systemd.socket.xml revision 3ba3a79df4ae094d1008c04a9af8d1ff970124c4
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User This file is part of systemd.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Copyright 2010 Lennart Poettering
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater systemd is free software; you can redistribute it and/or modify it
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater under the terms of the GNU Lesser General Public License as published by
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater the Free Software Foundation; either version 2.1 of the License, or
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (at your option) any later version.
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User systemd is distributed in the hope that it will be useful, but
b6b8f8a0362da8c749021c4b6376cfb96047912bTinderbox User WITHOUT ANY WARRANTY; without even the implied warranty of
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Lesser General Public License for more details.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater You should have received a copy of the GNU Lesser General Public License
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater along with systemd; If not, see <http://www.gnu.org/licenses/>.
b6b8f8a0362da8c749021c4b6376cfb96047912bTinderbox User <refentryinfo>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </authorgroup>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </refentryinfo>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <refentrytitle>systemd.socket</refentrytitle>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <refpurpose>Socket unit configuration</refpurpose>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </refnamediv>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <refsynopsisdiv>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <para><filename><replaceable>socket</replaceable>.socket</filename></para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </refsynopsisdiv>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>A unit configuration file whose name ends in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <literal>.socket</literal> encodes information about an IPC or
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User network socket or a file system FIFO controlled and supervised by
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User systemd, for socket-based activation.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>This man page lists the configuration options specific to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User this unit type. See
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User for the common options of all unit configuration files. The common
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User configuration items are configured in the generic [Unit] and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [Install] sections. The socket specific configuration options are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User configured in the [Socket] section.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>Additional options are listed in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which define the execution environment the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <option>ExecStartPre=</option>, <option>ExecStartPost=</option>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <option>ExecStopPre=</option> and <option>ExecStopPost=</option>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User commands are executed in, and in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which define the way the processes are terminated, and in
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which configure resource control settings for the processes of the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User socket.</para>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <para>For each socket file, a matching service file must exist,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater describing the service to start on incoming traffic on the socket
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater for more information about .service files). The name of the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater .service unit is by default the same as the name of the .socket
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater unit, but can be altered with the <option>Service=</option> option
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User described below. Depending on the setting of the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <option>Accept=</option> option described below, this .service
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt unit must either be named like the .socket unit, but with the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater suffix replaced, unless overridden with <option>Service=</option>;
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater or it must be a template unit named the same way. Example: a
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater socket file <filename>foo.socket</filename> needs a matching
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater service <filename>foo.service</filename> if
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <option>Accept=true</option> is set, a service template file
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <filename>foo@.service</filename> must exist from which services
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater are instantiated for each incoming connection.</para>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <para>Unless <varname>DefaultDependencies=</varname> is set to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <option>false</option>, socket units will implicitly have
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User dependencies of type <varname>Requires=</varname> and
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater <varname>After=</varname> on <filename>sysinit.target</filename>
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater as well as dependencies of type <varname>Conflicts=</varname> and
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <filename>shutdown.target</filename>. These ensure that socket
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User units pull in basic system initialization, and are terminated
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User cleanly prior to system shutdown. Only sockets involved with early
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User boot or late system shutdown should disable this option.</para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <para>Socket units will have a <varname>Before=</varname>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User dependency on the service which they trigger added implicitly. No
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater <varname>RequiredBy=</varname> dependency from the socket to the
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater service is added. This means that the service may be started
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater without the socket, in which case it must be able to open sockets
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt by itself. To prevent this, an explicit
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>Requires=</varname> dependency may be added.</para>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>Socket units may be used to implement on-demand starting of
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User services, as well as parallelized starting of services. See the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User blog stories linked at the end for an introduction.</para>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>Note that the daemon software configured for socket
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater activation with socket units needs to be able to accept sockets
ed4475f3f583f6137b4ff7fea775c5363a4fdb29Automatic Updater from systemd, either via systemd's native socket passing interface
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater for details) or via the traditional
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater socket passing (i.e. sockets passed in via standard input and
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater output, using <varname>StandardInput=socket</varname> in the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater service file).</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>Socket files must include a [Socket] section, which carries
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User information about the socket or FIFO it supervises. A number of
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User options that may be used in this section are shared with other
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User unit types. These options are documented in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User The options specific to the [Socket] section of socket units are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the following:</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>ListenStream=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>ListenDatagram=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>ListenSequentialPacket=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Specifies an address to listen on for a stream
e57ec8c5016d781ccbe9785898fd7c6df887d99fTinderbox User (<constant>SOCK_DGRAM</constant>), or sequential packet
e57ec8c5016d781ccbe9785898fd7c6df887d99fTinderbox User (<constant>SOCK_SEQPACKET</constant>) socket, respectively.
e57ec8c5016d781ccbe9785898fd7c6df887d99fTinderbox User The address can be written in various formats:</para>
e57ec8c5016d781ccbe9785898fd7c6df887d99fTinderbox User <para>If the address starts with a slash
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User (<literal>/</literal>), it is read as file system socket in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the <constant>AF_UNIX</constant> socket family.</para>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>If the address starts with an at symbol
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User (<literal>@</literal>), it is read as abstract namespace
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt socket in the <constant>AF_UNIX</constant> family. The
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <constant>NUL</constant> character before binding. For
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>If the address string is a single number, it is read as
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User port number to listen on via IPv6. Depending on the value of
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>BindIPv6Only=</varname> (see below) this might result
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User in the service being available via both IPv6 and IPv4
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (default) or just via IPv6.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>If the address string is a string in the format
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User v.w.x.y:z, it is read as IPv4 specifier for listening on an
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>If the address string is a string in the format [x]:y,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt it is read as IPv6 address x on a port y. Note that this might
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt make the service available via IPv4, too, depending on the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <varname>BindIPv6Only=</varname> setting (see below).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>ListenSequentialPacket=</varname>) is only available
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>ListenStream=</varname>) when used for IP sockets
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User refers to TCP sockets, <constant>SOCK_DGRAM</constant> (i.e.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varname>ListenDatagram=</varname>) to UDP.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>These options may be specified more than once in which
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User case incoming traffic on any of the sockets will trigger
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User service activation, and all listed sockets will be passed to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User the service, regardless of whether there is incoming traffic
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on them or not. If the empty string is assigned to any of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User these options, the list of addresses to listen on is reset,
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User all prior uses of any of these options will have no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User effect.</para>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>It is also possible to have more than one socket unit
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for the same service when using <varname>Service=</varname>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and the service will receive all the sockets configured in all
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User the socket units. Sockets configured in one unit are passed in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the order of configuration, but no ordering between socket
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User units is specified.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>If an IP address is used here, it is often desirable to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User listen on it before the interface it is configured on is up
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User and running, and even regardless of whether it will be up and
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User running at any point. To deal with this, it is recommended to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User set the <varname>FreeBind=</varname> option described
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Specifies a file system FIFO to listen on.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User This expects an absolute file system path as argument.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Behavior otherwise is very similar to the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>ListenSpecial=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Specifies a special file in the file system to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User listen on. This expects an absolute file system path as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User argument. Behavior otherwise is very similar to the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>ListenFIFO=</varname> directive above. Use this to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User open character device nodes as well as special files in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>ListenNetlink=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Specifies a Netlink family to create a socket
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for to listen on. This expects a short string referring to the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <constant>AF_NETLINK</constant> family name (such as
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>audit</varname> or <varname>kobject-uevent</varname>)
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User as argument, optionally suffixed by a whitespace followed by a
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User multicast group integer. Behavior otherwise is very similar to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the <varname>ListenDatagram=</varname> directive
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>ListenMessageQueue=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Specifies a POSIX message queue name to listen
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on. This expects a valid message queue name (i.e. beginning
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User with /). Behavior otherwise is very similar to the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varname>ListenFIFO=</varname> directive above. On Linux
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User message queue descriptors are actually file descriptors and
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User can be inherited between processes.</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>BindIPv6Only=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a one of <option>default</option>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <option>both</option> or <option>ipv6-only</option>. Controls
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the IPV6_V6ONLY socket option (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for details). If <option>both</option>, IPv6 sockets bound
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User will be accessible via both IPv4 and IPv6. If
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <option>ipv6-only</option>, they will be accessible via IPv6
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User only. If <option>default</option> (which is the default,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User surprise!), the system wide default setting is used, as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User controlled by
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <filename>/proc/sys/net/ipv6/bindv6only</filename>, which in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User turn defaults to the equivalent of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes an unsigned integer argument. Specifies
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User the number of connections to queue that have not been accepted
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User yet. This setting matters only for stream and sequential
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User packet sockets. See
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for details. Defaults to SOMAXCONN (128).</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox User <term><varname>BindToDevice=</varname></term>
281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox User <listitem><para>Specifies a network interface name to bind
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User this socket to. If set, traffic will only be accepted from the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specified network interfaces. This controls the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User SO_BINDTODEVICE socket option (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for details). If this option is used, an automatic dependency
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User from this socket unit on the network interface device unit
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a UNIX user/group name. When specified,
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User all AF_UNIX sockets and FIFO nodes in the file system are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User owned by the specified user and group. If unset (the default),
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the nodes are owned by the root user/group (if run in system
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater context) or the invoking user/group (if run in user context).
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater If only a user is specified but no group, then the group is
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater derived from the user's default group.</para></listitem>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <term><varname>SocketMode=</varname></term>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>If listening on a file system socket or FIFO,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater this option specifies the file system access mode used when
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater creating the file node. Takes an access mode in octal
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater notation. Defaults to 0666.</para></listitem>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <term><varname>DirectoryMode=</varname></term>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>If listening on a file system socket or FIFO,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater the parent directories are automatically created if needed.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater This option specifies the file system access mode used when
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt creating these directories. Takes an access mode in octal
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater notation. Defaults to 0755.</para></listitem>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Takes a boolean argument. If true, a service
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater instance is spawned for each incoming connection and only the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User connection socket is passed to it. If false, all listening
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater sockets themselves are passed to the started service unit, and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt only one service unit is spawned for all connections (also see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User above). This value is ignored for datagram sockets and FIFOs
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User where a single service unit unconditionally handles all
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User incoming traffic. Defaults to <option>false</option>. For
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User performance reasons, it is recommended to write new daemons
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User only in a way that is suitable for
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <option>Accept=false</option>. A daemon listening on an
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <constant>AF_UNIX</constant> socket may, but does not need to,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User on the received socket before exiting. However, it must not
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User unlink the socket from a file system. It should not invoke
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User on sockets it got with <varname>Accept=false</varname>, but it
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User may do so for sockets it got with
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>Accept=true</varname> is mostly useful to allow
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User daemons designed for usage with
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User to work unmodified with systemd socket
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User activation.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will contain the remote port. This is the same as the format used by CGI.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User For SOCK_RAW the port is the IP protocol.</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>MaxConnections=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>The maximum number of connections to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User simultaneously run services instances for, when
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <option>Accept=true</option> is set. If more concurrent
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User connections are coming in, they will be refused until at least
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt one existing connection is terminated. This setting has no
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User effect on sockets configured with
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <option>Accept=false</option> or datagram sockets. Defaults to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a boolean argument. If true, the TCP/IP
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater stack will send a keep alive message after 2h (depending on
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the configuration of
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for all TCP streams accepted on this socket. This controls the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User SO_KEEPALIVE socket option (see
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User and the <ulink
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Keepalive HOWTO</ulink> for details.) Defaults to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>KeepAliveTimeSec=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes time (in seconds) as argument . The connection needs to remain
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater socket option (see
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User and the <ulink
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Keepalive HOWTO</ulink> for details.)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Defaults value is 7200 seconds (2 hours).</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>KeepAliveIntervalSec=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes time (in seconds) as argument between
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User individual keepalive probes, if the socket option SO_KEEPALIVE
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater has been set on this socket seconds as argument. This controls
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the TCP_KEEPINTVL socket option (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User and the <ulink
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Keepalive HOWTO</ulink> for details.) Defaults value is 75
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>KeepAliveProbes=</varname></term>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Takes integer as argument. It's the number of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt unacknowledged probes to send before considering the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User connection dead and notifying the application layer. This
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User controls the TCP_KEEPCNT socket option (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and the <ulink
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Keepalive HOWTO</ulink> for details.) Defaults value is
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a boolean argument. TCP Nagle's
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User algorithm works by combining a number of small outgoing
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User messages, and sending them all at once. This controls the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User TCP_NODELAY socket option (see
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Defaults to <option>false</option>.</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
24abfe433efd98bb2099b867fb14d049b2f1f531Tinderbox User <listitem><para>Takes an integer argument controlling the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User priority for all traffic sent from this socket. This controls
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the SO_PRIORITY socket option (see
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater <term><varname>DeferAcceptSec=</varname></term>
24abfe433efd98bb2099b867fb14d049b2f1f531Tinderbox User <listitem><para>Takes time (in seconds) as argument. If set,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the listening process will be awakened only when data arrives
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on the socket, and not immediately when connection is
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater established. When this option is set, the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <constant>TCP_DEFER_ACCEPT</constant> socket option will be
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>),
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and the kernel will ignore initial ACK packets without any
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User data. The argument specifies the approximate amount of time
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater the kernel should wait for incoming data before falling back
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater to the normal behaviour of honouring empty ACK packets. This
7c6b9b263898daf28d657f65dbd75c330ca4aa13Automatic Updater option is beneficial for protocols where the client sends the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User data first (e.g. HTTP, in contrast to SMTP), because the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User server process will not be woken up unnecessarily before it
b68a2d272b958eb2c40cce59ee33e71c5f5f521bTinderbox User can take any action.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <para>If the client also uses the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <constant>TCP_DEFER_ACCEPT</constant> option, the latency of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the initial connection may be reduced, because the kernel will
b68a2d272b958eb2c40cce59ee33e71c5f5f521bTinderbox User send data in the final packet establishing the connection (the
b68a2d272b958eb2c40cce59ee33e71c5f5f521bTinderbox User third packet in the "three-way handshake").</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes an integer argument controlling the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User receive or send buffer sizes of this socket, respectively.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This controls the SO_RCVBUF and SO_SNDBUF socket options (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for details.). The usual suffixes K, M, G are supported and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User are understood to the base of 1024.</para></listitem>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes an integer argument controlling the IP
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Type-Of-Service field for packets generated from this socket.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This controls the IP_TOS socket option (see
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for details.). Either a numeric string or one of
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <option>low-delay</option>, <option>throughput</option>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <option>reliability</option> or <option>low-cost</option> may
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes an integer argument controlling the IPv4
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Time-To-Live/IPv6 Hop-Count field for packets generated from
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User this socket. This sets the IP_TTL/IPV6_UNICAST_HOPS socket
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes an integer value. Controls the firewall
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User mark of packets generated by this socket. This can be used in
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater the firewall logic to filter packets from this socket. This
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt sets the SO_MARK socket option. See
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a boolean value. If true, allows
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User to this TCP or UDP port. This controls the SO_REUSEPORT socket
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <term><varname>SmackLabelIPIn=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a string value. Controls the extended
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User attributes <literal>security.SMACK64</literal>,
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <literal>security.SMACK64IPOUT</literal>, respectively, i.e.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User the security label of the FIFO, or the security label for the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User incoming or outgoing connections of the socket, respectively.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>SELinuxContextFromNet=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a boolean argument. When true, systemd
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User will attempt to figure out the SELinux label used for the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User instantiated service from the information handed by the peer
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User over the network. Note that only the security level is used
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User from the information provided by the peer. Other parts of the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User resulting SELinux context originate from either the target
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User binary that is effectively triggered by socket unit or from
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User the value of the <varname>SELinuxContext=</varname> option.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User This configuration option only affects sockets with
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <literal>true</literal>. Also note that this option is useful
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User only when MLS/MCS SELinux policy is deployed. Defaults to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <listitem><para>Takes a size in bytes. Controls the pipe
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User buffer size of FIFOs configured in this socket unit. See
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User for details. The usual suffixes K, M, G are supported and are
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User understood to the base of 1024.</para></listitem>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>MessageQueueMaxMessages=</varname>,
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varname>MessageQueueMessageSize=</varname></term>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>These two settings take integer values and
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User control the mq_maxmsg field or the mq_msgsize field,
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User respectively, when creating the message queue. Note that
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User either none or both of these variables need to be set. See
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry project='die-net'><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a boolean value. Controls whether the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User socket can be bound to non-local IP addresses. This is useful
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater to configure sockets listening on specific IP addresses before
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt those IP addresses are successfully configured on a network
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User interface. This sets the IP_FREEBIND socket option. For
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User robustness reasons it is recommended to use this option
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User whenever you bind a socket to a specific IP address. Defaults
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <listitem><para>Takes a boolean value. Controls the
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User IP_TRANSPARENT socket option. Defaults to
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Takes a boolean value. This controls the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt SO_BROADCAST socket option, which allows broadcast datagrams
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User to be sent from this socket. Defaults to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>PassCredentials=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a boolean value. This controls the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User SO_PASSCRED socket option, which allows
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <constant>AF_UNIX</constant> sockets to receive the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt credentials of the sending process in an ancillary message.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Defaults to <option>false</option>.</para></listitem>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>PassSecurity=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a boolean value. This controls the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User SO_PASSSEC socket option, which allows
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <constant>AF_UNIX</constant> sockets to receive the security
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt context of the sending process in an ancillary message.
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User Defaults to <option>false</option>.</para></listitem>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>TCPCongestion=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Takes a string value. Controls the TCP
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater congestion algorithm used by this socket. Should be one of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "westwood", "veno", "cubic", "lp" or any other available
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User algorithm supported by the IP stack. This setting applies only
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <term><varname>ExecStartPre=</varname></term>
b46346eb3026ba4bebc093bc93cfe159131e541eTinderbox User <term><varname>ExecStartPost=</varname></term>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <listitem><para>Takes one or more command lines, which are
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User executed before or after the listening sockets/FIFOs are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User created and bound, respectively. The first token of the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User command line must be an absolute filename, then followed by
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User arguments for the process. Multiple command lines may be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specified following the same scheme as used for
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varname>ExecStartPre=</varname> of service unit
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <term><varname>ExecStopPost=</varname></term>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Additional commands that are executed before
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User or after the listening sockets/FIFOs are closed and removed,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater respectively. Multiple command lines may be specified
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater following the same scheme as used for
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varname>ExecStartPre=</varname> of service unit
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <listitem><para>Configures the time to wait for the commands
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specified in <varname>ExecStartPre=</varname>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varname>ExecStopPost=</varname> to finish. If a command does
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User not exit within the configured time, the socket will be
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater considered failed and be shut down again. All commands still
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt running will be terminated forcibly via
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <constant>SIGTERM</constant>, and after another delay of this
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater time with <constant>SIGKILL</constant>. (See
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater Takes a unit-less value in seconds, or a time span value such
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater as "5min 20s". Pass <literal>0</literal> to disable the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater timeout logic. Defaults to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varname>DefaultTimeoutStartSec=</varname> from the manager
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater configuration file (see
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Specifies the service unit name to activate on
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater incoming traffic. This setting is only allowed for sockets
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater with <varname>Accept=no</varname>. It defaults to the service
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User that bears the same name as the socket (with the suffix
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater replaced). In most cases, it should not be necessary to use
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <term><varname>RemoveOnStop=</varname></term>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Takes a boolean argument. If enabled, any file
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater nodes created by this socket unit are removed when it is
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater stopped. This applies to AF_UNIX sockets in the file system,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater POSIX message queues, FIFOs, as well as any symlinks to them
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater configured with <varname>Symlinks=</varname>. Normally, it
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater should not be necessary to use this option, and is not
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater recommended as services might continue to run after the socket
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater unit has been terminated and it should still be possible to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater communicate with them via their file system node. Defaults to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <listitem><para>Takes a list of file system paths. The
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater specified paths will be created as symlinks to the AF_UNIX
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater socket path or FIFO path of this socket unit. If this setting
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater is used, only one AF_UNIX socket in the file system or one
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater FIFO may be configured for the socket unit. Use this option to
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater manage one or more symlinked alias names for a socket, binding
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater their lifecycle together. Defaults to the empty
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </variablelist>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater for more settings.</para>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
548a24c3d36837aa5f0e64f7bb8c7308909ffa89Tinderbox User <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User For more extensive descriptions see the "systemd for Developers" series:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.