2 .\" This man page is Copyright (C) 1999 Andi Kleen <ak@muc.de>.
3 .\" and copyright (c) 1999 Matthew Wilcox.
5 .\" %%%LICENSE_START(VERBATIM_ONE_PARA)
6 .\" Permission is granted to distribute possibly modified copies
7 .\" of this page provided the header is included verbatim,
8 .\" and in case of nontrivial modification author and date
9 .\" of the modification is added to the header.
12 .\" 2002-10-30, Michael Kerrisk, <mtk.manpages@gmail.com>
13 .\" Added description of SO_ACCEPTCONN
14 .\" 2004-05-20, aeb, added SO_RCVTIMEO/SO_SNDTIMEO text.
15 .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
16 .\" Added notes on capability requirements
17 .\" A few small grammar fixes
18 .\" 2010-06-13 Jan Engelhardt <jengelh@medozas.de>
19 .\" Documented SO_DOMAIN and SO_PROTOCOL.
21 .\" The following are not yet documented:
22 .\" SO_PEERNAME (2.4?)
24 .\" Seems to do something similar to getpeername(), but then
25 .\" why is it necessary / how does it differ?
26 .\" SO_TIMESTAMPNS (2.6.22)
27 .\" Documentation/networking/timestamping.txt
28 .\" commit 92f37fd2ee805aa77925c1e64fd56088b46094fc
29 .\" Author: Eric Dumazet <dada1@cosmosbay.com>
30 .\" SO_TIMESTAMPING (2.6.30)
31 .\" Documentation/networking/timestamping.txt
32 .\" commit cb9eff097831007afb30d64373f29d99825d0068
33 .\" Author: Patrick Ohly <patrick.ohly@intel.com>
34 .\" SO_WIFI_STATUS (3.3)
35 .\" commit 6e3e939f3b1bf8534b32ad09ff199d88800835a0
36 .\" Author: Johannes Berg <johannes.berg@intel.com>
37 .\" Also: SCM_WIFI_STATUS
39 .\" commit 3bdc0eba0b8b47797f4a76e377dd8360f317450f
40 .\" Author: Ben Greear <greearb@candelatech.com>
41 .\" SO_GET_FILTER (3.8)
42 .\" commit a8fc92778080c845eaadc369a0ecf5699a03bef0
43 .\" Author: Pavel Emelyanov <xemul@parallels.com>
44 .\" SO_SELECT_ERR_QUEUE (3.10)
45 .\" commit 7d4c04fc170087119727119074e72445f2bb192b
46 .\" Author: Keller, Jacob E <jacob.e.keller@intel.com>
47 .\" SO_MAX_PACING_RATE (3.13)
48 .\" commit 62748f32d501f5d3712a7c372bbb92abc7c62bc7
49 .\" Author: Eric Dumazet <edumazet@google.com>
50 .\" SO_BPF_EXTENSIONS (3.14)
51 .\" commit ea02f9411d9faa3553ed09ce0ec9f00ceae9885e
52 .\" Author: Michal Sekletar <msekleta@redhat.com>
54 .TH SOCKET 7 2015-05-07 Linux "Linux Programmer's Manual"
56 socket \- Linux socket interface
58 .B #include <sys/socket.h>
60 .IB sockfd " = socket(int " socket_family ", int " socket_type ", int " protocol );
62 This manual page describes the Linux networking socket layer user
64 The BSD compatible sockets
65 are the uniform interface
66 between the user process and the network protocol stacks in the kernel.
67 The protocol modules are grouped into
70 .BR AF_INET ", " AF_IPX ", and " AF_PACKET ,
79 for more information on families and types.
80 .SS Socket-layer functions
81 These functions are used by the user process to send or receive packets
82 and to do other socket operations.
83 For more information see their respective manual pages.
88 connects a socket to a remote socket address,
91 function binds a socket to a local socket address,
93 tells the socket that new connections shall be accepted, and
95 is used to get a new socket with a new incoming connection.
97 returns two connected anonymous sockets (implemented only for a few
105 send data over a socket, and
109 receive data from a socket.
113 wait for arriving data or a readiness to send data.
114 In addition, the standard I/O operations like
121 can be used to read and write data.
124 returns the local socket address and
126 returns the remote socket address.
130 are used to set or get socket layer or protocol options.
132 can be used to set or read some other options.
135 is used to close a socket.
137 closes parts of a full-duplex socket connection.
143 with a nonzero position is not supported on sockets.
145 It is possible to do nonblocking I/O on sockets by setting the
147 flag on a socket file descriptor using
149 Then all operations that would block will (usually)
152 (operation should be retried later);
157 The user can then wait for various events via
166 Event:Poll flag:Occurrence
171 A connection setup has been completed
172 (for connection-oriented sockets)
175 A disconnection request has been initiated by the other end.
178 A connection is broken (only for connection-oriented protocols).
179 When the socket is written
184 Socket has enough send buffer space for writing new data.
195 Read/Write:POLLERR:An asynchronous error occurred.
196 Read/Write:POLLHUP:The other end has shut down one direction.
202 .\" FIXME . The following is not true currently:
203 .\" It is no I/O event when the connection
204 .\" is broken from the local end using
214 is to let the kernel inform the application about events
220 flag must be set on a socket file descriptor via
222 and a valid signal handler for
224 must be installed via
229 .SS Socket address structures
230 Each socket domain has its own format for socket addresses,
231 with a domain-specific address structure.
232 Each of these structures begins with an
233 integer "family" field (typed as
235 that indicates the type of the address structure.
237 the various system calls (e.g.,
242 .BR getpeername (2)),
243 which are generic to all socket domains,
244 to determine the domain of a particular socket address.
246 To allow any type of socket address to be passed to
247 interfaces in the sockets API,
249 .IR "struct sockaddr"
251 The purpose of this type is purely to allow casting of
252 domain-specific socket address types to a "generic" type,
253 so as to avoid compiler warnings about type mismatches in
254 calls to the sockets API.
256 In addition, the sockets API provides the data type
257 .IR "struct sockaddr_storage".
259 is suitable to accommodate all supported domain-specific socket
260 address structures; it is large enough and is aligned properly.
261 (In particular, it is large enough to hold
262 IPv6 socket addresses.)
263 The structure includes the following field, which can be used to identify
264 the type of socket address actually stored in the structure:
268 sa_family_t ss_family;
274 structure is useful in programs that must handle socket addresses
276 (e.g., programs that must deal with both IPv4 and IPv6 socket addresses).
278 The socket options listed below can be set by using
282 with the socket level set to
285 Unless otherwise noted,
290 .\" In the list below, the text used to describe argument types
291 .\" for each socket option should be more consistent
293 .\" SO_ACCEPTCONN is in POSIX.1-2001, and its origin is explained in
294 .\" W R Stevens, UNPv1
297 Returns a value indicating whether or not this socket has been marked
298 to accept connections with
300 The value 0 indicates that this is not a listening socket,
301 the value 1 indicates that this is a listening socket.
302 This socket option is read-only.
304 .BR SO_ATTACH_FILTER " (since Linux 2.2), " SO_ATTACH_BPF " (since Linux 3.19)"
306 .RB ( SO_ATTACH_FILTER )
308 .RB ( SO_ATTACH_BPF )
309 program to the socket for use as a filter of incoming packets.
310 A packet will be dropped if the filter program returns zero.
311 If the filter program returns a
312 non-zero value which is less than the packet's data length,
313 the packet will be truncated to the length returned.
314 If the value returned by the filter is greater than or equal to the
315 packet's data length, the packet is allowed to proceed unmodified.
321 structure, defined in
322 .IR <linux/filter.h> :
328 struct sock_filter *filter;
335 is a file descriptor returned by the
337 system call and must refer to a program of type
338 .BR BPF_PROG_TYPE_SOCKET_FILTER.
340 These options may be set multiple times for a given socket,
341 each time replacing the previous filter program.
342 The classic and extended versions may be called on the same socket,
343 but the previous filter will always be replaced such that a socket
344 never has more than one filter defined.
346 Both classic and extended BPF are explained in the kernel source file
347 .I Documentation/networking/filter.txt
349 .BR SO_ATTACH_REUSEPORT_CBPF ", " SO_ATTACH_REUSEPORT_EBPF
352 option, these options allow the user to set a classic BPF
353 .RB ( SO_ATTACH_REUSEPORT_CBPF )
355 .RB ( SO_ATTACH_REUSEPORT_EBPF )
356 program which defines how packets are assigned to
357 the sockets in the reuseport group (that is, all sockets which have
359 set and are using the same local address to receive packets).
361 The BPF program must return an index between 0 and N\-1 representing
362 the socket which should receive the packet
363 (where N is the number of sockets in the group).
364 If the BPF program returns an invalid index,
365 socket selection will fall back to the plain
369 Sockets are numbered in the order in which they are added to the group
370 (that is, the order of
372 calls for UDP sockets or the order of
374 calls for TCP sockets).
375 New sockets added to a reuseport group will inherit the BPF program.
376 When a socket is removed from a reuseport group (via
378 the last socket in the group will be moved into the closed socket's
381 These options may be set repeatedly at any time on any socket in the group
382 to replace the current BPF program used by all sockets in the group.
384 .BR SO_ATTACH_REUSEPORT_CBPF
385 takes the same argument type as
388 .BR SO_ATTACH_REUSEPORT_EBPF
389 takes the same argument type as
392 UDP support for this feature is available since Linux 4.5;
393 TCP support is available since Linux 4.6.
396 Bind this socket to a particular device like \(lqeth0\(rq,
397 as specified in the passed interface name.
399 name is an empty string or the option length is zero, the socket device
401 The passed option is a variable-length null-terminated
402 interface name string with the maximum size of
404 If a socket is bound to an interface,
405 only packets received from that particular interface are processed by the
407 Note that this works only for some socket types, particularly
410 It is not supported for packet sockets (use normal
415 this socket option could be set, but could not retrieved with
417 Since Linux 3.8, it is readable.
420 argument should contain the buffer size available
421 to receive the device name and is recommended to be
424 The real device name length is reported back in the
429 Set or get the broadcast flag.
430 When enabled, datagram sockets are allowed to send
431 packets to a broadcast address.
432 This option has no effect on stream-oriented sockets.
435 Enable BSD bug-to-bug compatibility.
436 This is used by the UDP protocol module in Linux 2.0 and 2.2.
437 If enabled, ICMP errors received for a UDP socket will not be passed
439 In later kernel versions, support for this option has been phased out:
440 Linux 2.4 silently ignores it, and Linux 2.6 generates a kernel warning
441 (printk()) if a program uses this option.
442 Linux 2.0 also enabled BSD bug-to-bug compatibility
443 options (random header changing, skipping of the broadcast flag) for raw
444 sockets with this option, but that was removed in Linux 2.2.
447 Enable socket debugging.
448 Only allowed for processes with the
450 capability or an effective user ID of 0.
452 .BR SO_DETACH_FILTER " (since Linux 2.2), " SO_DETACH_BPF " (since Linux 3.19)"
453 These two options, which are synonyms,
454 may be used to remove the classic or extended BPF
455 program attached to a socket with either
459 The option value is ignored.
461 .BR SO_DOMAIN " (since Linux 2.6.32)"
462 Retrieves the socket domain as an integer, returning a value such as
467 This socket option is read-only.
470 Get and clear the pending socket error.
471 This socket option is read-only.
475 Don't send via a gateway, send only to directly connected hosts.
476 The same effect can be achieved by setting the
481 Expects an integer boolean flag.
484 Enable sending of keep-alive messages on connection-oriented sockets.
485 Expects an integer boolean flag.
498 int l_onoff; /* linger active */
499 int l_linger; /* how many seconds to linger for */
508 will not return until all queued messages for the socket have been
509 successfully sent or the linger timeout has been reached.
511 the call returns immediately and the closing is done in the background.
512 When the socket is closed as part of
514 it always lingers in the background.
517 .\" commit d59577b6ffd313d0ab3be39cb1ab47e29bdc9182
518 When set, this option will prevent
519 changing the filters associated with the socket.
520 These filters include any set using the socket options
521 .BR SO_ATTACH_FILTER,
523 .BR SO_ATTACH_REUSEPORT_CBPF
525 .BR SO_ATTACH_REUSEPORT_EPBF .
527 The typical use case is for a privileged process to set up a socket with
528 restrictive filters, set
530 and then either drop its privileges or pass the socket file descriptor
531 to an unprivileged process.
535 option has been enabled, attempts to change or remove the filter
536 attached to a socket, or to disable the
538 option will fail with the error
541 .BR SO_MARK " (since Linux 2.6.25)"
542 .\" commit 4a19ec5800fc3bb64e2d87c4d9fdd9e636086fe0
543 .\" and 914a9ab386a288d0f22252fc268ecbc048cdcbd5
544 Set the mark for each packet sent through this socket
545 (similar to the netfilter MARK target but socket-based).
546 Changing the mark can be used for mark-based
547 routing without netfilter or for packet filtering.
548 Setting this option requires the
553 If this option is enabled,
554 out-of-band data is directly placed into the receive data stream.
555 Otherwise, out-of-band data is passed only when the
557 flag is set during receiving.
558 .\" don't document it because it can do too much harm.
560 .\" The kernel has support for the SO_NO_CHECK socket
561 .\" option (boolean: 0 == default, calculate checksum on xmit,
562 .\" 1 == do not calculate checksum on xmit).
563 .\" Additional note from Andi Kleen on SO_NO_CHECK (2010-08-30)
564 .\" On Linux UDP checksums are essentially free and there's no reason
565 .\" to turn them off and it would disable another safety line.
566 .\" That is why I didn't document the option.
569 Enable or disable the receiving of the
572 For more information see
574 .\" FIXME Document SO_PASSSEC, added in 2.6.18; there is some info
575 .\" in the 2.6.18 ChangeLog
577 .BR SO_PEEK_OFF " (since Linux 3.4)"
578 .\" commit ef64a54f6e558155b4f149bb10666b9e914b6c54
579 This option, which is currently supported only for
581 sockets, sets the value of the "peek offset" for the
583 system call when used with
587 When this option is set to a negative value
588 (it is set to \-1 for all new sockets),
589 traditional behavior is provided:
593 flag will peek data from the front of the queue.
595 When the option is set to a value greater than or equal to zero,
596 then the next peek at data queued in the socket will occur at
597 the byte offset specified by the option value.
598 At the same time, the "peek offset" will be
599 incremented by the number of bytes that were peeked from the queue,
600 so that a subsequent peek will return the next data in the queue.
602 If data is removed from the front of the queue via a call to
604 (or similar) without the
606 flag, the "peek offset" will be decreased by the number of bytes removed.
607 In other words, receiving data without the
609 flag will cause the "peek offset" to be adjusted to maintain
610 the correct relative position in the queued data,
611 so that a subsequent peek will retrieve the data that would have been
612 retrieved had the data not been removed.
614 For datagram sockets, if the "peek offset" points to the middle of a packet,
615 the data returned will be marked with the
619 The following example serves to illustrate the use of
621 Suppose a stream socket has the following queued input data:
625 The following sequence of
627 calls would have the effect noted in the comments:
631 int ov = 4; // Set peek offset to 4
632 setsockopt(fd, SOL_SOCKET, SO_PEEK_OFF, &ov, sizeof(ov));
634 recv(fd, buf, 2, MSG_PEEK); // Peeks "cc"; offset set to 6
635 recv(fd, buf, 2, MSG_PEEK); // Peeks "dd"; offset set to 8
636 recv(fd, buf, 2, 0); // Reads "aa"; offset set to 6
637 recv(fd, buf, 2, MSG_PEEK); // Peeks "ee"; offset set to 8
642 Return the credentials of the foreign process connected to this socket.
643 This is possible only for connected
647 stream and datagram socket pairs created using
651 The returned credentials are those that were in effect at the time
658 structure; define the
660 feature test macro to obtain the definition of that structure from
662 This socket option is read-only.
665 Set the protocol-defined priority for all packets to be sent on
667 Linux uses this value to order the networking queues:
668 packets with a higher priority may be processed first depending
669 on the selected device queueing discipline.
672 .\" this also sets the IP type-of-service (TOS) field for outgoing packets.
673 Setting a priority outside the range 0 to 6 requires the
677 .BR SO_PROTOCOL " (since Linux 2.6.32)"
678 Retrieves the socket protocol as an integer, returning a value such as
683 This socket option is read-only.
686 Sets or gets the maximum socket receive buffer in bytes.
687 The kernel doubles this value (to allow space for bookkeeping overhead)
689 .\" Most (all?) other implementations do not do this -- MTK, Dec 05
691 and this doubled value is returned by
693 .\" The following thread on LMKL is quite informative:
694 .\" getsockopt/setsockopt with SO_RCVBUF and SO_SNDBUF "non-standard" behavior
696 .\" http://thread.gmane.org/gmane.linux.kernel/1328935
697 The default value is set by the
698 .I /proc/sys/net/core/rmem_default
699 file, and the maximum allowed value is set by the
700 .I /proc/sys/net/core/rmem_max
702 The minimum (doubled) value for this option is 256.
704 .BR SO_RCVBUFFORCE " (since Linux 2.6.14)"
705 Using this socket option, a privileged
706 .RB ( CAP_NET_ADMIN )
707 process can perform the same task as
711 limit can be overridden.
713 .BR SO_RCVLOWAT " and " SO_SNDLOWAT
714 Specify the minimum number of bytes in the buffer until the socket layer
715 will pass the data to the protocol
717 or the user on receiving
719 These two values are initialized to 1.
721 is not changeable on Linux
727 only since Linux 2.4.
732 system calls currently do not respect the
735 and mark a socket readable when even a single byte of data is available.
736 A subsequent read from the socket will block until
739 .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=111049368106984&w=2
740 .\" Tested on kernel 2.6.14 -- mtk, 30 Nov 05
742 .BR SO_RCVTIMEO " and " SO_SNDTIMEO
743 .\" Not implemented in 2.0.
744 .\" Implemented in 2.1.11 for getsockopt: always return a zero struct.
745 .\" Implemented in 2.3.41 for setsockopt, and actually used.
746 Specify the receiving or sending timeouts until reporting an error.
748 .IR "struct timeval" .
749 If an input or output function blocks for this period of time, and
750 data has been sent or received, the return value of that function
751 will be the amount of data transferred; if no data has been transferred
752 and the timeout has been reached, then \-1 is returned with
758 .\" in fact to EAGAIN
763 just as if the socket was specified to be nonblocking.
764 If the timeout is set to zero (the default),
765 then the operation will never timeout.
766 Timeouts only have effect for system calls that perform socket I/O (e.g.,
771 timeouts have no effect for
778 .\" commit c617f398edd4db2b8567a28e899a88f8f574798d
779 .\" https://lwn.net/Articles/542629/
780 Indicates that the rules used in validating addresses supplied in a
782 call should allow reuse of local addresses.
786 means that a socket may bind, except when there
787 is an active listening socket bound to the address.
788 When the listening socket is bound to
790 with a specific port then it is not possible
791 to bind to this port for any local address.
792 Argument is an integer boolean flag.
794 .BR SO_REUSEPORT " (since Linux 3.9)"
799 sockets to be bound to an identical socket address.
800 This option must be set on each socket (including the first socket)
804 To prevent port hijacking,
805 all of the processes binding to the same address must have the same
807 This option can be employed with both TCP and UDP sockets.
809 For TCP sockets, this option allows
811 load distribution in a multi-threaded server to be improved by
812 using a distinct listener socket for each thread.
813 This provides improved load distribution as compared
814 to traditional techniques such using a single
816 thread that distributes connections,
817 or having multiple threads that compete to
819 from the same socket.
822 the use of this option can provide better distribution
823 of incoming datagrams to multiple processes (or threads) as compared
824 to the traditional technique of having multiple processes
825 compete to receive datagrams on the same socket.
827 .BR SO_RXQ_OVFL " (since Linux 2.6.33)"
828 .\" commit 3b885787ea4112eaa80945999ea0901bf742707f
829 Indicates that an unsigned 32-bit value ancillary message (cmsg)
830 should be attached to received skbs indicating
831 the number of packets dropped by the socket between
832 the last received packet and this received packet.
835 Sets or gets the maximum socket send buffer in bytes.
836 The kernel doubles this value (to allow space for bookkeeping overhead)
838 .\" Most (all?) other implementations do not do this -- MTK, Dec 05
839 .\" See also the comment to SO_RCVBUF (17 Jul 2012 LKML mail)
841 and this doubled value is returned by
843 The default value is set by the
844 .I /proc/sys/net/core/wmem_default
845 file and the maximum allowed value is set by the
846 .I /proc/sys/net/core/wmem_max
848 The minimum (doubled) value for this option is 2048.
850 .BR SO_SNDBUFFORCE " (since Linux 2.6.14)"
851 Using this socket option, a privileged
852 .RB ( CAP_NET_ADMIN )
853 process can perform the same task as
857 limit can be overridden.
860 Enable or disable the receiving of the
863 The timestamp control message is sent with level
870 reception time of the last packet passed to the user in this call.
873 for details on control messages.
876 Gets the socket type as an integer (e.g.,
878 This socket option is read-only.
880 .BR SO_BUSY_POLL " (since Linux 3.11)"
881 Sets the approximate time in microseconds to busy poll on a blocking receive
882 when there is no data.
883 Increasing this value requires
885 The default for this option is controlled by the
886 .I /proc/sys/net/core/busy_read
890 .I /proc/sys/net/core/busy_poll
891 file determines how long
895 will busy poll when they operate on sockets with
897 set and no events to report are found.
900 busy polling will only be done when the socket last received data
901 from a network device that supports this option.
903 While busy polling may improve latency of some applications,
904 care must be taken when using it since this will increase
905 both CPU utilization and power usage.
907 When writing onto a connection-oriented socket that has been shut down
908 (by the local or the remote end)
910 is sent to the writing process and
913 The signal is not sent when the write call
918 When requested with the
925 is sent when an I/O event occurs.
926 It is possible to use
930 in the signal handler to find out which socket the event occurred on.
931 An alternative (in Linux 2.2) is to set a real-time signal using the
934 the handler of the real time signal will be called with
935 the file descriptor in the
941 for more information.
943 Under some circumstances (e.g., multiple processes accessing a
944 single socket), the condition that caused the
946 may have already disappeared when the process reacts to the signal.
947 If this happens, the process should wait again because Linux
948 will resend the signal later.
949 .\" .SS Ancillary messages
951 The core socket networking parameters can be accessed
952 via files in the directory
953 .IR /proc/sys/net/core/ .
956 contains the default setting in bytes of the socket receive buffer.
959 contains the maximum socket receive buffer size in bytes which a user may
965 contains the default setting in bytes of the socket send buffer.
968 contains the maximum socket send buffer size in bytes which a user may
973 .IR message_cost " and " message_burst
974 configure the token bucket filter used to load limit warning messages
975 caused by external network events.
977 .I netdev_max_backlog
978 Maximum number of packets in the global input queue.
981 Maximum length of ancillary data and user control data like the iovecs
983 .\" netdev_fastroute is not documented because it is experimental
985 These operations can be accessed using
990 .IB error " = ioctl(" ip_socket ", " ioctl_type ", " &value_result ");"
997 with the receive timestamp of the last packet passed to the user.
998 This is useful for accurate round trip time measurements.
1001 for a description of
1002 .IR "struct timeval" .
1004 This ioctl should be used only if the socket option
1006 is not set on the socket.
1007 Otherwise, it returns the timestamp of the
1008 last packet that was received while
1010 was not set, or it fails if no such packet has been received,
1019 Set the process or process group to send
1025 asynchronous I/O operation has finished or urgent data is available.
1026 The argument is a pointer to a
1028 If the argument is positive, send the signals to that process.
1030 argument is negative, send the signals to the process group with the ID
1031 of the absolute value of the argument.
1032 The process may only choose itself or its own process group to receive
1033 signals unless it has the
1035 capability or an effective UID of 0.
1040 flag to enable or disable asynchronous I/O mode of the socket.
1041 Asynchronous I/O mode means that the
1043 signal or the signal set with
1045 is raised when a new I/O event occurs.
1047 Argument is an integer boolean flag.
1048 (This operation is synonymous with the use of
1056 Get the current process or process group that receives
1079 was introduced in Linux 2.0.30.
1081 is new in Linux 2.2.
1084 interfaces were introduced in Linux 2.2.
1088 are supported since Linux 2.3.41.
1089 Earlier, timeouts were fixed to
1090 a protocol-specific setting, and could not be read or written.
1092 Linux assumes that half of the send/receive buffer is used for internal
1093 kernel structures; thus the values in the corresponding
1095 files are twice what can be observed on the wire.
1097 Linux will allow port reuse only with the
1100 when this option was set both in the previous program that performed a
1102 to the port and in the program that wants to reuse the port.
1103 This differs from some implementations (e.g., FreeBSD)
1104 where only the later program needs to set the
1107 Typically this difference is invisible, since, for example, a server
1108 program is designed to always set this option.
1110 .\" This man page was written by Andi Kleen.
1119 .BR capabilities (7),