2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2008 AT&T
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH IP 7P "Dec 3, 2008"
9 ip, IP \- Internet Protocol
13 \fB#include <sys/socket.h>\fR
18 \fB#include <netinet/in.h>\fR
23 \fBs = socket(AF_INET, SOCK_RAW, proto);\fR
28 \fBt = t_open ("/dev/rawip", O_RDWR);\fR
34 IP is the internetwork datagram delivery protocol that is central to the
35 Internet protocol family. Programs may use \fBIP\fR through higher-level
36 protocols such as the Transmission Control Protocol (TCP) or the User Datagram
37 Protocol (UDP), or may interface directly to IP. See \fBtcp\fR(7P) and
38 \fBudp\fR(7P). Direct access may be by means of the socket interface, using a
39 "raw socket," or by means of the Transport Level Interface (TLI). The protocol
40 options defined in the IP specification may be set in outgoing datagrams.
43 Packets sent to or from this system may be subject to IPsec policy. See
44 \fBipsec\fR(7P) for more information.
45 .SH APPLICATION PROGRAMMING INTERFACE
48 The STREAMS driver \fB/dev/rawip\fR is the TLI transport provider that provides
52 Raw IP sockets are connectionless and are normally used with the \fBsendto()\fR
53 and \fBrecvfrom()\fR calls (see \fBsend\fR(3SOCKET) and \fBrecv\fR(3SOCKET)),
54 although the \fBconnect\fR(3SOCKET) call may also be used to fix the
55 destination for future datagram. In this case, the \fBread\fR(2) or
56 \fBrecv\fR(3SOCKET) and \fBwrite\fR(2) or \fBsend\fR(3SOCKET) calls may be
57 used. If \fIproto\fR is \fBIPPROTO_RAW\fR or \fBIPPROTO_IGMP\fR, the
58 application is expected to include a complete IP header when sending.
59 Otherwise, that protocol number will be set in outgoing datagrams and used to
60 filter incoming datagrams and an IP header will be generated and prepended to
61 each outgoing datagram. In either case, received datagrams are returned with
62 the IP header and options intact.
65 If an application uses \fBIP_HDRINCL\fR and provides the IP header contents,
66 the IP stack does not modify the following supplied fields under any
67 conditions: Type of Service, DF Flag, Protocol, and Destination Address. The IP
68 Options and IHL fields are set by use of \fBIP_OPTIONS\fR, and \fBTotal
69 Length\fR is updated to include any options. Version is set to the default.
70 Identification is chosen by the normal IP ID selection logic. The source
71 address is updated if none was specified and the TTL is changed if the packet
72 has a broadcast destination address. Since an applicaton cannot send down
73 fragments (as IP assigns the IP ID), Fragment Offset is always 0. The IP
74 Checksum field is computed by IP. None of the data beyond the IP header are
75 changed, including the application-provided transport header.
78 The socket options supported at the IP level are:
82 \fB\fBIP_OPTIONS\fR\fR
85 IP options for outgoing datagrams. This socket option may be used to set IP
86 options to be included in each outgoing datagram. IP options to be sent are set
87 with \fBsetsockopt()\fR (see \fBgetsockopt\fR(3SOCKET)). The
88 \fBgetsockopt\fR(3SOCKET) call returns the IP options set in the last
89 \fBsetsockopt()\fR call. IP options on received datagrams are visible to user
90 programs only using raw IP sockets. The format of IP options given in
91 \fBsetsockopt()\fR matches those defined in the IP specification with one
92 exception: the list of addresses for the source routing options must include
93 the first-hop gateway at the beginning of the list of gateways. The first-hop
94 gateway address will be extracted from the option list and the size adjusted
95 accordingly before use. IP options may be used with any socket type in the
102 \fB\fBIP_SEC_OPT\fR\fR
105 Enable or obtain IPsec security settings for this socket. For more details on
106 the protection services of IPsec, see \fBipsec\fR(7P).
112 \fB\fBIP_ADD_MEMBERSHIP\fR\fR
115 Join a multicast group.
121 \fB\fBIP_DROP_MEMBERSHIP\fR\fR
124 Leave a multicast group.
130 \fB\fBIP_BOUND_IF\fR\fR
133 Limit reception and transmission of packets to this interface. Takes an
134 integer as an argument. The integer is the selected interface index.
139 The following options take \fBin_pktinfo_t\fR as the parameter:
143 \fB\fBIP_PKTINFO\fR\fR
147 Set the source address and/or transmit interface of the packet(s). Note that
148 the IP_BOUND_IF socket option takes precedence over the interface index passed
154 unsigned int ipi_ifindex;/* send/recv interface index */
155 struct in_addr ipi_spec_dst;/* matched source addr. */
156 struct in_addr ipi_addr;/* src/dst addr. in IP hdr */
161 When passed in (on transmit) via ancillary data with IP_PKTINFO, ipi_spec_dst
162 is used as the source address and ipi_ifindex is used as the interface index to
169 \fB\fBIP_RECVPKTINFO\fR\fR
173 Enable/disable receipt of the index of the interface the packet arrived on, the
174 local address that was matched for reception, and the inbound packet's actual
175 destination address. Takes boolean as the parameter. Returns struct
176 in_pktinfo_t as ancillary data.
181 The following options take a \fBstruct ip_mreq\fR as the parameter. The
182 structure contains a multicast address which must be set to the \fBCLASS-D\fR
183 \fBIP\fR multicast address and an interface address. Normally the interface
184 address is set to \fBINADDR_ANY\fR which causes the kernel to choose the
185 interface on which to join.
189 \fB\fBIP_BLOCK_SOURCE\fR\fR
192 Block multicast packets whose source address matches the given source address.
193 The specified group must be joined previously using IP_ADD_MEMBERSHIP or
200 \fB\fBIP_UNBLOCK_SOURCE\fR\fR
203 Unblock (begin receiving) multicast packets which were previously blocked using
210 \fB\fBIP_ADD_SOURCE_MEMBERSHIP\fR\fR
213 Begin receiving packets for the given multicast group whose source address
214 matches the specified address.
220 \fB\fBIP_DROP_SOURCE_MEMBERSHIP\fR\fR
223 Stop receiving packets for the given multicast group whose source address
224 matches the specified address.
229 The following options take a \fBstruct ip_mreq_source\fR as the parameter. The
230 structure contains a multicast address (which must be set to the CLASS-D IP
231 multicast address), an interface address, and a source address.
235 \fB\fBMCAST_JOIN_GROUP\fR\fR
238 Join a multicast group. Functionally equivalent to IP_ADD_MEMBERSHIP.
244 \fB\fBMCAST_BLOCK_SOURCE\fR\fR
247 Block multicast packets whose source address matches the given source address.
248 The specified group must be joined previously using IP_ADD_MEMBERSHIP or
255 \fB\fBMCAST_UNBLOCK_SOURCE\fR\fR
258 Unblock (begin receiving) multicast packets which were previously blocked using
265 \fB\fBMCAST_LEAVE_GROUP\fR\fR
268 Leave a multicast group. Functionally equivalent to IP_DROP_MEMBERSHIP.
274 \fB\fBMCAST_JOIN_SOURCE_GROUP\fR\fR
277 Begin receiving packets for the given multicast group whose source address
278 matches the specified address.
284 \fB\fBMCAST_LEAVE_SOURCE_GROUP\fR\fR
287 Stop receiving packets for the given multicast group whose source address
288 matches the specified address.
293 The following options take a struct \fBgroup_req\fR or struct
294 \fBgroup_source_req\fR as the parameter. The `\fBgroup_req\fR structure
295 contains an interface index and a multicast address which must be set to the
296 CLASS-D multicast address. The \fBgroup_source_req\fR structure is used for
297 those options which include a source address. It contains an interface index,
298 multicast address, and source address.
302 \fB\fBIP_MULTICAST_IF\fR\fR
305 The outgoing interface for multicast packets. This option takes a \fBstruct\fR
306 \fBin_addr\fR as an argument, and it selects that interface for outgoing IP
307 multicast packets. If the address specified is \fBINADDR_ANY\fR, it uses the
308 unicast routing table to select the outgoing interface (which is the default
315 \fB\fBIP_MULTICAST_TTL\fR\fR
318 Time to live for multicast datagrams. This option takes an unsigned character
319 as an argument. Its value is the TTL that IP uses on outgoing multicast
320 datagrams. The default is \fB1\fR.
326 \fB\fBIP_MULTICAST_LOOP\fR\fR
329 Loopback for multicast datagrams. Normally multicast datagrams are delivered
330 to members on the sending host (or sending zone). Setting the unsigned
331 character argument to 0 causes the opposite behavior, meaning that when
332 multiple zones are present, the datagrams are delivered to all zones except the
339 \fB\fBIP_RECVIF\fR\fR
342 Receive the inbound interface index.
351 This option takes an integer argument as its input value. The least significant
352 8 bits of the value are used to set the Type Of Service field in the IP header
353 of the outgoing packets.
359 \fB\fBIP_NEXTHOP\fR\fR
362 This option specifies the address of the onlink nexthop for traffic originating
363 from that socket. It causes the routing table to be bypassed and outgoing
364 traffic is sent directly to the specified nexthop. This option takes an
365 ipaddr_t argument representing the IPv4 address of the nexthop as the input
366 value. The IP_NEXTHOP option takes precedence over IPOPT_LSRR. IP_BOUND_IF and
367 SO_DONTROUTE take precedence over IP_NEXTHOP. This option has no meaning for
368 broadcast and multicast packets. The application must ensure that the specified
369 nexthop is alive. An application may want to specify the IP_NEXTHOP option on a
370 TCP listener socket only for incoming requests to a particular IP address. In
371 this case, it must avoid binding the socket to INADDR_ANY and instead must bind
372 the listener socket to the specific IP address. In addition, typically the
373 application may want the incoming and outgoing interface to be the same. In
374 this case, the application must select a suitable nexthop that is onlink and
375 reachable via the desired interface and do a setsockopt (IP_NEXTHOP) on it.
376 Then it must bind to the IP address of the desired interface. Setting the
377 IP_NEXTHOP option requires the PRIV_SYS_NET_CONFIG privilege.
382 The multicast socket options (IP_MULTICAST_IF, IP_MULTICAST_TTL,
383 IP_MULTICAST_LOOP and IP_RECVIF) can be used with any datagram socket type in
387 At the socket level, the socket option \fBSO_DONTROUTE\fR may be applied. This
388 option forces datagrams being sent to bypass routing and forwarding by forcing
389 the IP Time To Live field to \fB1\fR, meaning that the packet will not be
390 forwarded by routers.
393 Raw IP datagrams can also be sent and received using the TLI connectionless
397 Datagrams flow through the IP layer in two directions: from the network
398 \fIup\fR to user processes and from user processes \fIdown\fR to the network.
399 Using this orientation, IP is layered \fIabove\fR the network interface drivers
400 and \fIbelow\fR the transport protocols such as UDP and TCP. The Internet
401 Control Message Protocol (ICMP) is logically a part of IP. See \fBicmp\fR(7P).
404 IP provides for a checksum of the header part, but not the data part, of the
405 datagram. The checksum value is computed and set in the process of sending
406 datagrams and checked when receiving datagrams.
409 IP options in received datagrams are processed in the IP layer according to the
410 protocol specification. Currently recognized IP options include: security,
411 loose source and record route (LSRR), strict source and record route (SSRR),
412 record route, and internet timestamp.
415 By default, the IP layer will not forward IPv4 packets that are not addressed
416 to it. This behavior can be overridden by using \fBrouteadm\fR(1M) to enable
417 the ipv4-forwarding option. IPv4 forwarding is configured at boot time based on
418 the setting of \fBrouteadm\fR(1M)'s ipv4-forwarding option.
421 For backwards compatibility, IPv4 forwarding can be enabled or disabled using
422 \fBndd\fR(1M)'s ip_forwarding variable. It is set to 1 if IPv4 forwarding is
423 enabled, or 0 if it is disabled.
426 Additionally, finer-grained forwarding can be configured in IP. Each interface
427 can be configured to forward IP packets by setting the IFF_ROUTER interface
428 flag. This flag can be set and cleared using \fBifconfig\fR(1M)'s router and
429 router options. If an interface's IFF_ROUTER flag is set, packets can be
430 forwarded to or from the interface. If it is clear, packets will neither be
431 forwarded from this interface to others, nor forwarded to this interface.
432 Setting the ip_forwarding variable sets all of the IPv4 interfaces' IFF_ROUTER
436 For backwards compatibility, each interface creates an
437 \fB<ifname>:ip_forwarding /dev/ip\fR variable that can be modified using
438 \fBndd\fR(1M). An interface's \fB:ip_forwarding ndd\fR variable is a boolean
439 variable that mirrors the status of its IFF_ROUTER interface flag. It is set to
440 1 if the flag is set, or 0 if it is clear. This interface specific \fB<ifname>
441 :ip_forwarding ndd\fR variable is obsolete and may be removed in a future
442 release of Solaris. The \fBifconfig\fR(1M) router and -router interfaces are
446 The IP layer sends an ICMP message back to the source host in many cases when
447 it receives a datagram that can not be handled. A "time exceeded" ICMP message
448 is sent if the "time to live" field in the IP header drops to zero in the
449 process of forwarding a datagram. A "destination unreachable" message is sent
450 if a datagram can not be forwarded because there is no route to the final
451 destination, or if it can not be fragmented. If the datagram is addressed to
452 the local host but is destined for a protocol that is not supported or a port
453 that is not in use, a destination unreachable message is also sent. The IP
454 layer may send an ICMP "source quench" message if it is receiving datagrams too
455 quickly. ICMP messages are only sent for the first fragment of a fragmented
456 datagram and are never returned in response to errors in other ICMP messages.
459 The IP layer supports fragmentation and reassembly. Datagrams are fragmented on
460 output if the datagram is larger than the maximum transmission unit (MTU) of
461 the network interface. Fragments of received datagrams are dropped from the
462 reassembly queues if the complete datagram is not reconstructed within a short
466 Errors in sending discovered at the network interface driver layer are passed
467 by IP back up to the user process.
470 Multi-Data Transmit allows more than one packet to be sent from the IP module
471 to another in a given call, thereby reducing the per-packet processing costs.
472 The behavior of Multi-Data Transmit can be overrideen by using \fBndd\fR(1M) to
473 set the \fB/dev/ip\fR variable, ip_multidata_outbound to 0. Note, the IP module
474 will only initiate Multi-Data Transmit if the network interface driver supports
479 Through the netinfo framework, this driver provides the following packet
487 Packets received on a network interface from an external source.
496 Packets to be sent out a network interface.
505 Packets being forwarded through this host to another network.
514 Packets that have been sent by a local application to another.
523 Packets about to be received by a local application from another.
528 Currently, only a single function may be registered for each event. As a
529 result, if the slot for an event is already occupied by someone else, a second
530 attempt to register a callback fails.
533 To receive packet events in a kernel module, it is first necessary to obtain a
534 handle for either IPv4 or IPv6 traffic. This is achieved by passing NHF_INET
535 or NHF_INET6 through to a net_protocol_lookup() call. The value returned from
536 this call must then be passed into a call to net_register_hook(), along with
537 a description of the hook to add. For a description of the structure passed
538 through to the callback, please see \fBhook_pkt_event\fR(9S). For IP
539 packets, this structure is filled out as follows:
546 Identifier indicating the inbound interface for packets received with the
556 Identifier indicating the outbound interface for packets received with the
557 "physical out" event.
566 Pointer to the start of the IP header (not the ethernet header).
575 Pointer to the start of the mblk_t chain containing the IP packet.
584 Pointer to the mblk_t with the IP header in it.
587 .SH NETWORK INTERFACE EVENTS
590 In addition to events describing packets as they move through the system, it is
591 also possible to receive notification of events relating to network interfaces.
592 These events are all reported back through the same callback. The list of
593 events is as follows:
600 A new network interface has been instantiated.
609 A network interface is no longer associated with this protocol.
618 At least one logical interface is now ready to receive packets.
627 There are no logical interfaces expecting to receive packets.
636 An address has changed on a logical interface.
642 \fBifconfig\fR(1M), \fBrouteadm\fR(1M), \fBndd\fR(1M), \fBread\fR(2),
643 \fBwrite\fR(2), \fBbind\fR(3SOCKET), \fBconnect\fR(3SOCKET),
644 \fBgetsockopt\fR(3SOCKET), \fBrecv\fR(3SOCKET), \fBsend\fR(3SOCKET),
645 \fBdefaultrouter\fR(4), \fBicmp\fR(7P), \fBif_tcp\fR(7P), \fBinet\fR(7P),
646 \fBip6\fR(7P), \fBipsec\fR(7P), \fBrouting\fR(7P), \fBtcp\fR(7P),
647 \fBudp\fR(7P), \fBnet_hook_register\fR(9F), \fBhook_pkt_event\fR(9S)
650 Braden, R., \fIRFC 1122, Requirements for Internet Hosts \(mi Communication
651 Layers\fR, Information Sciences Institute, University of Southern California,
655 Postel, J., \fIRFC 791, Internet Protocol \(mi DARPA Internet Program Protocol
656 Specification\fR, Information Sciences Institute, University of Southern
657 California, September 1981.
661 A socket operation may fail with one of the following errors returned:
668 A \fBbind()\fR operation was attempted with a "reserved" port number and the
669 effective user ID of the process was not the privileged user.
671 Setting the IP_NEXTHOP was attempted by a process lacking the
672 PRIV_SYS_NET_CONFIG privilege.
678 \fB\fBEADDRINUSE\fR\fR
681 A \fBbind()\fR operation was attempted on a socket with a network address/port
682 pair that has already been bound to another socket.
688 \fB\fBEADDRNOTAVAIL\fR\fR
691 A \fBbind()\fR operation was attempted for an address that is not configured on
701 A \fBsendmsg()\fR operation with a non-NULL \fBmsg_accrights\fR was attempted.
710 A \fBgetsockopt()\fR or \fBsetsockopt()\fR operation with an unknown socket
711 option name was given.
720 A \fBgetsockopt()\fR or \fBsetsockopt()\fR operation was attempted with the
721 \fBIP\fR option field improperly formed; an option field was shorter than the
722 minimum value or longer than the option buffer provided.
731 A \fBconnect()\fR operation was attempted on a socket on which a
732 \fBconnect()\fR operation had already been performed, and the socket could not
733 be successfully disconnected before making the new connection.
742 A \fBsendto()\fR or \fBsendmsg()\fR operation specifying an address to which
743 the message should be sent was attempted on a socket on which a \fBconnect()\fR
744 operation had already been performed.
753 A \fBsend()\fR, \fBsendto()\fR, or \fBsendmsg()\fR operation was attempted to
754 send a datagram that was too large for an interface, but was not allowed to be
755 fragmented (such as broadcasts).
761 \fB\fBENETUNREACH\fR\fR
764 An attempt was made to establish a connection by means of \fBconnect()\fR, or
765 to send a datagram by means of \fBsendto()\fR or \fBsendmsg()\fR, where there
766 was no matching entry in the routing table; or if an ICMP "destination
767 unreachable" message was received.
776 A \fBsend()\fR or \fBwrite()\fR operation, or a \fBsendto()\fR or
777 \fBsendmsg()\fR operation not specifying an address to which the message should
778 be sent, was attempted on a socket on which a \fBconnect()\fR operation had not
779 already been performed.
788 The system ran out of memory for fragmentation buffers or other internal data
798 \fBSO_SNDBUF\fR or \fBSO_RCVBUF\fR exceeds a system limit.
807 Invalid length for \fBIP_OPTIONS\fR.
813 \fB\fBEHOSTUNREACH\fR\fR
816 Invalid address for \fBIP_MULTICAST_IF\fR.
818 Invalid (offlink) nexthop address for IP_NEXTHOP.
827 Not a multicast address for \fBIP_ADD_MEMBERSHIP\fR and
828 \fBIP_DROP_MEMBERSHIP\fR.
834 \fB\fBEADDRNOTAVAIL\fR\fR
837 Bad interface address for \fBIP_ADD_MEMBERSHIP\fR and \fBIP_DROP_MEMBERSHIP\fR.
843 \fB\fBEADDRINUSE\fR\fR
846 Address already joined for \fBIP_ADD_MEMBERSHIP\fR.
855 Address not joined for \fBIP_DROP_MEMBERSHIP\fR.
861 \fB\fBENOPROTOOPT\fR\fR
879 Raw sockets should receive \fBICMP\fR error packets relating to the protocol;
880 currently such packets are simply discarded.
883 Users of higher-level protocols such as \fBTCP\fR and \fBUDP\fR should be able
884 to see received IP options.