]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.socket.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tmpfiles.d: switch to stacked config dirs in /lib, /etc, /run
[thirdparty/systemd.git] / man / systemd.socket.xml
CommitLineData
1f812fea
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6<!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23-->
24
25<refentry id="systemd.socket">
26 <refentryinfo>
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.socket</refname>
47 <refpurpose>systemd socket configuration files</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>systemd.socket</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
65232ea7
LP		 57 <para>A unit configuration file whose name ends in
58 <filename>.socket</filename> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
61 activation.</para>
1f812fea
LP		 62
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
cdb788e4 69 socket specific configuration options are configured
1f812fea
LP		 70 in the [Socket] section.</para>
71
72 <para>Additional options are listed in
ba60f905
LP		 73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
78 <option>ExecStoptPost=</option> commands are executed
79 in.</para>
1f812fea 80
65232ea7
LP		 81 <para>For each socket file a matching service file
82 (see
83 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
84 for details) must exist, describing the service to
85 start on incoming traffic on the socket. Depending on
b439c6ee 86 the setting of <option>Accept=</option> (see below),
65232ea7
LP		 87 this must either be named like the socket unit, but
88 with the suffix replaced; or it must be a template
89 file named the same way. Example: a socket file
1f812fea
LP		 90 <filename>foo.socket</filename> needs a matching
91 service <filename>foo.service</filename> if
92 <option>Accept=false</option> is set. If
93 <option>Accept=true</option> is set a service template
94 file <filename>foo@.service</filename> must exist from
95 which services are instantiated for each incoming
96 connection.</para>
65232ea7 97
62adf224
LP		 98 <para>Unless <varname>DefaultDependencies=</varname>
99 is set to <option>false</option>, socket units will
100 implicitly have dependencies of type
101 <varname>Requires=</varname> and
102 <varname>After=</varname> on
103 <filename>sysinit.target</filename> as well as
104 dependencies of type <varname>Conflicts=</varname> and
105 <varname>Before=</varname> on
106 <filename>shutdown.target</filename>. These ensure
107 that socket units pull in basic system
108 initialization, and are terminated cleanly prior to
109 system shutdown. Only sockets involved with early
110 boot or late system shutdown should disable this
111 option.</para>
112
65232ea7 113 <para>Socket units may be used to implement on-demand
b439c6ee 114 starting of services, as well as parallelized starting
65232ea7 115 of services.</para>
be039669
LP		 116
117 <para>Note that the daemon software configured for
118 socket activation with socket units needs to be able
119 to accept sockets from systemd, either via systemd's
120 native socket passing interface (see
121 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
122 for details) or via the traditional
123 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
124 socket passing (i.e. sockets passed in via STDIN and
125 STDOUT, using <varname>StandardInput=socket</varname>
126 in the service file).</para>
1f812fea
LP		 127 </refsect1>
128
129 <refsect1>
130 <title>Options</title>
131
132 <para>Socket files must include a [Socket] section,
133 which carries information about the socket or FIFO it
134 supervises. A number of options that may be used in
135 this section are shared with other unit types. These
136 options are documented in
137 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
65232ea7 138 options specific to the [Socket] section of socket
1f812fea
LP		 139 units are the following:</para>
140
141 <variablelist>
142 <varlistentry>
143 <term><varname>ListenStream=</varname></term>
144 <term><varname>ListenDatagram=</varname></term>
145 <term><varname>ListenSequentialPacket=</varname></term>
146 <listitem><para>Specifies an address
147 to listen on for a stream
148 (SOCK_STREAM), datagram (SOCK_DGRAM)
149 resp. sequential packet
150 (SOCK_SEQPACKET) socket. The address
151 can be written in various formats:</para>
152
153 <para>If the address starts with a
154 slash (/), it is read as file system
155 socket in the AF_UNIX socket
156 family.</para>
157
158 <para>If the address starts with an
159 ampersand (@) it is read as abstract
160 namespace socket in the AF_UNIX
161 family. The @ is replaced with a NUL
162 character before binding. For details
163 see
164 <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
165
166 <para>If the address string is a
167 single number it is read as port
168 number to listen on for both IPv4 and
169 IPv6.</para>
170
171 <para>If the address string is a
172 string in the format v.w.x.y:z it is
173 read as IPv4 specifier for listening
174 on an address v.w.x.y on a port
175 z.</para>
176
177 <para>If the address string is a
178 string in the format [x]:y it is read
179 as IPv6 address x on a port y.</para>
180
181 <para>Note that SOCK_SEQPACKET
182 (i.e. <varname>ListenSequentialPacket=</varname>)
183 is only available for AF_UNIX
184 sockets. SOCK_STREAM
185 (i.e. <varname>ListenStream=</varname>)
186 when used for IP sockets refers to TCP
187 sockets, SOCK_DGRAM
188 (i.e. <varname>ListenDatagram=</varname>)
189 to UDP.</para>
190
191 <para>These options may be specified
192 more than once in which case incoming
193 traffic on any of the sockets will trigger
194 service activation, and all listed
195 sockets will be passed to the service,
196 regardless whether there is incoming
197 traffic on them or not.</para>
198
b439c6ee 199 <para>If an IP address is used here, it
1f812fea
LP		 200 is often desirable to listen on it
201 before the interface it is configured
202 on is up and running, and even
203 regardless whether it will be up and
204 running ever at all. To deal with this it is
205 recommended to set the
206 <varname>FreeBind=</varname> option
207 described below.</para></listitem>
208 </varlistentry>
209
210 <varlistentry>
211 <term><varname>ListenFIFO=</varname></term>
212 <listitem><para>Specifies a file
213 system FIFO to listen on. This expects
214 an absolute file system path as
215 argument. Behaviour otherwise is very
216 similar to the
217 <varname>ListenDatagram=</varname>
7a22745a
LP		 218 directive above.</para></listitem>
219 </varlistentry>
220
b0a3f2bc
LP		 221 <varlistentry>
222 <term><varname>ListenSpecial=</varname></term>
223 <listitem><para>Specifies a special
224 file in the file system to listen
225 on. This expects an absolute file
226 system path as argument. Behaviour
227 otherwise is very similar to the
228 <varname>ListenFIFO=</varname>
229 directive above. Use this to open
230 character device nodes as well as
231 special files in
232 <filename>/proc</filename> and
233 <filename>/sys</filename>.</para></listitem>
234 </varlistentry>
235
7a22745a
LP		 236 <varlistentry>
237 <term><varname>ListenNetlink=</varname></term>
238 <listitem><para>Specifies a Netlink
239 family to create a socket for to
240 listen on. This expects a short string
241 referring to the AF_NETLINK family
242 name (such as <varname>audit</varname>
243 or <varname>kobject-uevent</varname>)
244 as argument, optionally suffixed by a
245 whitespace followed by a multicast
246 group integer. Behaviour otherwise is
247 very similar to the
248 <varname>ListenDatagram=</varname>
1f812fea
LP		 249 directive above.</para></listitem>
250 </varlistentry>
251
252 <varlistentry>
253 <term><varname>BindIPv6Only=</varname></term>
254 <listitem><para>Takes a one of
255 <option>default</option>,
256 <option>both</option> or
257 <option>ipv6-only</option>. Controls
258 the IPV6_V6ONLY socket option (see
259 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
260 for details). If
261 <option>both</option>, IPv6 sockets
262 bound will be accessible via both IPv4
263 and IPv6. If
264 <option>ipv6-only</option>, they will
265 be accessible via IPv6 only. If
266 <option>default</option> (which is the
267 default, surprise!) the system wide
268 default setting is used, as controlled
269 by
270 <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
271 </listitem>
272 </varlistentry>
273
274 <varlistentry>
275 <term><varname>Backlog=</varname></term>
276 <listitem><para>Takes an unsigned
277 integer argument. Specifies the number
278 of connections to queue that have not
279 been accepted yet. This setting
280 matters only for stream and sequential
281 packet sockets. See
282 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
283 for details. Defaults to SOMAXCONN
284 (128).</para></listitem>
285 </varlistentry>
286
287 <varlistentry>
288 <term><varname>BindToDevice=</varname></term>
289 <listitem><para>Specifies a network
290 interface name to bind this socket
291 to. If set traffic will only be
292 accepted from the specified network
293 interfaces. This controls the
294 SO_BINDTODEVICE socket option (see
295 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
b439c6ee 296 for details). If this option is used,
1f812fea
LP		 297 an automatic dependency from this
298 socket unit on the network interface
299 device unit
300 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
301 is created.</para></listitem>
302 </varlistentry>
303
304 <varlistentry>
305 <term><varname>DirectoryMode=</varname></term>
306 <listitem><para>If listening on a file
b439c6ee 307 system socket of FIFO, the parent
1f812fea
LP		 308 directories are automatically created
309 if needed. This option specifies the
310 file system access mode used when
dd1eb43b
LP		 311 creating these directories. Takes an
312 access mode in octal
313 notation. Defaults to
314 0755.</para></listitem>
1f812fea
LP		 315 </varlistentry>
316
317 <varlistentry>
318 <term><varname>SocketMode=</varname></term>
319 <listitem><para>If listening on a file
b439c6ee 320 system socket of FIFO, this option
1f812fea
LP		 321 specifies the file system access mode
322 used when creating the file
dd1eb43b
LP		 323 node. Takes an access mode in octal
324 notation. Defaults to
1f812fea
LP		 325 0666.</para></listitem>
326 </varlistentry>
327
328 <varlistentry>
329 <term><varname>Accept=</varname></term>
330 <listitem><para>Takes a boolean
b439c6ee 331 argument. If true, a service instance
1f812fea
LP		 332 is spawned for each incoming
333 connection and only the connection
b439c6ee 334 socket is passed to it. If false, all
1f812fea
LP		 335 listening sockets themselves are
336 passed to the started service unit,
337 and only one service unit is spawned
338 for all connections (also see
339 above). This value is ignored for
340 datagram sockets and FIFOs where
b439c6ee 341 a single service unit unconditionally
1f812fea
LP		 342 handles all incoming traffic. Defaults
343 to <option>false</option>. For
b439c6ee 344 performance reasons, it is recommended
1f812fea
LP		 345 to write new daemons only in a way
346 that is suitable for
347 <option>Accept=false</option>. This
348 option is mostly useful to allow
349 daemons designed for usage with
b439c6ee
KS		 350 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
351 to work unmodified with systemd socket
1f812fea
LP		 352 activation.</para></listitem>
353 </varlistentry>
354
355 <varlistentry>
356 <term><varname>MaxConnections=</varname></term>
357 <listitem><para>The maximum number of
358 connections to simultaneously run
359 services instances for, when
360 <option>Accept=true</option> is
361 set. If more concurrent connections
b439c6ee 362 are coming in, they will be refused
1f812fea
LP		 363 until at least one existing connection
364 is terminated. This setting has no
365 effect for sockets configured with
366 <option>Accept=no</option> or datagram
367 sockets. Defaults to
368 64.</para></listitem>
369 </varlistentry>
370
371 <varlistentry>
372 <term><varname>KeepAlive=</varname></term>
373 <listitem><para>Takes a boolean
374 argument. If true, the TCP/IP stack
375 will send a keep alive message after
376 2h (depending on the configuration of
377 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
378 for all TCP streams accepted on this
379 socket. This controls the SO_KEEPALIVE
380 socket option (see
381 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
382 and the <ulink
383 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
384 Keepalive HOWTO</ulink> for details.)
385 Defaults to
386 <option>false</option>.</para></listitem>
387 </varlistentry>
388
389 <varlistentry>
390 <term><varname>Priority=</varname></term>
391 <listitem><para>Takes an integer
392 argument controlling the priority for
393 all traffic sent from this
394 socket. This controls the SO_PRIORITY
395 socket option (see
396 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
397 for details.).</para></listitem>
398 </varlistentry>
399
400 <varlistentry>
401 <term><varname>ReceiveBuffer=</varname></term>
402 <term><varname>SendBuffer=</varname></term>
403 <listitem><para>Takes an integer
404 argument controlling the receive
405 resp. send buffer sizes of this
406 socket. This controls the SO_RCVBUF
407 resp. SO_SNDBUF socket options (see
408 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
409 for details.).</para></listitem>
410 </varlistentry>
411
412 <varlistentry>
413 <term><varname>IPTOS=</varname></term>
414 <listitem><para>Takes an integer
415 argument controlling the IP
416 Type-Of-Service field for packets
417 generated from this socket. This
418 controls the IP_TOS socket option (see
419 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
420 for details.). Either a numeric string
421 or one of <option>low-delay</option>,
422 <option>throughput</option>,
423 <option>reliability</option> or
424 <option>low-cost</option> may be
425 specified.</para></listitem>
426 </varlistentry>
427
428 <varlistentry>
429 <term><varname>IPTTL=</varname></term>
430 <listitem><para>Takes an integer
431 argument controlling the IPv4
432 Time-To-Live/IPv6 Hop-Count field for
433 packets generated from this
434 socket. This sets the
435 IP_TTL/IPV6_UNICAST_HOPS socket
436 options (see
437 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
438 and
439 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
440 for details.)</para></listitem>
441 </varlistentry>
442
443 <varlistentry>
444 <term><varname>Mark=</varname></term>
445 <listitem><para>Takes an integer
446 value. Controls the firewall mark of
447 packets generated by this socket. This
448 can be used in the firewall logic to
449 filter packets from this socket. This
450 sets the SO_MARK socket option. See
451 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
452 for details.</para></listitem>
453 </varlistentry>
454
455 <varlistentry>
456 <term><varname>PipeSize=</varname></term>
457 <listitem><para>Takes an integer
458 value. Controls the pipe buffer size
459 of FIFOs configured in this socket
460 unit. See
461 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
462 for details.</para></listitem>
463 </varlistentry>
464
465 <varlistentry>
466 <term><varname>FreeBind=</varname></term>
467 <listitem><para>Takes a boolean
468 value. Controls whether the socket can
469 be bound to non-local IP
470 addresses. This is useful to configure
471 sockets listening on specific IP
472 addresses before those IP addresses
473 are successfully configured on a
474 network interface. This sets the
475 IP_FREEBIND socket option. For
476 robustness reasons it is recommended
477 to use this option whenever you bind a
478 socket to a specific IP
479 address. Defaults to <option>false</option>.</para></listitem>
480 </varlistentry>
481
cebf8b20
TT		 482 <varlistentry>
483 <term><varname>TCPCongestion=</varname></term>
484 <listitem><para>Takes a string
485 value. Controls the TCP congestion
486 algorithm used by this socket. Should
487 be one of "westwood", "veno", "cubic",
488 "lp" or any other available algorithm
489 supported by the IP stack. This
490 setting applies only to stream
491 sockets.</para></listitem>
492 </varlistentry>
493
1f812fea
LP		 494 <varlistentry>
495 <term><varname>ExecStartPre=</varname></term>
496 <term><varname>ExecStartPost=</varname></term>
b3eaa628
LP		 497 <listitem><para>Takes one or more
498 command lines, which are executed
499 before (resp. after) the listening
500 sockets/FIFOs are created and
1f812fea
LP		 501 bound. The first token of the command
502 line must be an absolute file name,
503 then followed by arguments for the
b3eaa628
LP		 504 process. Multiple command lines may be
505 specified following the same scheme as
506 used for
507 <varname>ExecStartPre=</varname> of
508 service unit files.</para></listitem>
1f812fea
LP		 509 </varlistentry>
510
511 <varlistentry>
512 <term><varname>ExecStopPre=</varname></term>
513 <term><varname>ExecStopPost=</varname></term>
514 <listitem><para>Additional commands
515 that are executed before (resp. after)
516 the listening sockets/FIFOs are closed
b3eaa628
LP		 517 and removed. Multiple command lines
518 may be specified following the same
519 scheme as used for
520 <varname>ExecStartPre=</varname> of
521 service unit files.</para></listitem>
1f812fea
LP		 522 </varlistentry>
523
1f812fea
LP		 524 <varlistentry>
525 <term><varname>TimeoutSec=</varname></term>
526 <listitem><para>Configures the time to
527 wait for the commands specified in
528 <varname>ExecStartPre=</varname>,
529 <varname>ExecStartPost=</varname>,
530 <varname>ExecStopPre=</varname> and
531 <varname>ExecStopPost=</varname> to
b439c6ee
KS		 532 finish. If a command does not exit
533 within the configured time, the socket
1f812fea 534 will be considered failed and be shut
b439c6ee 535 down again. All commands still running,
1f812fea
LP		 536 will be terminated forcibly via
537 SIGTERM, and after another delay of
538 this time with SIGKILL. (See
cdb788e4 539 <option>KillMode=</option> below.)
1f812fea
LP		 540 Takes a unit-less value in seconds, or
541 a time span value such as "5min
542 20s". Pass 0 to disable the timeout
543 logic. Defaults to
05677bb7 544 3min.</para></listitem>
1f812fea
LP		 545 </varlistentry>
546
1f812fea
LP		 547 <varlistentry>
548 <term><varname>KillMode=</varname></term>
549 <listitem><para>Specifies how
cdb788e4 550 processes of this socket unit shall be
1f812fea
LP		 551 killed. One of
552 <option>control-group</option>,
1f812fea
LP		 553 <option>process</option>,
554 <option>none</option>.</para>
555
556 <para>This option is mostly equivalent
557 to the <option>KillMode=</option>
558 option of service files. See
559 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
560 for details.</para></listitem>
561 </varlistentry>
d9ff321a 562
2292707d
LP		 563 <varlistentry>
564 <term><varname>KillSignal=</varname></term>
565 <listitem><para>Specifies which signal
566 to use when killing a process of this
567 socket. Defaults to SIGTERM.
568 </para></listitem>
569 </varlistentry>
570
ba035df2
LP		 571 <varlistentry>
572 <term><varname>SendSIGKILL=</varname></term>
573 <listitem><para>Specifies whether to
574 send SIGKILL to remaining processes
575 after a timeout, if the normal
576 shutdown procedure left processes of
577 the socket around. Takes a boolean
578 value. Defaults to "yes".
579 </para></listitem>
580 </varlistentry>
581
d9ff321a
LP		 582 <varlistentry>
583 <term><varname>Service=</varname></term>
584 <listitem><para>Specifies the service
585 unit name to activate on incoming
586 traffic. This defaults to the service
587 that bears the same name as the socket
588 (ignoring the different suffixes). In
589 most cases it should not be necessary
590 to use this option.</para></listitem>
591 </varlistentry>
592
1f812fea
LP		 593 </variablelist>
594 </refsect1>
595
596 <refsect1>
597 <title>See Also</title>
598 <para>
f3e219a2 599 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1f812fea
LP		 600 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
601 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
602 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
603 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
604 </para>
605 </refsect1>
606
607</refentry>
Unnamed repository; edit this file 'description' to name the repository.