/

ip (7) Linux Manual Page

ByLinux Manual Posted on Updated on

ip – Linux IPv4 protocol implementation

Synopsis

#include <sys/socket.h>


#include <netinet/in.h>


#include <netinet/ip.h>        /* superset of previous */
tcp_socket = socket(AF_INET, SOCK_STREAM, 0);


udp_socket = socket(AF_INET, SOCK_DGRAM, 0);


raw_socket = socket(AF_INET, SOCK_RAW, protocol);

Description

Linux implements the Internet Protocol, version 4, described in RFC 791 and RFC 1122. ip contains a level 2 multicasting implementation conforming to RFC 1112. It also contains an IP router including a packet filter. The programming interface is BSD-sockets compatible. For more information on sockets, see socket(7). An IP socket is created using socket(2): struct sock_extended_err {
uint32_t ee_errno; /* error number */
uint8_t ee_origin; /* where the error originated */
uint8_t ee_type; /* type */
uint8_t ee_code; /* code */
uint8_t ee_pad;
uint32_t ee_info; /* additional information */
uint32_t ee_data; /* other data */
/* More data may follow */
};
struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);

ee_errno

contains the
errno

number of the queued error.
ee_origin

is the origin code of where the error originated.
The other fields are protocol-specific.
The macro
SO_EE_OFFENDER

returns a pointer to the address of the network object
where the error originated from given a pointer to the ancillary message.
If this address is not known, the
sa_family

member of the
sockaddr

contains
AF_UNSPEC

and the other fields of the
sockaddr

are undefined.

IP uses the
sock_extended_err

structure as follows:
ee_origin

is set to
SO_EE_ORIGIN_ICMP

for errors received as an ICMP packet, or
SO_EE_ORIGIN_LOCAL

for locally generated errors.
Unknown values should be ignored.
ee_type

and
ee_code

are set from the type and code fields of the ICMP header.
ee_info

contains the discovered MTU for
EMSGSIZE

errors.
The message also contains the
sockaddr_in of the node

caused the error, which can be accessed with the
SO_EE_OFFENDER

macro.
The
sin_family

field of the
SO_EE_OFFENDER

address is
AF_UNSPEC

when the source was unknown.
When the error originated from the network, all IP options
(IP_OPTIONS, IP_TTL,

etc.) enabled on the socket and contained in the
error packet are passed as control messages.
The payload of the packet causing the error is returned as normal payload.

Note that TCP has no error queue;
MSG_ERRQUEUE

is not permitted on
SOCK_STREAM

sockets.
IP_RECVERR

is valid for TCP, but all errors are returned by socket function return or
SO_ERROR

only.

For raw sockets,
IP_RECVERR

enables passing of all received ICMP errors to the
application, otherwise errors are reported only on connected sockets

It sets or retrieves an integer boolean flag.
IP_RECVERR

defaults to off.
IP_RECVOPTS (since Linux 2.2)

Pass all incoming IP options to the user in a
IP_OPTIONS

control message.
The routing header and other options are already filled in
for the local host.
Not supported for
SOCK_STREAM

sockets.
IP_RECVORIGDSTADDR (since Linux 2.6.29)

This boolean option enables the
IP_ORIGDSTADDR

ancillary message in
recvmsg(2),

in which the kernel returns the original destination address
of the datagram being received.
The ancillary message contains a
struct sockaddr_in.

IP_RECVTOS (since Linux 2.2)

If enabled, the
IP_TOS

ancillary message is passed with incoming packets.
It contains a byte which specifies the Type of Service/Precedence
field of the packet header.
Expects a boolean integer flag.
IP_RECVTTL (since Linux 2.2)

When this flag is set, pass a
IP_TTL

control message with the time-to-live
field of the received packet as a 32 bit integer.
Not supported for
SOCK_STREAM

sockets.
IP_RETOPTS (since Linux 2.2)

Identical to
IP_RECVOPTS,

but returns raw unprocessed options with timestamp and route record
options not filled in for this hop.
IP_ROUTER_ALERT (since Linux 2.2)

Pass all to-be forwarded packets with the
IP Router Alert option set to this socket.
Valid only for raw sockets.
This is useful, for instance, for user-space RSVP daemons.
The tapped packets are not forwarded by the kernel; it is
the user’s responsibility to send them out again.
Socket binding is ignored,
such packets are filtered only by protocol.
Expects an integer flag.
IP_TOS (since Linux 1.0)

Set or receive the Type-Of-Service (TOS) field that is sent
with every IP packet originating from this socket.
It is used to prioritize packets on the network.
TOS is a byte.
There are some standard TOS flags defined:
IPTOS_LOWDELAY

to minimize delays for interactive traffic,
IPTOS_THROUGHPUT

to optimize throughput,
IPTOS_RELIABILITY

to optimize for reliability,
IPTOS_MINCOST

should be used for "filler data" where slow transmission doesn’t matter.
At most one of these TOS values can be specified.
Other bits are invalid and shall be cleared.
Linux sends
IPTOS_LOWDELAY

datagrams first by default,
but the exact behavior depends on the configured queueing discipline.

Some high-priority levels may require superuser privileges (the
CAP_NET_ADMIN

capability).

IP_TRANSPARENT (since Linux 2.6.24)

Setting this boolean option enables transparent proxying on this socket.
This socket option allows
the calling application to bind to a nonlocal IP address and operate
both as a client and a server with the foreign address as the local endpoint.
NOTE: this requires that routing be set up in a way that
packets going to the foreign address are routed through the TProxy box
(i.e., the system hosting the application that employs the
IP_TRANSPARENT

socket option)
.Enabling this socket option requires superuser privileges(the
CAP_NET_ADMIN

capability).

TProxy redirection with the iptables TPROXY target also requires that
this option be set on the redirected socket.
IP_TTL (since Linux 1.0)

Set or retrieve the current time-to-live field that is used in every packet
sent from this socket.
IP_UNBLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)

Unblock previously blocked multicast source.
Returns
EADDRNOTAVAIL

when given source is not being blocked.

Argument is an
ip_mreq_source

structure as described under
IP_ADD_SOURCE_MEMBERSHIP.

SO_PEERSEC (since Linux 2.6.17)

If labeled IPSEC or NetLabel is configured on both the sending and
receiving hosts, this read-only socket option returns the security
context of the peer socket connected to this socket.
By default,
this will be the same as the security context of the process that created
the peer socket unless overridden by the policy or by a process with
the required permissions.

The argument to
getsockopt(2)

is a pointer to a buffer of the specified length in bytes
into which the security context string will be copied.
If the buffer length is less than the length of the security
context string, then
getsockopt(2)

returns -1, sets
errno

to
ERANGE,

and returns the required length via
optlen.

The caller should allocate at least
NAME_MAX

bytes for the buffer initially, although this is not guaranteed
to be sufficient.
Resizing the buffer to the returned length
and retrying may be necessary.

The security context string may include a terminating null character
in the returned length, but is not guaranteed to do so: a security
context "foo" might be represented as either {‘f’,’o’,’o’} of length 3
or {‘f’,’o’,’o’,’

Leave a Reply

Your email address will not be published. Required fields are marked *