struct in_addr imr_interface; /* IP address of local
141 interface */
142 struct in_addr imr_sourceaddr; /* IP address of
143 multicast source */
144 };
145 ip_mreq_source structure is similar to ip_mreqn described at
147 IP_ADD_MEMBERSIP. imr_multiaddr contains the address of the
148 multicast group the application wants to join or leave.
149 imr_interface is the address of the local interface with which
150 the system should join the multicast group. Finally
151 imr_sourceaddr field contains address of the source the applica‐
152 tion wants to receive data from.
153 This option can be used multiple times to allow receiving data
155 from more than one source.
156 IP_BLOCK_SOURCE (since Linux 2.5.68)
158 Stop receiving multicast data from a specific source in a given
159 group. This is valid only after the application has subscribed
160 to the multicast group using either IP_ADD_MEMBERSHIP or
161 IP_ADD_SOURCE_MEMBERSHIP.
162 Argument is an ip_mreq_source structure as described at
164 IP_ADD_SOURCE_MEMBERSHIP.
165 IP_DROP_MEMBERSHIP (since Linux 1.2)
167 Leave a multicast group. Argument is an ip_mreqn or ip_mreq
168 structure similar to IP_ADD_MEMBERSHIP.
169 IP_DROP_SOURCE_MEMBERSHIP (since Linux 2.5.68)
171 Leave a source-specific group, i.e., stop receiving data from a
172 given multicast group that come from a given source). If the
173 application has subscribed to multiple sources within the same
174 group, data from the remaining sources will still be delivered.
175 To stop receiving data from all sources at once use
176 IP_LEAVE_GROUP.
177 Argument is an ip_mreq_source structure as described at
179 IP_ADD_SOURCE_MEMBERSHIP.
180 IP_FREEBIND (since Linux 2.4)
182 If enabled, this boolean option allows binding to an IP address
183 that is nonlocal or does not (yet) exist. This permits listen‐
184 ing on a socket, without requiring the underlying network inter‐
185 face or the specified dynamic IP address to be up at the time
186 that the application is trying to bind to it. This option is
187 the per-socket equivalent of the ip_nonlocal_bind /proc inter‐
188 face described below.
189 IP_HDRINCL (since Linux 2.0)
191 If enabled, the user supplies an IP header in front of the user
192 data. Only valid for SOCK_RAW sockets. See raw(7) for more
193 information. When this flag is enabled the values set by
194 IP_OPTIONS, IP_TTL and IP_TOS are ignored.
195 IP_MSFILTER (since Linux 2.5.68)
197 This option provides access to the advanced full-state filtering
198 API. Argument is an ip_msfilter structure.
199 struct ip_msfilter {
201 struct in_addr imsf_multiaddr; /* IP multicast group
202 address */
203 struct in_addr imsf_interface; /* IP address of local
204 interface */
205 uint32_t imsf_fmode; /* Filter-mode */
206 uint32_t imsf_numsrc; /* Number of sources in
208 the following array */
209 struct in_addr imsf_slist[1]; /* Array of source
210 addresses */
211 };
212 There are two macros, MCAST_INCLUDE and MCAST_EXCLUDE, which can
214 be used to specify the filtering mode. Additionaly, IP_MSFIL‐
215 TER_SIZE(n) macro exists to determine how much memory is needed
216 to store ip_msfilter structure with n sources in the source
217 list.
218 For the full description of multicast source filtering refer to
220 RFC 3376.
221 IP_MTU (since Linux 2.2)
223 Retrieve the current known path MTU of the current socket. Only
224 valid when the socket has been connected. Returns an integer.
225 Only valid as a getsockopt(2).
226 IP_MTU_DISCOVER (since Linux 2.2)
228 Sets or receives the Path MTU Discovery setting for a socket.
229 When enabled, Linux will perform Path MTU Discovery as defined
230 in RFC 1191 on this socket. The don't-fragment flag is set on
231 all outgoing datagrams. The system-wide default is controlled
232 by the /proc/sys/net/ipv4/ip_no_pmtu_disc file for SOCK_STREAM
233 sockets, and disabled on all others. For non-SOCK_STREAM sock‐
234 ets, it is the user's responsibility to packetize the data in
235 MTU sized chunks and to do the retransmits if necessary. The
236 kernel will reject packets that are bigger than the known path
237 MTU if this flag is set (with EMSGSIZE).
238 Path MTU discovery flags Meaning
240 IP_PMTUDISC_WANT Use per-route settings.
241 IP_PMTUDISC_DONT Never do Path MTU Discovery.
242 IP_PMTUDISC_DO Always do Path MTU Discovery.
243 IP_PMTUDISC_PROBE Set DF but ignore Path MTU.
244 When PMTU discovery is enabled, the kernel automatically keeps
246 track of the path MTU per destination host. When it is con‐
247 nected to a specific peer with connect(2), the currently known
248 path MTU can be retrieved conveniently using the IP_MTU socket
249 option (e.g., after a EMSGSIZE error occurred). It may change
250 over time. For connectionless sockets with many destinations,
251 the new MTU for a given destination can also be accessed using
252 the error queue (see IP_RECVERR). A new error will be queued
253 for every incoming MTU update.
254 While MTU discovery is in progress, initial packets from data‐
256 gram sockets may be dropped. Applications using UDP should be
257 aware of this and not take it into account for their packet
258 retransmit strategy.
259 To bootstrap the path MTU discovery process on unconnected sock‐
261 ets, it is possible to start with a big datagram size (up to
262 64K-headers bytes long) and let it shrink by updates of the path
263 MTU.
264 To get an initial estimate of the path MTU, connect a datagram
266 socket to the destination address using connect(2) and retrieve
267 the MTU by calling getsockopt(2) with the IP_MTU option.
268 It is possible to implement RFC 4821 MTU probing with SOCK_DGRAM
270 or SOCK_RAW sockets by setting a value of IP_PMTUDISC_PROBE
271 (available since Linux 2.6.22). This is also particularly use‐
272 ful for diagnostic tools such as tracepath(8) that wish to
273 deliberately send probe packets larger than the observed Path
274 MTU.
275 IP_MULTICAST_ALL (since Linux 2.6.31)
277 Sets the policy for multicast delivery to the socket. Argument
278 is a boolean integer that enables or disables multicast delivery
279 from all groups. If not set, delivery to the socket is
280 restricted to data from those multicast groups that have been
281 explicitly subscribed to via a multicast join operation for this
282 socket. The default is 1 which means that a socket which is
283 bound to the wildcard address (INADDR_ANY) will receive multi‐
284 cast packets from all groups that have been subscribed to on
285 this system.
286 IP_MULTICAST_IF (since Linux 1.2)
288 Set the local device for a multicast socket. Argument is an
289 ip_mreqn or ip_mreq structure similar to IP_ADD_MEMBERSHIP.
290 When an invalid socket option is passed, ENOPROTOOPT is
292 returned.
293 IP_MULTICAST_LOOP (since Linux 1.2)
295 Sets or reads a boolean integer argument that determines whether
296 sent multicast packets should be looped back to the local sock‐
297 ets.
298 IP_MULTICAST_TTL (since Linux 1.2)
300 Set or read the time-to-live value of outgoing multicast packets
301 for this socket. It is very important for multicast packets to
302 set the smallest TTL possible. The default is 1 which means
303 that multicast packets don't leave the local network unless the
304 user program explicitly requests it. Argument is an integer.
305 IP_OPTIONS (since Linux 2.0)
307 Sets or get the IP options to be sent with every packet from
308 this socket. The arguments are a pointer to a memory buffer
309 containing the options and the option length. The setsockopt(2)
310 call sets the IP options associated with a socket. The maximum
311 option size for IPv4 is 40 bytes. See RFC 791 for the allowed
312 options. When the initial connection request packet for a
313 SOCK_STREAM socket contains IP options, the IP options will be
314 set automatically to the options from the initial packet with
315 routing headers reversed. Incoming packets are not allowed to
316 change options after the connection is established. The pro‐
317 cessing of all incoming source routing options is disabled by
318 default and can be enabled by using the accept_source_route
319 /proc interface. Other options like timestamps are still han‐
320 dled. For datagram sockets, IP options can be only set by the
321 local user. Calling getsockopt(2) with IP_OPTIONS puts the cur‐
322 rent IP options used for sending into the supplied buffer.
323 IP_PKTINFO (since Linux 2.2)
325 Pass an IP_PKTINFO ancillary message that contains a pktinfo
326 structure that supplies some information about the incoming
327 packet. This only works for datagram oriented sockets. The
328 argument is a flag that tells the socket whether the IP_PKTINFO
329 message should be passed or not. The message itself can only be
330 sent/retrieved as control message with a packet using recvmsg(2)
331 or sendmsg(2).
332 struct in_pktinfo {
334 unsigned int ipi_ifindex; /* Interface index */
335 struct in_addr ipi_spec_dst; /* Local address */
336 struct in_addr ipi_addr; /* Header Destination
337 address */
338 };
339 ipi_ifindex is the unique index of the interface the packet was
341 received on. ipi_spec_dst is the local address of the packet
342 and ipi_addr is the destination address in the packet header.
343 If IP_PKTINFO is passed to sendmsg(2) and ipi_spec_dst is not
344 zero, then it is used as the local source address for the rout‐
345 ing table lookup and for setting up IP source route options.
346 When ipi_ifindex is not zero, the primary local address of the
347 interface specified by the index overwrites ipi_spec_dst for the
348 routing table lookup.
349 IP_RECVERR (since Linux 2.2)
351 Enable extended reliable error message passing. When enabled on
352 a datagram socket, all generated errors will be queued in a per-
353 socket error queue. When the user receives an error from a
354 socket operation, the errors can be received by calling
355 recvmsg(2) with the MSG_ERRQUEUE flag set. The
356 sock_extended_err structure describing the error will be passed
357 in an ancillary message with the type IP_RECVERR and the level
358 IPPROTO_IP. This is useful for reliable error handling on
359 unconnected sockets. The received data portion of the error
360 queue contains the error packet.
361 The IP_RECVERR control message contains a sock_extended_err
363 structure:
364 #define SO_EE_ORIGIN_NONE 0
366 #define SO_EE_ORIGIN_LOCAL 1
367 #define SO_EE_ORIGIN_ICMP 2
368 #define SO_EE_ORIGIN_ICMP6 3
369 struct sock_extended_err {
371 uint32_t ee_errno; /* error number */
372 uint8_t ee_origin; /* where the error originated */
373 uint8_t ee_type; /* type */
374 uint8_t ee_code; /* code */
375 uint8_t ee_pad;
376 uint32_t ee_info; /* additional information */
377 uint32_t ee_data; /* other data */
378 /* More data may follow */
379 };
380 struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);
382 ee_errno contains the errno number of the queued error. ee_ori‐
384 gin is the origin code of where the error originated. The other
385 fields are protocol-specific. The macro SO_EE_OFFENDER returns
386 a pointer to the address of the network object where the error
387 originated from given a pointer to the ancillary message. If
388 this address is not known, the sa_family member of the sockaddr
389 contains AF_UNSPEC and the other fields of the sockaddr are
390 undefined.
391 IP uses the sock_extended_err structure as follows: ee_origin is
393 set to SO_EE_ORIGIN_ICMP for errors received as an ICMP packet,
394 or SO_EE_ORIGIN_LOCAL for locally generated errors. Unknown
395 values should be ignored. ee_type and ee_code are set from the
396 type and code fields of the ICMP header. ee_info contains the
397 discovered MTU for EMSGSIZE errors. The message also contains
398 the sockaddr_in of the node caused the error, which can be
399 accessed with the SO_EE_OFFENDER macro. The sin_family field of
400 the SO_EE_OFFENDER address is AF_UNSPEC when the source was
401 unknown. When the error originated from the network, all IP
402 options (IP_OPTIONS, IP_TTL, etc.) enabled on the socket and
403 contained in the error packet are passed as control messages.
404 The payload of the packet causing the error is returned as nor‐
405 mal payload. Note that TCP has no error queue; MSG_ERRQUEUE is
406 not permitted on SOCK_STREAM sockets. IP_RECVERR is valid for
407 TCP, but all errors are returned by socket function return or
408 SO_ERROR only.
409 For raw sockets, IP_RECVERR enables passing of all received ICMP
411 errors to the application, otherwise errors are only reported on
412 connected sockets
413 It sets or retrieves an integer boolean flag. IP_RECVERR
415 defaults to off.
416 IP_RECVOPTS (since Linux 2.2)
418 Pass all incoming IP options to the user in a IP_OPTIONS control
419 message. The routing header and other options are already
420 filled in for the local host. Not supported for SOCK_STREAM
421 sockets.
422 IP_RECVORIGDSTADDR (since Linux 2.6.29)
424 This boolean option enables the IP_ORIGDSTADDR ancillary message
425 in recvmsg(2), in which the kernel returns the original destina‐
426 tion address of the datagram being received. The ancillary mes‐
427 sage contains a struct sockaddr_in.
428 IP_RECVTOS (since Linux 2.2)
430 If enabled the IP_TOS ancillary message is passed with incoming
431 packets. It contains a byte which specifies the Type of Ser‐
432 vice/Precedence field of the packet header. Expects a boolean
433 integer flag.
434 IP_RECVTTL (since Linux 2.2)
436 When this flag is set, pass a IP_TTL control message with the
437 time to live field of the received packet as a byte. Not sup‐
438 ported for SOCK_STREAM sockets.
439 IP_RETOPTS (since Linux 2.2)
441 Identical to IP_RECVOPTS, but returns raw unprocessed options
442 with timestamp and route record options not filled in for this
443 hop.
444 IP_ROUTER_ALERT (since Linux 2.2)
446 Pass all to-be forwarded packets with the IP Router Alert option
447 set to this socket. Only valid for raw sockets. This is use‐
448 ful, for instance, for user-space RSVP daemons. The tapped
449 packets are not forwarded by the kernel; it is the user's
450 responsibility to send them out again. Socket binding is
451 ignored, such packets are only filtered by protocol. Expects an
452 integer flag.
453 IP_TOS (since Linux 1.0)
455 Set or receive the Type-Of-Service (TOS) field that is sent with
456 every IP packet originating from this socket. It is used to
457 prioritize packets on the network. TOS is a byte. There are
458 some standard TOS flags defined: IPTOS_LOWDELAY to minimize
459 delays for interactive traffic, IPTOS_THROUGHPUT to optimize
460 throughput, IPTOS_RELIABILITY to optimize for reliability,
461 IPTOS_MINCOST should be used for "filler data" where slow trans‐
462 mission doesn't matter. At most one of these TOS values can be
463 specified. Other bits are invalid and shall be cleared. Linux
464 sends IPTOS_LOWDELAY datagrams first by default, but the exact
465 behavior depends on the configured queueing discipline. Some
466 high priority levels may require superuser privileges (the
467 CAP_NET_ADMIN capability). The priority can also be set in a
468 protocol independent way by the (SOL_SOCKET, SO_PRIORITY) socket
469 option (see socket(7)).
470 IP_TRANSPARENT (since Linux 2.6.24)
472 Setting this boolean option enables transparent proxying on this
473 socket. This socket option allows the calling application to
474 bind to a nonlocal IP address and operate both as a client and a
475 server with the foreign address as the local endpoint. NOTE:
476 this requires that routing be set up in a way that packets going
477 to the foreign address are routed through the TProxy box.
478 Enabling this socket option requires superuser privileges (the
479 CAP_NET_ADMIN capability).
480 TProxy redirection with the iptables TPROXY target also requires
482 that this option be set on the redirected socket.
483 IP_TTL (since Linux 1.0)
485 Set or retrieve the current time-to-live field that is used in
486 every packet sent from this socket.
487 IP_UNBLOCK_SOURCE (since Linux 2.5.68)
489 Unblock previously blocked multicast source. Returns EADDRNO‐
490 TAVAIL when given source is not being blocked.
491 Argument is an ip_mreq_source structure as described at
493 IP_ADD_SOURCE_MEMBERSHIP.
494 /proc interfaces
496 The IP protocol supports a set of /proc interfaces to configure some
497 global parameters. The parameters can be accessed by reading or writ‐
498 ing files in the directory /proc/sys/net/ipv4/. Interfaces described
499 as Boolean take an integer value, with a non-zero value ("true") mean‐
500 ing that the corresponding option is enabled, and a zero value
501 ("false") meaning that the option is disabled.
502 ip_always_defrag (Boolean; since Linux 2.2.13)
504 [New with kernel 2.2.13; in earlier kernel versions this feature
505 was controlled at compile time by the CONFIG_IP_ALWAYS_DEFRAG
506 option; this option is not present in 2.4.x and later]
507 When this boolean frag is enabled (not equal 0), incoming frag‐
509 ments (parts of IP packets that arose when some host between
510 origin and destination decided that the packets were too large
511 and cut them into pieces) will be reassembled (defragmented)
512 before being processed, even if they are about to be forwarded.
513 Only enable if running either a firewall that is the sole link
515 to your network or a transparent proxy; never ever use it for a
516 normal router or host. Otherwise fragmented communication can
517 be disturbed if the fragments travel over different links.
518 Defragmentation also has a large memory and CPU time cost.
519 This is automagically turned on when masquerading or transparent
521 proxying are configured.
522 ip_autoconfig (since Linux 2.2 to 2.6.17)
524 Not documented.
525 ip_default_ttl (integer; default: 64; since Linux 2.2)
527 Set the default time-to-live value of outgoing packets. This
528 can be changed per socket with the IP_TTL option.
529 ip_dynaddr (Boolean; default: disabled; since Linux 2.0.31)
531 Enable dynamic socket address and masquerading entry rewriting
532 on interface address change. This is useful for dialup inter‐
533 face with changing IP addresses. 0 means no rewriting, 1 turns
534 it on and 2 enables verbose mode.
535 ip_forward (Boolean; default: disabled; since Linux 1.2)
537 Enable IP forwarding with a boolean flag. IP forwarding can be
538 also set on a per-interface basis.
539 ip_local_port_range (since Linux 2.2)
541 Contains two integers that define the default local port range
542 allocated to sockets. Allocation starts with the first number
543 and ends with the second number. Note that these should not
544 conflict with the ports used by masquerading (although the case
545 is handled). Also arbitrary choices may cause problems with
546 some firewall packet filters that make assumptions about the
547 local ports in use. First number should be at least greater
548 than 1024, or better, greater than 4096, to avoid clashes with
549 well known ports and to minimize firewall problems.
550 ip_no_pmtu_disc (Boolean; default: disabled; since Linux 2.2)
552 If enabled, don't do Path MTU Discovery for TCP sockets by
553 default. Path MTU discovery may fail if misconfigured firewalls
554 (that drop all ICMP packets) or misconfigured interfaces (e.g.,
555 a point-to-point link where the both ends don't agree on the
556 MTU) are on the path. It is better to fix the broken routers on
557 the path than to turn off Path MTU Discovery globally, because
558 not doing it incurs a high cost to the network.
559 ip_nonlocal_bind (Boolean; default: disabled; since Linux 2.4)
561 If set, allows processes to bind(2) to non-local IP addresses,
562 which can be quite useful, but may break some applications.
563 ip6frag_time (integer; default 30)
565 Time in seconds to keep an IPv6 fragment in memory.
566 ip6frag_secret_interval (integer; default 600)
568 Regeneration interval (in seconds) of the hash secret (or life‐
569 time for the hash secret) for IPv6 fragments.
570 ipfrag_high_thresh (integer), ipfrag_low_thresh (integer)
572 If the amount of queued IP fragments reaches ipfrag_high_thresh,
573 the queue is pruned down to ipfrag_low_thresh. Contains an
574 integer with the number of bytes.
575 neigh/*
577 See arp(7).
578 Ioctls
580 All ioctls described in socket(7) apply to ip.
581 Ioctls to configure generic device parameters are described in netde‐
583 vice(7).
584
586 EACCES The user tried to execute an operation without the necessary
587 permissions. These include: sending a packet to a broadcast
588 address without having the SO_BROADCAST flag set; sending a
589 packet via a prohibit route; modifying firewall settings without
590 superuser privileges (the CAP_NET_ADMIN capability); binding to
591 a privileged port without superuser privileges (the
592 CAP_NET_BIND_SERVICE capability).
593 EADDRINUSE
595 Tried to bind to an address already in use.
596 EADDRNOTAVAIL
598 A nonexistent interface was requested or the requested source
599 address was not local.
600 EAGAIN Operation on a non-blocking socket would block.
602 EALREADY
604 An connection operation on a non-blocking socket is already in
605 progress.
606 ECONNABORTED
608 A connection was closed during an accept(2).
609 EHOSTUNREACH
611 No valid routing table entry matches the destination address.
612 This error can be caused by a ICMP message from a remote router
613 or for the local routing table.
614 EINVAL Invalid argument passed. For send operations this can be caused
616 by sending to a blackhole route.
617 EISCONN
619 connect(2) was called on an already connected socket.
620 EMSGSIZE
622 Datagram is bigger than an MTU on the path and it cannot be
623 fragmented.
624 ENOBUFS, ENOMEM
626 Not enough free memory. This often means that the memory allo‐
627 cation is limited by the socket buffer limits, not by the system
628 memory, but this is not 100% consistent.
629 ENOENT SIOCGSTAMP was called on a socket where no packet arrived.
631 ENOPKG A kernel subsystem was not configured.
633 ENOPROTOOPT and EOPNOTSUPP
635 Invalid socket option passed.
636 ENOTCONN
638 The operation is only defined on a connected socket, but the
639 socket wasn't connected.
640 EPERM User doesn't have permission to set high priority, change con‐
642 figuration, or send signals to the requested process or group.
643 EPIPE The connection was unexpectedly closed or shut down by the other
645 end.
646 ESOCKTNOSUPPORT
648 The socket is not configured or an unknown socket type was
649 requested.
650 Other errors may be generated by the overlaying protocols; see tcp(7),
652 raw(7), udp(7) and socket(7).
653
655 IP_FREEBIND, IP_MSFILTER, IP_MTU, IP_MTU_DISCOVER, IP_RECVORIGDSTADDR,
656 IP_PKTINFO, IP_RECVERR, IP_ROUTER_ALERT, and IP_TRANSPARENT are Linux-
657 specific and should not be used in programs intended to be portable.
658 Be very careful with the SO_BROADCAST option - it is not privileged in
659 Linux. It is easy to overload the network with careless broadcasts.
660 For new application protocols it is better to use a multicast group
661 instead of broadcasting. Broadcasting is discouraged.
662 Some other BSD sockets implementations provide IP_RCVDSTADDR and
664 IP_RECVIF socket options to get the destination address and the inter‐
665 face of received datagrams. Linux has the more general IP_PKTINFO for
666 the same task.
667 Some BSD sockets implementations also provide an IP_RECVTTL option, but
669 an ancillary message with type IP_RECVTTL is passed with the incoming
670 packet. This is different from the IP_TTL option used in Linux.
671 Using SOL_IP socket options level isn't portable, BSD-based stacks use
673 IPPROTO_IP level.
674 Compatibility
676 For compatibility with Linux 2.0, the obsolete socket(AF_INET,
677 SOCK_PACKET, protocol) syntax is still supported to open a packet(7)
678 socket. This is deprecated and should be replaced by socket(AF_PACKET,
679 SOCK_RAW, protocol) instead. The main difference is the new sock‐
680 addr_ll address structure for generic link layer information instead of
681 the old sockaddr_pkt.
682
684 There are too many inconsistent error values.
685 The ioctls to configure IP-specific interface options and ARP tables
687 are not described.
688 Some versions of glibc forget to declare in_pktinfo. Workaround cur‐
690 rently is to copy it into your program from this man page.
691 Receiving the original destination address with MSG_ERRQUEUE in
693 msg_name by recvmsg(2) does not work in some 2.2 kernels.
694
696 recvmsg(2), sendmsg(2), byteorder(3), ipfw(4), capabilities(7),
697 netlink(7), raw(7), socket(7), tcp(7), udp(7)
698 RFC 791 for the original IP specification.
700 RFC 1122 for the IPv4 host requirements.
701 RFC 1812 for the IPv4 router requirements.
702
704 This page is part of release 3.22 of the Linux man-pages project. A
705 description of the project, and information about reporting bugs, can
706 be found at http://www.kernel.org/doc/man-pages/.
707Linux 2009-02-28 IP(7)