For non-global zones that are configured to use the shared-IP instance, the following restrictions apply.
The socket(3SOCKET) function requires the PRIV_NET_RAWACCESS privilege to create a raw socket with the protocol set to IPPROTO_RAW or IPPROTO_IGMP. This limitation affects applications that use raw sockets or need to create or inspect TCP/IP headers.
The t_open(3NSL) function requires the PRIV_NET_RAWACCESS privilege to establish a transport endpoint. This limitation affects applications that use the /dev/rawip device to implement network protocols as wall as applications that operate on TCP/IP headers.
No NIC devices that support the DLPI programming interface are accessible in a shared-IP non-global zone.
Each non-global shared-IP zone has its own logical network and loopback interface. Bindings between upper layer streams and logical interfaces are restricted such that a stream may only establish bindings to logical interfaces in the same zone. Likewise, packets from a logical interface can only be passed to upper layer streams in the same zone as the logical interface. Bindings to the loopback address are kept within a zone with one exception: When a stream in one zone attempts to access the IP address of an interface in another zone. While applications within a zone can bind to privileged network ports, they have no control over the network configuration, including IP addresses and the routing table.
Note that these restrictions do not apply to exclusive-IP zones.