1IP(7) Linux Programmer's Manual IP(7)
2
6 ip - Linux IPv4 protocol implementation
7
9 #include <sys/socket.h>
10 #include <netinet/in.h>
11 #include <netinet/ip.h> /* superset of previous */
12 tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
14 udp_socket = socket(AF_INET, SOCK_DGRAM, 0);
15 raw_socket = socket(AF_INET, SOCK_RAW, protocol);
16
18 Linux implements the Internet Protocol, version 4, described in RFC 791
19 and RFC 1122. ip contains a level 2 multicasting implementation con‐
20 forming to RFC 1112. It also contains an IP router including a packet
21 filter.
22 The programming interface is BSD-sockets compatible. For more informa‐
24 tion on sockets, see socket(7).
25 An IP socket is created using socket(2):
27 socket(AF_INET, socket_type, protocol);
29 Valid socket types include SOCK_STREAM to open a stream socket,
31 SOCK_DGRAM to open a datagram socket, and SOCK_RAW to open a raw(7)
32 socket to access the IP protocol directly.
33 protocol is the IP protocol in the IP header to be received or sent.
35 Valid values for protocol include:
36 · 0 and IPPROTO_TCP for tcp(7) stream sockets;
38 · 0 and IPPROTO_UDP for udp(7) datagram sockets;
40 · IPPROTO_SCTP for sctp(7) stream sockets; and
42 · IPPROTO_UDPLITE for udplite(7) datagram sockets.
44 For SOCK_RAW you may specify a valid IANA IP protocol defined in
46 RFC 1700 assigned numbers.
47 When a process wants to receive new incoming packets or connections, it
49 should bind a socket to a local interface address using bind(2). In
50 this case, only one IP socket may be bound to any given local (address,
51 port) pair. When INADDR_ANY is specified in the bind call, the socket
52 will be bound to all local interfaces. When listen(2) is called on an
53 unbound socket, the socket is automatically bound to a random free port
54 with the local address set to INADDR_ANY. When connect(2) is called on
55 an unbound socket, the socket is automatically bound to a random free
56 port or to a usable shared port with the local address set to
57 INADDR_ANY.
58 A TCP local socket address that has been bound is unavailable for some
60 time after closing, unless the SO_REUSEADDR flag has been set. Care
61 should be taken when using this flag as it makes TCP less reliable.
62 Address format
64 An IP socket address is defined as a combination of an IP interface
65 address and a 16-bit port number. The basic IP protocol does not sup‐
66 ply port numbers, they are implemented by higher level protocols like
67 udp(7) and tcp(7). On raw sockets sin_port is set to the IP protocol.
68 struct sockaddr_in {
70 sa_family_t sin_family; /* address family: AF_INET */
71 in_port_t sin_port; /* port in network byte order */
72 struct in_addr sin_addr; /* internet address */
73 };
74 /* Internet address. */
76 struct in_addr {
77 uint32_t s_addr; /* address in network byte order */
78 };
79 sin_family is always set to AF_INET. This is required; in Linux 2.2
81 most networking functions return EINVAL when this setting is missing.
82 sin_port contains the port in network byte order. The port numbers
83 below 1024 are called privileged ports (or sometimes: reserved ports).
84 Only a privileged process (on Linux: a process that has the
85 CAP_NET_BIND_SERVICE capability in the user namespace governing its
86 network namespace) may bind(2) to these sockets. Note that the raw
87 IPv4 protocol as such has no concept of a port, they are implemented
88 only by higher protocols like tcp(7) and udp(7).
89 sin_addr is the IP host address. The s_addr member of struct in_addr
91 contains the host interface address in network byte order. in_addr
92 should be assigned one of the INADDR_* values (e.g., INADDR_LOOPBACK)
93 using htonl(3) or set using the inet_aton(3), inet_addr(3),
94 inet_makeaddr(3) library functions or directly with the name resolver
95 (see gethostbyname(3)).
96 IPv4 addresses are divided into unicast, broadcast, and multicast
98 addresses. Unicast addresses specify a single interface of a host,
99 broadcast addresses specify all hosts on a network, and multicast
100 addresses address all hosts in a multicast group. Datagrams to broad‐
101 cast addresses can be sent or received only when the SO_BROADCAST
102 socket flag is set. In the current implementation, connection-oriented
103 sockets are allowed to use only unicast addresses.
104 Note that the address and the port are always stored in network byte
106 order. In particular, this means that you need to call htons(3) on the
107 number that is assigned to a port. All address/port manipulation func‐
108 tions in the standard library work in network byte order.
109 There are several special addresses: INADDR_LOOPBACK (127.0.0.1) always
111 refers to the local host via the loopback device; INADDR_ANY (0.0.0.0)
112 means any address for binding; INADDR_BROADCAST (255.255.255.255) means
113 any host and has the same effect on bind as INADDR_ANY for historical
114 reasons.
115 Socket options
117 IP supports some protocol-specific socket options that can be set with
118 setsockopt(2) and read with getsockopt(2). The socket option level for
119 IP is IPPROTO_IP. A boolean integer flag is zero when it is false,
120 otherwise true.
121 When an invalid socket option is specified, getsockopt(2) and setsock‐
123 opt(2) fail with the error ENOPROTOOPT.
124 IP_ADD_MEMBERSHIP (since Linux 1.2)
126 Join a multicast group. Argument is an ip_mreqn structure.
127 struct ip_mreqn {
129 struct in_addr imr_multiaddr; /* IP multicast group
130 address */
131 struct in_addr imr_address; /* IP address of local
132 interface */
133 int imr_ifindex; /* interface index */
134 };
135 imr_multiaddr contains the address of the multicast group the applica‐
137 tion wants to join or leave. It must be a valid multicast address (or
138 setsockopt(2) fails with the error EINVAL). imr_address is the address
139 of the local interface with which the system should join the multicast
140 group; if it is equal to INADDR_ANY, an appropriate interface is chosen
141 by the system. imr_ifindex is the interface index of the interface
142 that should join/leave the imr_multiaddr group, or 0 to indicate any
143 interface.
144 The ip_mreqn structure is available only since Linux 2.2. For
146 compatibility, the old ip_mreq structure (present since Linux
147 1.2) is still supported; it differs from ip_mreqn only by not
148 including the imr_ifindex field. (The kernel determines which
149 structure is being passed based on the size passed in optlen.)
150 IP_ADD_MEMBERSHIP is valid only for setsockopt(2).
152 IP_ADD_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
154 Join a multicast group and allow receiving data only from a
155 specified source. Argument is an ip_mreq_source structure.
156 struct ip_mreq_source {
158 struct in_addr imr_multiaddr; /* IP multicast group
159 address */
160 struct in_addr imr_interface; /* IP address of local
161 interface */
162 struct in_addr imr_sourceaddr; /* IP address of
163 multicast source */
164 };
165 The ip_mreq_source structure is similar to ip_mreqn described under
167 IP_ADD_MEMBERSHIP. The imr_multiaddr field contains the address of the
168 multicast group the application wants to join or leave. The imr_inter‐
169 face field is the address of the local interface with which the system
170 should join the multicast group. Finally, the imr_sourceaddr field
171 contains the address of the source the application wants to receive
172 data from.
173 This option can be used multiple times to allow receiving data
175 from more than one source.
176 IP_BIND_ADDRESS_NO_PORT (since Linux 4.2)
178 Inform the kernel to not reserve an ephemeral port when using
179 bind(2) with a port number of 0. The port will later be auto‐
180 matically chosen at connect(2) time, in a way that allows shar‐
181 ing a source port as long as the 4-tuple is unique.
182 IP_BLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
184 Stop receiving multicast data from a specific source in a given
185 group. This is valid only after the application has subscribed
186 to the multicast group using either IP_ADD_MEMBERSHIP or
187 IP_ADD_SOURCE_MEMBERSHIP.
188 Argument is an ip_mreq_source structure as described under
190 IP_ADD_SOURCE_MEMBERSHIP.
191 IP_DROP_MEMBERSHIP (since Linux 1.2)
193 Leave a multicast group. Argument is an ip_mreqn or ip_mreq
194 structure similar to IP_ADD_MEMBERSHIP.
195 IP_DROP_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
197 Leave a source-specific group—that is, stop receiving data from
198 a given multicast group that come from a given source. If the
199 application has subscribed to multiple sources within the same
200 group, data from the remaining sources will still be delivered.
201 To stop receiving data from all sources at once, use
202 IP_DROP_MEMBERSHIP.
203 Argument is an ip_mreq_source structure as described under
205 IP_ADD_SOURCE_MEMBERSHIP.
206 IP_FREEBIND (since Linux 2.4)
208 If enabled, this boolean option allows binding to an IP address
209 that is nonlocal or does not (yet) exist. This permits listen‐
210 ing on a socket, without requiring the underlying network inter‐
211 face or the specified dynamic IP address to be up at the time
212 that the application is trying to bind to it. This option is
213 the per-socket equivalent of the ip_nonlocal_bind /proc inter‐
214 face described below.
215 IP_HDRINCL (since Linux 2.0)
217 If enabled, the user supplies an IP header in front of the user
218 data. Valid only for SOCK_RAW sockets; see raw(7) for more
219 information. When this flag is enabled, the values set by
220 IP_OPTIONS, IP_TTL, and IP_TOS are ignored.
221 IP_MSFILTER (since Linux 2.4.22 / 2.5.68)
223 This option provides access to the advanced full-state filtering
224 API. Argument is an ip_msfilter structure.
225 struct ip_msfilter {
227 struct in_addr imsf_multiaddr; /* IP multicast group
228 address */
229 struct in_addr imsf_interface; /* IP address of local
230 interface */
231 uint32_t imsf_fmode; /* Filter-mode */
232 uint32_t imsf_numsrc; /* Number of sources in
234 the following array */
235 struct in_addr imsf_slist[1]; /* Array of source
236 addresses */
237 };
238 There are two macros, MCAST_INCLUDE and MCAST_EXCLUDE, which can be
240 used to specify the filtering mode. Additionally, the IP_MSFIL‐
241 TER_SIZE(n) macro exists to determine how much memory is needed to
242 store ip_msfilter structure with n sources in the source list.
243 For the full description of multicast source filtering refer to
245 RFC 3376.
246 IP_MTU (since Linux 2.2)
248 Retrieve the current known path MTU of the current socket.
249 Returns an integer.
250 IP_MTU is valid only for getsockopt(2) and can be employed only
252 when the socket has been connected.
253 IP_MTU_DISCOVER (since Linux 2.2)
255 Set or receive the Path MTU Discovery setting for a socket.
256 When enabled, Linux will perform Path MTU Discovery as defined
257 in RFC 1191 on SOCK_STREAM sockets. For non-SOCK_STREAM sock‐
258 ets, IP_PMTUDISC_DO forces the don't-fragment flag to be set on
259 all outgoing packets. It is the user's responsibility to packe‐
260 tize the data in MTU-sized chunks and to do the retransmits if
261 necessary. The kernel will reject (with EMSGSIZE) datagrams
262 that are bigger than the known path MTU. IP_PMTUDISC_WANT will
263 fragment a datagram if needed according to the path MTU, or will
264 set the don't-fragment flag otherwise.
265 The system-wide default can be toggled between IP_PMTUDISC_WANT
267 and IP_PMTUDISC_DONT by writing (respectively, zero and nonzero
268 values) to the /proc/sys/net/ipv4/ip_no_pmtu_disc file.
269 Path MTU discovery value Meaning
271 IP_PMTUDISC_WANT Use per-route settings.
272 IP_PMTUDISC_DONT Never do Path MTU Discovery.
273 IP_PMTUDISC_DO Always do Path MTU Discovery.
274 IP_PMTUDISC_PROBE Set DF but ignore Path MTU.
275 When PMTU discovery is enabled, the kernel automatically keeps
277 track of the path MTU per destination host. When it is con‐
278 nected to a specific peer with connect(2), the currently known
279 path MTU can be retrieved conveniently using the IP_MTU socket
280 option (e.g., after an EMSGSIZE error occurred). The path MTU
281 may change over time. For connectionless sockets with many des‐
282 tinations, the new MTU for a given destination can also be
283 accessed using the error queue (see IP_RECVERR). A new error
284 will be queued for every incoming MTU update.
285 While MTU discovery is in progress, initial packets from data‐
287 gram sockets may be dropped. Applications using UDP should be
288 aware of this and not take it into account for their packet
289 retransmit strategy.
290 To bootstrap the path MTU discovery process on unconnected sock‐
292 ets, it is possible to start with a big datagram size (headers
293 up to 64 kilobytes long) and let it shrink by updates of the
294 path MTU.
295 To get an initial estimate of the path MTU, connect a datagram
297 socket to the destination address using connect(2) and retrieve
298 the MTU by calling getsockopt(2) with the IP_MTU option.
299 It is possible to implement RFC 4821 MTU probing with SOCK_DGRAM
301 or SOCK_RAW sockets by setting a value of IP_PMTUDISC_PROBE
302 (available since Linux 2.6.22). This is also particularly use‐
303 ful for diagnostic tools such as tracepath(8) that wish to
304 deliberately send probe packets larger than the observed Path
305 MTU.
306 IP_MULTICAST_ALL (since Linux 2.6.31)
308 This option can be used to modify the delivery policy of multi‐
309 cast messages to sockets bound to the wildcard INADDR_ANY
310 address. The argument is a boolean integer (defaults to 1). If
311 set to 1, the socket will receive messages from all the groups
312 that have been joined globally on the whole system. Otherwise,
313 it will deliver messages only from the groups that have been
314 explicitly joined (for example via the IP_ADD_MEMBERSHIP option)
315 on this particular socket.
316 IP_MULTICAST_IF (since Linux 1.2)
318 Set the local device for a multicast socket. The argument for
319 setsockopt(2) is an ip_mreqn or (since Linux 3.5) ip_mreq struc‐
320 ture similar to IP_ADD_MEMBERSHIP, or an in_addr structure.
321 (The kernel determines which structure is being passed based on
322 the size passed in optlen.) For getsockopt(2), the argument is
323 an in_addr structure.
324 IP_MULTICAST_LOOP (since Linux 1.2)
326 Set or read a boolean integer argument that determines whether
327 sent multicast packets should be looped back to the local sock‐
328 ets.
329 IP_MULTICAST_TTL (since Linux 1.2)
331 Set or read the time-to-live value of outgoing multicast packets
332 for this socket. It is very important for multicast packets to
333 set the smallest TTL possible. The default is 1 which means
334 that multicast packets don't leave the local network unless the
335 user program explicitly requests it. Argument is an integer.
336 IP_NODEFRAG (since Linux 2.6.36)
338 If enabled (argument is nonzero), the reassembly of outgoing
339 packets is disabled in the netfilter layer. The argument is an
340 integer.
341 This option is valid only for SOCK_RAW sockets.
343 IP_OPTIONS (since Linux 2.0)
345 Set or get the IP options to be sent with every packet from this
346 socket. The arguments are a pointer to a memory buffer contain‐
347 ing the options and the option length. The setsockopt(2) call
348 sets the IP options associated with a socket. The maximum
349 option size for IPv4 is 40 bytes. See RFC 791 for the allowed
350 options. When the initial connection request packet for a
351 SOCK_STREAM socket contains IP options, the IP options will be
352 set automatically to the options from the initial packet with
353 routing headers reversed. Incoming packets are not allowed to
354 change options after the connection is established. The pro‐
355 cessing of all incoming source routing options is disabled by
356 default and can be enabled by using the accept_source_route
357 /proc interface. Other options like timestamps are still han‐
358 dled. For datagram sockets, IP options can be only set by the
359 local user. Calling getsockopt(2) with IP_OPTIONS puts the cur‐
360 rent IP options used for sending into the supplied buffer.
361 IP_PKTINFO (since Linux 2.2)
363 Pass an IP_PKTINFO ancillary message that contains a pktinfo
364 structure that supplies some information about the incoming
365 packet. This only works for datagram oriented sockets. The
366 argument is a flag that tells the socket whether the IP_PKTINFO
367 message should be passed or not. The message itself can only be
368 sent/retrieved as control message with a packet using recvmsg(2)
369 or sendmsg(2).
370 struct in_pktinfo {
372 unsigned int ipi_ifindex; /* Interface index */
373 struct in_addr ipi_spec_dst; /* Local address */
374 struct in_addr ipi_addr; /* Header Destination
375 address */
376 };
377 ipi_ifindex is the unique index of the interface the packet was
379 received on. ipi_spec_dst is the local address of the packet
380 and ipi_addr is the destination address in the packet header.
381 If IP_PKTINFO is passed to sendmsg(2) and ipi_spec_dst is not
382 zero, then it is used as the local source address for the rout‐
383 ing table lookup and for setting up IP source route options.
384 When ipi_ifindex is not zero, the primary local address of the
385 interface specified by the index overwrites ipi_spec_dst for the
386 routing table lookup.
387 IP_RECVERR (since Linux 2.2)
389 Enable extended reliable error message passing. When enabled on
390 a datagram socket, all generated errors will be queued in a per-
391 socket error queue. When the user receives an error from a
392 socket operation, the errors can be received by calling
393 recvmsg(2) with the MSG_ERRQUEUE flag set. The
394 sock_extended_err structure describing the error will be passed
395 in an ancillary message with the type IP_RECVERR and the level
396 IPPROTO_IP. This is useful for reliable error handling on
397 unconnected sockets. The received data portion of the error
398 queue contains the error packet.
399 The IP_RECVERR control message contains a sock_extended_err
401 structure:
402 #define SO_EE_ORIGIN_NONE 0
404 #define SO_EE_ORIGIN_LOCAL 1
405 #define SO_EE_ORIGIN_ICMP 2
406 #define SO_EE_ORIGIN_ICMP6 3
407 struct sock_extended_err {
409 uint32_t ee_errno; /* error number */
410 uint8_t ee_origin; /* where the error originated */
411 uint8_t ee_type; /* type */
412 uint8_t ee_code; /* code */
413 uint8_t ee_pad;
414 uint32_t ee_info; /* additional information */
415 uint32_t ee_data; /* other data */
416 /* More data may follow */
417 };
418 struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);
420 ee_errno contains the errno number of the queued error. ee_ori‐
422 gin is the origin code of where the error originated. The other
423 fields are protocol-specific. The macro SO_EE_OFFENDER returns
424 a pointer to the address of the network object where the error
425 originated from given a pointer to the ancillary message. If
426 this address is not known, the sa_family member of the sockaddr
427 contains AF_UNSPEC and the other fields of the sockaddr are
428 undefined.
429 IP uses the sock_extended_err structure as follows: ee_origin is
431 set to SO_EE_ORIGIN_ICMP for errors received as an ICMP packet,
432 or SO_EE_ORIGIN_LOCAL for locally generated errors. Unknown
433 values should be ignored. ee_type and ee_code are set from the
434 type and code fields of the ICMP header. ee_info contains the
435 discovered MTU for EMSGSIZE errors. The message also contains
436 the sockaddr_in of the node caused the error, which can be
437 accessed with the SO_EE_OFFENDER macro. The sin_family field of
438 the SO_EE_OFFENDER address is AF_UNSPEC when the source was
439 unknown. When the error originated from the network, all IP
440 options (IP_OPTIONS, IP_TTL, etc.) enabled on the socket and
441 contained in the error packet are passed as control messages.
442 The payload of the packet causing the error is returned as nor‐
443 mal payload. Note that TCP has no error queue; MSG_ERRQUEUE is
444 not permitted on SOCK_STREAM sockets. IP_RECVERR is valid for
445 TCP, but all errors are returned by socket function return or
446 SO_ERROR only.
447 For raw sockets, IP_RECVERR enables passing of all received ICMP
449 errors to the application, otherwise errors are only reported on
450 connected sockets
451 It sets or retrieves an integer boolean flag. IP_RECVERR
453 defaults to off.
454 IP_RECVOPTS (since Linux 2.2)
456 Pass all incoming IP options to the user in a IP_OPTIONS control
457 message. The routing header and other options are already
458 filled in for the local host. Not supported for SOCK_STREAM
459 sockets.
460 IP_RECVORIGDSTADDR (since Linux 2.6.29)
462 This boolean option enables the IP_ORIGDSTADDR ancillary message
463 in recvmsg(2), in which the kernel returns the original destina‐
464 tion address of the datagram being received. The ancillary mes‐
465 sage contains a struct sockaddr_in.
466 IP_RECVTOS (since Linux 2.2)
468 If enabled, the IP_TOS ancillary message is passed with incoming
469 packets. It contains a byte which specifies the Type of Ser‐
470 vice/Precedence field of the packet header. Expects a boolean
471 integer flag.
472 IP_RECVTTL (since Linux 2.2)
474 When this flag is set, pass a IP_TTL control message with the
475 time-to-live field of the received packet as a 32 bit integer.
476 Not supported for SOCK_STREAM sockets.
477 IP_RETOPTS (since Linux 2.2)
479 Identical to IP_RECVOPTS, but returns raw unprocessed options
480 with timestamp and route record options not filled in for this
481 hop.
482 IP_ROUTER_ALERT (since Linux 2.2)
484 Pass all to-be forwarded packets with the IP Router Alert option
485 set to this socket. Valid only for raw sockets. This is use‐
486 ful, for instance, for user-space RSVP daemons. The tapped
487 packets are not forwarded by the kernel; it is the user's
488 responsibility to send them out again. Socket binding is
489 ignored, such packets are only filtered by protocol. Expects an
490 integer flag.
491 IP_TOS (since Linux 1.0)
493 Set or receive the Type-Of-Service (TOS) field that is sent with
494 every IP packet originating from this socket. It is used to
495 prioritize packets on the network. TOS is a byte. There are
496 some standard TOS flags defined: IPTOS_LOWDELAY to minimize
497 delays for interactive traffic, IPTOS_THROUGHPUT to optimize
498 throughput, IPTOS_RELIABILITY to optimize for reliability,
499 IPTOS_MINCOST should be used for "filler data" where slow trans‐
500 mission doesn't matter. At most one of these TOS values can be
501 specified. Other bits are invalid and shall be cleared. Linux
502 sends IPTOS_LOWDELAY datagrams first by default, but the exact
503 behavior depends on the configured queueing discipline. Some
504 high-priority levels may require superuser privileges (the
505 CAP_NET_ADMIN capability).
506 IP_TRANSPARENT (since Linux 2.6.24)
508 Setting this boolean option enables transparent proxying on this
509 socket. This socket option allows the calling application to
510 bind to a nonlocal IP address and operate both as a client and a
511 server with the foreign address as the local endpoint. NOTE:
512 this requires that routing be set up in a way that packets going
513 to the foreign address are routed through the TProxy box (i.e.,
514 the system hosting the application that employs the IP_TRANSPAR‐
515 ENT socket option). Enabling this socket option requires supe‐
516 ruser privileges (the CAP_NET_ADMIN capability).
517 TProxy redirection with the iptables TPROXY target also requires
519 that this option be set on the redirected socket.
520 IP_TTL (since Linux 1.0)
522 Set or retrieve the current time-to-live field that is used in
523 every packet sent from this socket.
524 IP_UNBLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
526 Unblock previously blocked multicast source. Returns EADDRNO‐
527 TAVAIL when given source is not being blocked.
528 Argument is an ip_mreq_source structure as described under
530 IP_ADD_SOURCE_MEMBERSHIP.
531 /proc interfaces
533 The IP protocol supports a set of /proc interfaces to configure some
534 global parameters. The parameters can be accessed by reading or writ‐
535 ing files in the directory /proc/sys/net/ipv4/. Interfaces described
536 as Boolean take an integer value, with a nonzero value ("true") meaning
537 that the corresponding option is enabled, and a zero value ("false")
538 meaning that the option is disabled.
539 ip_always_defrag (Boolean; since Linux 2.2.13)
541 [New with kernel 2.2.13; in earlier kernel versions this feature
542 was controlled at compile time by the CONFIG_IP_ALWAYS_DEFRAG
543 option; this option is not present in 2.4.x and later]
544 When this boolean flag is enabled (not equal 0), incoming frag‐
546 ments (parts of IP packets that arose when some host between
547 origin and destination decided that the packets were too large
548 and cut them into pieces) will be reassembled (defragmented)
549 before being processed, even if they are about to be forwarded.
550 Enable only if running either a firewall that is the sole link
552 to your network or a transparent proxy; never ever use it for a
553 normal router or host. Otherwise, fragmented communication can
554 be disturbed if the fragments travel over different links.
555 Defragmentation also has a large memory and CPU time cost.
556 This is automagically turned on when masquerading or transparent
558 proxying are configured.
559 ip_autoconfig (since Linux 2.2 to 2.6.17)
561 Not documented.
562 ip_default_ttl (integer; default: 64; since Linux 2.2)
564 Set the default time-to-live value of outgoing packets. This
565 can be changed per socket with the IP_TTL option.
566 ip_dynaddr (Boolean; default: disabled; since Linux 2.0.31)
568 Enable dynamic socket address and masquerading entry rewriting
569 on interface address change. This is useful for dialup inter‐
570 face with changing IP addresses. 0 means no rewriting, 1 turns
571 it on and 2 enables verbose mode.
572 ip_forward (Boolean; default: disabled; since Linux 1.2)
574 Enable IP forwarding with a boolean flag. IP forwarding can be
575 also set on a per-interface basis.
576 ip_local_port_range (since Linux 2.2)
578 This file contains two integers that define the default local
579 port range allocated to sockets that are not explicitly bound to
580 a port number—that is, the range used for ephemeral ports. An
581 ephemeral port is allocated to a socket in the following circum‐
582 stances:
583 * the port number in a socket address is specified as 0 when
585 calling bind(2);
586 * listen(2) is called on a stream socket that was not previ‐
588 ously bound;
589 * connect(2) was called on a socket that was not previously
591 bound;
592 * sendto(2) is called on a datagram socket that was not previ‐
594 ously bound.
595 Allocation of ephemeral ports starts with the first number in
597 ip_local_port_range and ends with the second number. If the
598 range of ephemeral ports is exhausted, then the relevant system
599 call returns an error (but see BUGS).
600 Note that the port range in ip_local_port_range should not con‐
602 flict with the ports used by masquerading (although the case is
603 handled). Also, arbitrary choices may cause problems with some
604 firewall packet filters that make assumptions about the local
605 ports in use. The first number should be at least greater than
606 1024, or better, greater than 4096, to avoid clashes with well
607 known ports and to minimize firewall problems.
608 ip_no_pmtu_disc (Boolean; default: disabled; since Linux 2.2)
610 If enabled, don't do Path MTU Discovery for TCP sockets by
611 default. Path MTU discovery may fail if misconfigured firewalls
612 (that drop all ICMP packets) or misconfigured interfaces (e.g.,
613 a point-to-point link where the both ends don't agree on the
614 MTU) are on the path. It is better to fix the broken routers on
615 the path than to turn off Path MTU Discovery globally, because
616 not doing it incurs a high cost to the network.
617 ip_nonlocal_bind (Boolean; default: disabled; since Linux 2.4)
619 If set, allows processes to bind(2) to nonlocal IP addresses,
620 which can be quite useful, but may break some applications.
621 ip6frag_time (integer; default: 30)
623 Time in seconds to keep an IPv6 fragment in memory.
624 ip6frag_secret_interval (integer; default: 600)
626 Regeneration interval (in seconds) of the hash secret (or life‐
627 time for the hash secret) for IPv6 fragments.
628 ipfrag_high_thresh (integer), ipfrag_low_thresh (integer)
630 If the amount of queued IP fragments reaches ipfrag_high_thresh,
631 the queue is pruned down to ipfrag_low_thresh. Contains an
632 integer with the number of bytes.
633 neigh/*
635 See arp(7).
636 Ioctls
638 All ioctls described in socket(7) apply to ip.
639 Ioctls to configure generic device parameters are described in netde‐
641 vice(7).
642
644 EACCES The user tried to execute an operation without the necessary
645 permissions. These include: sending a packet to a broadcast
646 address without having the SO_BROADCAST flag set; sending a
647 packet via a prohibit route; modifying firewall settings without
648 superuser privileges (the CAP_NET_ADMIN capability); binding to
649 a privileged port without superuser privileges (the
650 CAP_NET_BIND_SERVICE capability).
651 EADDRINUSE
653 Tried to bind to an address already in use.
654 EADDRNOTAVAIL
656 A nonexistent interface was requested or the requested source
657 address was not local.
658 EAGAIN Operation on a nonblocking socket would block.
660 EALREADY
662 A connection operation on a nonblocking socket is already in
663 progress.
664 ECONNABORTED
666 A connection was closed during an accept(2).
667 EHOSTUNREACH
669 No valid routing table entry matches the destination address.
670 This error can be caused by an ICMP message from a remote router
671 or for the local routing table.
672 EINVAL Invalid argument passed. For send operations this can be caused
674 by sending to a blackhole route.
675 EISCONN
677 connect(2) was called on an already connected socket.
678 EMSGSIZE
680 Datagram is bigger than an MTU on the path and it cannot be
681 fragmented.
682 ENOBUFS, ENOMEM
684 Not enough free memory. This often means that the memory allo‐
685 cation is limited by the socket buffer limits, not by the system
686 memory, but this is not 100% consistent.
687 ENOENT SIOCGSTAMP was called on a socket where no packet arrived.
689 ENOPKG A kernel subsystem was not configured.
691 ENOPROTOOPT and EOPNOTSUPP
693 Invalid socket option passed.
694 ENOTCONN
696 The operation is defined only on a connected socket, but the
697 socket wasn't connected.
698 EPERM User doesn't have permission to set high priority, change con‐
700 figuration, or send signals to the requested process or group.
701 EPIPE The connection was unexpectedly closed or shut down by the other
703 end.
704 ESOCKTNOSUPPORT
706 The socket is not configured or an unknown socket type was
707 requested.
708 Other errors may be generated by the overlaying protocols; see tcp(7),
710 raw(7), udp(7), and socket(7).
711
713 IP_FREEBIND, IP_MSFILTER, IP_MTU, IP_MTU_DISCOVER, IP_RECVORIGDSTADDR,
714 IP_PKTINFO, IP_RECVERR, IP_ROUTER_ALERT, and IP_TRANSPARENT are Linux-
715 specific.
716 Be very careful with the SO_BROADCAST option - it is not privileged in
718 Linux. It is easy to overload the network with careless broadcasts.
719 For new application protocols it is better to use a multicast group
720 instead of broadcasting. Broadcasting is discouraged.
721 Some other BSD sockets implementations provide IP_RCVDSTADDR and
723 IP_RECVIF socket options to get the destination address and the inter‐
724 face of received datagrams. Linux has the more general IP_PKTINFO for
725 the same task.
726 Some BSD sockets implementations also provide an IP_RECVTTL option, but
728 an ancillary message with type IP_RECVTTL is passed with the incoming
729 packet. This is different from the IP_TTL option used in Linux.
730 Using the SOL_IP socket options level isn't portable; BSD-based stacks
732 use the IPPROTO_IP level.
733 INADDR_ANY (0.0.0.0) and INADDR_BROADCAST (255.255.255.255) are byte-
735 order-neutral.
736 This means htonl(3) has no effect on them.
737 Compatibility
739 For compatibility with Linux 2.0, the obsolete socket(AF_INET,
740 SOCK_PACKET, protocol) syntax is still supported to open a packet(7)
741 socket. This is deprecated and should be replaced by socket(AF_PACKET,
742 SOCK_RAW, protocol) instead. The main difference is the new sock‐
743 addr_ll address structure for generic link layer information instead of
744 the old sockaddr_pkt.
745
747 There are too many inconsistent error values.
748 The error used to diagnose exhaustion of the ephemeral port range dif‐
750 fers across the various system calls (connect(2), bind(2), listen(2),
751 sendto(2)) that can assign ephemeral ports.
752 The ioctls to configure IP-specific interface options and ARP tables
754 are not described.
755 Receiving the original destination address with MSG_ERRQUEUE in
757 msg_name by recvmsg(2) does not work in some 2.2 kernels.
758
760 recvmsg(2), sendmsg(2), byteorder(3), ipfw(4), capabilities(7),
761 icmp(7), ipv6(7), netdevice(7), netlink(7), raw(7), socket(7), tcp(7),
762 udp(7), ip(8)
763 The kernel source file Documentation/networking/ip-sysctl.txt.
765 RFC 791 for the original IP specification. RFC 1122 for the IPv4 host
767 requirements. RFC 1812 for the IPv4 router requirements.
768
770 This page is part of release 5.07 of the Linux man-pages project. A
771 description of the project, information about reporting bugs, and the
772 latest version of this page, can be found at
773 https://www.kernel.org/doc/man-pages/.
774Linux 2020-06-09 IP(7)