IP(7) Linux Programmers Manual IP(7)
NAME
ip - Linux IPv4 protocol implementation
SYNOPSIS
#include
#include
#include /* superset of previous */
tcp_socket = socket(PF_INET, SOCK_STREAM, 0);
udp_socket = socket(PF_INET, SOCK_DGRAM, 0);
raw_socket = socket(PF_INET, SOCK_RAW, protocol);
DESCRIPTION
Linux implements the Internet Protocol, version 4, described in RFC 791
and RFC 1122. ip contains a level 2 multicasting implementation con
forming to RFC 1112. It also contains an IP router including a packet
filter.
The programming interface is BSD sockets compatible. For more informa
tion on sockets, see socket(7).
An IP socket is created by calling the socket(2) function as
socket(PF_INET, socket_type, protocol). Valid socket types are
SOCK_STREAM to open a tcp(7) socket, SOCK_DGRAM to open a udp(7)
socket, or SOCK_RAW to open a raw(7) socket to access the IP protocol
directly. protocol is the IP protocol in the IP header to be received
or sent. The only valid values for protocol are 0 and IPPROTO_TCP for
TCP sockets and 0 and IPPROTO_UDP for UDP sockets. For SOCK_RAW you
may specify a valid IANA IP protocol defined in RFC 1700 assigned num
bers.
When a process wants to receive new incoming packets or connections, it
should bind a socket to a local interface address using bind(2). Only
one IP socket may be bound to any given local (address, port) pair.
When INADDR_ANY is specified in the bind call the socket will be bound
to all local interfaces. When listen(2) or connect(2) are called on an
unbound socket, it is automatically bound to a random free port with
the local address set to INADDR_ANY.
A TCP local socket address that has been bound is unavailable for some
time after closing, unless the SO_REUSEADDR flag has been set. Care
should be taken when using this flag as it makes TCP less reliable.
Address Format
An IP socket address is defined as a combination of an IP interface
address and a 16-bit port number. The basic IP protocol does not sup
ply port numbers, they are implemented by higher level protocols like
udp(7) and tcp(7). On raw sockets sin_port is set to the IP protocol.
struct sockaddr_in {
sa_family_t sin_family; /* address family: AF_INET */
uint16_t sin_port; /* port in network byte order */
struct in_addr sin_addr; /* internet address */
};
/* Internet address. */
struct in_addr {
uint32_t s_addr; /* address in network byte order */
};
sin_family is always set to AF_INET. This is required; in Linux 2.2
most networking functions return EINVAL when this setting is missing.
sin_port contains the port in network byte order. The port numbers
below 1024 are called reserved ports. Only privileged processes (i.e.,
those having the CAP_NET_BIND_SERVICE capability) may bind(2) to these
sockets. Note that the raw IPv4 protocol as such has no concept of a
port, they are only implemented by higher protocols like tcp(7) and
udp(7).
sin_addr is the IP host address. The s_addr member of struct in_addr
contains the host interface address in network byte order. in_addr
should be assigned one of the INADDR_* values (e.g., INADDR_ANY) or set
using the inet_aton(3), inet_addr(3), inet_makeaddr(3) library func
tions or directly with the name resolver (see gethostbyname(3)). IPv4
addresses are divided into unicast, broadcast and multicast addresses.
Unicast addresses specify a single interface of a host, broadcast
addresses specify all hosts on a network and multicast addresses
address all hosts in a multicast group. Datagrams to broadcast
addresses can be only sent or received when the SO_BROADCAST socket
flag is set. In the current implementation connection oriented sockets
are only allowed to use unicast addresses.
Note that the address and the port are always stored in network byte
order. In particular, this means that you need to call htons(3) on the
number that is assigned to a port. All address/port manipulation func
tions in the standard library work in network byte order.
There are several special addresses: INADDR_LOOPBACK (127.0.0.1) always
refers to the local host via the loopback device; INADDR_ANY (0.0.0.0)
means any address for binding; INADDR_BROADCAST (255.255.255.255) means
any host and has the same effect on bind as INADDR_ANY for historical
reasons.
Socket Options
IP supports some protocol-specific socket options that can be set with
setsockopt(2) and read with getsockopt(2). The socket option level for
IP is IPPROTO_IP. A boolean integer flag is zero when it is false,
otherwise true.
IP_OPTIONS
Sets or get the IP options to be sent with every packet from
this socket. The arguments are a pointer to a memory buffer
containing the options and the option length. The setsockopt(2)
call sets the IP options associated with a socket. The maximum
option size for IPv4 is 40 bytes. See RFC 791 for the allowed
options. When the initial connection request packet for a
SOCK_STREAM socket contains IP options, the IP options will be
set automatically to the options from the initial packet with
routing headers reversed. Incoming packets are not allowed to
change options after the connection is established. The pro
cessing of all incoming source routing options is disabled by
default and can be enabled by using the accept_source_route
sysctl. Other options like timestamps are still handled. For
datagram sockets, IP options can be only set by the local user.
Calling getsockopt(2) with IP_OPTIONS puts the current IP
options used for sending into the supplied buffer.
IP_PKTINFO
Pass an IP_PKTINFO ancillary message that contains a pktinfo
structure that supplies some information about the incoming
packet. This only works for datagram oriented sockets. The
argument is a flag that tells the socket whether the IP_PKTINFO
message should be passed or not. The message itself can only be
sent/retrieved as control message with a packet using recvmsg(2)
or sendmsg(2).
struct in_pktinfo {
unsigned int ipi_ifindex; /* Interface index */
struct in_addr ipi_spec_dst; /* Local address */
struct in_addr ipi_addr; /* Header Destination
address */
};
ipi_ifindex is the unique index of the interface the packet was
received on. ipi_spec_dst is the local address of the packet
and ipi_addr is the destination address in the packet header.
If IP_PKTINFO is passed to sendmsg(2) and ipi_spec_dst is not
zero, then it is used as the local source address for the rout
ing table lookup and for setting up IP source route options.
When ipi_ifindex is not zero the primary local address of the
interface specified by the index overwrites ipi_spec_dst for the
routing table lookup.
IP_RECVTOS
If enabled the IP_TOS ancillary message is passed with incoming
packets. It contains a byte which specifies the Type of Ser
vice/Precedence field of the packet header. Expects a boolean
integer flag.
IP_RECVTTL
When this flag is set pass a IP_TTL control message with the
time to live field of the received packet as a byte. Not sup
ported for SOCK_STREAM sockets.
IP_RECVOPTS
Pass all incoming IP options to the user in a IP_OPTIONS control
message. The routing header and other options are already
filled in for the local host. Not supported for SOCK_STREAM
sockets.
IP_RETOPTS
Identical to IP_RECVOPTS but returns raw unprocessed options
with timestamp and route record options not filled in for this
hop.
IP_TOS Set or receive the Type-Of-Service (TOS) field that is sent with
every IP packet originating from this socket. It is used to
prioritize packets on the network. TOS is a byte. There are
some standard TOS flags defined: IPTOS_LOWDELAY to minimize
delays for interactive traffic, IPTOS_THROUGHPUT to optimize
throughput, IPTOS_RELIABILITY to optimize for reliability,
IPTOS_MINCOST should be used for "filler data" where slow trans
mission doesnt matter. At most one of these TOS values can be
specified. Other bits are invalid and shall be cleared. Linux
sends IPTOS_LOWDELAY datagrams first by default, but the exact
behavior depends on the configured queueing discipline. Some
high priority levels may require superuser privileges (the
CAP_NET_ADMIN capability). The priority can also be set in a
protocol independent way by the (SOL_SOCKET, SO_PRIORITY) socket
option (see socket(7)).
IP_TTL Set or retrieve the current time to live field that is used in
every packet sent from this socket.
IP_HDRINCL
If enabled the user supplies an IP header in front of the user
data. Only valid for SOCK_RAW sockets. See raw(7) for more
information. When this flag is enabled the values set by
IP_OPTIONS, IP_TTL and IP_TOS are ignored.
IP_RECVERR (defined in )
Enable extended reliable error message passing. When enabled on
a datagram socket all generated errors will be queued in a per-
socket error queue. When the user receives an error from a
socket operation the errors can be received by calling
recvmsg(2) with the MSG_ERRQUEUE flag set. The
sock_extended_err structure describing the error will be passed
in an ancillary message with the type IP_RECVERR and the level
IPPROTO_IP. This is useful for reliable error handling on
unconnected sockets. The received data portion of the error
queue contains the error packet.
The IP_RECVERR control message contains a sock_extended_err
structure:
#define SO_EE_ORIGIN_NONE 0
#define SO_EE_ORIGIN_LOCAL 1
#define SO_EE_ORIGIN_ICMP 2
#define SO_EE_ORIGIN_ICMP6 3
struct sock_extended_err {
uint32_t ee_errno; /* error number */
uint8_t ee_origin; /* where the error originated */
uint8_t ee_type; /* type */
uint8_t ee_code; /* code */
uint8_t ee_pad;
uint32_t ee_info; /* additional information */
uint32_t ee_data; /* other data */
/* More data may follow */
};
struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);
ee_errno contains the errno number of the queued error. ee_ori
gin is the origin code of where the error originated. The other
fields are protocol-specific. The macro SO_EE_OFFENDER returns
a pointer to the address of the network object where the error
originated from given a pointer to the ancillary message. If
this address is not known, the sa_family member of the sockaddr
contains AF_UNSPEC and the other fields of the sockaddr are
undefined.
IP uses the sock_extended_err structure as follows: ee_origin is
set to SO_EE_ORIGIN_ICMP for errors received as an ICMP packet,
or SO_EE_ORIGIN_LOCAL for locally generated errors. Unknown
values should be ignored. ee_type and ee_code are set from the
type and code fields of the ICMP header. ee_info contains the
discovered MTU for EMSGSIZE errors. The message also contains
the sockaddr_in of the node caused the error, which can be
accessed with the SO_EE_OFFENDER macro. The sin_family field of
the SO_EE_OFFENDER address is AF_UNSPEC when the source was
unknown. When the error originated from the network, all IP
options (IP_OPTIONS, IP_TTL, etc.) enabled on the socket and
contained in the error packet are passed as control messages.
The payload of the packet causing the error is returned as nor
mal payload. Note that TCP has no error queue; MSG_ERRQUEUE is
not permitted on SOCK_STREAM sockets. IP_RECVERR is valid for
TCP, but all errors are returned by socket function return or
SO_ERROR only.
For raw sockets, IP_RECVERR enables passing of all received ICMP
errors to the application, otherwise errors are only reported on
connected sockets
It sets or retrieves an integer boolean flag. IP_RECVERR
defaults to off.
IP_MTU_DISCOVER
Sets or receives the Path MTU Discovery setting for a socket.
When enabled, Linux will perform Path MTU Discovery as defined
in RFC 1191 on this socket. The dont fragment flag is set on
all outgoing datagrams. The system-wide default is controlled
by the ip_no_pmtu_disc sysctl for SOCK_STREAM sockets, and dis
abled on all others. For non-SOCK_STREAM sockets it is the
users responsibility to packetize the data in MTU sized chunks
and to do the retransmits if necessary. The kernel will reject
packets that are bigger than the known path MTU if this flag is
set (with EMSGSIZE ).
Path MTU discovery flags Meaning
IP_PMTUDISC_WANT Use per-route settings.
IP_PMTUDISC_DONT Never do Path MTU Discovery.
IP_PMTUDISC_DO Always do Path MTU Discovery.
IP_PMTUDISC_PROBE Set DF but ignore Path MTU.
When PMTU discovery is enabled the kernel automatically keeps
track of the path MTU per destination host. When it is con
nected to a specific peer with connect(2) the currently known
path MTU can be retrieved conveniently using the IP_MTU socket
option (e.g., after a EMSGSIZE error occurred). It may change
over time. For connectionless sockets with many destinations
the new also MTU for a given destination can also be accessed
using the error queue (see IP_RECVERR). A new error will be
queued for every incoming MTU update.
While MTU discovery is in progress initial packets from datagram
sockets may be dropped. Applications using UDP should be aware
of this and not take it into account for their packet retransmit
strategy.
To bootstrap the path MTU discovery process on unconnected sock
ets it is possible to start with a big datagram size (up to 64K-
headers bytes long) and let it shrink by updates of the path
MTU.
To get an initial estimate of the path MTU connect a datagram
socket to the destination address using connect(2) and retrieve
the MTU by calling getsockopt(2) with the IP_MTU option.
It is possible to implement RFC 4821 MTU probing with SOCK_DGRAM
or SOCK_RAW sockets by setting a value of IP_PMTUDISC_PROBE.
This is also particularly useful for diagnostic tools such as
tracepath(8) that wish to deliberately send probe packets larger
than the observed Path MTU.
IP_MTU Retrieve the current known path MTU of the current socket. Only
valid when the socket has been connected. Returns an integer.
Only valid as a getsockopt(2).
IP_ROUTER_ALERT
Pass all to-be forwarded packets with the IP Router Alert option
set to this socket. Only valid for raw sockets. This is use
ful, for instance, for user space RSVP daemons. The tapped
packets are not forwarded by the kernel, it is the users respon
sibility to send them out again. Socket binding is ignored,
such packets are only filtered by protocol. Expects an integer
flag.
IP_MULTICAST_TTL
Set or reads the time-to-live value of outgoing multicast pack
ets for this socket. It is very important for multicast packets
to set the smallest TTL possible. The default is 1 which means
that multicast packets dont leave the local network unless the
user program explicitly requests it. Argument is an integer.
IP_MULTICAST_LOOP
Sets or reads a boolean integer argument whether sent multicast
packets should be looped back to the local sockets.
IP_ADD_MEMBERSHIP
Join a multicast group. Argument is an ip_mreqn structure.
struct ip_mreqn {
struct in_addr imr_multiaddr; /* IP multicast group
address */
struct in_addr imr_address; /* IP address of local
interface */
int imr_ifindex; /* interface index */
};
imr_multiaddr contains the address of the multicast group the
application wants to join or leave. It must be a valid multi
cast address. imr_address is the address of the local interface
with which the system should join the multicast group; if it is
equal to INADDR_ANY an appropriate interface is chosen by the
system. imr_ifindex is the interface index of the interface
that should join/leave the imr_multiaddr group, or 0 to indicate
any interface.
For compatibility, the old ip_mreq structure is still supported.
It differs from ip_mreqn only by not including the imr_ifindex
field. Only valid as a setsockopt(2).
IP_DROP_MEMBERSHIP
Leave a multicast group. Argument is an ip_mreqn or ip_mreq
structure similar to IP_ADD_MEMBERSHIP.
IP_MULTICAST_IF
Set the local device for a multicast socket. Argument is an
ip_mreqn or ip_mreq structure similar to IP_ADD_MEMBERSHIP.
When an invalid socket option is passed, ENOPROTOOPT is
returned.
Sysctls
The IP protocol supports the sysctl interface to configure some global
options. The sysctls can be accessed by reading or writing the
/proc/sys/net/ipv4/* files or using the sysctl(2) interface. Variables
described as Boolean take an integer value, with a non-zero value
("true") meaning that the corresponding option is enabled, and a zero
value ("false") meaning that the option is disabled.
ip_always_defrag (Boolean)
[New with kernel 2.2.13; in earlier kernel versions this feature
was controlled at compile time by the CONFIG_IP_ALWAYS_DEFRAG
option; this option is not present in 2.4.x and later]
When this boolean frag is enabled (not equal 0) incoming frag
ments (parts of IP packets that arose when some host between
origin and destination decided that the packets were too large
and cut them into pieces) will be reassembled (defragmented)
before being processed, even if they are about to be forwarded.
Only enable if running either a firewall that is the sole link
to your network or a transparent proxy; never ever use it for a
normal router or host. Otherwise fragmented communication can
be disturbed if the fragments travel over different links.
Defragmentation also has a large memory and CPU time cost.
This is automagically turned on when masquerading or transparent
proxying are configured.
ip_autoconfig
Not documented.
ip_default_ttl (integer; default: 64)
Set the default time-to-live value of outgoing packets. This
can be changed per socket with the IP_TTL option.
ip_dynaddr (Boolean; default: disabled)
Enable dynamic socket address and masquerading entry rewriting
on interface address change. This is useful for dialup inter
face with changing IP addresses. 0 means no rewriting, 1 turns
it on and 2 enables verbose mode.
ip_forward (Boolean; default: disabled)
Enable IP forwarding with a boolean flag. IP forwarding can be
also set on a per interface basis.
ip_local_port_range
Contains two integers that define the default local port range
allocated to sockets. Allocation starts with the first number
and ends with the second number. Note that these should not
conflict with the ports used by masquerading (although the case
is handled). Also arbitrary choices may cause problems with
some firewall packet filters that make assumptions about the
local ports in use. First number should be at least >1024, bet
ter >4096 to avoid clashes with well known ports and to minimize
firewall problems.
ip_no_pmtu_disc (Boolean; default: disabled)
If enabled, dont do Path MTU Discovery for TCP sockets by
default. Path MTU discovery may fail if misconfigured firewalls
(that drop all ICMP packets) or misconfigured interfaces (e.g.,
a point-to-point link where the both ends dont agree on the
MTU) are on the path. It is better to fix the broken routers on
the path than to turn off Path MTU Discovery globally, because
not doing it incurs a high cost to the network.
ip_nonlocal_bind (Boolean; default: disabled)
If set, allows processes to bind(2) to non-local IP addresses,
which can be quite useful, but may break some applications.
ip6frag_time (integer; default 30)
Time in seconds to keep an IPv6 fragment in memory.
ip6frag_secret_interval (integer; default 600)
Regeneration interval (in seconds) of the hash secret (or life
time for the hash secret) for IPv6 fragments.
ipfrag_high_thresh (integer), ipfrag_low_thresh (integer)
If the amount of queued IP fragments reaches ipfrag_high_thresh,
the queue is pruned down to ipfrag_low_thresh. Contains an
integer with the number of bytes.
neigh/*
See arp(7).
Ioctls
All ioctls described in socket(7) apply to ip.
Ioctls to configure generic device parameters are described in netde
vice(7).
ERRORS
EACCES The user tried to execute an operation without the necessary
permissions. These include: sending a packet to a broadcast
address without having the SO_BROADCAST flag set; sending a
packet via a prohibit route; modifying firewall settings without
superuser privileges (the CAP_NET_ADMIN capability); binding to
a reserved port without superuser privileges (the
CAP_NET_BIND_SERVICE capability).
EADDRINUSE
Tried to bind to an address already in use.
EADDRNOTAVAIL
A nonexistent interface was requested or the requested source
address was not local.
EAGAIN Operation on a non-blocking socket would block.
EALREADY
An connection operation on a non-blocking socket is already in
progress.
ECONNABORTED
A connection was closed during an accept(2).
EHOSTUNREACH
No valid routing table entry matches the destination address.
This error can be caused by a ICMP message from a remote router
or for the local routing table.
EINVAL Invalid argument passed. For send operations this can be caused
by sending to a blackhole route.
EISCONN
connect(2) was called on an already connected socket.
EMSGSIZE
Datagram is bigger than an MTU on the path and it cannot be
fragmented.
ENOBUFS, ENOMEM
Not enough free memory. This often means that the memory allo
cation is limited by the socket buffer limits, not by the system
memory, but this is not 100% consistent.
ENOENT SIOCGSTAMP was called on a socket where no packet arrived.
ENOPKG A kernel subsystem was not configured.
ENOPROTOOPT and EOPNOTSUPP
Invalid socket option passed.
ENOTCONN
The operation is only defined on a connected socket, but the
socket wasnt connected.
EPERM User doesnt have permission to set high priority, change con
figuration, or send signals to the requested process or group.
EPIPE The connection was unexpectedly closed or shut down by the other
end.
ESOCKTNOSUPPORT
The socket is not configured or an unknown socket type was
requested.
Other errors may be generated by the overlaying protocols; see tcp(7),
raw(7), udp(7) and socket(7).
VERSIONS
IP_MTU, IP_MTU_DISCOVER, IP_PKTINFO, IP_RECVERR and IP_ROUTER_ALERT are
new options in Linux 2.2. They are also all Linux-specific and should
not be used in programs intended to be portable.
IP_PMTUDISC_PROBE is new in Linux 2.6.22.
struct ip_mreqn is new in Linux 2.2. Linux 2.0 only supported ip_mreq.
The sysctls were introduced with Linux 2.2.
NOTES
Be very careful with the SO_BROADCAST option - it is not privileged in
Linux. It is easy to overload the network with careless broadcasts.
For new application protocols it is better to use a multicast group
instead of broadcasting. Broadcasting is discouraged.
Some other BSD sockets implementations provide IP_RCVDSTADDR and
IP_RECVIF socket options to get the destination address and the inter
face of received datagrams. Linux has the more general IP_PKTINFO for
the same task.
Some BSD sockets implementations also provide an IP_RECVTTL option, but
an ancillary message with type IP_RECVTTL is passed with the incoming
packet. This is different from the IP_TTL option used in Linux.
Using SOL_IP socket options level isnt portable, BSD-based stacks use
IPPROTO_IP level.
Compatibility
For compatibility with Linux 2.0, the obsolete socket(PF_INET,
SOCK_PACKET, protocol) syntax is still supported to open a packet(7)
socket. This is deprecated and should be replaced by socket(PF_PACKET,
SOCK_RAW, protocol) instead. The main difference is the new sock
addr_ll address structure for generic link layer information instead of
the old sockaddr_pkt.
BUGS
There are too many inconsistent error values.
The ioctls to configure IP-specific interface options and ARP tables
are not described.
Some versions of glibc forget to declare in_pktinfo. Workaround cur
rently is to copy it into your program from this man page.
Receiving the original destination address with MSG_ERRQUEUE in
msg_name by recvmsg(2) does not work in some 2.2 kernels.
SEE ALSO
recvmsg(2), sendmsg(2), byteorder(3), ipfw(4), capabilities(7),
netlink(7), raw(7), socket(7), tcp(7), udp(7)
RFC 791 for the original IP specification.
RFC 1122 for the IPv4 host requirements.
RFC 1812 for the IPv4 router requirements.
COLOPHON
This page is part of release 3.05 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2001-06-19 IP(7)
|
