diff options
43 files changed, 2494 insertions, 1176 deletions
diff --git a/man/man2const/IPPROTO_IP.2const b/man/man2const/IPPROTO_IP.2const new file mode 100644 index 0000000000..eedfc24051 --- /dev/null +++ b/man/man2const/IPPROTO_IP.2const @@ -0,0 +1,141 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" FIXME The following socket options are yet to be documented +.\" +.\" IP_XFRM_POLICY (2.5.48) +.\" Needs CAP_NET_ADMIN +.\" +.\" IP_IPSEC_POLICY (2.5.47) +.\" Needs CAP_NET_ADMIN +.\" +.\" IP_MINTTL (2.6.34) +.\" commit d218d11133d888f9745802146a50255a4781d37a +.\" Author: Stephen Hemminger <shemminger@vyatta.com> +.\" +.\" MCAST_JOIN_GROUP (2.4.22 / 2.6) +.\" +.\" MCAST_BLOCK_SOURCE (2.4.22 / 2.6) +.\" +.\" MCAST_UNBLOCK_SOURCE (2.4.22 / 2.6) +.\" +.\" MCAST_LEAVE_GROUP (2.4.22 / 2.6) +.\" +.\" MCAST_JOIN_SOURCE_GROUP (2.4.22 / 2.6) +.\" +.\" MCAST_LEAVE_SOURCE_GROUP (2.4.22 / 2.6) +.\" +.\" MCAST_MSFILTER (2.4.22 / 2.6) +.\" +.\" IP_UNICAST_IF (3.4) +.\" commit 76e21053b5bf33a07c76f99d27a74238310e3c71 +.\" Author: Erich E. Hoover <ehoover@mines.edu> +.\" +.TH IPPROTO_IP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IPPROTO_IP +\- +Linux IPv4 protocol socket options +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~int\~ opt , +.BI " const\~void\~" val [ size ],\~size_t\~ size ); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~int\~ opt , +.BI " void\~" val [ size ],\~size_t\~ size ); +.fi +.SH DESCRIPTION +IP supports some protocol-specific socket options that can be set with +.BR setsockopt (2) +and read with +.BR getsockopt (2). +The socket option level for IP is +.BR IPPROTO_IP . +.\" or SOL_IP on Linux +.P +The following socket options are supported. +.TP +.BR IP_ADD_MEMBERSHIP (2const) +.TQ +.BR IP_ADD_SOURCE_MEMBERSHIP (2const) +.TQ +.BR IP_BIND_ADDRESS_NO_PORT (2const) +.TQ +.BR IP_BLOCK_SOURCE (2const) +.TQ +.BR IP_DROP_MEMBERSHIP (2const) +.TQ +.BR IP_DROP_SOURCE_MEMBERSHIP (2const) +.TQ +.BR IP_FREEBIND (2const) +.TQ +.BR IP_HDRINCL (2const) +.TQ +.BR IP_LOCAL_PORT_RANGE (2const) +.TQ +.BR IP_MSFILTER (2const) +.TQ +.BR IP_MTU (2const) +.TQ +.BR IP_MTU_DISCOVER (2const) +.TQ +.BR IP_MULTICAST_ALL (2const) +.TQ +.BR IP_MULTICAST_IF (2const) +.TQ +.BR IP_MULTICAST_LOOP (2const) +.TQ +.BR IP_MULTICAST_TTL (2const) +.TQ +.BR IP_NODEFRAG (2const) +.TQ +.BR IP_OPTIONS (2const) +.TQ +.BR IP_PASSSEC (2const) +.TQ +.BR IP_PKTINFO (2const) +.TQ +.BR IP_RECVERR (2const) +.TQ +.BR IP_RECVOPTS (2const) +.TQ +.BR IP_RECVORIGDSTADDR (2const) +.TQ +.BR IP_RECVTOS (2const) +.TQ +.BR IP_RECVTTL (2const) +.TQ +.BR IP_RETOPTS (2const) +.TQ +.BR IP_ROUTER_ALERT (2const) +.TQ +.BR IP_TOS (2const) +.TQ +.BR IP_TRANSPARENT (2const) +.TQ +.BR IP_TTL (2const) +.TQ +.BR IP_UNBLOCK_SOURCE (2const) +.TQ +.BR SO_PEERSEC (2const) +.SH ERRORS +See +.BR setsockopt (2). +See +.BR ip (7). +.TP +.B ENOPROTOOPT +.I opt +is invalid. +.\" .SH STANDARDS +.\" IP_XFRM_POLICY is Linux-specific +.\" IP_IPSEC_POLICY is a nonstandard extension, also present on some BSDs +.SH SEE ALSO +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_ADD_MEMBERSHIP.2const b/man/man2const/IP_ADD_MEMBERSHIP.2const new file mode 100644 index 0000000000..aac81abf1a --- /dev/null +++ b/man/man2const/IP_ADD_MEMBERSHIP.2const @@ -0,0 +1,50 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_ADD_MEMBERSHIP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_ADD_MEMBERSHIP +\- +join a multicast group +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_ADD_MEMBERSHIP, +.BI " const\~struct\~ip_mreqn\~*" val ,\~sizeof(struct\~ip_mreqn)); +.fi +.SH DESCRIPTION +Join a multicast group. +.P +.B IP_ADD_MEMBERSHIP +is valid only for +.BR setsockopt (2). +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.TP +.B EINVAL +.I val->imr_multiaddr +is not a valid multicast address. +.SH HISTORY +Linux 1.2. +.P +For compatibility, the old +.I ip_mreq +structure is still supported. +The kernel determines which structure is being passed based +on the size passed in the last argument. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR ip_mreqn (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_ADD_SOURCE_MEMBERSHIP.2const b/man/man2const/IP_ADD_SOURCE_MEMBERSHIP.2const new file mode 100644 index 0000000000..7af7fcc809 --- /dev/null +++ b/man/man2const/IP_ADD_SOURCE_MEMBERSHIP.2const @@ -0,0 +1,44 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_ADD_SOURCE_MEMBERSHIP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_ADD_SOURCE_MEMBERSHIP +\- +join a multicast group +and allow receiving data +only from a specified source +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_ADD_SOURCE_MEMBERSHIP, +.BI " const\~struct\~ip_mreq_source\~*" val , +.B " sizeof(struct\~ip_mreq_source));" +.fi +.SH DESCRIPTION +Join a multicast group and allow receiving data only +from a specified source. +.P +This option can be used multiple times to allow +receiving data from more than one source. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR IP_ADD_MEMBERSHIP (2const), +.BR ip_mreq_source (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_BIND_ADDRESS_NO_PORT.2const b/man/man2const/IP_BIND_ADDRESS_NO_PORT.2const new file mode 100644 index 0000000000..088c1c7650 --- /dev/null +++ b/man/man2const/IP_BIND_ADDRESS_NO_PORT.2const @@ -0,0 +1,42 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_BIND_ADDRESS_NO_PORT 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_BIND_ADDRESS_NO_PORT +\- +don't reserve an ephemeral port +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_BIND_ADDRESS_NO_PORT, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Inform the kernel to not reserve an ephemeral port when using +.BR bind (2) +with a port number of 0. +The port will later be automatically chosen at +.BR connect (2) +time, +in a way that allows sharing a source port as long as the 4-tuple is unique. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 4.2. +.\" commit 90c337da1524863838658078ec34241f45d8394d +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_BLOCK_SOURCE.2const b/man/man2const/IP_BLOCK_SOURCE.2const new file mode 100644 index 0000000000..b6a1ec24b8 --- /dev/null +++ b/man/man2const/IP_BLOCK_SOURCE.2const @@ -0,0 +1,43 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_BLOCK_SOURCE 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_BLOCK_SOURCE +\- +stop receiving multicast data from a specific source in a given group +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_BLOCK_SOURCE, +.BI " const\~struct\~ip_mreq_source\~*" val , +.B " sizeof(struct\~ip_mreq_source));" +.fi +.SH DESCRIPTION +Stop receiving multicast data from a specific source in a given group. +.P +This is valid only after the application has subscribed +to the multicast group using either +.BR IP_ADD_MEMBERSHIP (2const) +or +.BR IP_ADD_SOURCE_MEMBERSHIP (2const). +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR ip_mreq_source (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_DROP_MEMBERSHIP.2const b/man/man2const/IP_DROP_MEMBERSHIP.2const new file mode 100644 index 0000000000..819c407c65 --- /dev/null +++ b/man/man2const/IP_DROP_MEMBERSHIP.2const @@ -0,0 +1,42 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_DROP_MEMBERSHIP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_DROP_MEMBERSHIP +\- +leave a multicast group +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_DROP_MEMBERSHIP, +.BI " const\~struct\~ip_mreqn\~*" val ,\~sizeof(struct\~ip_mreqn)); +.fi +.SH DESCRIPTION +Leave a multicast group. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.2. +.P +For compatibility, the old +.I ip_mreq +structure is still supported. +The kernel determines which structure is being passed based +on the size passed in the last argument. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR ip_mreqn (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_DROP_SOURCE_MEMBERSHIP.2const b/man/man2const/IP_DROP_SOURCE_MEMBERSHIP.2const new file mode 100644 index 0000000000..a1d9ed0c14 --- /dev/null +++ b/man/man2const/IP_DROP_SOURCE_MEMBERSHIP.2const @@ -0,0 +1,48 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_DROP_SOURCE_MEMBERSHIP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_DROP_SOURCE_MEMBERSHIP +\- +leave a source-specific multicast group +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_DROP_SOURCE_MEMBERSHIP, +.BI " const\~struct\~ip_mreq_source\~*" val , +.B " sizeof(struct\~ip_mreq_source));" +.fi +.SH DESCRIPTION +Leave a source-specific group; +that is, +stop receiving data +from a given multicast group +that comes from a given source. +.P +If the application has subscribed to +multiple sources within the same group, +data from the remaining sources will still be delivered. +To stop receiving data from all sources at once, +use +.BR IP_DROP_MEMBERSHIP (2const). +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR ip_mreq_source (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_FREEBIND.2const b/man/man2const/IP_FREEBIND.2const new file mode 100644 index 0000000000..6a00dde940 --- /dev/null +++ b/man/man2const/IP_FREEBIND.2const @@ -0,0 +1,52 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_FREEBIND 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_FREEBIND +\- +bind to a nonlocal or nonexistent IP address +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_FREEBIND, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +If enabled, +this boolean option allows binding to an IP address +that is nonlocal or does not (yet) exist. +.P +This permits listening on a socket, +without requiring +the underlying network interface +or the specified dynamic IP address +to be up at the time +that the application is trying to bind to it. +.P +This option is the per-socket equivalent of the +.I /proc/sys/net/ipv4/ip_nonlocal_bind +interface. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.4. +.\" Precisely: since Linux 2.4.0-test10 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR proc_sys_net_ipv4 (5), +.BR ip (7) diff --git a/man/man2const/IP_HDRINCL.2const b/man/man2const/IP_HDRINCL.2const new file mode 100644 index 0000000000..948c6d651e --- /dev/null +++ b/man/man2const/IP_HDRINCL.2const @@ -0,0 +1,51 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IPPROTO_IP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IPPROTO_IP +\- +include a user-supplied IP header +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_HDRINCL, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +If enabled, +the user supplies an IP header in front of the user data. +.P +Valid only for +.B SOCK_RAW +sockets; +see +.BR raw (7) +for more information. +.P +When this flag is enabled, +the values set by +.BR IP_OPTIONS (2const), +.BR IP_TTL (2const), +and +.BR IP_TOS (2const) +are ignored. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.0. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_LOCAL_PORT_RANGE.2const b/man/man2const/IP_LOCAL_PORT_RANGE.2const new file mode 100644 index 0000000000..c4ac9cb498 --- /dev/null +++ b/man/man2const/IP_LOCAL_PORT_RANGE.2const @@ -0,0 +1,62 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_LOCAL_PORT_RANGE 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_LOCAL_PORT_RANGE +\- +default local port range +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_LOCAL_PORT_RANGE, +.BI " const\~uint32_t\~*" val ,\~sizeof(uint32_t)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_LOCAL_PORT_RANGE, +.BI " uint32_t\~*" val ,\~sizeof(uint32_t)); +.fi +.SH DESCRIPTION +Set or get the per-socket default local port range. +.P +This option can be used to clamp down the global local port range, +defined by the +.I /proc/sys/net/ipv4/ip_local_port_range +interface, +for a given socket. +.P +The option takes an +.I uint32_t +value with +the high 16 bits set to the upper range bound, +and the low 16 bits set to the lower range bound. +Range bounds are inclusive. +The 16-bit values should be in host byte order. +.P +The lower bound has to be less than the upper bound +when both bounds are not zero. +Otherwise, setting the option fails with EINVAL. +.P +If either bound is outside of the global local port range, or is zero, +then that bound has no effect. +.P +To reset the setting, +pass zero as both the upper and the lower bound. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 6.3. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR proc_sys_net_ipv4 (5), +.BR ip (7) diff --git a/man/man2const/IP_MSFILTER.2const b/man/man2const/IP_MSFILTER.2const new file mode 100644 index 0000000000..e05c26a118 --- /dev/null +++ b/man/man2const/IP_MSFILTER.2const @@ -0,0 +1,67 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MSFILTER 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MSFILTER +\- +multicast source filtering +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MSFILTER, +.BI " const\~struct\~ip_msfilter\~*" val , +.B " sizeof(struct\~ip_msfilter));" +.fi +.P +.EX +struct ip_msfilter { + struct in_addr imsf_multiaddr; // IP multicast group address + struct in_addr imsf_interface; // IP address of local interface + uint32_t imsf_fmode; // Filter\-mode +\& + uint32_t imsf_numsrc; // Number of elements in .imsf_slist + struct in_addr imsf_slist[1]; // Array of source addresses +}; +.EE +.SH DESCRIPTION +This option provides access to the advanced full-state filtering API. +.P +There are two macros, +.B MCAST_INCLUDE +and +.BR MCAST_EXCLUDE , +which can be used to specify the filtering mode. +.P +Additionally, +the +.BR IP_MSFILTER_SIZE (n) +macro exists to determine how much memory is needed to store +.I ip_msfilter +structure with +.I n +sources in the source list. +.P +For the full description of multicast source filtering +refer to RFC 3376. +.SH ERRORS +See +.BR IPRROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MTU.2const b/man/man2const/IP_MTU.2const new file mode 100644 index 0000000000..3d3f4b685b --- /dev/null +++ b/man/man2const/IP_MTU.2const @@ -0,0 +1,43 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MTU 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MTU +\- +path maximum transmission unit size +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MTU, +.BI " int\~*" val ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Retrieve the current known path MTU of the current socket. +.P +.B IP_MTU +is valid only for +.BR getsockopt (2), +and can be employed only when the socket has been connected. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR getsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.124 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR getsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MTU_DISCOVER.2const b/man/man2const/IP_MTU_DISCOVER.2const new file mode 100644 index 0000000000..b0f358bec0 --- /dev/null +++ b/man/man2const/IP_MTU_DISCOVER.2const @@ -0,0 +1,127 @@ +'\" t +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MTU_DISCOVER 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MTU_DISCOVER +\- +path maximum transfer unit size discovery +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MTU_DISCOVER, +.BI " const\~int\~*" val ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MTU_DISCOVER, +.BI " int\~*" val ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Set or receive the Path MTU Discovery setting for a socket. +.P +When enabled, +Linux will perform Path MTU Discovery +as defined in RFC\ 1191 on +.B SOCK_STREAM +sockets. +.P +For +.RB non- SOCK_STREAM +sockets, +.B IP_PMTUDISC_DO +forces the don't-fragment flag to be set on all outgoing packets. +It is the user's responsibility to packetize the data +in MTU-sized chunks and to do the retransmits if necessary. +The kernel will reject (with +.BR EMSGSIZE ) +datagrams that are bigger than the known path MTU. +.B IP_PMTUDISC_WANT +will fragment a datagram if needed according to the path MTU, +or will set the don't-fragment flag otherwise. +.P +The system-wide default can be toggled between +.B IP_PMTUDISC_WANT +and +.B IP_PMTUDISC_DONT +by writing (respectively, zero and nonzero values) to the +.I /proc/sys/net/ipv4/ip_no_pmtu_disc +file. +.TS +tab(:); +c l +l l. +Path MTU discovery value:Meaning +IP_PMTUDISC_WANT:Use per-route settings. +IP_PMTUDISC_DONT:Never do Path MTU Discovery. +IP_PMTUDISC_DO:Always do Path MTU Discovery. +IP_PMTUDISC_PROBE:Set DF but ignore Path MTU. +.TE +.P +When PMTU discovery is enabled, the kernel automatically keeps track of +the path MTU per destination host. +When it is connected to a specific peer with +.BR connect (2), +the currently known path MTU can be retrieved conveniently using the +.BR IP_MTU (2const) +socket option (e.g., after an +.B EMSGSIZE +error occurred). +The path MTU may change over time. +For connectionless sockets with many destinations, +the new MTU for a given destination can also be accessed using the +error queue (see +.BR IP_RECVERR (2const)). +A new error will be queued for every incoming MTU update. +.P +While MTU discovery is in progress, initial packets from datagram sockets +may be dropped. +Applications using UDP should be aware of this and not +take it into account for their packet retransmit strategy. +.P +To bootstrap the path MTU discovery process on unconnected sockets, it +is possible to start with a big datagram size +(headers up to 64 kilobytes long) and let it shrink by updates of the path MTU. +.P +To get an initial estimate of the +path MTU, connect a datagram socket to the destination address using +.BR connect (2) +and retrieve the MTU by calling +.BR getsockopt (2) +with the +.BR IP_MTU (2const) +option. +.P +It is possible to implement RFC 4821 MTU probing with +.B SOCK_DGRAM +or +.B SOCK_RAW +sockets by setting a value of +.BR IP_PMTUDISC_PROBE . +This is also particularly useful for diagnostic tools such as +.BR tracepath (8) +that wish to deliberately send probe packets larger than +the observed Path MTU. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.124 +.TP +.B IP_PMTUDISC_PROBE +Linux 2.6.22. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MULTICAST_ALL.2const b/man/man2const/IP_MULTICAST_ALL.2const new file mode 100644 index 0000000000..dd32ec0091 --- /dev/null +++ b/man/man2const/IP_MULTICAST_ALL.2const @@ -0,0 +1,46 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MULTICAST_ALL 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MULTICAST_ALL +\- +delivery policy of multicast messages +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_ALL, +.BI " const\~int\~*" val ,\~sizeof(int)); +.fi +.SH DESCRIPTION +This option can be used to modify the delivery policy of multicast messages. +.P +If set to 1 (default), +the socket will receive messages from all the groups that have been joined +globally on the whole system. +.P +If set to 0, +it will deliver messages only from +the groups that have been explicitly joined +(for example via +.BR IP_ADD_MEMBERSHIP (2const)) +on this particular socket. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.6.31. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MULTICAST_IF.2const b/man/man2const/IP_MULTICAST_IF.2const new file mode 100644 index 0000000000..71d7811544 --- /dev/null +++ b/man/man2const/IP_MULTICAST_IF.2const @@ -0,0 +1,56 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MULTICAST_IF 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MULTICAST_IF +\- +local device for a multicast socket +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_IF, +.BI " const\~void\~" val [ size ],\~size_t\~ size ); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_IF, +.BI " struct\~in_addr\~*" val ,\~sizeof(struct\~in_addr)); +.fi +.SH DESCRIPTION +Set the local device for a multicast socket. +.P +The argument for +.BR setsockopt (2) +is an +.BR ip_mreqn (2type) +or +.\" net: IP_MULTICAST_IF setsockopt now recognizes struct mreq +.\" Commit: 3a084ddb4bf299a6e898a9a07c89f3917f0713f7 +(since Linux 3.5) +.BR ip_mreq (2type) +structure, +or an +.BR in_addr (2type) +structure. +(The kernel determines which structure is being passed based +on the size passed in +.IR size .) +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.2. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR in_addr (2type), +.BR ip_mreqn (2type), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MULTICAST_LOOP.2const b/man/man2const/IP_MULTICAST_LOOP.2const new file mode 100644 index 0000000000..3c59465d8a --- /dev/null +++ b/man/man2const/IP_MULTICAST_LOOP.2const @@ -0,0 +1,38 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MULTICAST_LOOP 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MULTICAST_LOOP +\- +loop back sent multicast packets to local sockets +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_LOOP, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_LOOP, +.BI " int\~*" enabled ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Set or read a boolean integer argument that determines whether +sent multicast packets should be looped back to the local sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.2. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_MULTICAST_TTL.2const b/man/man2const/IP_MULTICAST_TTL.2const new file mode 100644 index 0000000000..f325f4fe4f --- /dev/null +++ b/man/man2const/IP_MULTICAST_TTL.2const @@ -0,0 +1,43 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_MULTICAST_TTL 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_MULTICAST_TTL +\- +time-to-live value of outgoing multicast packets +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_TTL, +.BI " const\~int\~*" ttl ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_MULTICAST_TTL, +.BI " int\~*" ttl ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Set or read the time-to-live value of outgoing multicast packets for this +socket. +.P +The default is 1 which means that multicast packets don't leave the local +network unless the user program explicitly requests it. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.2. +.SH CAVEATS +It is very important for multicast packets to set the smallest TTL possible. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_NODEFRAG.2const b/man/man2const/IP_NODEFRAG.2const new file mode 100644 index 0000000000..da0bfea158 --- /dev/null +++ b/man/man2const/IP_NODEFRAG.2const @@ -0,0 +1,42 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_NODEFRAG 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_NODEFRAG +\- +don't defragmentate outgoing packets +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_NODEFRAG, +.BI " const\~int\~*" val ,\~sizeof(int)); +.fi +.SH DESCRIPTION +If +.I val +is nonzero, +the reassembly of outgoing packets is disabled in the netfilter layer. +.P +This option is valid only for +.B SOCK_RAW +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.6.36. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_OPTIONS.2const b/man/man2const/IP_OPTIONS.2const new file mode 100644 index 0000000000..f60d5aece0 --- /dev/null +++ b/man/man2const/IP_OPTIONS.2const @@ -0,0 +1,71 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_OPTIONS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_OPTIONS +\- +options to be sent with every packet +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_OPTIONS, +.BI " const\~void\~" buf [ size ],\~size_t\~ size ); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_OPTIONS, +.BI " void\~" buf [ size ],\~size_t\~ size ); +.fi +.SH DESCRIPTION +Set or get the IP options to be sent with every packet from this socket. +.P +The arguments are a pointer to a memory buffer containing the options +and the buffer length. +.P +The +.BR setsockopt (2) +call sets the IP options associated with a socket. +The maximum option size for IPv4 is 40 bytes. +See RFC\ 791 for the allowed options. +.P +When the initial connection request packet for a +.B SOCK_STREAM +socket contains IP options, +the IP options will be set automatically +to the options from the initial packet with routing headers reversed. +.P +Incoming packets are not allowed to change options +after the connection is established. +.P +The processing of all incoming source routing options +is disabled by default and can be enabled by using the +.I accept_source_route +.I /proc +interface. +Other options like timestamps are still handled. +.P +For datagram sockets, IP options can be set only by the local user. +.P +Calling +.BR getsockopt (2) +with +.B IP_OPTIONS +puts the current IP options used for sending into the supplied buffer. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.0. +.\" Precisely: since Linux 1.3.30 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_PASSSEC.2const b/man/man2const/IP_PASSSEC.2const new file mode 100644 index 0000000000..46845cf3d8 --- /dev/null +++ b/man/man2const/IP_PASSSEC.2const @@ -0,0 +1,69 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_PASSSEC 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_PASSSEC +\- +receive the security context of the peer socket +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_PASSSEC, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_PASSSEC, +.BI " int\~*" enabled ,\~sizeof(int)); +.fi +.SH DESCRIPTION +If labeled IPSEC or NetLabel is configured on the sending and receiving +hosts, this option enables receiving of the security context of the peer +socket in an ancillary message of type +.B SCM_SECURITY +retrieved using +.BR recvmsg (2). +.P +This option is supported only for UDP sockets; +for TCP or SCTP sockets, +see +.BR SO_PEERSEC (2const). +.P +The security context returned in the +.B SCM_SECURITY +ancillary message +is of the same format as the one described in +.BR SO_PEERSEC (2const). +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.6.17. +.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c +.SH CAVEATS +The reuse of the +.B SCM_SECURITY +message type for the +.B IP_PASSSEC +socket option was likely a mistake, since other IP control messages use +their own numbering scheme in the IP namespace and often use the +socket option value as the message type. +There is no conflict currently since the IP option with the same value as +.B SCM_SECURITY +is +.BR IP_HDRINCL (2const) +and this is never used for a control message type. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_PKTINFO.2const b/man/man2const/IP_PKTINFO.2const new file mode 100644 index 0000000000..9546d68c65 --- /dev/null +++ b/man/man2const/IP_PKTINFO.2const @@ -0,0 +1,111 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_PKTINFO 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_PKTINFO +\- +information about the incoming packet +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_PKTINFO, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.P +.EX +struct in_pktinfo { + unsigned int ipi_ifindex; /* Interface index */ + struct in_addr ipi_spec_dst; /* Local address */ + struct in_addr ipi_addr; /* Header Destination address */ +}; +.EE +.SH DESCRIPTION +Pass an +.B IP_PKTINFO +ancillary message that contains a +.I pktinfo +structure that supplies some information about the incoming packet. +This works only for datagram oriented sockets. +.P +The argument is a flag that tells the socket whether the +.B IP_PKTINFO +message should be passed or not. +.P +The message itself can be sent/retrieved +only as a control message with a packet using +.BR recvmsg (2) +or +.BR sendmsg (2). +.P +When returned by +.BR recvmsg (2) , +.I .ipi_ifindex +is the unique index of the interface the packet was received on. +.I .ipi_spec_dst +is the preferred source address for replies to the given packet, +and +.I .ipi_addr +is the destination address in the packet header. +These addresses are usually the same, +but can differ for broadcast or multicast packets. +Depending on the configured routes, +.I .ipi_spec_dst +might belong to a different interface from the one that received the packet. +.P +If +.B IP_PKTINFO +is passed to +.BR sendmsg (2) +and +.\" This field is grossly misnamed +.I .ipi_spec_dst +is not zero, +then it is used as the local source address, +for the routing table lookup, +and for setting up IP source route options. +When +.I .ipi_ifindex +is not zero, +the primary local address of the interface specified by the index +overwrites +.I .ipi_spec_dst +for the routing table lookup. +.I .ipi_addr +is ignored. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH VERSIONS +Some BSD sockets implementations provide +.B IP_RCVDSTADDR +and +.B IP_RECVIF +socket options to get the destination address and the interface of +received datagrams. +Linux has the more general +.B IP_PKTINFO +for the same task. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.68 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RECVERR.2const b/man/man2const/IP_RECVERR.2const new file mode 100644 index 0000000000..dba2216518 --- /dev/null +++ b/man/man2const/IP_RECVERR.2const @@ -0,0 +1,188 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RECVERR 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RECVERR +\- +extended reliable error message passing +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RECVERR, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RECVERR, +.BI " int\~*" enabled ,\~sizeof(int)); +.fi +.P +.EX +struct sock_extended_err { + uint32_t ee_errno; /* error number */ + uint8_t ee_origin; /* where the error originated */ + uint8_t ee_type; /* type */ + uint8_t ee_code; /* code */ + uint8_t ee_pad; + uint32_t ee_info; /* additional information */ + uint32_t ee_data; /* other data */ + /* More data may follow */ +}; +.EE +.P +.nf +#define SO_EE_ORIGIN_NONE 0 +#define SO_EE_ORIGIN_LOCAL 1 +#define SO_EE_ORIGIN_ICMP 2 +#define SO_EE_ORIGIN_ICMP6 3 +.P +.B struct\~sockaddr\~*SO_EE_OFFENDER(struct\~sock_extended_err\~*); +.SH DESCRIPTION +Enable extended reliable error message passing +(default: disabled). +.P +When enabled on a datagram socket, +all generated errors will be queued in a per-socket error queue. +When the user receives an error from a socket operation, +the errors can be received by calling +.BR recvmsg (2) +with the +.B MSG_ERRQUEUE +flag set. +The +.I sock_extended_err +structure describing the error +will be passed in an ancillary message +with the type +.B IP_RECVERR +and the level +.BR IPPROTO_IP . +.\" or SOL_IP on Linux +This is useful for reliable error handling on unconnected sockets. +The received data portion of the error queue contains the error packet. +.P +The +.B IP_RECVERR +control message contains a +.I sock_extended_err +structure. +.TP +.I .ee_errno +contains the +.I errno +number of the queued error. +.TP +.I .ee_origin +is the origin code of where the error originated. +.P +The other fields are protocol-specific. +.P +The macro +.BR SO_EE_OFFENDER () +returns a pointer to the address of the network object +where the error originated from +given a pointer to the ancillary message. +If this address is not known, +the +.I .sa_family +member of the +.I sockaddr +contains +.B AF_UNSPEC +and the other fields of the +.I sockaddr +are undefined. +.P +IP uses the +.I sock_extended_err +structure as follows: +.IP \[bu] 3 +.I .ee_origin +is set to +.B SO_EE_ORIGIN_ICMP +for errors received as an ICMP packet, +or +.B SO_EE_ORIGIN_LOCAL +for locally generated errors. +Unknown values should be ignored. +.IP \[bu] +.I .ee_type +and +.I .ee_code +are set from the type and code fields of the ICMP header. +.IP \[bu] +.I .ee_info +contains the discovered MTU for +.B EMSGSIZE +errors. +.IP \[bu] +The message also contains the +.I sockaddr_in +of the node caused that the error, +which can be accessed with the +.BR SO_EE_OFFENDER () +macro. +.P +The +.I .sin_family +field of the +.BR SO_EE_OFFENDER () +address is +.B AF_UNSPEC +when the source was unknown. +When the error originated from the network, all IP options +.RB ( IP_OPTIONS (2const), +.BR IP_TTL (2const), +etc.) enabled on the socket and contained in the +error packet are passed as control messages. +The payload of the packet causing the error is returned as normal payload. +.\" FIXME . Is it a good idea to document that? It is a dubious feature. +.\" On +.\" .B SOCK_STREAM +.\" sockets, +.\" .B IP_RECVERR +.\" has slightly different semantics. Instead of +.\" saving the errors for the next timeout, it passes all incoming +.\" errors immediately to the user. +.\" This might be useful for very short-lived TCP connections which +.\" need fast error handling. Use this option with care: +.\" it makes TCP unreliable +.\" by not allowing it to recover properly from routing +.\" shifts and other normal +.\" conditions and breaks the protocol specification. +.P +TCP has no error queue; +.B MSG_ERRQUEUE +is not permitted on +.B SOCK_STREAM +sockets. +.B IP_RECVERR +is valid for TCP, +but all errors are returned by socket function return or +.B SO_ERROR +only. +.P +For raw sockets, +.B IP_RECVERR +enables passing of all received ICMP errors to the +application, otherwise errors are reported only on connected sockets +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.15 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RECVOPTS.2const b/man/man2const/IP_RECVOPTS.2const new file mode 100644 index 0000000000..4b5b95fb78 --- /dev/null +++ b/man/man2const/IP_RECVOPTS.2const @@ -0,0 +1,45 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RECVOPTS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RECVOPTS +\- +receive all incoming IP options in control message +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RECVOPTS, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Pass all incoming IP options to the user in a +.BR IP_OPTIONS (2const) +control message. +.P +The routing header and other options are already filled in +for the local host. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.15 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RECVORIGDSTADDR.2const b/man/man2const/IP_RECVORIGDSTADDR.2const new file mode 100644 index 0000000000..505c5eadab --- /dev/null +++ b/man/man2const/IP_RECVORIGDSTADDR.2const @@ -0,0 +1,51 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RECVORIGDSTADDR 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RECVORIGDSTADDR +\- +receive IP_ORIGDSTADDR control message +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RECVORIGDSTADDR, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +This boolean option enables the +.B IP_ORIGDSTADDR +ancillary message in +.BR recvmsg (2), +in which the kernel returns the original destination address +of the datagram being received. +.P +The ancillary message contains a +.BR sockaddr_in (2type) +structure. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.6.29. +.\" commit e8b2dfe9b4501ed0047459b2756ba26e5a940a69 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RECVTOS.2const b/man/man2const/IP_RECVTOS.2const new file mode 100644 index 0000000000..e246b187d7 --- /dev/null +++ b/man/man2const/IP_RECVTOS.2const @@ -0,0 +1,45 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RECVTOS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RECVTOS +\- +receive IP_TOS control message +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RECVTOS, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +If enabled, +the +.BR IP_TOS (2const) +ancillary message is passed with incoming packets. +It contains a byte which specifies the Type of Service/Precedence +field of the packet header. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.68 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RECVTTL.2const b/man/man2const/IP_RECVTTL.2const new file mode 100644 index 0000000000..77eeaec2c9 --- /dev/null +++ b/man/man2const/IP_RECVTTL.2const @@ -0,0 +1,54 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RECVTTL 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RECVTTL +\- +enable IP_TTL control message +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~int\~ opt , +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +When this flag is set, +pass a +.BR IP_TTL (2const) +control message +with the time-to-live field +of the received packet as a 32 bit integer. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH VERSIONS +Some BSD sockets implementations also provide an +.B IP_RECVTTL +option, but an ancillary message with type +.B IP_RECVTTL +is passed with the incoming packet. +This is different from the +.BR IP_TTL (2const) +option used in Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.68 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_RETOPTS.2const b/man/man2const/IP_RETOPTS.2const new file mode 100644 index 0000000000..e750166f62 --- /dev/null +++ b/man/man2const/IP_RETOPTS.2const @@ -0,0 +1,43 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_RETOPTS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_RETOPTS +\- +receive most incoming IP options in control message +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_RETOPTS, +.BI " const\~int\~*" enabled ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Identical to +.BR IP_RECVOPTS (2const), +but returns raw unprocessed options with timestamp and route record +options not filled in for this hop. +.P +Not supported for +.B SOCK_STREAM +sockets. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.15 +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_ROUTER_ALERT.2const b/man/man2const/IP_ROUTER_ALERT.2const new file mode 100644 index 0000000000..6aea0ca8c3 --- /dev/null +++ b/man/man2const/IP_ROUTER_ALERT.2const @@ -0,0 +1,49 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_ROUTER_ALERT 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_ROUTER_ALERT +\- +pass all to-be forwarded packets +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_ROUTER_ALERT, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Pass all to-be forwarded packets with the +IP Router Alert option set to this socket. +.P +Valid only for raw sockets. +.P +This is useful, for instance, for user-space RSVP daemons. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.2. +.\" Precisely: since Linux 2.1.68 +.SH CAVEATS +The tapped packets are not forwarded by the kernel; +it is the user's responsibility to send them out again. +.P +Socket binding is ignored, +such packets are filtered only by protocol. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_TOS.2const b/man/man2const/IP_TOS.2const new file mode 100644 index 0000000000..b5def16716 --- /dev/null +++ b/man/man2const/IP_TOS.2const @@ -0,0 +1,70 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_TOS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_TOS +\- +type of service +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TOS, +.BI " const\~int\~*" tos ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TOS, +.BI " int\~*" tos ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Set or receive the Type-Of-Service (TOS) field that is sent +with every IP packet originating from this socket. +It is used to prioritize packets on the network. +.P +There are some standard TOS flags defined: +.TP +.B IPTOS_LOWDELAY +to minimize delays for interactive traffic, +.TP +.B IPTOS_THROUGHPUT +to optimize throughput, +.TP +.B IPTOS_RELIABILITY +to optimize for reliability, +.TP +.B IPTOS_MINCOST +should be used for "filler data" where slow transmission doesn't matter. +.P +At most one of these TOS values can be specified. +Other bits are invalid and shall be cleared. +.P +Linux sends +.B IPTOS_LOWDELAY +datagrams first by default, +but the exact behavior depends on the configured queueing discipline. +.\" FIXME elaborate on this +.P +Some high-priority levels may require superuser privileges (the +.B CAP_NET_ADMIN +capability). +.\" The priority can also be set in a protocol-independent way by the +.\" .RB ( SOL_SOCKET ", " SO_PRIORITY ) +.\" socket option (see +.\" .BR socket (7)). +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.0. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_TRANSPARENT.2const b/man/man2const/IP_TRANSPARENT.2const new file mode 100644 index 0000000000..c885ebd619 --- /dev/null +++ b/man/man2const/IP_TRANSPARENT.2const @@ -0,0 +1,62 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_TRANSPARENT 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_TRANSPARENT +\- +transparent proxying +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TRANSPARENT, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Setting this boolean option enables transparent proxying on this socket. +.P +This socket option allows +the calling application to bind to a nonlocal IP address and operate +both as a client and a server with the foreign address as the local endpoint. +.P +This requires that routing be set up in a way that +packets going to the foreign address are routed through the TProxy box +(i.e., the system hosting the application that employs the +.B IP_TRANSPARENT +socket option). +.P +Enabling this socket option requires superuser privileges +(the +.B CAP_NET_ADMIN +or +.B CAP_NET_RAW +capability). +.P +TProxy redirection with the iptables TPROXY target also requires that +this option be set on the redirected socket. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.6.24. +.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e +.\" This patch introduces the IP_TRANSPARENT socket option: enabling that +.\" will make the IPv4 routing omit the non-local source address check on +.\" output. Setting IP_TRANSPARENT requires NET_ADMIN capability. +.\" http://lwn.net/Articles/252545/ +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_TTL.2const b/man/man2const/IP_TTL.2const new file mode 100644 index 0000000000..305b5c97f1 --- /dev/null +++ b/man/man2const/IP_TTL.2const @@ -0,0 +1,38 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_TTL 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_TTL +\- +time to live +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TTL, +.BI " const\~int\~*" ttl ,\~sizeof(int)); +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TTL, +.BI " int\~*" ttl ,\~sizeof(int)); +.fi +.SH DESCRIPTION +Set or retrieve the current time-to-live field that is used in every packet +sent from this socket. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 1.0. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/IP_UNBLOCK_SOURCE.2const b/man/man2const/IP_UNBLOCK_SOURCE.2const new file mode 100644 index 0000000000..82ffd1b50d --- /dev/null +++ b/man/man2const/IP_UNBLOCK_SOURCE.2const @@ -0,0 +1,40 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_UNBLOCK_SOURCE 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_UNBLOCK_SOURCE +\- +unblock multicast source +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_UNBLOCK_SOURCE, +.BI " const\~struct\~ip_mreq_source\~*" src , +.B " sizeof(struct\~ip_mreq_source));" +.fi +.SH DESCRIPTION +Unblock previously blocked multicast source. +.P +Fails with +.B EADDRNOTAVAIL +when given source is not being blocked. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2const/SO_PEERSEC.2const b/man/man2const/SO_PEERSEC.2const new file mode 100644 index 0000000000..bf6f9a34e3 --- /dev/null +++ b/man/man2const/SO_PEERSEC.2const @@ -0,0 +1,96 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH SO_PEERSEC 2const (date) "Linux man-pages (unreleased)" +.SH NAME +SO_PEERSEC +\- +get the security context of a peer socker +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.B #include <sys/socket.h> +.P +.BI int\~getsockopt(int\~ sockfd ,\~IPPROTO_IP,\~SO_PEERSEC, +.BI " void\~" buf [ size ],\~size_t\~ size ); +.fi +.SH DESCRIPTION +If labeled IPSEC or NetLabel is configured on both the sending and +receiving hosts, this read-only socket option returns the security +context of the peer socket connected to this socket. +By default, +this will be the same as the security context of the process that created +the peer socket unless overridden by the policy or by a process with +the required permissions. +.P +The argument to +.BR getsockopt (2) +is a pointer to a buffer of the specified length in bytes +into which the security context string will be copied. +If the buffer length is less than the length of the security +context string, then +.BR getsockopt (2) +returns \-1, sets +.I errno +to +.BR ERANGE , +and returns the required length via +.IR size . +The caller should allocate at least +.B NAME_MAX +bytes for the buffer initially, although this is not guaranteed +to be sufficient. +Resizing the buffer to the returned length +and retrying may be necessary. +.P +The security context string may include a terminating null character +in the returned length, but is not guaranteed to do so: a security +context "foo" might be represented as either {'f','o','o'} of length 3 +or {'f','o','o','\[rs]0'} of length 4, which are considered to be +interchangeable. +The string is printable, +does not contain non-terminating null characters, +and is in an unspecified encoding +(in particular, +it is not guaranteed to be ASCII or UTF-8). +.P +The use of this option for sockets in the +.B AF_INET +address family is supported since Linux 2.6.17 +.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c +for TCP sockets, +and since Linux 4.17 +.\" commit d452930fd3b9031e59abfeddb2fa383f1403d61a +for SCTP sockets. +.P +For SELinux, NetLabel conveys only the MLS portion of the security +context of the peer across the wire, defaulting the rest of the +security context to the values defined in the policy for the +netmsg initial security identifier (SID). +However, NetLabel can +be configured to pass full security contexts over loopback. +Labeled IPSEC always passes full security contexts as part of establishing +the security association (SA) and looks them up based on the association +for each packet. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.TP +.B ERANGE +The buffer +.I size +is not enough. +.SH HISTORY +Linux 2.6.17. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7) diff --git a/man/man2type/ip_mreq.2type b/man/man2type/ip_mreq.2type new file mode 100644 index 0000000000..f4133e8849 --- /dev/null +++ b/man/man2type/ip_mreq.2type @@ -0,0 +1 @@ +.so man2type/ip_mreqn.2type diff --git a/man/man2type/ip_mreq_source.2type b/man/man2type/ip_mreq_source.2type new file mode 100644 index 0000000000..00bd3b9aac --- /dev/null +++ b/man/man2type/ip_mreq_source.2type @@ -0,0 +1,50 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH ip_mreq_source 2type (date) "Linux man-pages (unreleased)" +.SH NAME +ip_mreq_source +\- +IP multicast request source +.SH LIBRARY +Standard C library +.RI ( libc ) +.SH SYNOPSIS +.nf +.B #include <netinet/in.h> +.fi +.P +.EX +struct ip_mreq_source { + struct in_addr imr_multiaddr; /* IP multicast group address */ + struct in_addr imr_interface; /* IP address of local interface */ + struct in_addr imr_sourceaddr; /* IP address of multicast source */ +}; +.EE +.SH DESCRIPTION +The +.I ip_mreq_source +structure is similar to the +.BR ip_mreqn (2type) +structure. +.TP +.I .imr_multiaddr +The address of the multicast group +the application wants to join or leave. +.TP +.I .imr_interface +The address of the local interface with which +the system should join or leave the multicast group. +.TP +.I .imr_sourceaddr +The address of the source +the application wants to receive data from. +.SH HISTORY +Linux 2.4.22, Linux 2.5.68. +.SH SEE ALSO +.BR IP_ADD_SOURCE_MEMBERSHIP (2const), +.BR IP_BLOCK_SOURCE (2const), +.BR IP_DROP_SOURCE_MEMBERSHIP (2const), +.BR IP_UNBLOCK_SOURCE (2const), +.BR ip (7). diff --git a/man/man2type/ip_mreqn.2type b/man/man2type/ip_mreqn.2type new file mode 100644 index 0000000000..7e6693cb96 --- /dev/null +++ b/man/man2type/ip_mreqn.2type @@ -0,0 +1,62 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH ip_mreqn 2type (date) "Linux man-pages (unreleased)" +.SH NAME +ip_mreqn, +ip_mreq +\- +IP multicast request index +.SH LIBRARY +Standard C library +.RI ( libc ) +.SH SYNOPSIS +.nf +.BR "#include <netinet/in.h>" " /* Definition of " IP* " constants */" +.fi +.P +.EX +struct ip_mreqn { + struct in_addr imr_multiaddr; /* IP multicast group address */ + struct in_addr imr_address; /* IP address of local interface */ + int imr_ifindex; /* interface index */ +}; +.P +struct ip_mreq { + struct in_addr imr_multiaddr; /* IP multicast group address */ + struct in_addr imr_address; /* IP address of local interface */ +}; +.EE +.SH DESCRIPTION +.TP +.I .imr_multiaddr +The address of the multicast group +the application wants to join or leave. +It must be a valid multicast address. +.\" (i.e., within the 224.0.0.0-239.255.255.255 range) +.TP +.I .imr_address +The address of the local interface with which the system +should join the multicast group; +if it is equal to +.BR INADDR_ANY , +an appropriate interface is chosen by the system. +.TP +.I .imr_ifindex +The interface index of the interface that should join/leave the +.I .imr_multiaddr +group, +or 0 to indicate any interface. +.SH HISTORY +.TP +.I ip_mreqn +Linux 2.2. +.TP +.I ip_mreq +Linux 1.2. +.SH SEE ALSO +.BR IP_ADD_MEMBERSHIP (2const), +.BR IP_DROP_MEMBERSHIP (2const), +.BR IP_MULTICAST_IF (2const), +.BR ip (7) diff --git a/man/man3type/sockaddr.3type b/man/man3type/sockaddr.3type index d0307280e5..f39b2cc8be 100644 --- a/man/man3type/sockaddr.3type +++ b/man/man3type/sockaddr.3type @@ -4,8 +4,7 @@ .\" .TH sockaddr 3type (date) "Linux man-pages (unreleased)" .SH NAME -sockaddr, sockaddr_storage, sockaddr_in, sockaddr_in6, sockaddr_un, socklen_t, -in_addr, in6_addr, in_addr_t, in_port_t, +sockaddr, sockaddr_storage, socklen_t \- socket address .SH LIBRARY Standard C library @@ -27,44 +26,6 @@ Standard C library .BR typedef " /* ... */ " sa_family_t; .P .EE -.SS Internet domain sockets -.EX -.B #include <netinet/in.h> -.P -.B struct sockaddr_in { -.BR " sa_family_t sin_family;" " /* " AF_INET " */" -.BR " in_port_t sin_port;" " /* Port number */" -.BR " struct in_addr sin_addr;" " /* IPv4 address */" -.B }; -.P -.B struct sockaddr_in6 { -.BR " sa_family_t sin6_family;" " /* " AF_INET6 " */" -.BR " in_port_t sin6_port;" " /* Port number */" -.BR " uint32_t sin6_flowinfo;" " /* IPv6 flow info */" -.BR " struct in6_addr sin6_addr;" " /* IPv6 address */" -.BR " uint32_t sin6_scope_id;" " /* Set of interfaces for a scope */" -.B }; -.P -.B struct in_addr { -.B " in_addr_t s_addr;" -.B }; -.P -.B struct in6_addr { -.B " uint8_t s6_addr[16];" -.B }; -.P -.B typedef uint32_t in_addr_t; -.B typedef uint16_t in_port_t; -.EE -.SS UNIX domain sockets -.EX -.B #include <sys/un.h> -.P -.B struct sockaddr_un { -.BR " sa_family_t sun_family;" " /* Address family */" -.BR " char sun_path[];" " /* Socket pathname */" -.B }; -.EE .SH DESCRIPTION .TP .I sockaddr @@ -87,25 +48,13 @@ This is an integer type of at least 32 bits. Describes a socket's protocol family. This is an unsigned integer type. .SS Internet domain sockets -.TP -.I sockaddr_in -Describes an IPv4 Internet domain socket address. -The -.I sin_port +See +.BR sockaddr_in (3type) and -.I sin_addr -members are stored in network byte order. -.TP -.I sockaddr_in6 -Describes an IPv6 Internet domain socket address. -The -.I sin6_addr.s6_addr -array is used to contain a 128-bit IPv6 address, -stored in network byte order. +.BR sockaddr_in6 (3type). .SS UNIX domain sockets -.TP -.I sockaddr_un -Describes a UNIX domain socket address. +See +.BR sockaddr_un (3type). .SH STANDARDS POSIX.1-2024. .SH HISTORY diff --git a/man/man3type/sockaddr_in.3type b/man/man3type/sockaddr_in.3type index 39e914c307..fc55edae28 100644 --- a/man/man3type/sockaddr_in.3type +++ b/man/man3type/sockaddr_in.3type @@ -1 +1,46 @@ -.so man3type/sockaddr.3type +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH sockaddr_in 3type (date) "Linux man-pages (unreleased)" +.SH NAME +sockaddr_in, +in_addr, in_addr_t, in_port_t +\- +IPv4 socket address +.SH LIBRARY +Standard C library +.RI ( libc ) +.SH SYNOPSIS +.EX +.B #include <netinet/in.h> +.P +.B struct sockaddr_in { +.BR " sa_family_t sin_family;" " /* " AF_INET " */" +.BR " in_port_t sin_port;" " /* Port number */" +.BR " struct in_addr sin_addr;" " /* IPv4 address */" +.B }; +.P +.B struct in_addr { +.B " in_addr_t s_addr;" +.B }; +.P +.B typedef uint32_t in_addr_t; +.B typedef uint16_t in_port_t; +.EE +.SH DESCRIPTION +.TP +.I sockaddr_in +Describes an IPv4 Internet domain socket address. +.IP +.I .sin_port +and +.I .sin_addr +are stored in network byte order. +.SH STANDARDS +POSIX.1-2024. +.SH HISTORY +POSIX.1-2001. +.SH SEE ALSO +.BR sockaddr (3type), +.BR sockaddr_in6 (3type) diff --git a/man/man3type/sockaddr_in6.3type b/man/man3type/sockaddr_in6.3type index 39e914c307..7a62af088c 100644 --- a/man/man3type/sockaddr_in6.3type +++ b/man/man3type/sockaddr_in6.3type @@ -1 +1,44 @@ -.so man3type/sockaddr.3type +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH sockaddr_in6 3type (date) "Linux man-pages (unreleased)" +.SH NAME +sockaddr_in6, +in6_addr +\- +IPv6 socket address +.SH LIBRARY +Standard C library +.RI ( libc ) +.SH SYNOPSIS +.EX +.B #include <netinet/in.h> +.P +.B struct sockaddr_in6 { +.BR " sa_family_t sin6_family;" " /* " AF_INET6 " */" +.BR " in_port_t sin6_port;" " /* Port number */" +.BR " uint32_t sin6_flowinfo;" " /* IPv6 flow info */" +.BR " struct in6_addr sin6_addr;" " /* IPv6 address */" +.BR " uint32_t sin6_scope_id;" " /* Set of interfaces for a scope */" +.B }; +.P +.B struct in6_addr { +.B " uint8_t s6_addr[16];" +.B }; +.EE +.SH DESCRIPTION +.TP +.I sockaddr_in6 +Describes an IPv6 Internet domain socket address. +.TP +.I in6_addr +Contains a 128-bit IPv6 address, +stored in network byte order. +.SH STANDARDS +POSIX.1-2024. +.SH HISTORY +POSIX.1-2001. +.SH SEE ALSO +.BR sockaddr_in (3type), +.BR sockaddr (3type) diff --git a/man/man3type/sockaddr_un.3type b/man/man3type/sockaddr_un.3type index 39e914c307..e846c2120f 100644 --- a/man/man3type/sockaddr_un.3type +++ b/man/man3type/sockaddr_un.3type @@ -1 +1,30 @@ -.so man3type/sockaddr.3type +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH sockaddr_un 3type (date) "Linux man-pages (unreleased)" +.SH NAME +sockaddr_un +\- UNIX domain socket address +.SH LIBRARY +Standard C library +.RI ( libc ) +.SH SYNOPSIS +.EX +.B #include <sys/un.h> +.P +.B struct sockaddr_un { +.BR " sa_family_t sun_family;" " /* Address family */" +.BR " char sun_path[];" " /* Socket pathname */" +.B }; +.EE +.SH DESCRIPTION +.TP +.I sockaddr_un +Describes a UNIX domain socket address. +.SH STANDARDS +POSIX.1-2024. +.SH HISTORY +POSIX.1-2001. +.SH SEE ALSO +.BR sockaddr (3) diff --git a/man/man5/proc_sys_net.5 b/man/man5/proc_sys_net.5 index 9149fc70a2..c72097bb2a 100644 --- a/man/man5/proc_sys_net.5 +++ b/man/man5/proc_sys_net.5 @@ -26,6 +26,10 @@ argument of see the .BR listen (2) manual page for details. +.TP +.I /proc/sys/net/ipv4/ +See +.BR proc_sys_net_ipv4 (5). .SH SEE ALSO .BR proc (5), .BR proc_net (5) diff --git a/man/man5/proc_sys_net_ipv4.5 b/man/man5/proc_sys_net_ipv4.5 new file mode 100644 index 0000000000..57917cd64b --- /dev/null +++ b/man/man5/proc_sys_net_ipv4.5 @@ -0,0 +1,167 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH proc_sys_net_ipv4 5 (date) "Linux man-pages (unreleased)" +.SH NAME +/proc/sys/net/ipv4/ +\- +IPv4 +.SH DESCRIPTION +The IP protocol +supports a set of +.I /proc +interfaces to configure some global parameters. +The parameters can be accessed by reading or writing files in the directory +.IR /proc/sys/net/ipv4/ . +.\" FIXME As at 2.6.12, 14 Jun 2005, the following are undocumented: +.\" /proc/sys/net/ipv4/ip_queue_maxlen +.\" /proc/sys/net/ipv4/ip_conntrack_max +Interfaces described as +.I Boolean +take an integer value, with a nonzero value ("true") meaning that +the corresponding option is enabled, and a zero value ("false") +meaning that the option is disabled. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_always_defrag " (Boolean; since Linux 2.2.13)" +[New with Linux 2.2.13; +in earlier kernel versions this feature +was controlled at compile time by the +.B CONFIG_IP_ALWAYS_DEFRAG +option; this option is not present in Linux 2.4.x and later] +.IP +When this boolean flag is enabled (not equal 0), incoming fragments +(parts of IP packets +that arose when some host between origin and destination decided +that the packets were too large and cut them into pieces) will be +reassembled (defragmented) before being processed, even if they are +about to be forwarded. +.IP +Enable only if running +either a firewall that is the sole link to your network +or a transparent proxy; +never ever use it for a normal router or host. +Otherwise, +fragmented communication can be disturbed +if the fragments travel over different links. +Defragmentation also has a large memory and CPU time cost. +.IP +This is automagically turned on +when masquerading or transparent proxying are configured. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_autoconfig " (since Linux 2.2 to Linux 2.6.17)" +.\" Precisely: since Linux 2.1.68 +.\" FIXME document /proc/sys/net/ipv4/ip_autoconfig +Not documented. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_default_ttl " (integer; default: 64; since Linux 2.2)" +.\" Precisely: since Linux 2.1.15 +Set the default time-to-live value of outgoing packets. +This can be changed per socket with the +.B IP_TTL +option. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_dynaddr " (Boolean; default: disabled; since Linux 2.0.31)" +Enable dynamic socket address and masquerading entry rewriting on interface +address change. +This is useful for dialup interface with changing IP addresses. +0 means no rewriting, 1 turns it on and 2 enables verbose mode. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_forward " (Boolean; default: disabled; since Linux 1.2)" +Enable IP forwarding with a boolean flag. +IP forwarding can be also set on a per-interface basis. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_local_port_range " (since Linux 2.2)" +.\" Precisely: since Linux 2.1.68 +This file contains two integers that define the default local port range +allocated to sockets that are not explicitly bound to a port number\[em]that +is, the range used for +.IR "ephemeral ports" . +An ephemeral port is allocated to a socket in the following circumstances: +.RS +.IP \[bu] 3 +the port number in a socket address is specified as 0 when calling +.BR bind (2); +.IP \[bu] +.BR listen (2) +is called on a stream socket that was not previously bound; +.IP \[bu] +.BR connect (2) +was called on a socket that was not previously bound; +.IP \[bu] +.BR sendto (2) +is called on a datagram socket that was not previously bound. +.RE +.IP +Allocation of ephemeral ports starts with the first number in +.I /proc/sys/net/ipv4/ip_local_port_range +and ends with the second number. +If the range of ephemeral ports is exhausted, +then the relevant system call returns an error (but see BUGS). +.IP +Note that the port range in +.I /proc/sys/net/ipv4/ip_local_port_range +should not conflict with the ports used by masquerading +(although the case is handled). +Also, arbitrary choices may cause problems with some firewall packet +filters that make assumptions about the local ports in use. +The first number should be at least greater than 1024, +or better, greater than 4096, to avoid clashes +with well known ports and to minimize firewall problems. +.\" +.TP +.IR /proc/sys/net/ipv4/ip_no_pmtu_disc " (Boolean; default: disabled; since Linux 2.2)" +.\" Precisely: 2.1.15 +If enabled, don't do Path MTU Discovery for TCP sockets by default. +Path MTU discovery may fail if misconfigured firewalls (that drop +all ICMP packets) or misconfigured interfaces (e.g., a point-to-point +link where the both ends don't agree on the MTU) are on the path. +It is better to fix the broken routers on the path than to turn off +Path MTU Discovery globally, because not doing it incurs a high cost +to the network. +.\" +.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt +.TP +.IR /proc/sys/net/ipv4/ip_nonlocal_bind " (Boolean; default: disabled; since Linux 2.4)" +.\" Precisely: patch-2.4.0-test10 +If set, allows processes to +.BR bind (2) +to nonlocal IP addresses, +which can be quite useful, but may break some applications. +.\" +.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt +.TP +.IR /proc/sys/net/ipv4/ip6frag_time " (integer; default: 30)" +Time in seconds to keep an IPv6 fragment in memory. +.\" +.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt +.TP +.IR /proc/sys/net/ipv4/ip6frag_secret_interval " (integer; default: 600)" +Regeneration interval (in seconds) of the hash secret (or lifetime +for the hash secret) for IPv6 fragments. +.TP +.IR /proc/sys/net/ipv4/ipfrag_high_thresh " (integer)" +.TQ +.IR /proc/sys/net/ipv4/ipfrag_low_thresh " (integer)" +If the amount of queued IP fragments reaches +.IR /proc/sys/net/ipv4/ipfrag_high_thresh , +the queue is pruned down to +.IR /proc/sys/net/ipv4/ipfrag_low_thresh . +Contains an integer with the number of bytes. +.TP +.IR /proc/sys/net/ipv4/neigh/ * +See +.BR arp (7). +.\" FIXME Document the conf/*/* interfaces +.\" +.\" FIXME Document the route/* interfaces +.SH SEE ALSO +.BR proc (5), +.BR proc_sys_net (5), +.BR ip (7) diff --git a/man/man7/ip.7 b/man/man7/ip.7 index 2d42e5f84e..60081cbea0 100644 --- a/man/man7/ip.7 +++ b/man/man7/ip.7 @@ -1,38 +1,7 @@ -'\" t .\" Copyright, the authors of the Linux man-pages project .\" .\" SPDX-License-Identifier: Linux-man-pages-1-para .\" -.\" FIXME The following socket options are yet to be documented -.\" -.\" IP_XFRM_POLICY (2.5.48) -.\" Needs CAP_NET_ADMIN -.\" -.\" IP_IPSEC_POLICY (2.5.47) -.\" Needs CAP_NET_ADMIN -.\" -.\" IP_MINTTL (2.6.34) -.\" commit d218d11133d888f9745802146a50255a4781d37a -.\" Author: Stephen Hemminger <shemminger@vyatta.com> -.\" -.\" MCAST_JOIN_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_BLOCK_SOURCE (2.4.22 / 2.6) -.\" -.\" MCAST_UNBLOCK_SOURCE (2.4.22 / 2.6) -.\" -.\" MCAST_LEAVE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_JOIN_SOURCE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_LEAVE_SOURCE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_MSFILTER (2.4.22 / 2.6) -.\" -.\" IP_UNICAST_IF (3.4) -.\" commit 76e21053b5bf33a07c76f99d27a74238310e3c71 -.\" Author: Erich E. Hoover <ehoover@mines.edu> -.\" .TH ip 7 (date) "Linux man-pages (unreleased)" .SH NAME ip \- Linux IPv4 protocol implementation @@ -148,31 +117,19 @@ are implemented by higher level protocols like and .BR tcp (7). On raw sockets -.I sin_port +.I .sin_port is set to the IP protocol. .P -.in +4n -.EX -struct sockaddr_in { - sa_family_t sin_family; /* address family: AF_INET */ - in_port_t sin_port; /* port in network byte order */ - struct in_addr sin_addr; /* internet address */ -}; -\& -/* Internet address */ -struct in_addr { - uint32_t s_addr; /* address in network byte order */ -}; -.EE -.in +See +.BR sockaddr_in (3type). .P -.I sin_family +.I .sin_family is always set to .BR AF_INET . This is required; in Linux 2.2 most networking functions return .B EINVAL when this setting is missing. -.I sin_port +.I .sin_port contains the port in network byte order. The port numbers below 1024 are called .I privileged ports @@ -190,14 +147,15 @@ port, they are implemented only by higher protocols like and .BR udp (7). .P -.I sin_addr +.I .sin_addr is the IP host address. The -.I s_addr -member of -.I struct in_addr +.I .s_addr +member of the +.BR in_addr (3type) +structure contains the host interface address in network byte order. -.I in_addr +.BR in_addr (3type) should be assigned one of the .B INADDR_* values @@ -305,1037 +263,11 @@ akin to the standardized local loopback address [224.0.0.0, 239.255.255.255] Addresses in this range (224/4) are dedicated to multicast use. .SS Socket options -IP supports some protocol-specific socket options that can be set with -.BR setsockopt (2) -and read with -.BR getsockopt (2). -The socket option level for IP is -.BR IPPROTO_IP . -.\" or SOL_IP on Linux -A boolean integer flag is zero when it is false, otherwise true. -.P -When an invalid socket option is specified, -.BR getsockopt (2) -and -.BR setsockopt (2) -fail with the error -.BR ENOPROTOOPT . -.TP -.BR IP_ADD_MEMBERSHIP " (since Linux 1.2)" -Join a multicast group. -Argument is an -.I ip_mreqn -structure. -.IP -.in +4n -.EX -struct ip_mreqn { - struct in_addr imr_multiaddr; /* IP multicast group - address */ - struct in_addr imr_address; /* IP address of local - interface */ - int imr_ifindex; /* interface index */ -}; -.EE -.in -.IP -.I imr_multiaddr -contains the address of the multicast group the application -wants to join or leave. -It must be a valid multicast address -.\" (i.e., within the 224.0.0.0-239.255.255.255 range) -(or -.BR setsockopt (2) -fails with the error -.BR EINVAL ). -.I imr_address -is the address of the local interface with which the system -should join the multicast group; -if it is equal to -.BR INADDR_ANY , -an appropriate interface is chosen by the system. -.I imr_ifindex -is the interface index of the interface that should join/leave the -.I imr_multiaddr -group, or 0 to indicate any interface. -.IP -The -.I ip_mreqn -structure is available only since Linux 2.2. -For compatibility, the old -.I ip_mreq -structure (present since Linux 1.2) is still supported; -it differs from -.I ip_mreqn -only by not including the -.I imr_ifindex -field. -(The kernel determines which structure is being passed based -on the size passed in -.IR optlen .) -.IP -.B IP_ADD_MEMBERSHIP -is valid only for -.BR setsockopt (2). -.\" -.TP -.BR IP_ADD_SOURCE_MEMBERSHIP " (since Linux 2.4.22 / Linux 2.5.68)" -Join a multicast group and allow receiving data only -from a specified source. -Argument is an -.I ip_mreq_source -structure. -.IP -.in +4n -.EX -struct ip_mreq_source { - struct in_addr imr_multiaddr; /* IP multicast group - address */ - struct in_addr imr_interface; /* IP address of local - interface */ - struct in_addr imr_sourceaddr; /* IP address of - multicast source */ -}; -.EE -.in -.IP -The -.I ip_mreq_source -structure is similar to -.I ip_mreqn -described under -.BR IP_ADD_MEMBERSHIP . -The -.I imr_multiaddr -field contains the address of the multicast group the application -wants to join or leave. -The -.I imr_interface -field is the address of the local interface with which -the system should join the multicast group. -Finally, the -.I imr_sourceaddr -field contains the address of the source the -application wants to receive data from. -.IP -This option can be used multiple times to allow -receiving data from more than one source. -.TP -.BR IP_BIND_ADDRESS_NO_PORT " (since Linux 4.2)" -.\" commit 90c337da1524863838658078ec34241f45d8394d -Inform the kernel to not reserve an ephemeral port when using -.BR bind (2) -with a port number of 0. -The port will later be automatically chosen at -.BR connect (2) -time, -in a way that allows sharing a source port as long as the 4-tuple is unique. -.TP -.BR IP_BLOCK_SOURCE " (since Linux 2.4.22 / 2.5.68)" -Stop receiving multicast data from a specific source in a given group. -This is valid only after the application has subscribed -to the multicast group using either -.B IP_ADD_MEMBERSHIP -or -.BR IP_ADD_SOURCE_MEMBERSHIP . -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR IP_DROP_MEMBERSHIP " (since Linux 1.2)" -Leave a multicast group. -Argument is an -.I ip_mreqn -or -.I ip_mreq -structure similar to -.BR IP_ADD_MEMBERSHIP . -.TP -.BR IP_DROP_SOURCE_MEMBERSHIP " (since Linux 2.4.22 / 2.5.68)" -Leave a source-specific group\[em]that is, stop receiving data from -a given multicast group that come from a given source. -If the application has subscribed to multiple sources within -the same group, data from the remaining sources will still be delivered. -To stop receiving data from all sources at once, use -.BR IP_DROP_MEMBERSHIP . -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR IP_FREEBIND " (since Linux 2.4)" -.\" Precisely: since Linux 2.4.0-test10 -If enabled, this boolean option allows binding to an IP address -that is nonlocal or does not (yet) exist. -This permits listening on a socket, -without requiring the underlying network interface or the -specified dynamic IP address to be up at the time that -the application is trying to bind to it. -This option is the per-socket equivalent of the -.I ip_nonlocal_bind -.I /proc -interface described below. -.TP -.BR IP_HDRINCL " (since Linux 2.0)" -If enabled, -the user supplies an IP header in front of the user data. -Valid only for -.B SOCK_RAW -sockets; -see -.BR raw (7) -for more information. -When this flag is enabled, the values set by -.BR IP_OPTIONS , -.BR IP_TTL , -and -.B IP_TOS -are ignored. -.TP -.BR IP_LOCAL_PORT_RANGE " (since Linux 6.3)" -Set or get the per-socket default local port range. -This option can be used to clamp down the global local port range, -defined by the -.I ip_local_port_range -.I /proc -interface described below, for a given socket. -.IP -The option takes an -.I uint32_t -value with -the high 16 bits set to the upper range bound, -and the low 16 bits set to the lower range bound. -Range bounds are inclusive. -The 16-bit values should be in host byte order. -.IP -The lower bound has to be less than the upper bound -when both bounds are not zero. -Otherwise, setting the option fails with EINVAL. -.IP -If either bound is outside of the global local port range, or is zero, -then that bound has no effect. -.IP -To reset the setting, -pass zero as both the upper and the lower bound. -.TP -.BR IP_MSFILTER " (since Linux 2.4.22 / 2.5.68)" -This option provides access to the advanced full-state filtering API. -Argument is an -.I ip_msfilter -structure. -.IP -.in +4n -.EX -struct ip_msfilter { - struct in_addr imsf_multiaddr; /* IP multicast group - address */ - struct in_addr imsf_interface; /* IP address of local - interface */ - uint32_t imsf_fmode; /* Filter\-mode */ -\& - uint32_t imsf_numsrc; /* Number of sources in - the following array */ - struct in_addr imsf_slist[1]; /* Array of source - addresses */ -}; -.EE -.in -.IP -There are two macros, -.B MCAST_INCLUDE -and -.BR MCAST_EXCLUDE , -which can be used to specify the filtering mode. -Additionally, the -.BR IP_MSFILTER_SIZE (n) -macro exists to determine how much memory is needed to store -.I ip_msfilter -structure with -.I n -sources in the source list. -.IP -For the full description of multicast source filtering -refer to RFC 3376. -.TP -.BR IP_MTU " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.124 -Retrieve the current known path MTU of the current socket. -Returns an integer. -.IP -.B IP_MTU -is valid only for -.BR getsockopt (2) -and can be employed only when the socket has been connected. -.TP -.BR IP_MTU_DISCOVER " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.124 -Set or receive the Path MTU Discovery setting for a socket. -When enabled, Linux will perform Path MTU Discovery -as defined in RFC\ 1191 on -.B SOCK_STREAM -sockets. -For -.RB non- SOCK_STREAM -sockets, -.B IP_PMTUDISC_DO -forces the don't-fragment flag to be set on all outgoing packets. -It is the user's responsibility to packetize the data -in MTU-sized chunks and to do the retransmits if necessary. -The kernel will reject (with -.BR EMSGSIZE ) -datagrams that are bigger than the known path MTU. -.B IP_PMTUDISC_WANT -will fragment a datagram if needed according to the path MTU, -or will set the don't-fragment flag otherwise. -.IP -The system-wide default can be toggled between -.B IP_PMTUDISC_WANT -and -.B IP_PMTUDISC_DONT -by writing (respectively, zero and nonzero values) to the -.I /proc/sys/net/ipv4/ip_no_pmtu_disc -file. -.TS -tab(:); -c l -l l. -Path MTU discovery value:Meaning -IP_PMTUDISC_WANT:Use per-route settings. -IP_PMTUDISC_DONT:Never do Path MTU Discovery. -IP_PMTUDISC_DO:Always do Path MTU Discovery. -IP_PMTUDISC_PROBE:Set DF but ignore Path MTU. -.TE -.IP -When PMTU discovery is enabled, the kernel automatically keeps track of -the path MTU per destination host. -When it is connected to a specific peer with -.BR connect (2), -the currently known path MTU can be retrieved conveniently using the -.B IP_MTU -socket option (e.g., after an -.B EMSGSIZE -error occurred). -The path MTU may change over time. -For connectionless sockets with many destinations, -the new MTU for a given destination can also be accessed using the -error queue (see -.BR IP_RECVERR ). -A new error will be queued for every incoming MTU update. -.IP -While MTU discovery is in progress, initial packets from datagram sockets -may be dropped. -Applications using UDP should be aware of this and not -take it into account for their packet retransmit strategy. -.IP -To bootstrap the path MTU discovery process on unconnected sockets, it -is possible to start with a big datagram size -(headers up to 64 kilobytes long) and let it shrink by updates of the path MTU. -.IP -To get an initial estimate of the -path MTU, connect a datagram socket to the destination address using -.BR connect (2) -and retrieve the MTU by calling -.BR getsockopt (2) -with the -.B IP_MTU -option. -.IP -It is possible to implement RFC 4821 MTU probing with -.B SOCK_DGRAM -or -.B SOCK_RAW -sockets by setting a value of -.B IP_PMTUDISC_PROBE -(available since Linux 2.6.22). -This is also particularly useful for diagnostic tools such as -.BR tracepath (8) -that wish to deliberately send probe packets larger than -the observed Path MTU. -.TP -.BR IP_MULTICAST_ALL " (since Linux 2.6.31)" -This option can be used to modify the delivery policy of multicast messages. -The argument is a boolean integer (defaults to 1). -If set to 1, -the socket will receive messages from all the groups that have been joined -globally on the whole system. -Otherwise, it will deliver messages only from -the groups that have been explicitly joined (for example via the -.B IP_ADD_MEMBERSHIP -option) on this particular socket. -.TP -.BR IP_MULTICAST_IF " (since Linux 1.2)" -Set the local device for a multicast socket. -The argument for -.BR setsockopt (2) -is an -.I ip_mreqn -or -.\" net: IP_MULTICAST_IF setsockopt now recognizes struct mreq -.\" Commit: 3a084ddb4bf299a6e898a9a07c89f3917f0713f7 -(since Linux 3.5) -.I ip_mreq -structure similar to -.BR IP_ADD_MEMBERSHIP , -or an -.I in_addr -structure. -(The kernel determines which structure is being passed based -on the size passed in -.IR optlen .) -For -.BR getsockopt (2), -the argument is an -.I in_addr -structure. -.TP -.BR IP_MULTICAST_LOOP " (since Linux 1.2)" -Set or read a boolean integer argument that determines whether -sent multicast packets should be looped back to the local sockets. -.TP -.BR IP_MULTICAST_TTL " (since Linux 1.2)" -Set or read the time-to-live value of outgoing multicast packets for this -socket. -It is very important for multicast packets to set the smallest TTL possible. -The default is 1 which means that multicast packets don't leave the local -network unless the user program explicitly requests it. -Argument is an integer. -.TP -.BR IP_NODEFRAG " (since Linux 2.6.36)" -If enabled (argument is nonzero), -the reassembly of outgoing packets is disabled in the netfilter layer. -The argument is an integer. -.IP -This option is valid only for -.B SOCK_RAW -sockets. -.TP -.BR IP_OPTIONS " (since Linux 2.0)" -.\" Precisely: since Linux 1.3.30 -Set or get the IP options to be sent with every packet from this socket. -The arguments are a pointer to a memory buffer containing the options -and the option length. -The -.BR setsockopt (2) -call sets the IP options associated with a socket. -The maximum option size for IPv4 is 40 bytes. -See RFC\ 791 for the allowed options. -When the initial connection request packet for a -.B SOCK_STREAM -socket contains IP options, the IP options will be set automatically -to the options from the initial packet with routing headers reversed. -Incoming packets are not allowed to change options after the connection -is established. -The processing of all incoming source routing options -is disabled by default and can be enabled by using the -.I accept_source_route -.I /proc -interface. -Other options like timestamps are still handled. -For datagram sockets, IP options can be set only by the local user. -Calling -.BR getsockopt (2) -with -.B IP_OPTIONS -puts the current IP options used for sending into the supplied buffer. -.TP -.BR IP_PASSSEC " (since Linux 2.6.17)" -.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c -If labeled IPSEC or NetLabel is configured on the sending and receiving -hosts, this option enables receiving of the security context of the peer -socket in an ancillary message of type -.B SCM_SECURITY -retrieved using -.BR recvmsg (2). -This option is supported only for UDP sockets; -for TCP or SCTP sockets, -see the description of the -.B SO_PEERSEC -option below. -.IP -The value given as an argument to -.BR setsockopt (2) -and returned as the result of -.BR getsockopt (2) -is an integer boolean flag. -.IP -The security context returned in the -.B SCM_SECURITY -ancillary message -is of the same format as the one described under the -.B SO_PEERSEC -option below. -.IP -Note: the reuse of the -.B SCM_SECURITY -message type for the -.B IP_PASSSEC -socket option was likely a mistake, since other IP control messages use -their own numbering scheme in the IP namespace and often use the -socket option value as the message type. -There is no conflict currently since the IP option with the same value as -.B SCM_SECURITY -is -.B IP_HDRINCL -and this is never used for a control message type. -.TP -.BR IP_PKTINFO " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -Pass an -.B IP_PKTINFO -ancillary message that contains a -.I pktinfo -structure that supplies some information about the incoming packet. -This works only for datagram oriented sockets. -The argument is a flag that tells the socket whether the -.B IP_PKTINFO -message should be passed or not. -The message itself can be sent/retrieved -only as a control message with a packet using -.BR recvmsg (2) -or -.BR sendmsg (2). -.IP -.in +4n -.EX -struct in_pktinfo { - unsigned int ipi_ifindex; /* Interface index */ - struct in_addr ipi_spec_dst; /* Local address */ - struct in_addr ipi_addr; /* Header Destination - address */ -}; -.EE -.in -.IP -When returned by -.BR recvmsg (2) , -.I ipi_ifindex -is the unique index of the interface the packet was received on. -.I ipi_spec_dst -is the preferred source address for replies to the given packet, -and -.I ipi_addr -is the destination address in the packet header. -These addresses are usually the same, -but can differ for broadcast or multicast packets. -Depending on the configured routes, -.I ipi_spec_dst -might belong to a different interface from the one that received the packet. -.IP -If -.B IP_PKTINFO -is passed to -.BR sendmsg (2) -and -.\" This field is grossly misnamed -.I ipi_spec_dst -is not zero, -then it is used as the local source address, -for the routing table lookup, -and for setting up IP source route options. -When -.I ipi_ifindex -is not zero, -the primary local address of the interface specified by the index -overwrites -.I ipi_spec_dst -for the routing table lookup. -.I ipi_addr -is ignored. -.IP -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVERR " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Enable extended reliable error message passing. -When enabled on a datagram socket, all -generated errors will be queued in a per-socket error queue. -When the user receives an error from a socket operation, -the errors can be received by calling -.BR recvmsg (2) -with the -.B MSG_ERRQUEUE -flag set. -The -.I sock_extended_err -structure describing the error will be passed in an ancillary message with -the type -.B IP_RECVERR -and the level -.BR IPPROTO_IP . -.\" or SOL_IP on Linux -This is useful for reliable error handling on unconnected sockets. -The received data portion of the error queue contains the error packet. -.IP -The -.B IP_RECVERR -control message contains a -.I sock_extended_err -structure: -.IP -.in +4n -.EX -#define SO_EE_ORIGIN_NONE 0 -#define SO_EE_ORIGIN_LOCAL 1 -#define SO_EE_ORIGIN_ICMP 2 -#define SO_EE_ORIGIN_ICMP6 3 -\& -struct sock_extended_err { - uint32_t ee_errno; /* error number */ - uint8_t ee_origin; /* where the error originated */ - uint8_t ee_type; /* type */ - uint8_t ee_code; /* code */ - uint8_t ee_pad; - uint32_t ee_info; /* additional information */ - uint32_t ee_data; /* other data */ - /* More data may follow */ -}; -\& -struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *); -.EE -.in -.IP -.I ee_errno -contains the -.I errno -number of the queued error. -.I ee_origin -is the origin code of where the error originated. -The other fields are protocol-specific. -The macro -.B SO_EE_OFFENDER -returns a pointer to the address of the network object -where the error originated from given a pointer to the ancillary message. -If this address is not known, the -.I sa_family -member of the -.I sockaddr -contains -.B AF_UNSPEC -and the other fields of the -.I sockaddr -are undefined. -.IP -IP uses the -.I sock_extended_err -structure as follows: -.I ee_origin -is set to -.B SO_EE_ORIGIN_ICMP -for errors received as an ICMP packet, or -.B SO_EE_ORIGIN_LOCAL -for locally generated errors. -Unknown values should be ignored. -.I ee_type -and -.I ee_code -are set from the type and code fields of the ICMP header. -.I ee_info -contains the discovered MTU for -.B EMSGSIZE -errors. -The message also contains the -.I sockaddr_in of the node -caused the error, which can be accessed with the -.B SO_EE_OFFENDER -macro. -The -.I sin_family -field of the -.B SO_EE_OFFENDER -address is -.B AF_UNSPEC -when the source was unknown. -When the error originated from the network, all IP options -.RB ( IP_OPTIONS ", " IP_TTL , -etc.) enabled on the socket and contained in the -error packet are passed as control messages. -The payload of the packet causing the error is returned as normal payload. -.\" FIXME . Is it a good idea to document that? It is a dubious feature. -.\" On -.\" .B SOCK_STREAM -.\" sockets, -.\" .B IP_RECVERR -.\" has slightly different semantics. Instead of -.\" saving the errors for the next timeout, it passes all incoming -.\" errors immediately to the user. -.\" This might be useful for very short-lived TCP connections which -.\" need fast error handling. Use this option with care: -.\" it makes TCP unreliable -.\" by not allowing it to recover properly from routing -.\" shifts and other normal -.\" conditions and breaks the protocol specification. -Note that TCP has no error queue; -.B MSG_ERRQUEUE -is not permitted on -.B SOCK_STREAM -sockets. -.B IP_RECVERR -is valid for TCP, but all errors are returned by socket function return or -.B SO_ERROR -only. -.IP -For raw sockets, -.B IP_RECVERR -enables passing of all received ICMP errors to the -application, otherwise errors are reported only on connected sockets -.IP -It sets or retrieves an integer boolean flag. -.B IP_RECVERR -defaults to off. -.TP -.BR IP_RECVOPTS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Pass all incoming IP options to the user in a -.B IP_OPTIONS -control message. -The routing header and other options are already filled in -for the local host. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVORIGDSTADDR " (since Linux 2.6.29)" -.\" commit e8b2dfe9b4501ed0047459b2756ba26e5a940a69 -This boolean option enables the -.B IP_ORIGDSTADDR -ancillary message in -.BR recvmsg (2), -in which the kernel returns the original destination address -of the datagram being received. -The ancillary message contains a -.IR "struct sockaddr_in" . -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVTOS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -If enabled, the -.B IP_TOS -ancillary message is passed with incoming packets. -It contains a byte which specifies the Type of Service/Precedence -field of the packet header. -Expects a boolean integer flag. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVTTL " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -When this flag is set, pass a -.B IP_TTL -control message with the time-to-live -field of the received packet as a 32 bit integer. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RETOPTS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Identical to -.BR IP_RECVOPTS , -but returns raw unprocessed options with timestamp and route record -options not filled in for this hop. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_ROUTER_ALERT " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -Pass all to-be forwarded packets with the -IP Router Alert option set to this socket. -Valid only for raw sockets. -This is useful, for instance, for user-space RSVP daemons. -The tapped packets are not forwarded by the kernel; -it is the user's responsibility to send them out again. -Socket binding is ignored, -such packets are filtered only by protocol. -Expects an integer flag. -.TP -.BR IP_TOS " (since Linux 1.0)" -Set or receive the Type-Of-Service (TOS) field that is sent -with every IP packet originating from this socket. -It is used to prioritize packets on the network. -TOS is a byte. -There are some standard TOS flags defined: -.B IPTOS_LOWDELAY -to minimize delays for interactive traffic, -.B IPTOS_THROUGHPUT -to optimize throughput, -.B IPTOS_RELIABILITY -to optimize for reliability, -.B IPTOS_MINCOST -should be used for "filler data" where slow transmission doesn't matter. -At most one of these TOS values can be specified. -Other bits are invalid and shall be cleared. -Linux sends -.B IPTOS_LOWDELAY -datagrams first by default, -but the exact behavior depends on the configured queueing discipline. -.\" FIXME elaborate on this -Some high-priority levels may require superuser privileges (the -.B CAP_NET_ADMIN -capability). -.\" The priority can also be set in a protocol-independent way by the -.\" .RB ( SOL_SOCKET ", " SO_PRIORITY ) -.\" socket option (see -.\" .BR socket (7)). -.TP -.BR IP_TRANSPARENT " (since Linux 2.6.24)" -.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e -.\" This patch introduces the IP_TRANSPARENT socket option: enabling that -.\" will make the IPv4 routing omit the non-local source address check on -.\" output. Setting IP_TRANSPARENT requires NET_ADMIN capability. -.\" http://lwn.net/Articles/252545/ -Setting this boolean option enables transparent proxying on this socket. -This socket option allows -the calling application to bind to a nonlocal IP address and operate -both as a client and a server with the foreign address as the local endpoint. -NOTE: this requires that routing be set up in a way that -packets going to the foreign address are routed through the TProxy box -(i.e., the system hosting the application that employs the -.B IP_TRANSPARENT -socket option). -Enabling this socket option requires superuser privileges -(the -.B CAP_NET_ADMIN -or -.B CAP_NET_RAW -capability). -.IP -TProxy redirection with the iptables TPROXY target also requires that -this option be set on the redirected socket. -.TP -.BR IP_TTL " (since Linux 1.0)" -Set or retrieve the current time-to-live field that is used in every packet -sent from this socket. -.TP -.BR IP_UNBLOCK_SOURCE " (since Linux 2.4.22 / 2.5.68)" -Unblock previously blocked multicast source. -Returns -.B EADDRNOTAVAIL -when given source is not being blocked. -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR SO_PEERSEC " (since Linux 2.6.17)" -If labeled IPSEC or NetLabel is configured on both the sending and -receiving hosts, this read-only socket option returns the security -context of the peer socket connected to this socket. -By default, -this will be the same as the security context of the process that created -the peer socket unless overridden by the policy or by a process with -the required permissions. -.IP -The argument to -.BR getsockopt (2) -is a pointer to a buffer of the specified length in bytes -into which the security context string will be copied. -If the buffer length is less than the length of the security -context string, then -.BR getsockopt (2) -returns \-1, sets -.I errno -to -.BR ERANGE , -and returns the required length via -.IR optlen . -The caller should allocate at least -.B NAME_MAX -bytes for the buffer initially, although this is not guaranteed -to be sufficient. -Resizing the buffer to the returned length -and retrying may be necessary. -.IP -The security context string may include a terminating null character -in the returned length, but is not guaranteed to do so: a security -context "foo" might be represented as either {'f','o','o'} of length 3 -or {'f','o','o','\\0'} of length 4, which are considered to be -interchangeable. -The string is printable, does not contain non-terminating null characters, -and is in an unspecified encoding (in particular, it -is not guaranteed to be ASCII or UTF-8). -.IP -The use of this option for sockets in the -.B AF_INET -address family is supported since Linux 2.6.17 -.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c -for TCP sockets, and since Linux 4.17 -.\" commit d452930fd3b9031e59abfeddb2fa383f1403d61a -for SCTP sockets. -.IP -For SELinux, NetLabel conveys only the MLS portion of the security -context of the peer across the wire, defaulting the rest of the -security context to the values defined in the policy for the -netmsg initial security identifier (SID). -However, NetLabel can -be configured to pass full security contexts over loopback. -Labeled IPSEC always passes full security contexts as part of establishing -the security association (SA) and looks them up based on the association -for each packet. -.\" +See +.BR IPPROTO_IP (2const). .SS /proc interfaces -The IP protocol -supports a set of -.I /proc -interfaces to configure some global parameters. -The parameters can be accessed by reading or writing files in the directory -.IR /proc/sys/net/ipv4/ . -.\" FIXME As at 2.6.12, 14 Jun 2005, the following are undocumented: -.\" ip_queue_maxlen -.\" ip_conntrack_max -Interfaces described as -.I Boolean -take an integer value, with a nonzero value ("true") meaning that -the corresponding option is enabled, and a zero value ("false") -meaning that the option is disabled. -.\" -.TP -.IR ip_always_defrag " (Boolean; since Linux 2.2.13)" -[New with Linux 2.2.13; -in earlier kernel versions this feature -was controlled at compile time by the -.B CONFIG_IP_ALWAYS_DEFRAG -option; this option is not present in Linux 2.4.x and later] -.IP -When this boolean flag is enabled (not equal 0), incoming fragments -(parts of IP packets -that arose when some host between origin and destination decided -that the packets were too large and cut them into pieces) will be -reassembled (defragmented) before being processed, even if they are -about to be forwarded. -.IP -Enable only if running -either a firewall that is the sole link to your network -or a transparent proxy; -never ever use it for a normal router or host. -Otherwise, -fragmented communication can be disturbed -if the fragments travel over different links. -Defragmentation also has a large memory and CPU time cost. -.IP -This is automagically turned on -when masquerading or transparent proxying are configured. -.\" -.TP -.IR ip_autoconfig " (since Linux 2.2 to Linux 2.6.17)" -.\" Precisely: since Linux 2.1.68 -.\" FIXME document ip_autoconfig -Not documented. -.\" -.TP -.IR ip_default_ttl " (integer; default: 64; since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Set the default time-to-live value of outgoing packets. -This can be changed per socket with the -.B IP_TTL -option. -.\" -.TP -.IR ip_dynaddr " (Boolean; default: disabled; since Linux 2.0.31)" -Enable dynamic socket address and masquerading entry rewriting on interface -address change. -This is useful for dialup interface with changing IP addresses. -0 means no rewriting, 1 turns it on and 2 enables verbose mode. -.\" -.TP -.IR ip_forward " (Boolean; default: disabled; since Linux 1.2)" -Enable IP forwarding with a boolean flag. -IP forwarding can be also set on a per-interface basis. -.\" -.TP -.IR ip_local_port_range " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -This file contains two integers that define the default local port range -allocated to sockets that are not explicitly bound to a port number\[em]that -is, the range used for -.IR "ephemeral ports" . -An ephemeral port is allocated to a socket in the following circumstances: -.RS -.IP \[bu] 3 -the port number in a socket address is specified as 0 when calling -.BR bind (2); -.IP \[bu] -.BR listen (2) -is called on a stream socket that was not previously bound; -.IP \[bu] -.BR connect (2) -was called on a socket that was not previously bound; -.IP \[bu] -.BR sendto (2) -is called on a datagram socket that was not previously bound. -.RE -.IP -Allocation of ephemeral ports starts with the first number in -.I ip_local_port_range -and ends with the second number. -If the range of ephemeral ports is exhausted, -then the relevant system call returns an error (but see BUGS). -.IP -Note that the port range in -.I ip_local_port_range -should not conflict with the ports used by masquerading -(although the case is handled). -Also, arbitrary choices may cause problems with some firewall packet -filters that make assumptions about the local ports in use. -The first number should be at least greater than 1024, -or better, greater than 4096, to avoid clashes -with well known ports and to minimize firewall problems. -.\" -.TP -.IR ip_no_pmtu_disc " (Boolean; default: disabled; since Linux 2.2)" -.\" Precisely: 2.1.15 -If enabled, don't do Path MTU Discovery for TCP sockets by default. -Path MTU discovery may fail if misconfigured firewalls (that drop -all ICMP packets) or misconfigured interfaces (e.g., a point-to-point -link where the both ends don't agree on the MTU) are on the path. -It is better to fix the broken routers on the path than to turn off -Path MTU Discovery globally, because not doing it incurs a high cost -to the network. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip_nonlocal_bind " (Boolean; default: disabled; since Linux 2.4)" -.\" Precisely: patch-2.4.0-test10 -If set, allows processes to -.BR bind (2) -to nonlocal IP addresses, -which can be quite useful, but may break some applications. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip6frag_time " (integer; default: 30)" -Time in seconds to keep an IPv6 fragment in memory. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip6frag_secret_interval " (integer; default: 600)" -Regeneration interval (in seconds) of the hash secret (or lifetime -for the hash secret) for IPv6 fragments. -.TP -.IR ipfrag_high_thresh " (integer)" -.TQ -.IR ipfrag_low_thresh " (integer)" -If the amount of queued IP fragments reaches -.IR ipfrag_high_thresh , -the queue is pruned down to -.IR ipfrag_low_thresh . -Contains an integer with the number of bytes. -.TP -.I neigh/* See -.BR arp (7). -.\" FIXME Document the conf/*/* interfaces -.\" -.\" FIXME Document the route/* interfaces +.BR proc_sys_net_ipv4 (5). .SS Ioctls All ioctls described in .BR socket (7) @@ -1442,21 +374,6 @@ see and .BR socket (7). .SH NOTES -.BR IP_FREEBIND , -.BR IP_MSFILTER , -.BR IP_MTU , -.BR IP_MTU_DISCOVER , -.BR IP_RECVORIGDSTADDR , -.BR IP_PASSSEC , -.BR IP_PKTINFO , -.BR IP_RECVERR , -.BR IP_ROUTER_ALERT , -and -.B IP_TRANSPARENT -are Linux-specific. -.\" IP_XFRM_POLICY is Linux-specific -.\" IP_IPSEC_POLICY is a nonstandard extension, also present on some BSDs -.P Be very careful with the .B SO_BROADCAST option \- it is not privileged in Linux. @@ -1470,25 +387,6 @@ using the more modern multicast approach to communicating with an open-ended group of hosts on the local network. .P -Some other BSD sockets implementations provide -.B IP_RCVDSTADDR -and -.B IP_RECVIF -socket options to get the destination address and the interface of -received datagrams. -Linux has the more general -.B IP_PKTINFO -for the same task. -.P -Some BSD sockets implementations also provide an -.B IP_RECVTTL -option, but an ancillary message with type -.B IP_RECVTTL -is passed with the incoming packet. -This is different from the -.B IP_TTL -option used in Linux. -.P Using the .B SOL_IP socket options level isn't portable; @@ -1544,6 +442,7 @@ does not work in some Linux 2.2 kernels. .\" .SH AUTHORS .\" This man page was written by Andi Kleen. .SH SEE ALSO +.BR IPPROTO_IP (2const), .BR recvmsg (2), .BR sendmsg (2), .BR byteorder (3), |