1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ip.4 8.2 (Berkeley) 11/30/93 29.\" $FreeBSD$ 30.\" 31.Dd September 1, 2014 32.Dt IP 4 33.Os 34.Sh NAME 35.Nm ip 36.Nd Internet Protocol 37.Sh SYNOPSIS 38.In sys/types.h 39.In sys/socket.h 40.In netinet/in.h 41.Ft int 42.Fn socket AF_INET SOCK_RAW proto 43.Sh DESCRIPTION 44.Tn IP 45is the transport layer protocol used 46by the Internet protocol family. 47Options may be set at the 48.Tn IP 49level 50when using higher-level protocols that are based on 51.Tn IP 52(such as 53.Tn TCP 54and 55.Tn UDP ) . 56It may also be accessed 57through a 58.Dq raw socket 59when developing new protocols, or 60special-purpose applications. 61.Pp 62There are several 63.Tn IP-level 64.Xr setsockopt 2 65and 66.Xr getsockopt 2 67options. 68.Dv IP_OPTIONS 69may be used to provide 70.Tn IP 71options to be transmitted in the 72.Tn IP 73header of each outgoing packet 74or to examine the header options on incoming packets. 75.Tn IP 76options may be used with any socket type in the Internet family. 77The format of 78.Tn IP 79options to be sent is that specified by the 80.Tn IP 81protocol specification (RFC-791), with one exception: 82the list of addresses for Source Route options must include the first-hop 83gateway at the beginning of the list of gateways. 84The first-hop gateway address will be extracted from the option list 85and the size adjusted accordingly before use. 86To disable previously specified options, 87use a zero-length buffer: 88.Bd -literal 89setsockopt(s, IPPROTO_IP, IP_OPTIONS, NULL, 0); 90.Ed 91.Pp 92.Dv IP_TOS 93and 94.Dv IP_TTL 95may be used to set the type-of-service and time-to-live 96fields in the 97.Tn IP 98header for 99.Dv SOCK_STREAM , SOCK_DGRAM , 100and certain types of 101.Dv SOCK_RAW 102sockets. 103For example, 104.Bd -literal 105int tos = IPTOS_LOWDELAY; /* see <netinet/ip.h> */ 106setsockopt(s, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)); 107 108int ttl = 60; /* max = 255 */ 109setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)); 110.Ed 111.Pp 112.Dv IP_MINTTL 113may be used to set the minimum acceptable TTL a packet must have when 114received on a socket. 115All packets with a lower TTL are silently dropped. 116This option is only really useful when set to 255, preventing packets 117from outside the directly connected networks reaching local listeners 118on sockets. 119.Pp 120.Dv IP_DONTFRAG 121may be used to set the Don't Fragment flag on IP packets. 122Currently this option is respected only on 123.Xr udp 4 124and raw 125.Nm 126sockets, unless the 127.Dv IP_HDRINCL 128option has been set. 129On 130.Xr tcp 4 131sockets, the Don't Fragment flag is controlled by the Path 132MTU Discovery option. 133Sending a packet larger than the MTU size of the egress interface, 134determined by the destination address, returns an 135.Er EMSGSIZE 136error. 137.Pp 138If the 139.Dv IP_RECVDSTADDR 140option is enabled on a 141.Dv SOCK_DGRAM 142socket, 143the 144.Xr recvmsg 2 145call will return the destination 146.Tn IP 147address for a 148.Tn UDP 149datagram. 150The 151.Vt msg_control 152field in the 153.Vt msghdr 154structure points to a buffer 155that contains a 156.Vt cmsghdr 157structure followed by the 158.Tn IP 159address. 160The 161.Vt cmsghdr 162fields have the following values: 163.Bd -literal 164cmsg_len = CMSG_LEN(sizeof(struct in_addr)) 165cmsg_level = IPPROTO_IP 166cmsg_type = IP_RECVDSTADDR 167.Ed 168.Pp 169The source address to be used for outgoing 170.Tn UDP 171datagrams on a socket can be specified as ancillary data with a type code of 172.Dv IP_SENDSRCADDR . 173The msg_control field in the msghdr structure should point to a buffer 174that contains a 175.Vt cmsghdr 176structure followed by the 177.Tn IP 178address. 179The cmsghdr fields should have the following values: 180.Bd -literal 181cmsg_len = CMSG_LEN(sizeof(struct in_addr)) 182cmsg_level = IPPROTO_IP 183cmsg_type = IP_SENDSRCADDR 184.Ed 185.Pp 186The socket should be either bound to 187.Dv INADDR_ANY 188and a local port, and the address supplied with 189.Dv IP_SENDSRCADDR 190should't be 191.Dv INADDR_ANY , 192or the socket should be bound to a local address and the address supplied with 193.Dv IP_SENDSRCADDR 194should be 195.Dv INADDR_ANY . 196In the latter case bound address is overriden via generic source address 197selection logic, which would choose IP address of interface closest to 198destination. 199.Pp 200For convenience, 201.Dv IP_SENDSRCADDR 202is defined to have the same value as 203.Dv IP_RECVDSTADDR , 204so the 205.Dv IP_RECVDSTADDR 206control message from 207.Xr recvmsg 2 208can be used directly as a control message for 209.Xr sendmsg 2 . 210.\" 211.Pp 212If the 213.Dv IP_ONESBCAST 214option is enabled on a 215.Dv SOCK_DGRAM 216or a 217.Dv SOCK_RAW 218socket, the destination address of outgoing 219broadcast datagrams on that socket will be forced 220to the undirected broadcast address, 221.Dv INADDR_BROADCAST , 222before transmission. 223This is in contrast to the default behavior of the 224system, which is to transmit undirected broadcasts 225via the first network interface with the 226.Dv IFF_BROADCAST 227flag set. 228.Pp 229This option allows applications to choose which 230interface is used to transmit an undirected broadcast 231datagram. 232For example, the following code would force an 233undirected broadcast to be transmitted via the interface 234configured with the broadcast address 192.168.2.255: 235.Bd -literal 236char msg[512]; 237struct sockaddr_in sin; 238int onesbcast = 1; /* 0 = disable (default), 1 = enable */ 239 240setsockopt(s, IPPROTO_IP, IP_ONESBCAST, &onesbcast, sizeof(onesbcast)); 241sin.sin_addr.s_addr = inet_addr("192.168.2.255"); 242sin.sin_port = htons(1234); 243sendto(s, msg, sizeof(msg), 0, &sin, sizeof(sin)); 244.Ed 245.Pp 246It is the application's responsibility to set the 247.Dv IP_TTL 248option 249to an appropriate value in order to prevent broadcast storms. 250The application must have sufficient credentials to set the 251.Dv SO_BROADCAST 252socket level option, otherwise the 253.Dv IP_ONESBCAST 254option has no effect. 255.Pp 256If the 257.Dv IP_BINDANY 258option is enabled on a 259.Dv SOCK_STREAM , 260.Dv SOCK_DGRAM 261or a 262.Dv SOCK_RAW 263socket, one can 264.Xr bind 2 265to any address, even one not bound to any available network interface in the 266system. 267This functionality (in conjunction with special firewall rules) can be used for 268implementing a transparent proxy. 269The 270.Dv PRIV_NETINET_BINDANY 271privilege is needed to set this option. 272.Pp 273If the 274.Dv IP_RECVTTL 275option is enabled on a 276.Dv SOCK_DGRAM 277socket, the 278.Xr recvmsg 2 279call will return the 280.Tn IP 281.Tn TTL 282(time to live) field for a 283.Tn UDP 284datagram. 285The msg_control field in the msghdr structure points to a buffer 286that contains a cmsghdr structure followed by the 287.Tn TTL . 288The cmsghdr fields have the following values: 289.Bd -literal 290cmsg_len = CMSG_LEN(sizeof(u_char)) 291cmsg_level = IPPROTO_IP 292cmsg_type = IP_RECVTTL 293.Ed 294.\" 295.Pp 296If the 297.Dv IP_RECVTOS 298option is enabled on a 299.Dv SOCK_DGRAM 300socket, the 301.Xr recvmsg 2 302call will return the 303.Tn IP 304.Tn TOS 305(type of service) field for a 306.Tn UDP 307datagram. 308The msg_control field in the msghdr structure points to a buffer 309that contains a cmsghdr structure followed by the 310.Tn TOS . 311The cmsghdr fields have the following values: 312.Bd -literal 313cmsg_len = CMSG_LEN(sizeof(u_char)) 314cmsg_level = IPPROTO_IP 315cmsg_type = IP_RECVTOS 316.Ed 317.\" 318.Pp 319If the 320.Dv IP_RECVIF 321option is enabled on a 322.Dv SOCK_DGRAM 323socket, the 324.Xr recvmsg 2 325call returns a 326.Vt "struct sockaddr_dl" 327corresponding to the interface on which the 328packet was received. 329The 330.Va msg_control 331field in the 332.Vt msghdr 333structure points to a buffer that contains a 334.Vt cmsghdr 335structure followed by the 336.Vt "struct sockaddr_dl" . 337The 338.Vt cmsghdr 339fields have the following values: 340.Bd -literal 341cmsg_len = CMSG_LEN(sizeof(struct sockaddr_dl)) 342cmsg_level = IPPROTO_IP 343cmsg_type = IP_RECVIF 344.Ed 345.Pp 346.Dv IP_PORTRANGE 347may be used to set the port range used for selecting a local port number 348on a socket with an unspecified (zero) port number. 349It has the following 350possible values: 351.Bl -tag -width IP_PORTRANGE_DEFAULT 352.It Dv IP_PORTRANGE_DEFAULT 353use the default range of values, normally 354.Dv IPPORT_HIFIRSTAUTO 355through 356.Dv IPPORT_HILASTAUTO . 357This is adjustable through the sysctl setting: 358.Va net.inet.ip.portrange.first 359and 360.Va net.inet.ip.portrange.last . 361.It Dv IP_PORTRANGE_HIGH 362use a high range of values, normally 363.Dv IPPORT_HIFIRSTAUTO 364and 365.Dv IPPORT_HILASTAUTO . 366This is adjustable through the sysctl setting: 367.Va net.inet.ip.portrange.hifirst 368and 369.Va net.inet.ip.portrange.hilast . 370.It Dv IP_PORTRANGE_LOW 371use a low range of ports, which are normally restricted to 372privileged processes on 373.Ux 374systems. 375The range is normally from 376.Dv IPPORT_RESERVED 377\- 1 down to 378.Li IPPORT_RESERVEDSTART 379in descending order. 380This is adjustable through the sysctl setting: 381.Va net.inet.ip.portrange.lowfirst 382and 383.Va net.inet.ip.portrange.lowlast . 384.El 385.Pp 386The range of privileged ports which only may be opened by 387root-owned processes may be modified by the 388.Va net.inet.ip.portrange.reservedlow 389and 390.Va net.inet.ip.portrange.reservedhigh 391sysctl settings. 392The values default to the traditional range, 3930 through 394.Dv IPPORT_RESERVED 395\- 1 396(0 through 1023), respectively. 397Note that these settings do not affect and are not accounted for in the 398use or calculation of the other 399.Va net.inet.ip.portrange 400values above. 401Changing these values departs from 402.Ux 403tradition and has security 404consequences that the administrator should carefully evaluate before 405modifying these settings. 406.Pp 407Ports are allocated at random within the specified port range in order 408to increase the difficulty of random spoofing attacks. 409In scenarios such as benchmarking, this behavior may be undesirable. 410In these cases, 411.Va net.inet.ip.portrange.randomized 412can be used to toggle randomization off. 413If more than 414.Va net.inet.ip.portrange.randomcps 415ports have been allocated in the last second, then return to sequential 416port allocation. 417Return to random allocation only once the current port allocation rate 418drops below 419.Va net.inet.ip.portrange.randomcps 420for at least 421.Va net.inet.ip.portrange.randomtime 422seconds. 423The default values for 424.Va net.inet.ip.portrange.randomcps 425and 426.Va net.inet.ip.portrange.randomtime 427are 10 port allocations per second and 45 seconds correspondingly. 428.Ss "Multicast Options" 429.Tn IP 430multicasting is supported only on 431.Dv AF_INET 432sockets of type 433.Dv SOCK_DGRAM 434and 435.Dv SOCK_RAW , 436and only on networks where the interface 437driver supports multicasting. 438.Pp 439The 440.Dv IP_MULTICAST_TTL 441option changes the time-to-live (TTL) 442for outgoing multicast datagrams 443in order to control the scope of the multicasts: 444.Bd -literal 445u_char ttl; /* range: 0 to 255, default = 1 */ 446setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)); 447.Ed 448.Pp 449Datagrams with a TTL of 1 are not forwarded beyond the local network. 450Multicast datagrams with a TTL of 0 will not be transmitted on any network, 451but may be delivered locally if the sending host belongs to the destination 452group and if multicast loopback has not been disabled on the sending socket 453(see below). 454Multicast datagrams with TTL greater than 1 may be forwarded 455to other networks if a multicast router is attached to the local network. 456.Pp 457For hosts with multiple interfaces, where an interface has not 458been specified for a multicast group membership, 459each multicast transmission is sent from the primary network interface. 460The 461.Dv IP_MULTICAST_IF 462option overrides the default for 463subsequent transmissions from a given socket: 464.Bd -literal 465struct in_addr addr; 466setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, sizeof(addr)); 467.Ed 468.Pp 469where "addr" is the local 470.Tn IP 471address of the desired interface or 472.Dv INADDR_ANY 473to specify the default interface. 474.Pp 475To specify an interface by index, an instance of 476.Vt ip_mreqn 477may be passed instead. 478The 479.Vt imr_ifindex 480member should be set to the index of the desired interface, 481or 0 to specify the default interface. 482The kernel differentiates between these two structures by their size. 483.Pp 484The use of 485.Vt IP_MULTICAST_IF 486is 487.Em not recommended , 488as multicast memberships are scoped to each 489individual interface. 490It is supported for legacy use only by applications, 491such as routing daemons, which expect to 492be able to transmit link-local IPv4 multicast datagrams (224.0.0.0/24) 493on multiple interfaces, 494without requesting an individual membership for each interface. 495.Pp 496.\" 497An interface's local IP address and multicast capability can 498be obtained via the 499.Dv SIOCGIFCONF 500and 501.Dv SIOCGIFFLAGS 502ioctls. 503Normal applications should not need to use this option. 504.Pp 505If a multicast datagram is sent to a group to which the sending host itself 506belongs (on the outgoing interface), a copy of the datagram is, by default, 507looped back by the IP layer for local delivery. 508The 509.Dv IP_MULTICAST_LOOP 510option gives the sender explicit control 511over whether or not subsequent datagrams are looped back: 512.Bd -literal 513u_char loop; /* 0 = disable, 1 = enable (default) */ 514setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop)); 515.Ed 516.Pp 517This option 518improves performance for applications that may have no more than one 519instance on a single host (such as a routing daemon), by eliminating 520the overhead of receiving their own transmissions. 521It should generally not 522be used by applications for which there may be more than one instance on a 523single host (such as a conferencing program) or for which the sender does 524not belong to the destination group (such as a time querying program). 525.Pp 526The sysctl setting 527.Va net.inet.ip.mcast.loop 528controls the default setting of the 529.Dv IP_MULTICAST_LOOP 530socket option for new sockets. 531.Pp 532A multicast datagram sent with an initial TTL greater than 1 may be delivered 533to the sending host on a different interface from that on which it was sent, 534if the host belongs to the destination group on that other interface. 535The loopback control option has no effect on such delivery. 536.Pp 537A host must become a member of a multicast group before it can receive 538datagrams sent to the group. 539To join a multicast group, use the 540.Dv IP_ADD_MEMBERSHIP 541option: 542.Bd -literal 543struct ip_mreq mreq; 544setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); 545.Ed 546.Pp 547where 548.Fa mreq 549is the following structure: 550.Bd -literal 551struct ip_mreq { 552 struct in_addr imr_multiaddr; /* IP multicast address of group */ 553 struct in_addr imr_interface; /* local IP address of interface */ 554} 555.Ed 556.Pp 557.Va imr_interface 558should be set to the 559.Tn IP 560address of a particular multicast-capable interface if 561the host is multihomed. 562It may be set to 563.Dv INADDR_ANY 564to choose the default interface, although this is not recommended; 565this is considered to be the first interface corresponding 566to the default route. 567Otherwise, the first multicast-capable interface 568configured in the system will be used. 569.Pp 570Prior to 571.Fx 7.0 , 572if the 573.Va imr_interface 574member is within the network range 575.Li 0.0.0.0/8 , 576it is treated as an interface index in the system interface MIB, 577as per the RIP Version 2 MIB Extension (RFC-1724). 578In versions of 579.Fx 580since 7.0, this behavior is no longer supported. 581Developers should 582instead use the RFC 3678 multicast source filter APIs; in particular, 583.Dv MCAST_JOIN_GROUP . 584.Pp 585Up to 586.Dv IP_MAX_MEMBERSHIPS 587memberships may be added on a single socket. 588Membership is associated with a single interface; 589programs running on multihomed hosts may need to 590join the same group on more than one interface. 591.Pp 592To drop a membership, use: 593.Bd -literal 594struct ip_mreq mreq; 595setsockopt(s, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq)); 596.Ed 597.Pp 598where 599.Fa mreq 600contains the same values as used to add the membership. 601Memberships are dropped when the socket is closed or the process exits. 602.\" TODO: Update this piece when IPv4 source-address selection is implemented. 603.Pp 604The IGMP protocol uses the primary IP address of the interface 605as its identifier for group membership. 606This is the first IP address configured on the interface. 607If this address is removed or changed, the results are 608undefined, as the IGMP membership state will then be inconsistent. 609If multiple IP aliases are configured on the same interface, 610they will be ignored. 611.Pp 612This shortcoming was addressed in IPv6; MLDv2 requires 613that the unique link-local address for an interface is 614used to identify an MLDv2 listener. 615.Ss "Source-Specific Multicast Options" 616Since 617.Fx 8.0 , 618the use of Source-Specific Multicast (SSM) is supported. 619These extensions require an IGMPv3 multicast router in order to 620make best use of them. 621If a legacy multicast router is present on the link, 622.Fx 623will simply downgrade to the version of IGMP spoken by the router, 624and the benefits of source filtering on the upstream link 625will not be present, although the kernel will continue to 626squelch transmissions from blocked sources. 627.Pp 628Each group membership on a socket now has a filter mode: 629.Bl -tag -width MCAST_EXCLUDE 630.It Dv MCAST_EXCLUDE 631Datagrams sent to this group are accepted, 632unless the source is in a list of blocked source addresses. 633.It Dv MCAST_INCLUDE 634Datagrams sent to this group are accepted 635only if the source is in a list of accepted source addresses. 636.El 637.Pp 638Groups joined using the legacy 639.Dv IP_ADD_MEMBERSHIP 640option are placed in exclusive-mode, 641and are able to request that certain sources are blocked or allowed. 642This is known as the 643.Em delta-based API . 644.Pp 645To block a multicast source on an existing group membership: 646.Bd -literal 647struct ip_mreq_source mreqs; 648setsockopt(s, IPPROTO_IP, IP_BLOCK_SOURCE, &mreqs, sizeof(mreqs)); 649.Ed 650.Pp 651where 652.Fa mreqs 653is the following structure: 654.Bd -literal 655struct ip_mreq_source { 656 struct in_addr imr_multiaddr; /* IP multicast address of group */ 657 struct in_addr imr_sourceaddr; /* IP address of source */ 658 struct in_addr imr_interface; /* local IP address of interface */ 659} 660.Ed 661.Va imr_sourceaddr 662should be set to the address of the source to be blocked. 663.Pp 664To unblock a multicast source on an existing group: 665.Bd -literal 666struct ip_mreq_source mreqs; 667setsockopt(s, IPPROTO_IP, IP_UNBLOCK_SOURCE, &mreqs, sizeof(mreqs)); 668.Ed 669.Pp 670The 671.Dv IP_BLOCK_SOURCE 672and 673.Dv IP_UNBLOCK_SOURCE 674options are 675.Em not permitted 676for inclusive-mode group memberships. 677.Pp 678To join a multicast group in 679.Dv MCAST_INCLUDE 680mode with a single source, 681or add another source to an existing inclusive-mode membership: 682.Bd -literal 683struct ip_mreq_source mreqs; 684setsockopt(s, IPPROTO_IP, IP_ADD_SOURCE_MEMBERSHIP, &mreqs, sizeof(mreqs)); 685.Ed 686.Pp 687To leave a single source from an existing group in inclusive mode: 688.Bd -literal 689struct ip_mreq_source mreqs; 690setsockopt(s, IPPROTO_IP, IP_DROP_SOURCE_MEMBERSHIP, &mreqs, sizeof(mreqs)); 691.Ed 692If this is the last accepted source for the group, the membership 693will be dropped. 694.Pp 695The 696.Dv IP_ADD_SOURCE_MEMBERSHIP 697and 698.Dv IP_DROP_SOURCE_MEMBERSHIP 699options are 700.Em not accepted 701for exclusive-mode group memberships. 702However, both exclusive and inclusive mode memberships 703support the use of the 704.Em full-state API 705documented in RFC 3678. 706For management of source filter lists using this API, 707please refer to 708.Xr sourcefilter 3 . 709.Pp 710The sysctl settings 711.Va net.inet.ip.mcast.maxsocksrc 712and 713.Va net.inet.ip.mcast.maxgrpsrc 714are used to specify an upper limit on the number of per-socket and per-group 715source filter entries which the kernel may allocate. 716.\"----------------------- 717.Ss "Raw IP Sockets" 718Raw 719.Tn IP 720sockets are connectionless, 721and are normally used with the 722.Xr sendto 2 723and 724.Xr recvfrom 2 725calls, though the 726.Xr connect 2 727call may also be used to fix the destination for future 728packets (in which case the 729.Xr read 2 730or 731.Xr recv 2 732and 733.Xr write 2 734or 735.Xr send 2 736system calls may be used). 737.Pp 738If 739.Fa proto 740is 0, the default protocol 741.Dv IPPROTO_RAW 742is used for outgoing 743packets, and only incoming packets destined for that protocol 744are received. 745If 746.Fa proto 747is non-zero, that protocol number will be used on outgoing packets 748and to filter incoming packets. 749.Pp 750Outgoing packets automatically have an 751.Tn IP 752header prepended to 753them (based on the destination address and the protocol 754number the socket is created with), 755unless the 756.Dv IP_HDRINCL 757option has been set. 758Unlike in previous 759.Bx 760releases, incoming packets are received with 761.Tn IP 762header and options intact, leaving all fields in network byte order. 763.Pp 764.Dv IP_HDRINCL 765indicates the complete IP header is included with the data 766and may be used only with the 767.Dv SOCK_RAW 768type. 769.Bd -literal 770#include <netinet/in_systm.h> 771#include <netinet/ip.h> 772 773int hincl = 1; /* 1 = on, 0 = off */ 774setsockopt(s, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)); 775.Ed 776.Pp 777Unlike previous 778.Bx 779releases, the program must set all 780the fields of the IP header, including the following: 781.Bd -literal 782ip->ip_v = IPVERSION; 783ip->ip_hl = hlen >> 2; 784ip->ip_id = 0; /* 0 means kernel set appropriate value */ 785ip->ip_off = htons(offset); 786ip->ip_len = htons(len); 787.Ed 788.Pp 789The packet should be provided as is to be sent over wire. 790This implies all fields, including 791.Va ip_len 792and 793.Va ip_off 794to be in network byte order. 795See 796.Xr byteorder 3 797for more information on network byte order. 798If the 799.Va ip_id 800field is set to 0 then the kernel will choose an 801appropriate value. 802If the header source address is set to 803.Dv INADDR_ANY , 804the kernel will choose an appropriate address. 805.Sh ERRORS 806A socket operation may fail with one of the following errors returned: 807.Bl -tag -width Er 808.It Bq Er EISCONN 809when trying to establish a connection on a socket which 810already has one, or when trying to send a datagram with the destination 811address specified and the socket is already connected; 812.It Bq Er ENOTCONN 813when trying to send a datagram, but 814no destination address is specified, and the socket has not been 815connected; 816.It Bq Er ENOBUFS 817when the system runs out of memory for 818an internal data structure; 819.It Bq Er EADDRNOTAVAIL 820when an attempt is made to create a 821socket with a network address for which no network interface 822exists. 823.It Bq Er EACCES 824when an attempt is made to create 825a raw IP socket by a non-privileged process. 826.El 827.Pp 828The following errors specific to 829.Tn IP 830may occur when setting or getting 831.Tn IP 832options: 833.Bl -tag -width Er 834.It Bq Er EINVAL 835An unknown socket option name was given. 836.It Bq Er EINVAL 837The IP option field was improperly formed; 838an option field was shorter than the minimum value 839or longer than the option buffer provided. 840.El 841.Pp 842The following errors may occur when attempting to send 843.Tn IP 844datagrams via a 845.Dq raw socket 846with the 847.Dv IP_HDRINCL 848option set: 849.Bl -tag -width Er 850.It Bq Er EINVAL 851The user-supplied 852.Va ip_len 853field was not equal to the length of the datagram written to the socket. 854.El 855.Sh SEE ALSO 856.Xr getsockopt 2 , 857.Xr recv 2 , 858.Xr send 2 , 859.Xr byteorder 3 , 860.Xr sourcefilter 3 , 861.Xr icmp 4 , 862.Xr igmp 4 , 863.Xr inet 4 , 864.Xr intro 4 , 865.Xr multicast 4 866.Rs 867.%A D. Thaler 868.%A B. Fenner 869.%A B. Quinn 870.%T "Socket Interface Extensions for Multicast Source Filters" 871.%N RFC 3678 872.%D Jan 2004 873.Re 874.Sh HISTORY 875The 876.Nm 877protocol appeared in 878.Bx 4.2 . 879The 880.Vt ip_mreqn 881structure appeared in 882.Tn Linux 2.4 . 883.Sh BUGS 884Before 885.Fx 10.0 886packets received on raw IP sockets had the 887.Va ip_hl 888subtracted from the 889.Va ip_len 890field. 891.Pp 892Before 893.Fx 11.0 894packets received on raw IP sockets had the 895.Va ip_len 896and 897.Va ip_off 898fields converted to host byte order. 899Packets written to raw IP sockets were expected to have 900.Va ip_len 901and 902.Va ip_off 903in host byte order. 904