ip - Linux IPv4 protocol implementation


   #include <sys/socket.h>
   #include <netinet/in.h>
   #include <netinet/ip.h> /* superset of previous */

   tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
   udp_socket = socket(AF_INET, SOCK_DGRAM, 0);
   raw_socket = socket(AF_INET, SOCK_RAW, protocol);


   Linux implements the Internet Protocol, version 4, described in RFC 791
   and RFC 1122.   ip  contains  a  level  2  multicasting  implementation
   conforming  to  RFC 1112.   It  also  contains an IP router including a
   packet filter.

   The  programming  interface  is  BSD-sockets  compatible.    For   more
   information on sockets, see socket(7).

   An IP socket is created using socket(2):

       socket(AF_INET, socket_type, protocol);

   Valid  socket types are SOCK_STREAM to open a tcp(7) socket, SOCK_DGRAM
   to open a udp(7) socket, or SOCK_RAW to open a raw(7) socket to  access
   the IP protocol directly.  protocol is the IP protocol in the IP header
   to be received or sent.  The only valid values for protocol are  0  and
   IPPROTO_TCP  for  TCP  sockets,  and 0 and IPPROTO_UDP for UDP sockets.
   For SOCK_RAW you may specify  a  valid  IANA  IP  protocol  defined  in
   RFC 1700 assigned numbers.

   When a process wants to receive new incoming packets or connections, it
   should bind a socket to a local interface address  using  bind(2).   In
   this case, only one IP socket may be bound to any given local (address,
   port) pair.  When INADDR_ANY is specified in the bind call, the  socket
   will  be bound to all local interfaces.  When listen(2) is called on an
   unbound socket, the socket is automatically bound to a random free port
   with the local address set to INADDR_ANY.  When connect(2) is called on
   an unbound socket, the socket is automatically bound to a  random  free
   port  or  to  a  usable  shared  port  with  the  local  address set to

   A TCP local socket address that has been bound is unavailable for  some
   time  after  closing,  unless the SO_REUSEADDR flag has been set.  Care
   should be taken when using this flag as it makes TCP less reliable.

   Address format
   An IP socket address is defined as a combination  of  an  IP  interface
   address  and  a  16-bit  port  number.   The basic IP protocol does not
   supply port numbers, they are implemented  by  higher  level  protocols
   like  udp(7)  and  tcp(7).   On  raw  sockets sin_port is set to the IP

       struct sockaddr_in {
           sa_family_t    sin_family; /* address family: AF_INET */
           in_port_t      sin_port;   /* port in network byte order */
           struct in_addr sin_addr;   /* internet address */

       /* Internet address. */
       struct in_addr {
           uint32_t       s_addr;     /* address in network byte order */

   sin_family is always set to AF_INET.  This is required;  in  Linux  2.2
   most  networking  functions return EINVAL when this setting is missing.
   sin_port contains the port in network byte  order.   The  port  numbers
   below  1024 are called privileged ports (or sometimes: reserved ports).
   Only  a  privileged  process  (on  Linux:  a  process  that   has   the
   CAP_NET_BIND_SERVICE  capability  in  the  user namespace governing its
   network namespace) may bind(2) to these sockets.   Note  that  the  raw
   IPv4  protocol  as  such has no concept of a port, they are implemented
   only by higher protocols like tcp(7) and udp(7).

   sin_addr is the IP host address.  The s_addr member of  struct  in_addr
   contains  the  host  interface  address in network byte order.  in_addr
   should be assigned one of the INADDR_* values (e.g., INADDR_ANY) or set
   using   the   inet_aton(3),   inet_addr(3),   inet_makeaddr(3)  library
   functions or directly with the name resolver (see gethostbyname(3)).

   IPv4 addresses are  divided  into  unicast,  broadcast,  and  multicast
   addresses.   Unicast  addresses  specify  a single interface of a host,
   broadcast addresses specify all  hosts  on  a  network,  and  multicast
   addresses  address  all  hosts  in  a  multicast  group.   Datagrams to
   broadcast addresses can be sent or received only when the  SO_BROADCAST
   socket flag is set.  In the current implementation, connection-oriented
   sockets are allowed to use only unicast addresses.

   Note that the address and the port are always stored  in  network  byte
   order.  In particular, this means that you need to call htons(3) on the
   number that is assigned  to  a  port.   All  address/port  manipulation
   functions in the standard library work in network byte order.

   There are several special addresses: INADDR_LOOPBACK ( always
   refers to the local host via the loopback device; INADDR_ANY  (
   means any address for binding; INADDR_BROADCAST ( means
   any host and has the same effect on bind as INADDR_ANY  for  historical

   Socket options
   IP  supports some protocol-specific socket options that can be set with
   setsockopt(2) and read with getsockopt(2).  The socket option level for
   IP  is  IPPROTO_IP.   A  boolean integer flag is zero when it is false,
   otherwise true.

   When  an  invalid  socket  option  is  specified,   getsockopt(2)   and
   setsockopt(2) fail with the error ENOPROTOOPT.

   IP_ADD_MEMBERSHIP (since Linux 1.2)
          Join a multicast group.  Argument is an ip_mreqn structure.

              struct ip_mreqn {
                  struct in_addr imr_multiaddr; /* IP multicast group
                                                   address */
                  struct in_addr imr_address;   /* IP address of local
                                                   interface */
                  int            imr_ifindex;   /* interface index */

          imr_multiaddr  contains  the  address of the multicast group the
          application wants  to  join  or  leave.   It  must  be  a  valid
          multicast   address  (or  setsockopt(2)  fails  with  the  error
          EINVAL).  imr_address is the address of the local interface with
          which the system should join the multicast group; if it is equal
          to INADDR_ANY, an appropriate interface is chosen by the system.
          imr_ifindex  is the interface index of the interface that should
          join/leave  the  imr_multiaddr  group,  or  0  to  indicate  any

          The  ip_mreqn  structure is available only since Linux 2.2.  For
          compatibility, the old ip_mreq structure  (present  since  Linux
          1.2)  is  still  supported; it differs from ip_mreqn only by not
          including the imr_ifindex field.  (The kernel  determines  which
          structure is being passed based on the size passed in optlen.)

          IP_ADD_MEMBERSHIP is valid only for setsockopt(2).

   IP_ADD_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
          Join  a  multicast  group  and  allow receiving data only from a
          specified source.  Argument is an ip_mreq_source structure.

              struct ip_mreq_source {
                  struct in_addr imr_multiaddr;  /* IP multicast group
                                                    address */
                  struct in_addr imr_interface;  /* IP address of local
                                                    interface */
                  struct in_addr imr_sourceaddr; /* IP address of
                                                    multicast source */

          The ip_mreq_source structure is similar  to  ip_mreqn  described
          under  IP_ADD_MEMBERSIP.   The  imr_multiaddr field contains the
          address of the multicast group the application wants to join  or
          leave.   The  imr_interface  field  is  the address of the local
          interface with which the system should join the multicast group.
          Finally,  the  imr_sourceaddr  field contains the address of the
          source the application wants to receive data from.

          This option can be used multiple times to allow  receiving  data
          from more than one source.

   IP_BIND_ADDRESS_NO_PORT (since Linux 4.2)
          Inform  the  kernel  to not reserve an ephemeral port when using
          bind(2) with a port  number  of  0.   The  port  will  later  be
          automatically  chosen  at  connect(2) time, in a way that allows
          sharing a source port as long as the 4-tuple is unique.

   IP_BLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
          Stop receiving multicast data from a specific source in a  given
          group.   This is valid only after the application has subscribed
          to  the  multicast  group  using  either  IP_ADD_MEMBERSHIP   or

          Argument  is  an  ip_mreq_source  structure  as  described under

   IP_DROP_MEMBERSHIP (since Linux 1.2)
          Leave a multicast group.  Argument is  an  ip_mreqn  or  ip_mreq
          structure similar to IP_ADD_MEMBERSHIP.

   IP_DROP_SOURCE_MEMBERSHIP (since Linux 2.4.22 / 2.5.68)
          Leave  a source-specific group---that is, stop receiving data from
          a given multicast group that come from a given source.   If  the
          application  has  subscribed to multiple sources within the same
          group, data from the remaining sources will still be  delivered.
          To   stop   receiving   data  from  all  sources  at  once,  use

          Argument is  an  ip_mreq_source  structure  as  described  under

   IP_FREEBIND (since Linux 2.4)
          If  enabled, this boolean option allows binding to an IP address
          that  is  nonlocal  or  does  not  (yet)  exist.   This  permits
          listening  on a socket, without requiring the underlying network
          interface or the specified dynamic IP address to be  up  at  the
          time  that the application is trying to bind to it.  This option
          is the  per-socket  equivalent  of  the  ip_nonlocal_bind  /proc
          interface described below.

   IP_HDRINCL (since Linux 2.0)
          If  enabled, the user supplies an IP header in front of the user
          data.  Valid only for SOCK_RAW  sockets;  see  raw(7)  for  more
          information.   When  this  flag  is  enabled,  the values set by
          IP_OPTIONS, IP_TTL, and IP_TOS are ignored.

   IP_MSFILTER (since Linux 2.4.22 / 2.5.68)
          This option provides access to the advanced full-state filtering
          API.  Argument is an ip_msfilter structure.

              struct ip_msfilter {
                  struct in_addr imsf_multiaddr; /* IP multicast group
                                                    address */
                  struct in_addr imsf_interface; /* IP address of local
                                                    interface */
                  uint32_t       imsf_fmode;     /* Filter-mode */

                  uint32_t       imsf_numsrc;    /* Number of sources in
                                                    the following array */
                  struct in_addr imsf_slist[1];  /* Array of source
                                                    addresses */

          There are two macros, MCAST_INCLUDE and MCAST_EXCLUDE, which can
          be used  to  specify  the  filtering  mode.   Additionally,  the
          IP_MSFILTER_SIZE(n) macro exists to determine how much memory is
          needed to store ip_msfilter structure  with  n  sources  in  the
          source list.

          For  the full description of multicast source filtering refer to
          RFC 3376.

   IP_MTU (since Linux 2.2)
          Retrieve the current known  path  MTU  of  the  current  socket.
          Returns an integer.

          IP_MTU  is valid only for getsockopt(2) and can be employed only
          when the socket has been connected.

   IP_MTU_DISCOVER (since Linux 2.2)
          Set or receive the Path MTU  Discovery  setting  for  a  socket.
          When  enabled,  Linux will perform Path MTU Discovery as defined
          in  RFC 1191  on  SOCK_STREAM  sockets.    For   non-SOCK_STREAM
          sockets, IP_PMTUDISC_DO forces the don't-fragment flag to be set
          on all outgoing packets.  It is  the  user's  responsibility  to
          packetize the data in MTU-sized chunks and to do the retransmits
          if necessary.  The kernel will reject (with EMSGSIZE)  datagrams
          that  are bigger than the known path MTU.  IP_PMTUDISC_WANT will
          fragment a datagram if needed according to the path MTU, or will
          set the don't-fragment flag otherwise.

          The  system-wide default can be toggled between IP_PMTUDISC_WANT
          and IP_PMTUDISC_DONT by writing (respectively, zero and  nonzero
          values) to the /proc/sys/net/ipv4/ip_no_pmtu_disc file.

          Path MTU discovery value   Meaning
          IP_PMTUDISC_WANT           Use per-route settings.
          IP_PMTUDISC_DONT           Never do Path MTU Discovery.
          IP_PMTUDISC_DO             Always do Path MTU Discovery.
          IP_PMTUDISC_PROBE          Set DF but ignore Path MTU.

          When  PMTU  discovery is enabled, the kernel automatically keeps
          track of  the  path  MTU  per  destination  host.   When  it  is
          connected  to  a  specific  peer  with connect(2), the currently
          known path MTU can be retrieved conveniently  using  the  IP_MTU
          socket  option  (e.g.,  after  an EMSGSIZE error occurred).  The
          path MTU may change over time.  For connectionless sockets  with
          many  destinations, the new MTU for a given destination can also
          be accessed using the error queue (see IP_RECVERR).  A new error
          will be queued for every incoming MTU update.

          While  MTU  discovery  is  in  progress,  initial  packets  from
          datagram sockets may be dropped.  Applications using UDP  should
          be  aware  of this and not take it into account for their packet
          retransmit strategy.

          To bootstrap the  path  MTU  discovery  process  on  unconnected
          sockets, it is possible to start with a big datagram size (up to
          64K-headers bytes long) and let it shrink by updates of the path

          To  get  an initial estimate of the path MTU, connect a datagram
          socket to the destination address using connect(2) and  retrieve
          the MTU by calling getsockopt(2) with the IP_MTU option.

          It is possible to implement RFC 4821 MTU probing with SOCK_DGRAM
          or SOCK_RAW sockets by  setting  a  value  of  IP_PMTUDISC_PROBE
          (available  since  Linux  2.6.22).   This  is  also particularly
          useful for diagnostic tools such as tracepath(8)  that  wish  to
          deliberately  send  probe  packets larger than the observed Path

   IP_MULTICAST_ALL (since Linux 2.6.31)
          This option can  be  used  to  modify  the  delivery  policy  of
          multicast  messages  to sockets bound to the wildcard INADDR_ANY
          address.  The argument is a boolean integer (defaults to 1).  If
          set  to  1, the socket will receive messages from all the groups
          that have been joined globally on the whole system.   Otherwise,
          it  will  deliver  messages  only from the groups that have been
          explicitly joined (for example via the IP_ADD_MEMBERSHIP option)
          on this particular socket.

   IP_MULTICAST_IF (since Linux 1.2)
          Set  the  local device for a multicast socket.  The argument for
          setsockopt(2) is  an  ip_mreqn  or  (since  Linux  3.5)  ip_mreq
          structure similar to IP_ADD_MEMBERSHIP, or an in_addr structure.
          (The kernel determines which structure is being passed based  on
          the  size passed in optlen.)  For getsockopt(2), the argument is
          an in_addr structure.

   IP_MULTICAST_LOOP (since Linux 1.2)
          Set or read a boolean integer argument that  determines  whether
          sent  multicast  packets  should  be  looped  back  to the local

   IP_MULTICAST_TTL (since Linux 1.2)
          Set or read the time-to-live value of outgoing multicast packets
          for  this socket.  It is very important for multicast packets to
          set the smallest TTL possible.  The default  is  1  which  means
          that  multicast packets don't leave the local network unless the
          user program explicitly requests it.  Argument is an integer.

   IP_NODEFRAG (since Linux 2.6.36)
          If enabled (argument is nonzero),  the  reassembly  of  outgoing
          packets  is disabled in the netfilter layer.  The argument is an

          This option is valid only for SOCK_RAW sockets.

   IP_OPTIONS (since Linux 2.0)
          Set or get the IP options to be sent with every packet from this
          socket.   The  arguments  are  a  pointer  to  a  memory  buffer
          containing the options and the option length.  The setsockopt(2)
          call  sets the IP options associated with a socket.  The maximum
          option size for IPv4 is 40 bytes.  See RFC 791 for  the  allowed
          options.   When  the  initial  connection  request  packet for a
          SOCK_STREAM socket contains IP options, the IP options  will  be
          set  automatically  to  the options from the initial packet with
          routing headers reversed.  Incoming packets are not  allowed  to
          change   options  after  the  connection  is  established.   The
          processing of all incoming source routing options is disabled by
          default  and  can  be  enabled  by using the accept_source_route
          /proc  interface.   Other  options  like  timestamps  are  still
          handled.   For  datagram  sockets, IP options can be only set by
          the local user.  Calling getsockopt(2) with IP_OPTIONS puts  the
          current IP options used for sending into the supplied buffer.

   IP_PKTINFO (since Linux 2.2)
          Pass  an  IP_PKTINFO  ancillary  message that contains a pktinfo
          structure that supplies  some  information  about  the  incoming
          packet.   This  only  works  for datagram oriented sockets.  The
          argument is a flag that tells the socket whether the  IP_PKTINFO
          message should be passed or not.  The message itself can only be
          sent/retrieved as control message with a packet using recvmsg(2)
          or sendmsg(2).

              struct in_pktinfo {
                  unsigned int   ipi_ifindex;  /* Interface index */
                  struct in_addr ipi_spec_dst; /* Local address */
                  struct in_addr ipi_addr;     /* Header Destination
                                                  address */

          ipi_ifindex  is the unique index of the interface the packet was
          received on.  ipi_spec_dst is the local address  of  the  packet
          and  ipi_addr  is  the destination address in the packet header.
          If IP_PKTINFO is passed to sendmsg(2) and  ipi_spec_dst  is  not
          zero,  then  it  is  used  as  the  local source address for the
          routing table lookup and for setting up IP source route options.
          When  ipi_ifindex  is not zero, the primary local address of the
          interface specified by the index overwrites ipi_spec_dst for the
          routing table lookup.

   IP_RECVERR (since Linux 2.2)
          Enable extended reliable error message passing.  When enabled on
          a datagram socket, all generated errors will be queued in a per-
          socket  error  queue.   When  the  user receives an error from a
          socket  operation,  the  errors  can  be  received  by   calling
          recvmsg(2)    with    the    MSG_ERRQUEUE    flag    set.    The
          sock_extended_err structure describing the error will be  passed
          in  an  ancillary message with the type IP_RECVERR and the level
          IPPROTO_IP.  This is  useful  for  reliable  error  handling  on
          unconnected  sockets.   The  received  data portion of the error
          queue contains the error packet.

          The IP_RECVERR  control  message  contains  a  sock_extended_err

              #define SO_EE_ORIGIN_NONE    0
              #define SO_EE_ORIGIN_LOCAL   1
              #define SO_EE_ORIGIN_ICMP    2
              #define SO_EE_ORIGIN_ICMP6   3

              struct sock_extended_err {
                  uint32_t ee_errno;   /* error number */
                  uint8_t  ee_origin;  /* where the error originated */
                  uint8_t  ee_type;    /* type */
                  uint8_t  ee_code;    /* code */
                  uint8_t  ee_pad;
                  uint32_t ee_info;    /* additional information */
                  uint32_t ee_data;    /* other data */
                  /* More data may follow */

              struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);

          ee_errno   contains  the  errno  number  of  the  queued  error.
          ee_origin is the origin code of where the error originated.  The
          other  fields  are  protocol-specific.  The macro SO_EE_OFFENDER
          returns a pointer to the address of the network object where the
          error  originated from given a pointer to the ancillary message.
          If this address is  not  known,  the  sa_family  member  of  the
          sockaddr contains AF_UNSPEC and the other fields of the sockaddr
          are undefined.

          IP uses the sock_extended_err structure as follows: ee_origin is
          set  to SO_EE_ORIGIN_ICMP for errors received as an ICMP packet,
          or SO_EE_ORIGIN_LOCAL for  locally  generated  errors.   Unknown
          values  should be ignored.  ee_type and ee_code are set from the
          type and code fields of the ICMP header.  ee_info  contains  the
          discovered  MTU  for EMSGSIZE errors.  The message also contains
          the sockaddr_in of the node  caused  the  error,  which  can  be
          accessed with the SO_EE_OFFENDER macro.  The sin_family field of
          the SO_EE_OFFENDER address is  AF_UNSPEC  when  the  source  was
          unknown.   When  the  error  originated from the network, all IP
          options (IP_OPTIONS, IP_TTL, etc.) enabled  on  the  socket  and
          contained  in  the  error packet are passed as control messages.
          The payload of the packet  causing  the  error  is  returned  as
          normal  payload.  Note that TCP has no error queue; MSG_ERRQUEUE
          is not permitted on SOCK_STREAM sockets.   IP_RECVERR  is  valid
          for  TCP,  but all errors are returned by socket function return
          or SO_ERROR only.

          For raw sockets, IP_RECVERR enables passing of all received ICMP
          errors to the application, otherwise errors are only reported on
          connected sockets

          It sets  or  retrieves  an  integer  boolean  flag.   IP_RECVERR
          defaults to off.

   IP_RECVOPTS (since Linux 2.2)
          Pass all incoming IP options to the user in a IP_OPTIONS control
          message.  The routing  header  and  other  options  are  already
          filled  in  for  the  local host.  Not supported for SOCK_STREAM

   IP_RECVORIGDSTADDR (since Linux 2.6.29)
          This boolean option enables the IP_ORIGDSTADDR ancillary message
          in   recvmsg(2),  in  which  the  kernel  returns  the  original
          destination  address  of  the  datagram  being  received.    The
          ancillary message contains a struct sockaddr_in.

   IP_RECVTOS (since Linux 2.2)
          If enabled, the IP_TOS ancillary message is passed with incoming
          packets.  It  contains  a  byte  which  specifies  the  Type  of
          Service/Precedence  field  of  the  packet  header.   Expects  a
          boolean integer flag.

   IP_RECVTTL (since Linux 2.2)
          When this flag is set, pass a IP_TTL control  message  with  the
          time-to-live  field  of  the  received  packet  as  a byte.  Not
          supported for SOCK_STREAM sockets.

   IP_RETOPTS (since Linux 2.2)
          Identical to IP_RECVOPTS, but returns  raw  unprocessed  options
          with  timestamp  and route record options not filled in for this

   IP_ROUTER_ALERT (since Linux 2.2)
          Pass all to-be forwarded packets with the IP Router Alert option
          set  to  this  socket.   Valid  only  for  raw sockets.  This is
          useful, for instance, for user-space RSVP daemons.   The  tapped
          packets  are  not  forwarded  by  the  kernel;  it is the user's
          responsibility to  send  them  out  again.   Socket  binding  is
          ignored, such packets are only filtered by protocol.  Expects an
          integer flag.

   IP_TOS (since Linux 1.0)
          Set or receive the Type-Of-Service (TOS) field that is sent with
          every  IP  packet  originating  from this socket.  It is used to
          prioritize packets on the network.  TOS is a  byte.   There  are
          some  standard  TOS  flags  defined:  IPTOS_LOWDELAY to minimize
          delays for interactive  traffic,  IPTOS_THROUGHPUT  to  optimize
          throughput,   IPTOS_RELIABILITY  to  optimize  for  reliability,
          IPTOS_MINCOST should  be  used  for  "filler  data"  where  slow
          transmission  doesn't  matter.   At most one of these TOS values
          can be specified.  Other bits are invalid and shall be  cleared.
          Linux  sends  IPTOS_LOWDELAY datagrams first by default, but the
          exact behavior depends on the  configured  queueing  discipline.
          Some  high-priority levels may require superuser privileges (the
          CAP_NET_ADMIN capability).

   IP_TRANSPARENT (since Linux 2.6.24)
          Setting this boolean option enables transparent proxying on this
          socket.   This  socket  option allows the calling application to
          bind to a nonlocal IP address and operate both as a client and a
          server  with  the  foreign address as the local endpoint.  NOTE:
          this requires that routing be set up in a way that packets going
          to  the foreign address are routed through the TProxy box (i.e.,
          the  system   hosting   the   application   that   employs   the
          IP_TRANSPARENT  socket  option).   Enabling  this  socket option
          requires superuser privileges (the CAP_NET_ADMIN capability).

          TProxy redirection with the iptables TPROXY target also requires
          that this option be set on the redirected socket.

   IP_TTL (since Linux 1.0)
          Set  or  retrieve the current time-to-live field that is used in
          every packet sent from this socket.

   IP_UNBLOCK_SOURCE (since Linux 2.4.22 / 2.5.68)
          Unblock   previously   blocked   multicast   source.     Returns
          EADDRNOTAVAIL when given source is not being blocked.

          Argument  is  an  ip_mreq_source  structure  as  described under

   /proc interfaces
   The IP protocol supports a set of /proc interfaces  to  configure  some
   global  parameters.   The  parameters  can  be  accessed  by reading or
   writing  files  in  the  directory   /proc/sys/net/ipv4/.    Interfaces
   described  as  Boolean  take  an  integer  value,  with a nonzero value
   ("true") meaning that the corresponding option is enabled, and  a  zero
   value ("false") meaning that the option is disabled.

   ip_always_defrag (Boolean; since Linux 2.2.13)
          [New with kernel 2.2.13; in earlier kernel versions this feature
          was controlled at compile time  by  the  CONFIG_IP_ALWAYS_DEFRAG
          option; this option is not present in 2.4.x and later]

          When  this  boolean  flag  is  enabled  (not  equal 0), incoming
          fragments (parts of IP packets that arose when some host between
          origin  and  destination decided that the packets were too large
          and cut them into pieces)  will  be  reassembled  (defragmented)
          before being processed, even if they are about to be forwarded.

          Enable  only  if running either a firewall that is the sole link
          to your network or a transparent proxy; never ever use it for  a
          normal  router or host.  Otherwise, fragmented communication can
          be disturbed if  the  fragments  travel  over  different  links.
          Defragmentation also has a large memory and CPU time cost.

          This is automagically turned on when masquerading or transparent
          proxying are configured.

   ip_autoconfig (since Linux 2.2 to 2.6.17)
          Not documented.

   ip_default_ttl (integer; default: 64; since Linux 2.2)
          Set the default time-to-live value of  outgoing  packets.   This
          can be changed per socket with the IP_TTL option.

   ip_dynaddr (Boolean; default: disabled; since Linux 2.0.31)
          Enable  dynamic  socket address and masquerading entry rewriting
          on  interface  address  change.   This  is  useful  for   dialup
          interface  with  changing IP addresses.  0 means no rewriting, 1
          turns it on and 2 enables verbose mode.

   ip_forward (Boolean; default: disabled; since Linux 1.2)
          Enable IP forwarding with a boolean flag.  IP forwarding can  be
          also set on a per-interface basis.

   ip_local_port_range (since Linux 2.2)
          This  file  contains  two integers that define the default local
          port range allocated to sockets that are not explicitly bound to
          a  port  number---that is, the range used for ephemeral ports.  An
          ephemeral port  is  allocated  to  a  socket  in  the  following

          *  the  port  number  in a socket address is specified as 0 when
             calling bind(2);

          *  listen(2)  is  called  on  a  stream  socket  that  was   not
             previously bound;

          *  connect(2)  was  called  on  a socket that was not previously

          *  sendto(2) is  called  on  a  datagram  socket  that  was  not
             previously bound.

          Allocation  of  ephemeral  ports starts with the first number in
          ip_local_port_range and ends with the  second  number.   If  the
          range  of ephemeral ports is exhausted, then the relevant system
          call returns an error (but see BUGS).

          Note that the  port  range  in  ip_local_port_range  should  not
          conflict  with the ports used by masquerading (although the case
          is handled).  Also, arbitrary choices may  cause  problems  with
          some  firewall  packet  filters  that make assumptions about the
          local ports in use.  The first number should be at least greater
          than  1024,  or better, greater than 4096, to avoid clashes with
          well known ports and to minimize firewall problems.

   ip_no_pmtu_disc (Boolean; default: disabled; since Linux 2.2)
          If enabled, don't do Path  MTU  Discovery  for  TCP  sockets  by
          default.  Path MTU discovery may fail if misconfigured firewalls
          (that drop all ICMP packets) or misconfigured interfaces  (e.g.,
          a  point-to-point  link  where  the both ends don't agree on the
          MTU) are on the path.  It is better to fix the broken routers on
          the  path  than to turn off Path MTU Discovery globally, because
          not doing it incurs a high cost to the network.

   ip_nonlocal_bind (Boolean; default: disabled; since Linux 2.4)
          If set, allows processes to bind(2) to  nonlocal  IP  addresses,
          which can be quite useful, but may break some applications.

   ip6frag_time (integer; default: 30)
          Time in seconds to keep an IPv6 fragment in memory.

   ip6frag_secret_interval (integer; default: 600)
          Regeneration  interval  (in  seconds)  of  the  hash  secret (or
          lifetime for the hash secret) for IPv6 fragments.

   ipfrag_high_thresh (integer), ipfrag_low_thresh (integer)
          If the amount of queued IP fragments reaches ipfrag_high_thresh,
          the  queue  is  pruned  down  to ipfrag_low_thresh.  Contains an
          integer with the number of bytes.

          See arp(7).

   All ioctls described in socket(7) apply to ip.

   Ioctls  to  configure  generic  device  parameters  are  described   in


   EACCES The  user  tried  to  execute an operation without the necessary
          permissions.  These include: sending a  packet  to  a  broadcast
          address  without  having  the  SO_BROADCAST  flag set; sending a
          packet via a prohibit route; modifying firewall settings without
          superuser  privileges (the CAP_NET_ADMIN capability); binding to
          a   privileged   port   without   superuser   privileges    (the
          CAP_NET_BIND_SERVICE capability).

          Tried to bind to an address already in use.

          A  nonexistent  interface  was requested or the requested source
          address was not local.

   EAGAIN Operation on a nonblocking socket would block.

          A connection operation on a nonblocking  socket  is  already  in

          A connection was closed during an accept(2).

          No  valid  routing  table entry matches the destination address.
          This error can be caused by a ICMP message from a remote  router
          or for the local routing table.

   EINVAL Invalid argument passed.  For send operations this can be caused
          by sending to a blackhole route.

          connect(2) was called on an already connected socket.

          Datagram is bigger than an MTU on the  path  and  it  cannot  be

          Not  enough  free  memory.   This  often  means  that the memory
          allocation is limited by the socket buffer limits,  not  by  the
          system memory, but this is not 100% consistent.

   ENOENT SIOCGSTAMP was called on a socket where no packet arrived.

   ENOPKG A kernel subsystem was not configured.

          Invalid socket option passed.

          The  operation  is  defined  only on a connected socket, but the
          socket wasn't connected.

   EPERM  User doesn't  have  permission  to  set  high  priority,  change
          configuration,  or  send  signals  to  the  requested process or

   EPIPE  The connection was unexpectedly closed or shut down by the other

          The  socket  is  not  configured  or  an unknown socket type was

   Other errors may be generated by the overlaying protocols; see  tcp(7),
   raw(7), udp(7), and socket(7).



   Be  very careful with the SO_BROADCAST option - it is not privileged in
   Linux.  It is easy to overload the network  with  careless  broadcasts.
   For  new  application  protocols  it is better to use a multicast group
   instead of broadcasting.  Broadcasting is discouraged.

   Some  other  BSD  sockets  implementations  provide  IP_RCVDSTADDR  and
   IP_RECVIF  socket  options  to  get  the  destination  address  and the
   interface of received datagrams.  Linux has the more general IP_PKTINFO
   for the same task.

   Some BSD sockets implementations also provide an IP_RECVTTL option, but
   an ancillary message with type IP_RECVTTL is passed with  the  incoming
   packet.  This is different from the IP_TTL option used in Linux.

   Using  the SOL_IP socket options level isn't portable; BSD-based stacks
   use the IPPROTO_IP level.

   For  compatibility  with  Linux  2.0,  the   obsolete   socket(AF_INET,
   SOCK_PACKET,  protocol)  syntax  is still supported to open a packet(7)
   socket.  This is deprecated and should be replaced by socket(AF_PACKET,
   SOCK_RAW,   protocol)   instead.    The  main  difference  is  the  new
   sockaddr_ll  address  structure  for  generic  link  layer  information
   instead of the old sockaddr_pkt.


   There are too many inconsistent error values.

   The  error  used  to  diagnose  exhaustion  of the ephemeral port range
   differs  across  the  various  system   calls   (connect(2),   bind(2),
   listen(2), sendto(2)) that can assign ephemeral ports.

   The  ioctls  to  configure IP-specific interface options and ARP tables
   are not described.

   Receiving  the  original  destination  address  with  MSG_ERRQUEUE   in
   msg_name by recvmsg(2) does not work in some 2.2 kernels.


   recvmsg(2),   sendmsg(2),   byteorder(3),   ipfw(4),   capabilities(7),
   icmp(7), ipv6(7), netlink(7), raw(7), socket(7), tcp(7), udp(7)

   RFC 791 for the original IP specification.  RFC 1122 for the IPv4  host
   requirements.  RFC 1812 for the IPv4 router requirements.


   This  page  is  part of release 4.09 of the Linux man-pages project.  A
   description of the project, information about reporting bugs,  and  the
   latest     version     of     this    page,    can    be    found    at


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.