]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.socket.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
man: clarify a few things
[thirdparty/systemd.git] / man / systemd.socket.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6 <!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 -->
24
25 <refentry id="systemd.socket">
26 <refentryinfo>
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.socket</refname>
47 <refpurpose>systemd socket configuration files</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>systemd.socket</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
57 <para>A unit configuration file whose name ends in
58 <filename>.socket</filename> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
61 activation.</para>
62
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
69 socket specific configuration options are configured
70 in the [Socket] section.</para>
71
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
78 <option>ExecStoptPost=</option> commands are executed
79 in.</para>
80
81 <para>For each socket file a matching service file
82 (see
83 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
84 for details) must exist, describing the service to
85 start on incoming traffic on the socket. Depending on
86 the setting of <option>Accept=</option> (see below),
87 this must either be named like the socket unit, but
88 with the suffix replaced; or it must be a template
89 file named the same way. Example: a socket file
90 <filename>foo.socket</filename> needs a matching
91 service <filename>foo.service</filename> if
92 <option>Accept=false</option> is set. If
93 <option>Accept=true</option> is set a service template
94 file <filename>foo@.service</filename> must exist from
95 which services are instantiated for each incoming
96 connection.</para>
97
98 <para>Unless <varname>DefaultDependencies=</varname>
99 is set to <option>false</option>, socket units will
100 implicitly have dependencies of type
101 <varname>Requires=</varname> and
102 <varname>After=</varname> on
103 <filename>sysinit.target</filename> as well as
104 dependencies of type <varname>Conflicts=</varname> and
105 <varname>Before=</varname> on
106 <filename>shutdown.target</filename>. These ensure
107 that socket units pull in basic system
108 initialization, and are terminated cleanly prior to
109 system shutdown. Only sockets involved with early
110 boot or late system shutdown should disable this
111 option.</para>
112
113 <para>Socket units may be used to implement on-demand
114 starting of services, as well as parallelized starting
115 of services.</para>
116
117 <para>Note that the daemon software configured for
118 socket activation with socket units needs to be able
119 to accept sockets from systemd, either via systemd's
120 native socket passing interface (see
121 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
122 for details) or via the traditional
123 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
124 socket passing (i.e. sockets passed in via STDIN and
125 STDOUT, using <varname>StandardInput=socket</varname>
126 in the service file).</para>
127 </refsect1>
128
129 <refsect1>
130 <title>Options</title>
131
132 <para>Socket files must include a [Socket] section,
133 which carries information about the socket or FIFO it
134 supervises. A number of options that may be used in
135 this section are shared with other unit types. These
136 options are documented in
137 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
138 options specific to the [Socket] section of socket
139 units are the following:</para>
140
141 <variablelist>
142 <varlistentry>
143 <term><varname>ListenStream=</varname></term>
144 <term><varname>ListenDatagram=</varname></term>
145 <term><varname>ListenSequentialPacket=</varname></term>
146 <listitem><para>Specifies an address
147 to listen on for a stream
148 (SOCK_STREAM), datagram (SOCK_DGRAM)
149 resp. sequential packet
150 (SOCK_SEQPACKET) socket. The address
151 can be written in various formats:</para>
152
153 <para>If the address starts with a
154 slash (/), it is read as file system
155 socket in the AF_UNIX socket
156 family.</para>
157
158 <para>If the address starts with an
159 ampersand (@) it is read as abstract
160 namespace socket in the AF_UNIX
161 family. The @ is replaced with a NUL
162 character before binding. For details
163 see
164 <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
165
166 <para>If the address string is a
167 single number it is read as port
168 number to listen on for both IPv4 and
169 IPv6.</para>
170
171 <para>If the address string is a
172 string in the format v.w.x.y:z it is
173 read as IPv4 specifier for listening
174 on an address v.w.x.y on a port
175 z.</para>
176
177 <para>If the address string is a
178 string in the format [x]:y it is read
179 as IPv6 address x on a port y.</para>
180
181 <para>Note that SOCK_SEQPACKET
182 (i.e. <varname>ListenSequentialPacket=</varname>)
183 is only available for AF_UNIX
184 sockets. SOCK_STREAM
185 (i.e. <varname>ListenStream=</varname>)
186 when used for IP sockets refers to TCP
187 sockets, SOCK_DGRAM
188 (i.e. <varname>ListenDatagram=</varname>)
189 to UDP.</para>
190
191 <para>These options may be specified
192 more than once in which case incoming
193 traffic on any of the sockets will trigger
194 service activation, and all listed
195 sockets will be passed to the service,
196 regardless whether there is incoming
197 traffic on them or not.</para>
198
199 <para>If an IP address is used here, it
200 is often desirable to listen on it
201 before the interface it is configured
202 on is up and running, and even
203 regardless whether it will be up and
204 running ever at all. To deal with this it is
205 recommended to set the
206 <varname>FreeBind=</varname> option
207 described below.</para></listitem>
208 </varlistentry>
209
210 <varlistentry>
211 <term><varname>ListenFIFO=</varname></term>
212 <listitem><para>Specifies a file
213 system FIFO to listen on. This expects
214 an absolute file system path as
215 argument. Behaviour otherwise is very
216 similar to the
217 <varname>ListenDatagram=</varname>
218 directive above.</para></listitem>
219 </varlistentry>
220
221 <varlistentry>
222 <term><varname>BindIPv6Only=</varname></term>
223 <listitem><para>Takes a one of
224 <option>default</option>,
225 <option>both</option> or
226 <option>ipv6-only</option>. Controls
227 the IPV6_V6ONLY socket option (see
228 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
229 for details). If
230 <option>both</option>, IPv6 sockets
231 bound will be accessible via both IPv4
232 and IPv6. If
233 <option>ipv6-only</option>, they will
234 be accessible via IPv6 only. If
235 <option>default</option> (which is the
236 default, surprise!) the system wide
237 default setting is used, as controlled
238 by
239 <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
240 </listitem>
241 </varlistentry>
242
243 <varlistentry>
244 <term><varname>Backlog=</varname></term>
245 <listitem><para>Takes an unsigned
246 integer argument. Specifies the number
247 of connections to queue that have not
248 been accepted yet. This setting
249 matters only for stream and sequential
250 packet sockets. See
251 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
252 for details. Defaults to SOMAXCONN
253 (128).</para></listitem>
254 </varlistentry>
255
256 <varlistentry>
257 <term><varname>BindToDevice=</varname></term>
258 <listitem><para>Specifies a network
259 interface name to bind this socket
260 to. If set traffic will only be
261 accepted from the specified network
262 interfaces. This controls the
263 SO_BINDTODEVICE socket option (see
264 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
265 for details). If this option is used,
266 an automatic dependency from this
267 socket unit on the network interface
268 device unit
269 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
270 is created.</para></listitem>
271 </varlistentry>
272
273 <varlistentry>
274 <term><varname>DirectoryMode=</varname></term>
275 <listitem><para>If listening on a file
276 system socket of FIFO, the parent
277 directories are automatically created
278 if needed. This option specifies the
279 file system access mode used when
280 creating these directories. Takes an
281 access mode in octal
282 notation. Defaults to
283 0755.</para></listitem>
284 </varlistentry>
285
286 <varlistentry>
287 <term><varname>SocketMode=</varname></term>
288 <listitem><para>If listening on a file
289 system socket of FIFO, this option
290 specifies the file system access mode
291 used when creating the file
292 node. Takes an access mode in octal
293 notation. Defaults to
294 0666.</para></listitem>
295 </varlistentry>
296
297 <varlistentry>
298 <term><varname>Accept=</varname></term>
299 <listitem><para>Takes a boolean
300 argument. If true, a service instance
301 is spawned for each incoming
302 connection and only the connection
303 socket is passed to it. If false, all
304 listening sockets themselves are
305 passed to the started service unit,
306 and only one service unit is spawned
307 for all connections (also see
308 above). This value is ignored for
309 datagram sockets and FIFOs where
310 a single service unit unconditionally
311 handles all incoming traffic. Defaults
312 to <option>false</option>. For
313 performance reasons, it is recommended
314 to write new daemons only in a way
315 that is suitable for
316 <option>Accept=false</option>. This
317 option is mostly useful to allow
318 daemons designed for usage with
319 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
320 to work unmodified with systemd socket
321 activation.</para></listitem>
322 </varlistentry>
323
324 <varlistentry>
325 <term><varname>MaxConnections=</varname></term>
326 <listitem><para>The maximum number of
327 connections to simultaneously run
328 services instances for, when
329 <option>Accept=true</option> is
330 set. If more concurrent connections
331 are coming in, they will be refused
332 until at least one existing connection
333 is terminated. This setting has no
334 effect for sockets configured with
335 <option>Accept=no</option> or datagram
336 sockets. Defaults to
337 64.</para></listitem>
338 </varlistentry>
339
340 <varlistentry>
341 <term><varname>KeepAlive=</varname></term>
342 <listitem><para>Takes a boolean
343 argument. If true, the TCP/IP stack
344 will send a keep alive message after
345 2h (depending on the configuration of
346 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
347 for all TCP streams accepted on this
348 socket. This controls the SO_KEEPALIVE
349 socket option (see
350 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
351 and the <ulink
352 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
353 Keepalive HOWTO</ulink> for details.)
354 Defaults to
355 <option>false</option>.</para></listitem>
356 </varlistentry>
357
358 <varlistentry>
359 <term><varname>Priority=</varname></term>
360 <listitem><para>Takes an integer
361 argument controlling the priority for
362 all traffic sent from this
363 socket. This controls the SO_PRIORITY
364 socket option (see
365 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
366 for details.).</para></listitem>
367 </varlistentry>
368
369 <varlistentry>
370 <term><varname>ReceiveBuffer=</varname></term>
371 <term><varname>SendBuffer=</varname></term>
372 <listitem><para>Takes an integer
373 argument controlling the receive
374 resp. send buffer sizes of this
375 socket. This controls the SO_RCVBUF
376 resp. SO_SNDBUF socket options (see
377 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
378 for details.).</para></listitem>
379 </varlistentry>
380
381 <varlistentry>
382 <term><varname>IPTOS=</varname></term>
383 <listitem><para>Takes an integer
384 argument controlling the IP
385 Type-Of-Service field for packets
386 generated from this socket. This
387 controls the IP_TOS socket option (see
388 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
389 for details.). Either a numeric string
390 or one of <option>low-delay</option>,
391 <option>throughput</option>,
392 <option>reliability</option> or
393 <option>low-cost</option> may be
394 specified.</para></listitem>
395 </varlistentry>
396
397 <varlistentry>
398 <term><varname>IPTTL=</varname></term>
399 <listitem><para>Takes an integer
400 argument controlling the IPv4
401 Time-To-Live/IPv6 Hop-Count field for
402 packets generated from this
403 socket. This sets the
404 IP_TTL/IPV6_UNICAST_HOPS socket
405 options (see
406 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
407 and
408 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
409 for details.)</para></listitem>
410 </varlistentry>
411
412 <varlistentry>
413 <term><varname>Mark=</varname></term>
414 <listitem><para>Takes an integer
415 value. Controls the firewall mark of
416 packets generated by this socket. This
417 can be used in the firewall logic to
418 filter packets from this socket. This
419 sets the SO_MARK socket option. See
420 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
421 for details.</para></listitem>
422 </varlistentry>
423
424 <varlistentry>
425 <term><varname>PipeSize=</varname></term>
426 <listitem><para>Takes an integer
427 value. Controls the pipe buffer size
428 of FIFOs configured in this socket
429 unit. See
430 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
431 for details.</para></listitem>
432 </varlistentry>
433
434 <varlistentry>
435 <term><varname>FreeBind=</varname></term>
436 <listitem><para>Takes a boolean
437 value. Controls whether the socket can
438 be bound to non-local IP
439 addresses. This is useful to configure
440 sockets listening on specific IP
441 addresses before those IP addresses
442 are successfully configured on a
443 network interface. This sets the
444 IP_FREEBIND socket option. For
445 robustness reasons it is recommended
446 to use this option whenever you bind a
447 socket to a specific IP
448 address. Defaults to <option>false</option>.</para></listitem>
449 </varlistentry>
450
451 <varlistentry>
452 <term><varname>TCPCongestion=</varname></term>
453 <listitem><para>Takes a string
454 value. Controls the TCP congestion
455 algorithm used by this socket. Should
456 be one of "westwood", "veno", "cubic",
457 "lp" or any other available algorithm
458 supported by the IP stack. This
459 setting applies only to stream
460 sockets.</para></listitem>
461 </varlistentry>
462
463 <varlistentry>
464 <term><varname>ExecStartPre=</varname></term>
465 <term><varname>ExecStartPost=</varname></term>
466 <listitem><para>Takes one or more
467 command lines, which are executed
468 before (resp. after) the listening
469 sockets/FIFOs are created and
470 bound. The first token of the command
471 line must be an absolute file name,
472 then followed by arguments for the
473 process. Multiple command lines may be
474 specified following the same scheme as
475 used for
476 <varname>ExecStartPre=</varname> of
477 service unit files.</para></listitem>
478 </varlistentry>
479
480 <varlistentry>
481 <term><varname>ExecStopPre=</varname></term>
482 <term><varname>ExecStopPost=</varname></term>
483 <listitem><para>Additional commands
484 that are executed before (resp. after)
485 the listening sockets/FIFOs are closed
486 and removed. Multiple command lines
487 may be specified following the same
488 scheme as used for
489 <varname>ExecStartPre=</varname> of
490 service unit files.</para></listitem>
491 </varlistentry>
492
493 <varlistentry>
494 <term><varname>TimeoutSec=</varname></term>
495 <listitem><para>Configures the time to
496 wait for the commands specified in
497 <varname>ExecStartPre=</varname>,
498 <varname>ExecStartPost=</varname>,
499 <varname>ExecStopPre=</varname> and
500 <varname>ExecStopPost=</varname> to
501 finish. If a command does not exit
502 within the configured time, the socket
503 will be considered failed and be shut
504 down again. All commands still running,
505 will be terminated forcibly via
506 SIGTERM, and after another delay of
507 this time with SIGKILL. (See
508 <option>KillMode=</option> below.)
509 Takes a unit-less value in seconds, or
510 a time span value such as "5min
511 20s". Pass 0 to disable the timeout
512 logic. Defaults to
513 60s.</para></listitem>
514 </varlistentry>
515
516 <varlistentry>
517 <term><varname>KillMode=</varname></term>
518 <listitem><para>Specifies how
519 processes of this socket unit shall be
520 killed. One of
521 <option>control-group</option>,
522 <option>process-group</option>,
523 <option>process</option>,
524 <option>none</option>.</para>
525
526 <para>This option is mostly equivalent
527 to the <option>KillMode=</option>
528 option of service files. See
529 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
530 for details.</para></listitem>
531 </varlistentry>
532
533 <varlistentry>
534 <term><varname>KillSignal=</varname></term>
535 <listitem><para>Specifies which signal
536 to use when killing a process of this
537 socket. Defaults to SIGTERM.
538 </para></listitem>
539 </varlistentry>
540
541 <varlistentry>
542 <term><varname>SendSIGKILL=</varname></term>
543 <listitem><para>Specifies whether to
544 send SIGKILL to remaining processes
545 after a timeout, if the normal
546 shutdown procedure left processes of
547 the socket around. Takes a boolean
548 value. Defaults to "yes".
549 </para></listitem>
550 </varlistentry>
551
552 <varlistentry>
553 <term><varname>Service=</varname></term>
554 <listitem><para>Specifies the service
555 unit name to activate on incoming
556 traffic. This defaults to the service
557 that bears the same name as the socket
558 (ignoring the different suffixes). In
559 most cases it should not be necessary
560 to use this option.</para></listitem>
561 </varlistentry>
562
563 </variablelist>
564 </refsect1>
565
566 <refsect1>
567 <title>See Also</title>
568 <para>
569 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
570 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
571 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
572 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
573 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
574 </para>
575 </refsect1>
576
577 </refentry>
Unnamed repository; edit this file 'description' to name the repository.