# phpman > man > ip(7) [IP(7)](https://www.chedong.com/phpMan.php/man/IP/7/markdown) Linux Programmer's Manual [IP(7)](https://www.chedong.com/phpMan.php/man/IP/7/markdown) ## NAME ip - Linux IPv4 protocol implementation ## SYNOPSIS ### #include ### #include **#include** **** /* superset of previous */ _tcp_socket_ **=** **socket(AF**___**INET,** **SOCK**___**STREAM,** **0);** _udp_socket_ **=** **socket(AF**___**INET,** **SOCK**___**DGRAM,** **0);** _raw_socket_ **=** **socket(AF**___**INET,** **SOCK**___**RAW,** _protocol_**);** ## DESCRIPTION Linux implements the Internet Protocol, version 4, described in RFC 791 and RFC 1122. **ip** contains a level 2 multicasting implementation conforming to RFC 1112. It also contains an IP router including a packet filter. The programming interface is BSD-sockets compatible. For more information on sockets, see [**socket**(7)](https://www.chedong.com/phpMan.php/man/socket/7/markdown). An IP socket is created using [**socket**(2)](https://www.chedong.com/phpMan.php/man/socket/2/markdown): socket(AF_INET, socket_type, protocol); Valid socket types include **SOCK**___**STREAM** to open a stream socket, **SOCK**___**DGRAM** to open a datagram socket, and **SOCK**___**RAW** to open a [**raw**(7)](https://www.chedong.com/phpMan.php/man/raw/7/markdown) socket to access the IP protocol directly. _protocol_ is the IP protocol in the IP header to be received or sent. Valid values for _proto__‐ _col_ include: • 0 and **IPPROTO**___**TCP** for [**tcp**(7)](https://www.chedong.com/phpMan.php/man/tcp/7/markdown) stream sockets; • 0 and **IPPROTO**___**UDP** for [**udp**(7)](https://www.chedong.com/phpMan.php/man/udp/7/markdown) datagram sockets; • **IPPROTO**___**SCTP** for [**sctp**(7)](https://www.chedong.com/phpMan.php/man/sctp/7/markdown) stream sockets; and • **IPPROTO**___**UDPLITE** for [**udplite**(7)](https://www.chedong.com/phpMan.php/man/udplite/7/markdown) datagram sockets. For **SOCK**___**RAW** you may specify a valid IANA IP protocol defined in RFC 1700 assigned numbers. When a process wants to receive new incoming packets or connections, it should bind a socket to a local interface address using [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown). In this case, only one IP socket may be bound to any given local (address, port) pair. When **INADDR**___**ANY** is specified in the bind call, the socket will be bound to _all_ local interfaces. When [**listen**(2)](https://www.chedong.com/phpMan.php/man/listen/2/markdown) is called on an unbound socket, the socket is automatically bound to a random free port with the local address set to **IN**‐‐ **ADDR**___**ANY**. When [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown) is called on an unbound socket, the socket is automatically bound to a random free port or to a usable shared port with the local address set to **INADDR**___**ANY**. A TCP local socket address that has been bound is unavailable for some time after closing, unless the **SO**___**REUSEADDR** flag has been set. Care should be taken when using this flag as it makes TCP less reliable. ### Address format An IP socket address is defined as a combination of an IP interface address and a 16-bit port number. The basic IP protocol does not supply port numbers, they are implemented by higher level protocols like [**udp**(7)](https://www.chedong.com/phpMan.php/man/udp/7/markdown) and [**tcp**(7)](https://www.chedong.com/phpMan.php/man/tcp/7/markdown). On raw sockets _sin_port_ is set to the IP protocol. struct sockaddr_in { sa_family_t sin_family; /* address family: AF_INET */ in_port_t sin_port; /* port in network byte order */ struct in_addr sin_addr; /* internet address */ }; /* Internet address. */ struct in_addr { uint32_t s_addr; /* address in network byte order */ }; _sin_family_ is always set to **AF**___**INET**. This is required; in Linux 2.2 most networking func‐ tions return **EINVAL** when this setting is missing. _sin_port_ contains the port in network byte order. The port numbers below 1024 are called _privileged_ _ports_ (or sometimes: _reserved_ _ports_). Only a privileged process (on Linux: a process that has the **CAP**___**NET**___**BIND**___**SERVICE** ca‐ pability in the user namespace governing its network namespace) may [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown) to these sockets. Note that the raw IPv4 protocol as such has no concept of a port, they are implemented only by higher protocols like [**tcp**(7)](https://www.chedong.com/phpMan.php/man/tcp/7/markdown) and [**udp**(7)](https://www.chedong.com/phpMan.php/man/udp/7/markdown). _sin_addr_ is the IP host address. The _s_addr_ member of _struct_ _in_addr_ contains the host in‐ terface address in network byte order. _in_addr_ should be assigned one of the **INADDR**___***** values (e.g., **INADDR**___**LOOPBACK**) using [**htonl**(3)](https://www.chedong.com/phpMan.php/man/htonl/3/markdown) or set using the **inet**___**[aton**(3)](https://www.chedong.com/phpMan.php/man/aton/3/markdown), **inet**___**[addr**(3)](https://www.chedong.com/phpMan.php/man/addr/3/markdown), **inet**___**[makeaddr**(3)](https://www.chedong.com/phpMan.php/man/makeaddr/3/markdown) library functions or directly with the name resolver (see [**gethostbyname**(3)](https://www.chedong.com/phpMan.php/man/gethostbyname/3/markdown)). IPv4 addresses are divided into unicast, broadcast, and multicast addresses. Unicast ad‐ dresses specify a single interface of a host, broadcast addresses specify all hosts on a net‐ work, and multicast addresses address all hosts in a multicast group. Datagrams to broadcast addresses can be sent or received only when the **SO**___**BROADCAST** socket flag is set. In the cur‐ rent implementation, connection-oriented sockets are allowed to use only unicast addresses. Note that the address and the port are always stored in network byte order. In particular, this means that you need to call [**htons**(3)](https://www.chedong.com/phpMan.php/man/htons/3/markdown) on the number that is assigned to a port. All ad‐ dress/port manipulation functions in the standard library work in network byte order. There are several special addresses: **INADDR**___**LOOPBACK** (127.0.0.1) always refers to the local host via the loopback device; **INADDR**___**ANY** (0.0.0.0) means any address for binding; **IN**‐‐ **ADDR**___**BROADCAST** (255.255.255.255) means any host and has the same effect on bind as **INADDR**___**ANY** for historical reasons. ### Socket options IP supports some protocol-specific socket options that can be set with [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) and read with [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown). The socket option level for IP is **IPPROTO**___**IP**. A boolean integer flag is zero when it is false, otherwise true. When an invalid socket option is specified, [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) and [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) fail with the er‐ ror **ENOPROTOOPT**. **IP**___**ADD**___**MEMBERSHIP** (since Linux 1.2) Join a multicast group. Argument is an _ip_mreqn_ structure. struct ip_mreqn { struct in_addr imr_multiaddr; /* IP multicast group address */ struct in_addr imr_address; /* IP address of local interface */ int imr_ifindex; /* interface index */ }; _imr_multiaddr_ contains the address of the multicast group the application wants to join or leave. It must be a valid multicast address (or [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) fails with the error **EINVAL**). _imr_address_ is the address of the local interface with which the system should join the mul‐ ticast group; if it is equal to **INADDR**___**ANY**, an appropriate interface is chosen by the system. _imr_ifindex_ is the interface index of the interface that should join/leave the _imr_multiaddr_ group, or 0 to indicate any interface. The _ip_mreqn_ structure is available only since Linux 2.2. For compatibility, the old _ip_mreq_ structure (present since Linux 1.2) is still supported; it differs from _ip_mreqn_ only by not including the _imr_ifindex_ field. (The kernel determines which structure is being passed based on the size passed in _optlen_.) **IP**___**ADD**___**MEMBERSHIP** is valid only for [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown). **IP**___**ADD**___**SOURCE**___**MEMBERSHIP** (since Linux 2.4.22 / 2.5.68) Join a multicast group and allow receiving data only from a specified source. Argu‐ ment is an _ip_mreq_source_ structure. struct ip_mreq_source { struct in_addr imr_multiaddr; /* IP multicast group address */ struct in_addr imr_interface; /* IP address of local interface */ struct in_addr imr_sourceaddr; /* IP address of multicast source */ }; The _ip_mreq_source_ structure is similar to _ip_mreqn_ described under **IP**___**ADD**___**MEMBERSHIP**. The _imr_multiaddr_ field contains the address of the multicast group the application wants to join or leave. The _imr_interface_ field is the address of the local interface with which the sys‐ tem should join the multicast group. Finally, the _imr_sourceaddr_ field contains the address of the source the application wants to receive data from. This option can be used multiple times to allow receiving data from more than one source. **IP**___**BIND**___**ADDRESS**___**NO**___**PORT** (since Linux 4.2) Inform the kernel to not reserve an ephemeral port when using [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown) with a port num‐ ber of 0. The port will later be automatically chosen at [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown) time, in a way that allows sharing a source port as long as the 4-tuple is unique. **IP**___**BLOCK**___**SOURCE** (since Linux 2.4.22 / 2.5.68) Stop receiving multicast data from a specific source in a given group. This is valid only after the application has subscribed to the multicast group using either **IP**___**ADD**___**MEMBERSHIP** or **IP**___**ADD**___**SOURCE**___**MEMBERSHIP**. Argument is an _ip_mreq_source_ structure as described under **IP**___**ADD**___**SOURCE**___**MEMBERSHIP**. **IP**___**DROP**___**MEMBERSHIP** (since Linux 1.2) Leave a multicast group. Argument is an _ip_mreqn_ or _ip_mreq_ structure similar to **IP**___**ADD**___**MEMBERSHIP**. **IP**___**DROP**___**SOURCE**___**MEMBERSHIP** (since Linux 2.4.22 / 2.5.68) Leave a source-specific group—that is, stop receiving data from a given multicast group that come from a given source. If the application has subscribed to multiple sources within the same group, data from the remaining sources will still be deliv‐ ered. To stop receiving data from all sources at once, use **IP**___**DROP**___**MEMBERSHIP**. Argument is an _ip_mreq_source_ structure as described under **IP**___**ADD**___**SOURCE**___**MEMBERSHIP**. **IP**___**FREEBIND** (since Linux 2.4) If enabled, this boolean option allows binding to an IP address that is nonlocal or does not (yet) exist. This permits listening on a socket, without requiring the un‐ derlying network interface or the specified dynamic IP address to be up at the time that the application is trying to bind to it. This option is the per-socket equiva‐ lent of the _ip_nonlocal_bind_ _/proc_ interface described below. **IP**___**HDRINCL** (since Linux 2.0) If enabled, the user supplies an IP header in front of the user data. Valid only for **SOCK**___**RAW** sockets; see [**raw**(7)](https://www.chedong.com/phpMan.php/man/raw/7/markdown) for more information. When this flag is enabled, the values set by **IP**___**OPTIONS**, **IP**___**TTL**, and **IP**___**TOS** are ignored. **IP**___**MSFILTER** (since Linux 2.4.22 / 2.5.68) This option provides access to the advanced full-state filtering API. Argument is an _ip_msfilter_ structure. struct ip_msfilter { struct in_addr imsf_multiaddr; /* IP multicast group address */ struct in_addr imsf_interface; /* IP address of local interface */ uint32_t imsf_fmode; /* Filter-mode */ uint32_t imsf_numsrc; /* Number of sources in the following array */ struct in_addr imsf_slist[1]; /* Array of source addresses */ }; There are two macros, **MCAST**___**INCLUDE** and **MCAST**___**EXCLUDE**, which can be used to specify the fil‐ tering mode. Additionally, the **IP**___**MSFILTER**___**[SIZE**(n)](https://www.chedong.com/phpMan.php/man/SIZE/n/markdown) macro exists to determine how much memory is needed to store _ip_msfilter_ structure with _n_ sources in the source list. For the full description of multicast source filtering refer to RFC 3376. **IP**___**MTU** (since Linux 2.2) Retrieve the current known path MTU of the current socket. Returns an integer. **IP**___**MTU** is valid only for [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) and can be employed only when the socket has been connected. **IP**___**MTU**___**DISCOVER** (since Linux 2.2) Set or receive the Path MTU Discovery setting for a socket. When enabled, Linux will perform Path MTU Discovery as defined in RFC 1191 on **SOCK**___**STREAM** sockets. For non- **SOCK**___**STREAM** sockets, **IP**___**PMTUDISC**___**DO** forces the don't-fragment flag to be set on all outgoing packets. It is the user's responsibility to packetize the data in MTU-sized chunks and to do the retransmits if necessary. The kernel will reject (with **EMSGSIZE**) datagrams that are bigger than the known path MTU. **IP**___**PMTUDISC**___**WANT** will fragment a datagram if needed according to the path MTU, or will set the don't-fragment flag oth‐ erwise. The system-wide default can be toggled between **IP**___**PMTUDISC**___**WANT** and **IP**___**PMTUDISC**___**DONT** by writing (respectively, zero and nonzero values) to the _/proc/sys/net/ipv4/ip_no_pmtu_disc_ file. Path MTU discovery value Meaning IP_PMTUDISC_WANT Use per-route settings. IP_PMTUDISC_DONT Never do Path MTU Discovery. IP_PMTUDISC_DO Always do Path MTU Discovery. IP_PMTUDISC_PROBE Set DF but ignore Path MTU. When PMTU discovery is enabled, the kernel automatically keeps track of the path MTU per destination host. When it is connected to a specific peer with [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown), the currently known path MTU can be retrieved conveniently using the **IP**___**MTU** socket option (e.g., after an **EMSGSIZE** error occurred). The path MTU may change over time. For connectionless sockets with many destinations, the new MTU for a given destination can also be accessed using the error queue (see **IP**___**RECVERR**). A new error will be queued for every incoming MTU update. While MTU discovery is in progress, initial packets from datagram sockets may be dropped. Applications using UDP should be aware of this and not take it into account for their packet retransmit strategy. To bootstrap the path MTU discovery process on unconnected sockets, it is possible to start with a big datagram size (headers up to 64 kilobytes long) and let it shrink by updates of the path MTU. To get an initial estimate of the path MTU, connect a datagram socket to the destina‐ tion address using [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown) and retrieve the MTU by calling [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) with the **IP**___**MTU** option. It is possible to implement RFC 4821 MTU probing with **SOCK**___**DGRAM** or **SOCK**___**RAW** sockets by setting a value of **IP**___**PMTUDISC**___**PROBE** (available since Linux 2.6.22). This is also particularly useful for diagnostic tools such as [**tracepath**(8)](https://www.chedong.com/phpMan.php/man/tracepath/8/markdown) that wish to deliber‐ ately send probe packets larger than the observed Path MTU. **IP**___**MULTICAST**___**ALL** (since Linux 2.6.31) This option can be used to modify the delivery policy of multicast messages to sockets bound to the wildcard **INADDR**___**ANY** address. The argument is a boolean integer (defaults to 1). If set to 1, the socket will receive messages from all the groups that have been joined globally on the whole system. Otherwise, it will deliver messages only from the groups that have been explicitly joined (for example via the **IP**___**ADD**___**MEMBER**‐‐ **SHIP** option) on this particular socket. **IP**___**MULTICAST**___**IF** (since Linux 1.2) Set the local device for a multicast socket. The argument for [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) is an _ip_mreqn_ or (since Linux 3.5) _ip_mreq_ structure similar to **IP**___**ADD**___**MEMBERSHIP**, or an _in_addr_ structure. (The kernel determines which structure is being passed based on the size passed in _optlen_.) For [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown), the argument is an _in_addr_ structure. **IP**___**MULTICAST**___**LOOP** (since Linux 1.2) Set or read a boolean integer argument that determines whether sent multicast packets should be looped back to the local sockets. **IP**___**MULTICAST**___**TTL** (since Linux 1.2) Set or read the time-to-live value of outgoing multicast packets for this socket. It is very important for multicast packets to set the smallest TTL possible. The default is 1 which means that multicast packets don't leave the local network unless the user program explicitly requests it. Argument is an integer. **IP**___**NODEFRAG** (since Linux 2.6.36) If enabled (argument is nonzero), the reassembly of outgoing packets is disabled in the netfilter layer. The argument is an integer. This option is valid only for **SOCK**___**RAW** sockets. **IP**___**OPTIONS** (since Linux 2.0) Set or get the IP options to be sent with every packet from this socket. The argu‐ ments are a pointer to a memory buffer containing the options and the option length. The [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) call sets the IP options associated with a socket. The maximum op‐ tion size for IPv4 is 40 bytes. See RFC 791 for the allowed options. When the ini‐ tial connection request packet for a **SOCK**___**STREAM** socket contains IP options, the IP options will be set automatically to the options from the initial packet with routing headers reversed. Incoming packets are not allowed to change options after the con‐ nection is established. The processing of all incoming source routing options is dis‐ abled by default and can be enabled by using the _accept_source_route_ _/proc_ interface. Other options like timestamps are still handled. For datagram sockets, IP options can be set only by the local user. Calling [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) with **IP**___**OPTIONS** puts the current IP options used for sending into the supplied buffer. **IP**___**PASSSEC** (since Linux 2.6.17) If labeled IPSEC or NetLabel is configured on the sending and receiving hosts, this option enables receiving of the security context of the peer socket in an ancillary message of type **SCM**___**SECURITY** retrieved using [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown). This option is supported only for UDP sockets; for TCP or SCTP sockets, see the description of the **SO**___**PEERSEC** option below. The value given as an argument to [**setsockopt**(2)](https://www.chedong.com/phpMan.php/man/setsockopt/2/markdown) and returned as the result of **getsock**‐‐ [**opt**(2)](https://www.chedong.com/phpMan.php/man/opt/2/markdown) is an integer boolean flag. The security context returned in the **SCM**___**SECURITY** ancillary message is of the same format as the one described under the **SO**___**PEERSEC** option below. Note: the reuse of the **SCM**___**SECURITY** message type for the **IP**___**PASSSEC** socket option was likely a mistake, since other IP control messages use their own numbering scheme in the IP namespace and often use the socket option value as the message type. There is no conflict currently since the IP option with the same value as **SCM**___**SECURITY** is **IP**___**HDRINCL** and this is never used for a control message type. **IP**___**PKTINFO** (since Linux 2.2) Pass an **IP**___**PKTINFO** ancillary message that contains a _pktinfo_ structure that supplies some information about the incoming packet. This works only for datagram oriented sockets. The argument is a flag that tells the socket whether the **IP**___**PKTINFO** message should be passed or not. The message itself can be sent/retrieved only as a control message with a packet using [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown) or [**sendmsg**(2)](https://www.chedong.com/phpMan.php/man/sendmsg/2/markdown). struct in_pktinfo { unsigned int ipi_ifindex; /* Interface index */ struct in_addr ipi_spec_dst; /* Local address */ struct in_addr ipi_addr; /* Header Destination address */ }; _ipi_ifindex_ is the unique index of the interface the packet was received on. _ipi_spec_dst_ is the local address of the packet and _ipi_addr_ is the destination ad‐ dress in the packet header. If **IP**___**PKTINFO** is passed to [**sendmsg**(2)](https://www.chedong.com/phpMan.php/man/sendmsg/2/markdown) and _ipi_spec_dst_ is not zero, then it is used as the local source address for the routing table lookup and for setting up IP source route options. When _ipi_ifindex_ is not zero, the primary lo‐ cal address of the interface specified by the index overwrites _ipi_spec_dst_ for the routing table lookup. **IP**___**RECVERR** (since Linux 2.2) Enable extended reliable error message passing. When enabled on a datagram socket, all generated errors will be queued in a per-socket error queue. When the user re‐ ceives an error from a socket operation, the errors can be received by calling [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown) with the **MSG**___**ERRQUEUE** flag set. The _sock_extended_err_ structure describing the error will be passed in an ancillary message with the type **IP**___**RECVERR** and the level **IPPROTO**___**IP**. This is useful for reliable error handling on unconnected sockets. The received data portion of the error queue contains the error packet. The **IP**___**RECVERR** control message contains a _sock_extended_err_ structure: #define SO_EE_ORIGIN_NONE 0 #define SO_EE_ORIGIN_LOCAL 1 #define SO_EE_ORIGIN_ICMP 2 #define SO_EE_ORIGIN_ICMP6 3 struct sock_extended_err { uint32_t ee_errno; /* error number */ uint8_t ee_origin; /* where the error originated */ uint8_t ee_type; /* type */ uint8_t ee_code; /* code */ uint8_t ee_pad; uint32_t ee_info; /* additional information */ uint32_t ee_data; /* other data */ /* More data may follow */ }; struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *); _ee_errno_ contains the _errno_ number of the queued error. _ee_origin_ is the origin code of where the error originated. The other fields are protocol-specific. The macro **SO**___**EE**___**OFFENDER** returns a pointer to the address of the network object where the error originated from given a pointer to the ancillary message. If this address is not known, the _sa_family_ member of the _sockaddr_ contains **AF**___**UNSPEC** and the other fields of the _sockaddr_ are undefined. IP uses the _sock_extended_err_ structure as follows: _ee_origin_ is set to **SO**___**EE**___**ORI**‐‐ **GIN**___**ICMP** for errors received as an ICMP packet, or **SO**___**EE**___**ORIGIN**___**LOCAL** for locally gen‐ erated errors. Unknown values should be ignored. _ee_type_ and _ee_code_ are set from the type and code fields of the ICMP header. _ee_info_ contains the discovered MTU for **EMSGSIZE** errors. The message also contains the _sockaddr_in_ _of_ _the_ _node_ caused the er‐ ror, which can be accessed with the **SO**___**EE**___**OFFENDER** macro. The _sin_family_ field of the **SO**___**EE**___**OFFENDER** address is **AF**___**UNSPEC** when the source was unknown. When the error orig‐ inated from the network, all IP options (**IP**___**OPTIONS**, **IP**___**TTL**, etc.) enabled on the socket and contained in the error packet are passed as control messages. The payload of the packet causing the error is returned as normal payload. Note that TCP has no error queue; **MSG**___**ERRQUEUE** is not permitted on **SOCK**___**STREAM** sockets. **IP**___**RECVERR** is valid for TCP, but all errors are returned by socket function return or **SO**___**ERROR** only. For raw sockets, **IP**___**RECVERR** enables passing of all received ICMP errors to the appli‐ cation, otherwise errors are reported only on connected sockets It sets or retrieves an integer boolean flag. **IP**___**RECVERR** defaults to off. **IP**___**RECVOPTS** (since Linux 2.2) Pass all incoming IP options to the user in a **IP**___**OPTIONS** control message. The routing header and other options are already filled in for the local host. Not supported for **SOCK**___**STREAM** sockets. **IP**___**RECVORIGDSTADDR** (since Linux 2.6.29) This boolean option enables the **IP**___**ORIGDSTADDR** ancillary message in [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown), in which the kernel returns the original destination address of the datagram being re‐ ceived. The ancillary message contains a _struct_ _sockaddr_in_. **IP**___**RECVTOS** (since Linux 2.2) If enabled, the **IP**___**TOS** ancillary message is passed with incoming packets. It contains a byte which specifies the Type of Service/Precedence field of the packet header. Ex‐ pects a boolean integer flag. **IP**___**RECVTTL** (since Linux 2.2) When this flag is set, pass a **IP**___**TTL** control message with the time-to-live field of the received packet as a 32 bit integer. Not supported for **SOCK**___**STREAM** sockets. **IP**___**RETOPTS** (since Linux 2.2) Identical to **IP**___**RECVOPTS**, but returns raw unprocessed options with timestamp and route record options not filled in for this hop. **IP**___**ROUTER**___**ALERT** (since Linux 2.2) Pass all to-be forwarded packets with the IP Router Alert option set to this socket. Valid only for raw sockets. This is useful, for instance, for user-space RSVP dae‐ mons. The tapped packets are not forwarded by the kernel; it is the user's responsi‐ bility to send them out again. Socket binding is ignored, such packets are filtered only by protocol. Expects an integer flag. **IP**___**TOS** (since Linux 1.0) Set or receive the Type-Of-Service (TOS) field that is sent with every IP packet orig‐ inating from this socket. It is used to prioritize packets on the network. TOS is a byte. There are some standard TOS flags defined: **IPTOS**___**LOWDELAY** to minimize delays for interactive traffic, **IPTOS**___**THROUGHPUT** to optimize throughput, **IPTOS**___**RELIABILITY** to optimize for reliability, **IPTOS**___**MINCOST** should be used for "filler data" where slow transmission doesn't matter. At most one of these TOS values can be specified. Other bits are invalid and shall be cleared. Linux sends **IPTOS**___**LOWDELAY** datagrams first by default, but the exact behavior depends on the configured queueing discipline. Some high-priority levels may require superuser privileges (the **CAP**___**NET**___**ADMIN** capability). **IP**___**TRANSPARENT** (since Linux 2.6.24) Setting this boolean option enables transparent proxying on this socket. This socket option allows the calling application to bind to a nonlocal IP address and operate both as a client and a server with the foreign address as the local endpoint. NOTE: this requires that routing be set up in a way that packets going to the foreign ad‐ dress are routed through the TProxy box (i.e., the system hosting the application that employs the **IP**___**TRANSPARENT** socket option). Enabling this socket option requires supe‐ ruser privileges (the **CAP**___**NET**___**ADMIN** capability). TProxy redirection with the iptables TPROXY target also requires that this option be set on the redirected socket. **IP**___**TTL** (since Linux 1.0) Set or retrieve the current time-to-live field that is used in every packet sent from this socket. **IP**___**UNBLOCK**___**SOURCE** (since Linux 2.4.22 / 2.5.68) Unblock previously blocked multicast source. Returns **EADDRNOTAVAIL** when given source is not being blocked. Argument is an _ip_mreq_source_ structure as described under **IP**___**ADD**___**SOURCE**___**MEMBERSHIP**. **SO**___**PEERSEC** (since Linux 2.6.17) If labeled IPSEC or NetLabel is configured on both the sending and receiving hosts, this read-only socket option returns the security context of the peer socket connected to this socket. By default, this will be the same as the security context of the process that created the peer socket unless overridden by the policy or by a process with the required permissions. The argument to [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) is a pointer to a buffer of the specified length in bytes into which the security context string will be copied. If the buffer length is less than the length of the security context string, then [**getsockopt**(2)](https://www.chedong.com/phpMan.php/man/getsockopt/2/markdown) returns -1, sets _errno_ to **ERANGE**, and returns the required length via _optlen_. The caller should allocate at least **NAME**___**MAX** bytes for the buffer initially, although this is not guar‐ anteed to be sufficient. Resizing the buffer to the returned length and retrying may be necessary. The security context string may include a terminating null character in the returned length, but is not guaranteed to do so: a security context "foo" might be represented as either {'f','o','o'} of length 3 or {'f','o','o','\0'} of length 4, which are con‐ sidered to be interchangeable. The string is printable, does not contain non-termi‐ nating null characters, and is in an unspecified encoding (in particular, it is not guaranteed to be ASCII or UTF-8). The use of this option for sockets in the **AF**___**INET** address family is supported since Linux 2.6.17 for TCP sockets, and since Linux 4.17 for SCTP sockets. For SELinux, NetLabel conveys only the MLS portion of the security context of the peer across the wire, defaulting the rest of the security context to the values defined in the policy for the netmsg initial security identifier (SID). However, NetLabel can be configured to pass full security contexts over loopback. Labeled IPSEC always passes full security contexts as part of establishing the security association (SA) and looks them up based on the association for each packet. ### /proc interfaces The IP protocol supports a set of _/proc_ interfaces to configure some global parameters. The parameters can be accessed by reading or writing files in the directory _/proc/sys/net/ipv4/_. Interfaces described as _Boolean_ take an integer value, with a nonzero value ("true") meaning that the corresponding option is enabled, and a zero value ("false") meaning that the option is disabled. _ip_always_defrag_ (Boolean; since Linux 2.2.13) [New with kernel 2.2.13; in earlier kernel versions this feature was controlled at compile time by the **CONFIG**___**IP**___**ALWAYS**___**DEFRAG** option; this option is not present in 2.4.x and later] When this boolean flag is enabled (not equal 0), incoming fragments (parts of IP pack‐ ets that arose when some host between origin and destination decided that the packets were too large and cut them into pieces) will be reassembled (defragmented) before be‐ ing processed, even if they are about to be forwarded. Enable only if running either a firewall that is the sole link to your network or a transparent proxy; never ever use it for a normal router or host. Otherwise, frag‐ mented communication can be disturbed if the fragments travel over different links. Defragmentation also has a large memory and CPU time cost. This is automagically turned on when masquerading or transparent proxying are config‐ ured. _ip_autoconfig_ (since Linux 2.2 to 2.6.17) Not documented. _ip_default_ttl_ (integer; default: 64; since Linux 2.2) Set the default time-to-live value of outgoing packets. This can be changed per socket with the **IP**___**TTL** option. _ip_dynaddr_ (Boolean; default: disabled; since Linux 2.0.31) Enable dynamic socket address and masquerading entry rewriting on interface address change. This is useful for dialup interface with changing IP addresses. 0 means no rewriting, 1 turns it on and 2 enables verbose mode. _ip_forward_ (Boolean; default: disabled; since Linux 1.2) Enable IP forwarding with a boolean flag. IP forwarding can be also set on a per-in‐ terface basis. _ip_local_port_range_ (since Linux 2.2) This file contains two integers that define the default local port range allocated to sockets that are not explicitly bound to a port number—that is, the range used for _ephemeral_ _ports_. An ephemeral port is allocated to a socket in the following circum‐ stances: * the port number in a socket address is specified as 0 when calling [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown); * [**listen**(2)](https://www.chedong.com/phpMan.php/man/listen/2/markdown) is called on a stream socket that was not previously bound; * [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown) was called on a socket that was not previously bound; * [**sendto**(2)](https://www.chedong.com/phpMan.php/man/sendto/2/markdown) is called on a datagram socket that was not previously bound. Allocation of ephemeral ports starts with the first number in _ip_local_port_range_ and ends with the second number. If the range of ephemeral ports is exhausted, then the relevant system call returns an error (but see BUGS). Note that the port range in _ip_local_port_range_ should not conflict with the ports used by masquerading (although the case is handled). Also, arbitrary choices may cause problems with some firewall packet filters that make assumptions about the local ports in use. The first number should be at least greater than 1024, or better, greater than 4096, to avoid clashes with well known ports and to minimize firewall problems. _ip_no_pmtu_disc_ (Boolean; default: disabled; since Linux 2.2) If enabled, don't do Path MTU Discovery for TCP sockets by default. Path MTU discov‐ ery may fail if misconfigured firewalls (that drop all ICMP packets) or misconfigured interfaces (e.g., a point-to-point link where the both ends don't agree on the MTU) are on the path. It is better to fix the broken routers on the path than to turn off Path MTU Discovery globally, because not doing it incurs a high cost to the network. _ip_nonlocal_bind_ (Boolean; default: disabled; since Linux 2.4) If set, allows processes to [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown) to nonlocal IP addresses, which can be quite use‐ ful, but may break some applications. _ip6frag_time_ (integer; default: 30) Time in seconds to keep an IPv6 fragment in memory. _ip6frag_secret_interval_ (integer; default: 600) Regeneration interval (in seconds) of the hash secret (or lifetime for the hash se‐ cret) for IPv6 fragments. _ipfrag_high_thresh_ (integer), _ipfrag_low_thresh_ (integer) If the amount of queued IP fragments reaches _ipfrag_high_thresh_, the queue is pruned down to _ipfrag_low_thresh_. Contains an integer with the number of bytes. _neigh/*_ See [**arp**(7)](https://www.chedong.com/phpMan.php/man/arp/7/markdown). ### Ioctls All ioctls described in [**socket**(7)](https://www.chedong.com/phpMan.php/man/socket/7/markdown) apply to **ip**. Ioctls to configure generic device parameters are described in [**netdevice**(7)](https://www.chedong.com/phpMan.php/man/netdevice/7/markdown). ## ERRORS **EACCES** The user tried to execute an operation without the necessary permissions. These in‐ clude: sending a packet to a broadcast address without having the **SO**___**BROADCAST** flag set; sending a packet via a _prohibit_ route; modifying firewall settings without supe‐ ruser privileges (the **CAP**___**NET**___**ADMIN** capability); binding to a privileged port without superuser privileges (the **CAP**___**NET**___**BIND**___**SERVICE** capability). **EADDRINUSE** Tried to bind to an address already in use. **EADDRNOTAVAIL** A nonexistent interface was requested or the requested source address was not local. **EAGAIN** Operation on a nonblocking socket would block. **EALREADY** A connection operation on a nonblocking socket is already in progress. **ECONNABORTED** A connection was closed during an [**accept**(2)](https://www.chedong.com/phpMan.php/man/accept/2/markdown). **EHOSTUNREACH** No valid routing table entry matches the destination address. This error can be caused by an ICMP message from a remote router or for the local routing table. **EINVAL** Invalid argument passed. For send operations this can be caused by sending to a _blackhole_ route. **EISCONN** [**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown) was called on an already connected socket. **EMSGSIZE** Datagram is bigger than an MTU on the path and it cannot be fragmented. **ENOBUFS**, **ENOMEM** Not enough free memory. This often means that the memory allocation is limited by the socket buffer limits, not by the system memory, but this is not 100% consistent. **ENOENT** **SIOCGSTAMP** was called on a socket where no packet arrived. **ENOPKG** A kernel subsystem was not configured. **ENOPROTOOPT** and **EOPNOTSUPP** Invalid socket option passed. **ENOTCONN** The operation is defined only on a connected socket, but the socket wasn't connected. **EPERM** User doesn't have permission to set high priority, change configuration, or send sig‐ nals to the requested process or group. **EPIPE** The connection was unexpectedly closed or shut down by the other end. **ESOCKTNOSUPPORT** The socket is not configured or an unknown socket type was requested. Other errors may be generated by the overlaying protocols; see [**tcp**(7)](https://www.chedong.com/phpMan.php/man/tcp/7/markdown), [**raw**(7)](https://www.chedong.com/phpMan.php/man/raw/7/markdown), [**udp**(7)](https://www.chedong.com/phpMan.php/man/udp/7/markdown), and [**socket**(7)](https://www.chedong.com/phpMan.php/man/socket/7/markdown). ## NOTES **IP**___**FREEBIND**, **IP**___**MSFILTER**, **IP**___**MTU**, **IP**___**MTU**___**DISCOVER**, **IP**___**RECVORIGDSTADDR**, **IP**___**PASSSEC**, **IP**___**PKT**‐‐ **INFO**, **IP**___**RECVERR**, **IP**___**ROUTER**___**ALERT**, and **IP**___**TRANSPARENT** are Linux-specific. Be very careful with the **SO**___**BROADCAST** option - it is not privileged in Linux. It is easy to overload the network with careless broadcasts. For new application protocols it is better to use a multicast group instead of broadcasting. Broadcasting is discouraged. Some other BSD sockets implementations provide **IP**___**RCVDSTADDR** and **IP**___**RECVIF** socket options to get the destination address and the interface of received datagrams. Linux has the more gen‐ eral **IP**___**PKTINFO** for the same task. Some BSD sockets implementations also provide an **IP**___**RECVTTL** option, but an ancillary message with type **IP**___**RECVTTL** is passed with the incoming packet. This is different from the **IP**___**TTL** option used in Linux. Using the **SOL**___**IP** socket options level isn't portable; BSD-based stacks use the **IPPROTO**___**IP** level. **INADDR**___**ANY** (0.0.0.0) and **INADDR**___**BROADCAST** (255.255.255.255) are byte-order-neutral. This means [**htonl**(3)](https://www.chedong.com/phpMan.php/man/htonl/3/markdown) has no effect on them. ### Compatibility For compatibility with Linux 2.0, the obsolete **socket(AF**___**INET,** **SOCK**___**PACKET,** _protocol_**)** syntax is still supported to open a [**packet**(7)](https://www.chedong.com/phpMan.php/man/packet/7/markdown) socket. This is deprecated and should be replaced by **socket(AF**___**PACKET,** **SOCK**___**RAW,** _protocol_**)** instead. The main difference is the new _sockaddr_ll_ address structure for generic link layer information instead of the old **sockaddr**___**pkt**. ## BUGS There are too many inconsistent error values. The error used to diagnose exhaustion of the ephemeral port range differs across the various system calls ([**connect**(2)](https://www.chedong.com/phpMan.php/man/connect/2/markdown), [**bind**(2)](https://www.chedong.com/phpMan.php/man/bind/2/markdown), [**listen**(2)](https://www.chedong.com/phpMan.php/man/listen/2/markdown), [**sendto**(2)](https://www.chedong.com/phpMan.php/man/sendto/2/markdown)) that can assign ephemeral ports. The ioctls to configure IP-specific interface options and ARP tables are not described. Receiving the original destination address with **MSG**___**ERRQUEUE** in _msg_name_ by [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown) does not work in some 2.2 kernels. ## SEE ALSO [**recvmsg**(2)](https://www.chedong.com/phpMan.php/man/recvmsg/2/markdown), [**sendmsg**(2)](https://www.chedong.com/phpMan.php/man/sendmsg/2/markdown), [**byteorder**(3)](https://www.chedong.com/phpMan.php/man/byteorder/3/markdown), [**capabilities**(7)](https://www.chedong.com/phpMan.php/man/capabilities/7/markdown), [**icmp**(7)](https://www.chedong.com/phpMan.php/man/icmp/7/markdown), [**ipv6**(7)](https://www.chedong.com/phpMan.php/man/ipv6/7/markdown), [**netdevice**(7)](https://www.chedong.com/phpMan.php/man/netdevice/7/markdown), [**netlink**(7)](https://www.chedong.com/phpMan.php/man/netlink/7/markdown), [**raw**(7)](https://www.chedong.com/phpMan.php/man/raw/7/markdown), [**socket**(7)](https://www.chedong.com/phpMan.php/man/socket/7/markdown), [**tcp**(7)](https://www.chedong.com/phpMan.php/man/tcp/7/markdown), [**udp**(7)](https://www.chedong.com/phpMan.php/man/udp/7/markdown), [**ip**(8)](https://www.chedong.com/phpMan.php/man/ip/8/markdown) The kernel source file _Documentation/networking/ip-sysctl.txt_. RFC 791 for the original IP specification. RFC 1122 for the IPv4 host requirements. RFC 1812 for the IPv4 router requirements. ## COLOPHON This page is part of release 5.10 of the Linux _man-pages_ project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at . Linux 2020-11-01 [IP(7)](https://www.chedong.com/phpMan.php/man/IP/7/markdown)