Protocols ip(7P)
NAME
ip, IP - Internet Protocol
SYNOPSIS
#include
#include
s = socket(AFINET, SOCKRAW, proto);
t = topen ("/dev/rawip", ORDWR);
DESCRIPTION
IP is the internetwork datagram delivery protocol that is
central to the Internet protocol family. Programs may use IP
through higher-level protocols such as the Transmission Con-
trol Protocol (TCP) or the User Datagram Protocol (UDP), or
may interface directly to IP. See tcp(7P) and udp(7P).
Direct access may be by means of the socket interface, using
a "raw socket," or by means of the Transport Level Interface
(TLI). The protocol options defined in the IP specification
may be set in outgoing datagrams.
Packets sent to or from this system may be subject to IPsec
policy. See ipsec(7P) for more information.
APLICATION PROGRAMING INTERFACE
The STREAMS driver /dev/rawip is the TLI transport provider
that provides raw access to IP.
Raw IP sockets are connectionless and are normally used with
the sendto() and recvfrom() calls (see send(3SOCKET) and
recv(3SOCKET)), although the connect(3SOCKET) call may also
be used to fix the destination for future datagram. In this
case, the read(2) or recv(3SOCKET) and write(2) or
send(3SOCKET) calls may be used. If proto is IPROTORAW or
IPROTOIGMP, the application is expected to include a com-
plete IP header when sending. Otherwise, that protocol
number will be set in outgoing datagrams and used to filter
incoming datagrams and an IP header will be generated and
prepended to each outgoing datagram. In either case,
received datagrams are returned with the IP header and
options intact.
SunOS 5.11 Last change: 3 Dec 2008 1
Protocols ip(7P)
If an application uses IPHDRINCL and provides the IP header
contents, the IP stack does not modify the following sup-
plied fields under any conditions: Type of Service, DF Flag,
Protocol, and Destination Address. The IP Options and IHL
fields are set by use of IPOPTIONS, and Total Length is
updated to include any options. Version is set to the
default. Identification is chosen by the normal IP ID selec-
tion logic. The source address is updated if none was speci-
fied and the TL is changed if the packet has a broadcast
destination address. Since an applicaton cannot send down
fragments (as IP assigns the IP ID), Fragment Offset is
always 0. The IP Checksum field is computed by IP. None of
the data beyond the IP header are changed, including the
application-provided transport header.
The socket options supported at the IP level are:
IPOPTIONS IP options for outgoing datagrams.
This socket option may be used to set
IP options to be included in each out-
going datagram. IP options to be sent
are set with setsockopt() (see
getsockopt(3SOCKET)). The
getsockopt(3SOCKET) call returns the
IP options set in the last set-
sockopt() call. IP options on received
datagrams are visible to user programs
only using raw IP sockets. The format
of IP options given in setsockopt()
matches those defined in the IP
specification with one exception: the
list of addresses for the source rout-
ing options must include the first-hop
gateway at the beginning of the list
of gateways. The first-hop gateway
address will be extracted from the
option list and the size adjusted
accordingly before use. IP options may
be used with any socket type in the
Internet family.
IPSECOPT Enable or obtain IPsec security set-
tings for this socket. For more
details on the protection services of
IPsec, see ipsec(7P).
IPADMEMBERSHIP Join a multicast group.
SunOS 5.11 Last change: 3 Dec 2008 2
Protocols ip(7P)
IPDROPMEMBERSHIP Leave a multicast group.
IPBOUNDIF Limit reception and transmission of
packets to this interface. Takes an
integer as an argument. The integer is
the selected interface index.
The following options take inpktinfot as the parameter:
IPKTINFO
Set the source address and/or transmit interface of the
packet(s). Note that the IPBOUNDIF socket option
takes precedence over the interface index passed in
IPKTINFO.
struct inpktinfo {
unsigned int ipiifindex;/* send/recv interface index */
struct inaddr ipispecdst;/* matched source addr. */
struct inaddr ipiaddr;/* src/dst addr. in IP hdr */
} inpktinfot;
When passed in (on transmit) via ancillary data with
IPKTINFO, ipispecdst is used as the source address
and ipiifindex is used as the interface index to send
the packet out.
IPRECVPKTINFO
Enable/disable receipt of the index of the interface the
packet arrived on, the local address that was matched
for reception, and the inbound packet's actual destina-
tion address. Takes boolean as the parameter. Returns
struct inpktinfot as ancillary data.
The following options take a struct ipmreq as the parame-
ter. The structure contains a multicast address which must
be set to the CLAS-D IP multicast address and an interface
address. Normally the interface address is set to INADRANY
which causes the kernel to choose the interface on which to
join.
IPBLOCKSOURCE Block multicast packets whose
source address matches the
given source address. The
specified group must be joined
SunOS 5.11 Last change: 3 Dec 2008 3
Protocols ip(7P)
previously using
IPADMEMBERSHIP or
MCASTJOINGROUP.
IPUNBLOCKSOURCE Unblock (begin receiving) mul-
ticast packets which were pre-
viously blocked using
IPBLOCKSOURCE.
IPADSOURCEMEMBERSHIP Begin receiving packets for the
given multicast group whose
source address matches the
specified address.
IPDROPSOURCEMEMBERSHIP Stop receiving packets for the
given multicast group whose
source address matches the
specified address.
The following options take a struct ipmreqsource as the
parameter. The structure contains a multicast address (which
must be set to the CLAS-D IP multicast address), an inter-
face address, and a source address.
MCASTJOINGROUP Join a multicast group. Func-
tionally equivalent to
IPADMEMBERSHIP.
MCASTBLOCKSOURCE Block multicast packets whose
source address matches the given
source address. The specified
group must be joined previously
using IPADMEMBERSHIP or
MCASTJOINGROUP.
MCASTUNBLOCKSOURCE Unblock (begin receiving) multi-
cast packets which were previ-
ously blocked using
MCASTBLOCKSOURCE.
MCASTLEAVEGROUP Leave a multicast group. Func-
tionally equivalent to
IPDROPMEMBERSHIP.
SunOS 5.11 Last change: 3 Dec 2008 4
Protocols ip(7P)
MCASTJOINSOURCEGROUP Begin receiving packets for the
given multicast group whose
source address matches the
specified address.
MCASTLEAVESOURCEGROUP Stop receiving packets for the
given multicast group whose
source address matches the
specified address.
The following options take a struct groupreq or struct
groupsourcereq as the parameter. The `groupreq structure
contains an interface index and a multicast address which
must be set to the CLAS-D multicast address. The
groupsourcereq structure is used for those options which
include a source address. It contains an interface index,
multicast address, and source address.
IPMULTICASTIF The outgoing interface for multicast
packets. This option takes a struct
inaddr as an argument, and it selects
that interface for outgoing IP multi-
cast packets. If the address specified
is INADRANY, it uses the unicast
routing table to select the outgoing
interface (which is the default
behavior).
IPMULTICASTL Time to live for multicast datagrams.
This option takes an unsigned character
as an argument. Its value is the TL
that IP uses on outgoing multicast
datagrams. The default is 1.
IPMULTICASTLOP Loopback for multicast datagrams. Nor-
mally multicast datagrams are
delivered to members on the sending
host (or sending zone). Setting the
unsigned character argument to 0 causes
the opposite behavior, meaning that
when multiple zones are present, the
datagrams are delivered to all zones
except the sending zone.
IPRECVIF Receive the inbound interface index.
SunOS 5.11 Last change: 3 Dec 2008 5
Protocols ip(7P)
IPTOS This option takes an integer argument
as its input value. The least signifi-
cant 8 bits of the value are used to
set the Type Of Service field in the IP
header of the outgoing packets.
IPNEXTHOP This option specifies the address of
the onlink nexthop for traffic ori-
ginating from that socket. It causes
the routing table to be bypassed and
outgoing traffic is sent directly to
the specified nexthop. This option
takes an ipaddrt argument representing
the IPv4 address of the nexthop as the
input value. The IPNEXTHOP option
takes precedence over IPOPTLSR.
IPBOUNDIF and SODONTROUTE take pre-
cedence over IPNEXTHOP. This option
has no meaning for broadcast and multi-
cast packets. The application must
ensure that the specified nexthop is
alive. An application may want to
specify the IPNEXTHOP option on a TCP
listener socket only for incoming
requests to a particular IP address. In
this case, it must avoid binding the
socket to INADRANY and instead must
bind the listener socket to the
specific IP address. In addition, typi-
cally the application may want the
incoming and outgoing interface to be
the same. In this case, the application
must select a suitable nexthop that is
onlink and reachable via the desired
interface and do a setsockopt
(IPNEXTHOP) on it. Then it must bind
to the IP address of the desired inter-
face. Setting the IPNEXTHOP option
requires the PRIVSYSNETCONFIG
privilege.
The multicast socket options (IPMULTICASTIF,
IPMULTICASTL, IPMULTICASTLOP and IPRECVIF) can be
used with any datagram socket type in the Internet family.
At the socket level, the socket option SODONTROUTE may be
applied. This option forces datagrams being sent to bypass
routing and forwarding by forcing the IP Time To Live field
SunOS 5.11 Last change: 3 Dec 2008 6
Protocols ip(7P)
to 1, meaning that the packet will not be forwarded by
routers.
Raw IP datagrams can also be sent and received using the TLI
connectionless primitives.
Datagrams flow through the IP layer in two directions: from
the network up to user processes and from user processes
down to the network. Using this orientation, IP is layered
above the network interface drivers and below the transport
protocols such as UDP and TCP. The Internet Control Message
Protocol (ICMP) is logically a part of IP. See icmp(7P).
IP provides for a checksum of the header part, but not the
data part, of the datagram. The checksum value is computed
and set in the process of sending datagrams and checked when
receiving datagrams.
IP options in received datagrams are processed in the IP
layer according to the protocol specification. Currently
recognized IP options include: security, loose source and
record route (LSR), strict source and record route (SR),
record route, and internet timestamp.
By default, the IP layer will not forward IPv4 packets that
are not addressed to it. This behavior can be overridden by
using routeadm(1M) to enable the ipv4-forwarding option.
IPv4 forwarding is configured at boot time based on the set-
ting of routeadm(1M)'s ipv4-forwarding option.
For backwards compatibility, IPv4 forwarding can be enabled
or disabled using ndd(1M)'s ipforwarding variable. It is
set to 1 if IPv4 forwarding is enabled, or 0 if it is dis-
abled.
Additionally, finer-grained forwarding can be configured in
IP. Each interface can be configured to forward IP packets
by setting the IFROUTER interface flag. This flag can be
set and cleared using ifconfig(1M)'s router and router
options. If an interface's IFROUTER flag is set, packets
can be forwarded to or from the interface. If it is clear,
packets will neither be forwarded from this interface to
others, nor forwarded to this interface. Setting the
ipforwarding variable sets all of the IPv4 interfaces'
IFROUTER flags.
SunOS 5.11 Last change: 3 Dec 2008 7
Protocols ip(7P)
For backwards compatibility, each interface creates an
:ipforwarding /dev/ip variable that can be modified
using ndd(1M). An interface's :ipforwarding ndd variable is
a boolean variable that mirrors the status of its IFROUTER
interface flag. It is set to 1 if the flag is set, or 0 if
it is clear. This interface specific :ipforwarding
ndd variable is obsolete and may be removed in a future
release of Solaris. The ifconfig(1M) router and -router
interfaces are preferred.
The IP layer sends an ICMP message back to the source host
in many cases when it receives a datagram that can not be
handled. A "time exceeded" ICMP message is sent if the "time
to live" field in the IP header drops to zero in the process
of forwarding a datagram. A "destination unreachable" mes-
sage is sent if a datagram can not be forwarded because
there is no route to the final destination, or if it can not
be fragmented. If the datagram is addressed to the local
host but is destined for a protocol that is not supported or
a port that is not in use, a destination unreachable message
is also sent. The IP layer may send an ICMP "source quench"
message if it is receiving datagrams too quickly. ICMP mes-
sages are only sent for the first fragment of a fragmented
datagram and are never returned in response to errors in
other ICMP messages.
The IP layer supports fragmentation and reassembly.
Datagrams are fragmented on output if the datagram is larger
than the maximum transmission unit (MTU) of the network
interface. Fragments of received datagrams are dropped from
the reassembly queues if the complete datagram is not recon-
structed within a short time period.
Errors in sending discovered at the network interface driver
layer are passed by IP back up to the user process.
Multi-Data Transmit allows more than one packet to be sent
from the IP module to another in a given call, thereby
reducing the per-packet processing costs. The behavior of
Multi-Data Transmit can be overrideen by using ndd(1M) to
set the /dev/ip variable, ipmultidataoutbound to 0. Note,
the IP module will only initiate Multi-Data Transmit if the
network interface driver supports it.
PACKET EVENTS
Through the netinfo framework, this driver provides the fol-
lowing packet events:
SunOS 5.11 Last change: 3 Dec 2008 8
Protocols ip(7P)
Physical in Packets received on a network interface
from an external source.
Physical out Packets to be sent out a network interface.
Forwarding Packets being forwarded through this host to
another network.
loopback in Packets that have been sent by a local
application to another.
loopback out Packets about to be received by a local
application from another.
Currently, only a single function may be registered for each
event. As a result, if the slot for an event is already
occupied by someone else, a second attempt to register a
callback fails.
To receive packet events in a kernel module, it is first
necessary to obtain a handle for either IPv4 or IPv6
traffic. This is achieved by passing NHFINET or NHFINET6
through to a netprotocollookup() call. The value returned
from this call must then be passed into a call to
netregisterhook(), along with a description of the hook to
add. For a description of the structure passed through to
the callback, please see hookpktevent(9S). For IP pack-
ets, this structure is filled out as follows:
hpeifp Identifier indicating the inbound interface for
packets received with the "physical in" event.
hpeofp Identifier indicating the outbound interface for
packets received with the "physical out" event.
hpehdr Pointer to the start of the IP header (not the
ethernet header).
hpemp Pointer to the start of the mblkt chain contain-
ing the IP packet.
SunOS 5.11 Last change: 3 Dec 2008 9
Protocols ip(7P)
hpemb Pointer to the mblkt with the IP header in it.
NETWORK INTERFACE EVENTS
In addition to events describing packets as they move
through the system, it is also possible to receive notifica-
tion of events relating to network interfaces. These events
are all reported back through the same callback. The list of
events is as follows:
plumb A new network interface has been instan-
tiated.
unplumb A network interface is no longer associ-
ated with this protocol.
up At least one logical interface is now
ready to receive packets.
down There are no logical interfaces expecting
to receive packets.
address change An address has changed on a logical
interface.
SEE ALSO
ifconfig(1M), routeadm(1M), ndd(1M), read(2), write(2),
bind(3SOCKET), connect(3SOCKET), getsockopt(3SOCKET),
recv(3SOCKET), send(3SOCKET), defaultrouter(4), icmp(7P),
iftcp(7P), inet(7P), ip6(7P), ipsec(7P), routing(7P),
tcp(7P), udp(7P), nethookregister(9F), hookpktevent(9S)
Braden, R., RFC 1122, Requirements for Internet Hosts - Com-
munication Layers, Information Sciences Institute, Univer-
sity of Southern California, October 1989.
Postel, J., RFC 791, Internet Protocol - DARPA Internet Pro-
gram Protocol Specification, Information Sciences Institute,
University of Southern California, September 1981.
DIAGNOSTICS
A socket operation may fail with one of the following errors
returned:
SunOS 5.11 Last change: 3 Dec 2008 10
Protocols ip(7P)
EACES A bind() operation was attempted with a
"reserved" port number and the effective
user ID of the process was not the
privileged user.
Setting the IPNEXTHOP was attempted by a
process lacking the PRIVSYSNETCONFIG
privilege.
EADRINUSE A bind() operation was attempted on a
socket with a network address/port pair
that has already been bound to another
socket.
EADRNOTAVAIL A bind() operation was attempted for an
address that is not configured on this
machine.
EINVAL A sendmsg() operation with a non-NUL
msgaccrights was attempted.
EINVAL A getsockopt() or setsockopt() operation
with an unknown socket option name was
given.
EINVAL A getsockopt() or setsockopt() operation
was attempted with the IP option field
improperly formed; an option field was
shorter than the minimum value or longer
than the option buffer provided.
EISCON A connect() operation was attempted on a
socket on which a connect() operation had
already been performed, and the socket
could not be successfully disconnected
before making the new connection.
EISCON A sendto() or sendmsg() operation specify-
ing an address to which the message should
be sent was attempted on a socket on which
a connect() operation had already been per-
formed.
SunOS 5.11 Last change: 3 Dec 2008 11
Protocols ip(7P)
EMSGSIZE A send(), sendto(), or sendmsg() operation
was attempted to send a datagram that was
too large for an interface, but was not
allowed to be fragmented (such as broad-
casts).
ENETUNREACH An attempt was made to establish a connec-
tion by means of connect(), or to send a
datagram by means of sendto() or sendmsg(),
where there was no matching entry in the
routing table; or if an ICMP "destination
unreachable" message was received.
ENOTCON A send() or write() operation, or a
sendto() or sendmsg() operation not speci-
fying an address to which the message
should be sent, was attempted on a socket
on which a connect() operation had not
already been performed.
ENOBUFS The system ran out of memory for fragmenta-
tion buffers or other internal data struc-
tures.
ENOBUFS SOSNDBUF or SORCVBUF exceeds a system
limit.
EINVAL Invalid length for IPOPTIONS.
EHOSTUNREACH Invalid address for IPMULTICASTIF.
Invalid (offlink) nexthop address for
IPNEXTHOP.
EINVAL Not a multicast address for
IPADMEMBERSHIP and IPDROPMEMBERSHIP.
EADRNOTAVAIL Bad interface address for IPADMEMBERSHIP
and IPDROPMEMBERSHIP.
EADRINUSE Address already joined for
IPADMEMBERSHIP.
SunOS 5.11 Last change: 3 Dec 2008 12
Protocols ip(7P)
ENOENT Address not joined for IPDROPMEMBERSHIP.
ENOPROTOPT Invalid socket type.
EPERM No permissions.
NOTES
Raw sockets should receive ICMP error packets relating to
the protocol; currently such packets are simply discarded.
Users of higher-level protocols such as TCP and UDP should
be able to see received IP options.
SunOS 5.11 Last change: 3 Dec 2008 13
|
