| IP(4) | Device Drivers Manual | IP(4) | 
ip —
#include <sys/socket.h>
#include <netinet/in.h>
int
  
  socket(AF_INET,
    SOCK_RAW,
    proto);
There are several IP-level
    setsockopt(2)/getsockopt(2)
    options. IP_OPTIONS may be used to provide IP
    options to be transmitted in the IP header of each outgoing packet or to
    examine the header options on incoming packets. IP options may be used with
    any socket type in the Internet family. The format of IP options to be sent
    is that specified by the IP protocol specification (RFC 791), with one
    exception: the list of addresses for Source Route options must include the
    first-hop gateway at the beginning of the list of gateways. The first-hop
    gateway address will be extracted from the option list and the size adjusted
    accordingly before use. To disable previously specified options, use a
    zero-length buffer:
setsockopt(s, IPPROTO_IP, IP_OPTIONS, NULL, 0);
IP_TOS and IP_TTL
    may be used to set the type-of-service and time-to-live fields in the IP
    header for SOCK_STREAM and
    SOCK_DGRAM sockets. For example,
int tos = IPTOS_LOWDELAY; /* see <netinet/ip.h> */ setsockopt(s, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)); int ttl = 60; /* max = 255 */ setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
IP_IPSEC_POLICY controls IPSec policy for
    sockets. For example,
const char *policy = "in ipsec ah/transport//require"; char *buf = ipsec_set_policy(policy, strlen(policy)); setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf));
The IP_RECVPKTINFO option can be used to
    turn on receiving of information about the destination address of the
    packet, and the interface index. The information is passed in a
    struct in_pktinfo structure, which contains
struct in_addr ipi_addr; /* the source or destination address */ unsigned int ipi_ifindex; /* the interface index */
and added to the control portion of the message: The cmsghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)) cmsg_level = IPPROTO_IP cmsg_type = IP_PKTINFO
For sendmsg(2), the
    source address or output interface can be specified by adding an
    IP_PKTINFO message to the control part of the
    message on a SOCK_DGRAM or
    SOCK_RAW socket. Setting ipi_ifindex will cause the
    primary address of that interface to be used; setting ipi_addr will directly
    choose that address. The IP_PKTINFO cmsghdr
    structure from a received message may be used unchanged, in which case the
    outgoing message will be sent from the address the incoming message was
    received on.
Setting the IP_PKTINFO option on a socket,
    with the same struct in_pktinfo structure, will set
    the default source address to be used until set again, unless explicitly
    overridden on a per-packet basis, as above.
The IP_PORTALGO can be used to randomize
    the port selection. Valid algorithms are described in
    rfc6056(7) and their
    respective constants are in
    <netinet/portalgo.h>. For
    example,
int algo = PORTALGO_ALGO_RANDOM_PICK; /* see <netinet/portalgo.h> */ setsockopt(s, IPPROTO_IP, IP_PORTALGO, &algo, sizeof(algo));
The port selection can be also viewed and controlled at a global
    level for all IP sockets using the following
    sysctl(7) variables:
    net.inet.ip.anonportalgo.available and
    net.inet.ip.anonportalgo.selected.
IP_PORTRANGE controls how ephemeral ports
    are allocated for SOCK_STREAM and
    SOCK_DGRAM sockets. For example,
int range = IP_PORTRANGE_LOW; /* see <netinet/in.h> */ setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &range, sizeof(range));
If the IP_RECVDSTADDR option is enabled on
    a SOCK_DGRAM or SOCK_RAW
    socket, the recvmsg(2) call
    will return the destination IP address for a UDP datagram. The msg_control
    field in the msghdr structure points to a buffer that contains a cmsghdr
    structure followed by the IP address. The cmsghdr fields have the following
    values:
cmsg_len = CMSG_LEN(sizeof(struct in_addr)) cmsg_level = IPPROTO_IP cmsg_type = IP_RECVDSTADDR
For sendmsg(2), the
    source address can be specified by adding
    IP_SENDSRCADDR to the control part of the message on
    a SOCK_DGRAM or SOCK_RAW
    socket. The IP_RECVDSTADDR cmsghdr structure from a
    received message may be used unchanged, in which case the outgoing message
    will be sent from the address the incoming message was received on.
If the IP_RECVIF option is enabled on a
    SOCK_DGRAM or SOCK_RAW
    socket, the recvmsg(2) call
    will return a struct sockaddr_dl corresponding to the interface on which the
    packet was received. the msg_control field in the msghdr structure points to
    a buffer that contains a cmsghdr structure followed by the struct
    sockaddr_dl. The cmsghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(struct sockaddr_dl)) cmsg_level = IPPROTO_IP cmsg_type = IP_RECVIF
If the IP_BINDANY option is enabled on a
    SOCK_STREAM, SOCK_DGRAM, or
    a SOCK_RAW socket, one can
    bind(2) to any address, even one
    not bound to any available network interface in the system. This
    functionality (in conjunction with special firewall rules) can be used for
    implementing a transparent proxy. The
    KAUTH_REQ_NETWORK_BIND_ANYADDR privilege is needed
    to set this option.
If the IP_RECVTTL option is enabled on a
    SOCK_DGRAM socket, the
    recvmsg(2) call will return
    the TTL of the received datagram. The msg_control field in the msghdr
    structure points to a buffer that contains a cmsghdr structure followed by
    the TTL value. The cmsghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(uint8_t)) cmsg_level = IPPROTO_IP cmsg_type = IP_RECVTTL
The IP_MINTTL option may be used on
    SOCK_DGRAM or SOCK_STREAM
    sockets to discard packets with a TTL lower than the option value. This can
    be used to implement the Generalized TTL Security Mechanism
    (GTSM) according to RFC 3682. To discard all packets with a TTL lower
    than 255:
int minttl = 255; setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
AF_INET sockets of
  type SOCK_DGRAM and SOCK_RAW,
  and only on networks where the interface driver supports multicasting.
The IP_MULTICAST_TTL option changes the
    time-to-live (TTL) for outgoing multicast datagrams in order to control the
    scope of the multicasts:
u_char ttl; /* range: 0 to 255, default = 1 */ setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl));
Datagrams with a TTL of 1 are not forwarded beyond the local network. Multicast datagrams with a TTL of 0 will not be transmitted on any network, but may be delivered locally if the sending host belongs to the destination group and if multicast loopback has not been disabled on the sending socket (see below). Multicast datagrams with TTL greater than 1 may be forwarded to other networks if a multicast router is attached to the local network.
For hosts with multiple interfaces, each multicast transmission is
    sent from the primary network interface. The
    IP_MULTICAST_IF option overrides the default for
    subsequent transmissions from a given socket:
struct in_addr addr; setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, sizeof(addr));
where "addr" is the local IP address of the desired
    interface or INADDR_ANY to specify the default
    interface. An interface's local IP address and multicast capability can be
    obtained via the SIOCGIFCONF and
    SIOCGIFFLAGS ioctls. An application may also specify
    an alternative to the default network interface by index:
struct uint32_t idx = htonl(ifindex); setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &idx, sizeof(idx));
where "ifindex" is an interface index as returned by if_nametoindex(3).
Normal applications should not need to use
    IP_MULTICAST_IF.
If a multicast datagram is sent to a group to which the sending
    host itself belongs (on the outgoing interface), a copy of the datagram is,
    by default, looped back by the IP layer for local delivery. The
    IP_MULTICAST_LOOP option gives the sender explicit
    control over whether or not subsequent datagrams are looped back:
u_char loop; /* 0 = disable, 1 = enable (default) */ setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop));
This option improves performance for applications that may have no more than one instance on a single host (such as a router demon), by eliminating the overhead of receiving their own transmissions. It should generally not be used by applications for which there may be more than one instance on a single host (such as a conferencing program) or for which the sender does not belong to the destination group (such as a time querying program).
A multicast datagram sent with an initial TTL greater than 1 may be delivered to the sending host on a different interface from that on which it was sent, if the host belongs to the destination group on that other interface. The loopback control option has no effect on such delivery.
A host must become a member of a multicast group before it can
    receive datagrams sent to the group. To join a multicast group, use the
    IP_ADD_MEMBERSHIP option:
struct ip_mreq mreq; setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
where mreq is the following structure:
struct ip_mreq {
    struct in_addr imr_multiaddr; /* multicast group to join */
    struct in_addr imr_interface; /* interface to join on */
}
imr_interface should be
    INADDR_ANY to choose the default multicast
    interface, or the IP address of a particular multicast-capable interface if
    the host is multihomed. Membership is associated with a single interface;
    programs running on multihomed hosts may need to join the same group on more
    than one interface. Up to IP_MAX_MEMBERSHIPS
    (currently 20) memberships may be added on a single socket.
To drop a membership, use:
struct ip_mreq mreq; setsockopt(s, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq));
where mreq contains the same values as used to add the membership. Memberships are dropped when the socket is closed or the process exits.
If proto is 0, the default protocol
    IPPROTO_RAW is used for outgoing packets, and only
    incoming packets destined for that protocol are received. If
    proto is non-zero, that protocol number will be used
    on outgoing packets and to filter incoming packets.
Outgoing packets automatically have an IP header prepended to them
    (based on the destination address and the protocol number the socket is
    created with), unless the IP_HDRINCL option has been
    set. Incoming packets are received with IP header and options intact.
IP_HDRINCL indicates the complete IP
    header is included with the data and may be used only with the
    SOCK_RAW type.
#include <netinet/ip.h> int hincl = 1; /* 1 = on, 0 = off */ setsockopt(s, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl));
Unlike previous BSD releases, the program must set all the fields of the IP header, including the following:
ip->ip_v = IPVERSION; ip->ip_hl = hlen >> 2; ip->ip_id = 0; /* 0 means kernel set appropriate value */ ip->ip_off = offset;
If the header source address is set to
    INADDR_ANY, the kernel will choose an appropriate
    address.
EACCES]EADDRNOTAVAIL]EISCONN]ENOBUFS]ENOTCONN]The following errors specific to IP may occur when setting or getting IP options:
EINVAL]IP_RECVPKTINFO option is used because it is directly
  compatible with Solaris, AIX, etc., and the IP_PKTINFO
  option is intended to be used in their manner, to set the default source
  address for outgoing packets on a SOCK_DGRAM or
  SOCK_RAW socket. For compatibility with Linux,
  however, if you attempt to set the IP_PKTINFO option,
  using an integer parameter as a boolean value, this will transparently
  manipulate the IP_RECVPKTINFO option instead. Source
  code compatibility with both environments is thus maintained.
Internet Protocol, RFC, 791, September 1981.
Host Extensions for IP Multicasting, RFC, 1112, August 1989.
Requirements for Internet Hosts — Communication Layers, RFC, 1122, October 1989.
ip protocol appeared in
  4.2BSD.
| September 8, 2020 | NetBSD 10.1 |