]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.socket.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd-event: define a new PREPARING state
[thirdparty/systemd.git] / man / systemd.socket.xml
CommitLineData
8dd4c05b 1<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
1f812fea 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
1f812fea
LP		 4
5<!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
1f812fea
LP		 13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 18 Lesser General Public License for more details.
1f812fea 19
5430f7f2 20 You should have received a copy of the GNU Lesser General Public License
1f812fea
LP		 21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
24<refentry id="systemd.socket">
798d3a52
ZJS		 25 <refentryinfo>
26 <title>systemd.socket</title>
27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
40 <refentrytitle>systemd.socket</refentrytitle>
41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
45 <refname>systemd.socket</refname>
46 <refpurpose>Socket unit configuration</refpurpose>
47 </refnamediv>
48
49 <refsynopsisdiv>
50 <para><filename><replaceable>socket</replaceable>.socket</filename></para>
51 </refsynopsisdiv>
52
53 <refsect1>
54 <title>Description</title>
55
56 <para>A unit configuration file whose name ends in
57 <literal>.socket</literal> encodes information about an IPC or
58 network socket or a file system FIFO controlled and supervised by
59 systemd, for socket-based activation.</para>
60
61 <para>This man page lists the configuration options specific to
62 this unit type. See
63 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
64 for the common options of all unit configuration files. The common
65 configuration items are configured in the generic [Unit] and
66 [Install] sections. The socket specific configuration options are
67 configured in the [Socket] section.</para>
68
69 <para>Additional options are listed in
70 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 which define the execution environment the
72 <option>ExecStartPre=</option>, <option>ExecStartPost=</option>,
73 <option>ExecStopPre=</option> and <option>ExecStopPost=</option>
74 commands are executed in, and in
75 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
76 which define the way the processes are terminated, and in
77 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
78 which configure resource control settings for the processes of the
79 socket.</para>
80
81 <para>For each socket file, a matching service file must exist,
82 describing the service to start on incoming traffic on the socket
83 (see
84 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
85 for more information about .service files). The name of the
86 .service unit is by default the same as the name of the .socket
87 unit, but can be altered with the <option>Service=</option> option
88 described below. Depending on the setting of the
89 <option>Accept=</option> option described below, this .service
90 unit must either be named like the .socket unit, but with the
91 suffix replaced, unless overridden with <option>Service=</option>;
92 or it must be a template unit named the same way. Example: a
93 socket file <filename>foo.socket</filename> needs a matching
94 service <filename>foo.service</filename> if
95 <option>Accept=false</option> is set. If
96 <option>Accept=true</option> is set, a service template file
97 <filename>foo@.service</filename> must exist from which services
98 are instantiated for each incoming connection.</para>
99
100 <para>Unless <varname>DefaultDependencies=</varname> is set to
101 <option>false</option>, socket units will implicitly have
102 dependencies of type <varname>Requires=</varname> and
103 <varname>After=</varname> on <filename>sysinit.target</filename>
104 as well as dependencies of type <varname>Conflicts=</varname> and
105 <varname>Before=</varname> on
106 <filename>shutdown.target</filename>. These ensure that socket
107 units pull in basic system initialization, and are terminated
108 cleanly prior to system shutdown. Only sockets involved with early
109 boot or late system shutdown should disable this option.</para>
110
111 <para>Socket units will have a <varname>Before=</varname>
112 dependency on the service which they trigger added implicitly. No
113 implicit <varname>WantedBy=</varname> or
114 <varname>RequiredBy=</varname> dependency from the socket to the
115 service is added. This means that the service may be started
116 without the socket, in which case it must be able to open sockets
117 by itself. To prevent this, an explicit
118 <varname>Requires=</varname> dependency may be added.</para>
119
120 <para>Socket units may be used to implement on-demand starting of
121 services, as well as parallelized starting of services. See the
122 blog stories linked at the end for an introduction.</para>
123
124 <para>Note that the daemon software configured for socket
125 activation with socket units needs to be able to accept sockets
126 from systemd, either via systemd's native socket passing interface
127 (see
128 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
129 for details) or via the traditional
b5c7d097 130 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
798d3a52
ZJS		 131 socket passing (i.e. sockets passed in via standard input and
132 output, using <varname>StandardInput=socket</varname> in the
133 service file).</para>
134 </refsect1>
135
c129bd5d
LP		 136 <refsect1>
137 <title>Automatic Dependencies</title>
138
139 <para>Socket units automatically gain a <varname>Before=</varname>
140 dependency on the service units they activate.</para>
141
142 <para>Socket units referring to file system paths (such as AF_UNIX
143 sockets or FIFOs) implicitly gain <varname>Requires=</varname> and
144 <varname>After=</varname> dependencies on all mount units
145 necessary to access those paths.</para>
146
147 <para>Socket units using the <varname>BindToDevice=</varname>
148 setting automatically gain a <varname>BindsTo=</varname> and
149 <varname>After=</varname> dependency on the device unit
150 encapsulating the specified network interface.</para>
151
152 <para>If <varname>DefaultDependencies=yes</varname> is set (the
153 default), socket units automatically gain a
154 <varname>Before=</varname> dependency on
155 <filename>sockets.target</filename>. They also gain a pair of
156 <varname>After=</varname> and <varname>Requires=</varname>
157 dependency on <filename>sysinit.target</filename>, and a pair of
158 <varname>Before=</varname> and <varname>Conflicts=</varname>
159 dependencies on <filename>shutdown.target</filename>. These
160 dependencies ensure that the socket unit is started before normal
161 services at boot, and is stopped on shutdown.</para>
162
163 <para>Additional implicit dependencies may be added as result of
164 execution and resource control parameters as documented in
165 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
166 and
167 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
168 </refsect1>
169
798d3a52
ZJS		 170 <refsect1>
171 <title>Options</title>
172
173 <para>Socket files must include a [Socket] section, which carries
174 information about the socket or FIFO it supervises. A number of
175 options that may be used in this section are shared with other
176 unit types. These options are documented in
177 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
178 and
179 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
180 The options specific to the [Socket] section of socket units are
181 the following:</para>
182
183 <variablelist class='unit-directives'>
184 <varlistentry>
185 <term><varname>ListenStream=</varname></term>
186 <term><varname>ListenDatagram=</varname></term>
187 <term><varname>ListenSequentialPacket=</varname></term>
188 <listitem><para>Specifies an address to listen on for a stream
189 (<constant>SOCK_STREAM</constant>), datagram
190 (<constant>SOCK_DGRAM</constant>), or sequential packet
191 (<constant>SOCK_SEQPACKET</constant>) socket, respectively.
192 The address can be written in various formats:</para>
193
194 <para>If the address starts with a slash
195 (<literal>/</literal>), it is read as file system socket in
196 the <constant>AF_UNIX</constant> socket family.</para>
197
198 <para>If the address starts with an at symbol
199 (<literal>@</literal>), it is read as abstract namespace
200 socket in the <constant>AF_UNIX</constant> family. The
201 <literal>@</literal> is replaced with a
202 <constant>NUL</constant> character before binding. For
203 details, see
204 <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
205
206 <para>If the address string is a single number, it is read as
207 port number to listen on via IPv6. Depending on the value of
208 <varname>BindIPv6Only=</varname> (see below) this might result
209 in the service being available via both IPv6 and IPv4
210 (default) or just via IPv6.
211 </para>
212
213 <para>If the address string is a string in the format
214 v.w.x.y:z, it is read as IPv4 specifier for listening on an
215 address v.w.x.y on a port z.</para>
216
217 <para>If the address string is a string in the format [x]:y,
218 it is read as IPv6 address x on a port y. Note that this might
219 make the service available via IPv4, too, depending on the
220 <varname>BindIPv6Only=</varname> setting (see below).
221 </para>
222
223 <para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
224 <varname>ListenSequentialPacket=</varname>) is only available
225 for <constant>AF_UNIX</constant> sockets.
226 <constant>SOCK_STREAM</constant> (i.e.
227 <varname>ListenStream=</varname>) when used for IP sockets
228 refers to TCP sockets, <constant>SOCK_DGRAM</constant> (i.e.
229 <varname>ListenDatagram=</varname>) to UDP.</para>
230
b938cb90 231 <para>These options may be specified more than once, in which
798d3a52
ZJS		 232 case incoming traffic on any of the sockets will trigger
233 service activation, and all listed sockets will be passed to
234 the service, regardless of whether there is incoming traffic
235 on them or not. If the empty string is assigned to any of
236 these options, the list of addresses to listen on is reset,
237 all prior uses of any of these options will have no
238 effect.</para>
239
240 <para>It is also possible to have more than one socket unit
241 for the same service when using <varname>Service=</varname>,
242 and the service will receive all the sockets configured in all
243 the socket units. Sockets configured in one unit are passed in
244 the order of configuration, but no ordering between socket
245 units is specified.</para>
246
247 <para>If an IP address is used here, it is often desirable to
248 listen on it before the interface it is configured on is up
249 and running, and even regardless of whether it will be up and
250 running at any point. To deal with this, it is recommended to
251 set the <varname>FreeBind=</varname> option described
252 below.</para></listitem>
253 </varlistentry>
254
255 <varlistentry>
256 <term><varname>ListenFIFO=</varname></term>
257 <listitem><para>Specifies a file system FIFO to listen on.
258 This expects an absolute file system path as argument.
259 Behavior otherwise is very similar to the
260 <varname>ListenDatagram=</varname> directive
261 above.</para></listitem>
262 </varlistentry>
263
264 <varlistentry>
265 <term><varname>ListenSpecial=</varname></term>
266 <listitem><para>Specifies a special file in the file system to
267 listen on. This expects an absolute file system path as
268 argument. Behavior otherwise is very similar to the
269 <varname>ListenFIFO=</varname> directive above. Use this to
270 open character device nodes as well as special files in
271 <filename>/proc</filename> and
272 <filename>/sys</filename>.</para></listitem>
273 </varlistentry>
274
275 <varlistentry>
276 <term><varname>ListenNetlink=</varname></term>
277 <listitem><para>Specifies a Netlink family to create a socket
278 for to listen on. This expects a short string referring to the
279 <constant>AF_NETLINK</constant> family name (such as
280 <varname>audit</varname> or <varname>kobject-uevent</varname>)
281 as argument, optionally suffixed by a whitespace followed by a
282 multicast group integer. Behavior otherwise is very similar to
283 the <varname>ListenDatagram=</varname> directive
284 above.</para></listitem>
285 </varlistentry>
286
287 <varlistentry>
288 <term><varname>ListenMessageQueue=</varname></term>
289 <listitem><para>Specifies a POSIX message queue name to listen
290 on. This expects a valid message queue name (i.e. beginning
291 with /). Behavior otherwise is very similar to the
292 <varname>ListenFIFO=</varname> directive above. On Linux
293 message queue descriptors are actually file descriptors and
294 can be inherited between processes.</para></listitem>
295 </varlistentry>
296
8c7c9839
PS		 297 <varlistentry>
298 <term><varname>ListenUSBFunction=</varname></term>
3d314510
LP		 299 <listitem><para>Specifies a <ulink
300 url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
301 FunctionFS</ulink> endpoint location to listen on, for
302 implementation of USB gadget functions. This expects an
303 absolute file system path as the argument. Behavior otherwise
304 is very similar to the <varname>ListenFIFO=</varname>
a8eaaee7 305 directive above. Use this to open the FunctionFS endpoint
3d314510
LP		 306 <filename>ep0</filename>. When using this option, the
307 activated service has to have the
22065311
ZJS		 308 <varname>USBFunctionDescriptors=</varname> and
309 <varname>USBFunctionStrings=</varname> options set.
81eb21b9 310 </para></listitem>
8c7c9839
PS		 311 </varlistentry>
312
74bb646e
SS		 313 <varlistentry>
314 <term><varname>SocketProtocol=</varname></term>
315 <listitem><para>Takes a one of <option>udplite</option>
316 or <option>sctp</option>. Specifies a socket protocol
317 (<constant>IPPROTO_UDPLITE</constant>) UDP-Lite
318 (<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para>
319 </listitem>
320 </varlistentry>
321
798d3a52
ZJS		 322 <varlistentry>
323 <term><varname>BindIPv6Only=</varname></term>
324 <listitem><para>Takes a one of <option>default</option>,
325 <option>both</option> or <option>ipv6-only</option>. Controls
326 the IPV6_V6ONLY socket option (see
3ba3a79d 327 <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 328 for details). If <option>both</option>, IPv6 sockets bound
329 will be accessible via both IPv4 and IPv6. If
330 <option>ipv6-only</option>, they will be accessible via IPv6
331 only. If <option>default</option> (which is the default,
332 surprise!), the system wide default setting is used, as
333 controlled by
334 <filename>/proc/sys/net/ipv6/bindv6only</filename>, which in
335 turn defaults to the equivalent of
336 <option>both</option>.</para>
337 </listitem>
338 </varlistentry>
339
340 <varlistentry>
341 <term><varname>Backlog=</varname></term>
342 <listitem><para>Takes an unsigned integer argument. Specifies
343 the number of connections to queue that have not been accepted
344 yet. This setting matters only for stream and sequential
345 packet sockets. See
346 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
347 for details. Defaults to SOMAXCONN (128).</para></listitem>
348 </varlistentry>
349
350 <varlistentry>
351 <term><varname>BindToDevice=</varname></term>
352 <listitem><para>Specifies a network interface name to bind
353 this socket to. If set, traffic will only be accepted from the
354 specified network interfaces. This controls the
c129bd5d
LP		 355 SO_BINDTODEVICE socket option (see <citerefentry
356 project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 357 for details). If this option is used, an automatic dependency
358 from this socket unit on the network interface device unit
359 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
c129bd5d
LP		 360 is created. Note that setting this parameter might result in
361 additional dependencies to be added to the unit (see
362 above).</para></listitem>
798d3a52
ZJS		 363 </varlistentry>
364
365 <varlistentry>
366 <term><varname>SocketUser=</varname></term>
367 <term><varname>SocketGroup=</varname></term>
368
369 <listitem><para>Takes a UNIX user/group name. When specified,
370 all AF_UNIX sockets and FIFO nodes in the file system are
371 owned by the specified user and group. If unset (the default),
372 the nodes are owned by the root user/group (if run in system
373 context) or the invoking user/group (if run in user context).
374 If only a user is specified but no group, then the group is
375 derived from the user's default group.</para></listitem>
376 </varlistentry>
377
378 <varlistentry>
379 <term><varname>SocketMode=</varname></term>
380 <listitem><para>If listening on a file system socket or FIFO,
381 this option specifies the file system access mode used when
382 creating the file node. Takes an access mode in octal
383 notation. Defaults to 0666.</para></listitem>
384 </varlistentry>
385
386 <varlistentry>
387 <term><varname>DirectoryMode=</varname></term>
388 <listitem><para>If listening on a file system socket or FIFO,
389 the parent directories are automatically created if needed.
390 This option specifies the file system access mode used when
391 creating these directories. Takes an access mode in octal
392 notation. Defaults to 0755.</para></listitem>
393 </varlistentry>
394
395 <varlistentry>
396 <term><varname>Accept=</varname></term>
397 <listitem><para>Takes a boolean argument. If true, a service
398 instance is spawned for each incoming connection and only the
399 connection socket is passed to it. If false, all listening
400 sockets themselves are passed to the started service unit, and
401 only one service unit is spawned for all connections (also see
402 above). This value is ignored for datagram sockets and FIFOs
403 where a single service unit unconditionally handles all
404 incoming traffic. Defaults to <option>false</option>. For
405 performance reasons, it is recommended to write new daemons
406 only in a way that is suitable for
407 <option>Accept=false</option>. A daemon listening on an
408 <constant>AF_UNIX</constant> socket may, but does not need to,
409 call
410 <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
411 on the received socket before exiting. However, it must not
412 unlink the socket from a file system. It should not invoke
413 <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
414 on sockets it got with <varname>Accept=false</varname>, but it
415 may do so for sockets it got with
416 <varname>Accept=true</varname> set. Setting
417 <varname>Accept=true</varname> is mostly useful to allow
418 daemons designed for usage with
b5c7d097 419 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52 420 to work unmodified with systemd socket
3b1c5241
SL		 421 activation.</para>
422
b938cb90 423 <para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
a8eaaee7 424 environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
3b1c5241 425 will contain the remote port. This is the same as the format used by CGI.
b938cb90 426 For SOCK_RAW, the port is the IP protocol.</para></listitem>
798d3a52
ZJS		 427 </varlistentry>
428
55301ec0
LP		 429 <varlistentry>
430 <term><varname>Writable=</varname></term>
431 <listitem><para>Takes a boolean argument. May only be used in
432 conjunction with <varname>ListenSpecial=</varname>. If true,
433 the specified special file is opened in read-write mode, if
b938cb90 434 false, in read-only mode. Defaults to false.</para></listitem>
55301ec0
LP		 435 </varlistentry>
436
798d3a52
ZJS		 437 <varlistentry>
438 <term><varname>MaxConnections=</varname></term>
439 <listitem><para>The maximum number of connections to
440 simultaneously run services instances for, when
441 <option>Accept=true</option> is set. If more concurrent
442 connections are coming in, they will be refused until at least
443 one existing connection is terminated. This setting has no
444 effect on sockets configured with
445 <option>Accept=false</option> or datagram sockets. Defaults to
446 64.</para></listitem>
447 </varlistentry>
448
449 <varlistentry>
450 <term><varname>KeepAlive=</varname></term>
451 <listitem><para>Takes a boolean argument. If true, the TCP/IP
452 stack will send a keep alive message after 2h (depending on
453 the configuration of
454 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
455 for all TCP streams accepted on this socket. This controls the
456 SO_KEEPALIVE socket option (see
3ba3a79d 457 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 458 and the <ulink
459 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
460 Keepalive HOWTO</ulink> for details.) Defaults to
461 <option>false</option>.</para></listitem>
462 </varlistentry>
463
464 <varlistentry>
465 <term><varname>KeepAliveTimeSec=</varname></term>
b938cb90 466 <listitem><para>Takes time (in seconds) as argument. The connection needs to remain
798d3a52
ZJS		 467 idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE
468 socket option (see
3ba3a79d 469 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 470 and the <ulink
471 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
472 Keepalive HOWTO</ulink> for details.)
473 Defaults value is 7200 seconds (2 hours).</para></listitem>
474 </varlistentry>
475
476 <varlistentry>
477 <term><varname>KeepAliveIntervalSec=</varname></term>
478 <listitem><para>Takes time (in seconds) as argument between
479 individual keepalive probes, if the socket option SO_KEEPALIVE
a8eaaee7 480 has been set on this socket. This controls
798d3a52 481 the TCP_KEEPINTVL socket option (see
3ba3a79d 482 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 483 and the <ulink
484 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
485 Keepalive HOWTO</ulink> for details.) Defaults value is 75
486 seconds.</para></listitem>
487 </varlistentry>
488
489 <varlistentry>
490 <term><varname>KeepAliveProbes=</varname></term>
7ca41557 491 <listitem><para>Takes an integer as argument. It is the number of
798d3a52
ZJS		 492 unacknowledged probes to send before considering the
493 connection dead and notifying the application layer. This
494 controls the TCP_KEEPCNT socket option (see
3ba3a79d 495 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 496 and the <ulink
497 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
498 Keepalive HOWTO</ulink> for details.) Defaults value is
499 9.</para></listitem>
500 </varlistentry>
501
502 <varlistentry>
503 <term><varname>NoDelay=</varname></term>
504 <listitem><para>Takes a boolean argument. TCP Nagle's
505 algorithm works by combining a number of small outgoing
506 messages, and sending them all at once. This controls the
507 TCP_NODELAY socket option (see
3ba3a79d 508 <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 509 Defaults to <option>false</option>.</para></listitem>
510 </varlistentry>
511
512 <varlistentry>
513 <term><varname>Priority=</varname></term>
514 <listitem><para>Takes an integer argument controlling the
515 priority for all traffic sent from this socket. This controls
516 the SO_PRIORITY socket option (see
3ba3a79d 517 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 518 for details.).</para></listitem>
519 </varlistentry>
520
521 <varlistentry>
522 <term><varname>DeferAcceptSec=</varname></term>
523
524 <listitem><para>Takes time (in seconds) as argument. If set,
525 the listening process will be awakened only when data arrives
526 on the socket, and not immediately when connection is
527 established. When this option is set, the
528 <constant>TCP_DEFER_ACCEPT</constant> socket option will be
529 used (see
3ba3a79d 530 <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>),
798d3a52
ZJS		 531 and the kernel will ignore initial ACK packets without any
532 data. The argument specifies the approximate amount of time
533 the kernel should wait for incoming data before falling back
dd2b607b 534 to the normal behavior of honouring empty ACK packets. This
798d3a52
ZJS		 535 option is beneficial for protocols where the client sends the
536 data first (e.g. HTTP, in contrast to SMTP), because the
537 server process will not be woken up unnecessarily before it
538 can take any action.
539 </para>
540
541 <para>If the client also uses the
542 <constant>TCP_DEFER_ACCEPT</constant> option, the latency of
543 the initial connection may be reduced, because the kernel will
544 send data in the final packet establishing the connection (the
545 third packet in the "three-way handshake").</para>
546
547 <para>Disabled by default.</para>
548 </listitem>
549 </varlistentry>
550
551 <varlistentry>
552 <term><varname>ReceiveBuffer=</varname></term>
553 <term><varname>SendBuffer=</varname></term>
554 <listitem><para>Takes an integer argument controlling the
555 receive or send buffer sizes of this socket, respectively.
556 This controls the SO_RCVBUF and SO_SNDBUF socket options (see
3ba3a79d 557 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 558 for details.). The usual suffixes K, M, G are supported and
559 are understood to the base of 1024.</para></listitem>
560 </varlistentry>
561
562 <varlistentry>
563 <term><varname>IPTOS=</varname></term>
564 <listitem><para>Takes an integer argument controlling the IP
565 Type-Of-Service field for packets generated from this socket.
566 This controls the IP_TOS socket option (see
3ba3a79d 567 <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 568 for details.). Either a numeric string or one of
569 <option>low-delay</option>, <option>throughput</option>,
570 <option>reliability</option> or <option>low-cost</option> may
571 be specified.</para></listitem>
572 </varlistentry>
573
574 <varlistentry>
575 <term><varname>IPTTL=</varname></term>
576 <listitem><para>Takes an integer argument controlling the IPv4
577 Time-To-Live/IPv6 Hop-Count field for packets generated from
578 this socket. This sets the IP_TTL/IPV6_UNICAST_HOPS socket
579 options (see
3ba3a79d 580 <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52 581 and
3ba3a79d 582 <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 583 for details.)</para></listitem>
584 </varlistentry>
585
586 <varlistentry>
587 <term><varname>Mark=</varname></term>
588 <listitem><para>Takes an integer value. Controls the firewall
589 mark of packets generated by this socket. This can be used in
590 the firewall logic to filter packets from this socket. This
591 sets the SO_MARK socket option. See
3ba3a79d 592 <citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 593 for details.</para></listitem>
594 </varlistentry>
595
596 <varlistentry>
597 <term><varname>ReusePort=</varname></term>
598 <listitem><para>Takes a boolean value. If true, allows
599 multiple
600 <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
601 to this TCP or UDP port. This controls the SO_REUSEPORT socket
602 option. See
3ba3a79d 603 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a52
ZJS		 604 for details.</para></listitem>
605 </varlistentry>
606
607 <varlistentry>
608 <term><varname>SmackLabel=</varname></term>
609 <term><varname>SmackLabelIPIn=</varname></term>
610 <term><varname>SmackLabelIPOut=</varname></term>
611 <listitem><para>Takes a string value. Controls the extended
612 attributes <literal>security.SMACK64</literal>,
613 <literal>security.SMACK64IPIN</literal> and
614 <literal>security.SMACK64IPOUT</literal>, respectively, i.e.
615 the security label of the FIFO, or the security label for the
616 incoming or outgoing connections of the socket, respectively.
617 See <ulink
618 url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
619 for details.</para></listitem>
620 </varlistentry>
621
622 <varlistentry>
623 <term><varname>SELinuxContextFromNet=</varname></term>
624 <listitem><para>Takes a boolean argument. When true, systemd
625 will attempt to figure out the SELinux label used for the
626 instantiated service from the information handed by the peer
627 over the network. Note that only the security level is used
628 from the information provided by the peer. Other parts of the
629 resulting SELinux context originate from either the target
630 binary that is effectively triggered by socket unit or from
631 the value of the <varname>SELinuxContext=</varname> option.
632 This configuration option only affects sockets with
633 <varname>Accept=</varname> mode set to
634 <literal>true</literal>. Also note that this option is useful
635 only when MLS/MCS SELinux policy is deployed. Defaults to
636 <literal>false</literal>. </para></listitem>
637 </varlistentry>
638
639 <varlistentry>
640 <term><varname>PipeSize=</varname></term>
641 <listitem><para>Takes a size in bytes. Controls the pipe
642 buffer size of FIFOs configured in this socket unit. See
643 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
644 for details. The usual suffixes K, M, G are supported and are
645 understood to the base of 1024.</para></listitem>
646 </varlistentry>
647
648 <varlistentry>
649 <term><varname>MessageQueueMaxMessages=</varname>,
650 <varname>MessageQueueMessageSize=</varname></term>
651 <listitem><para>These two settings take integer values and
652 control the mq_maxmsg field or the mq_msgsize field,
653 respectively, when creating the message queue. Note that
654 either none or both of these variables need to be set. See
3ba3a79d 655 <citerefentry project='die-net'><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 656 for details.</para></listitem>
657 </varlistentry>
658
659 <varlistentry>
660 <term><varname>FreeBind=</varname></term>
661 <listitem><para>Takes a boolean value. Controls whether the
662 socket can be bound to non-local IP addresses. This is useful
663 to configure sockets listening on specific IP addresses before
664 those IP addresses are successfully configured on a network
665 interface. This sets the IP_FREEBIND socket option. For
666 robustness reasons it is recommended to use this option
667 whenever you bind a socket to a specific IP address. Defaults
668 to <option>false</option>.</para></listitem>
669 </varlistentry>
670
671 <varlistentry>
672 <term><varname>Transparent=</varname></term>
673 <listitem><para>Takes a boolean value. Controls the
674 IP_TRANSPARENT socket option. Defaults to
675 <option>false</option>.</para></listitem>
676 </varlistentry>
677
678 <varlistentry>
679 <term><varname>Broadcast=</varname></term>
680 <listitem><para>Takes a boolean value. This controls the
681 SO_BROADCAST socket option, which allows broadcast datagrams
682 to be sent from this socket. Defaults to
683 <option>false</option>.</para></listitem>
684 </varlistentry>
685
686 <varlistentry>
687 <term><varname>PassCredentials=</varname></term>
688 <listitem><para>Takes a boolean value. This controls the
689 SO_PASSCRED socket option, which allows
690 <constant>AF_UNIX</constant> sockets to receive the
691 credentials of the sending process in an ancillary message.
692 Defaults to <option>false</option>.</para></listitem>
693 </varlistentry>
694
695 <varlistentry>
696 <term><varname>PassSecurity=</varname></term>
697 <listitem><para>Takes a boolean value. This controls the
698 SO_PASSSEC socket option, which allows
699 <constant>AF_UNIX</constant> sockets to receive the security
700 context of the sending process in an ancillary message.
701 Defaults to <option>false</option>.</para></listitem>
702 </varlistentry>
703
704 <varlistentry>
705 <term><varname>TCPCongestion=</varname></term>
706 <listitem><para>Takes a string value. Controls the TCP
707 congestion algorithm used by this socket. Should be one of
708 "westwood", "veno", "cubic", "lp" or any other available
709 algorithm supported by the IP stack. This setting applies only
710 to stream sockets.</para></listitem>
711 </varlistentry>
712
713 <varlistentry>
714 <term><varname>ExecStartPre=</varname></term>
715 <term><varname>ExecStartPost=</varname></term>
716 <listitem><para>Takes one or more command lines, which are
717 executed before or after the listening sockets/FIFOs are
718 created and bound, respectively. The first token of the
719 command line must be an absolute filename, then followed by
720 arguments for the process. Multiple command lines may be
721 specified following the same scheme as used for
722 <varname>ExecStartPre=</varname> of service unit
723 files.</para></listitem>
724 </varlistentry>
725
726 <varlistentry>
727 <term><varname>ExecStopPre=</varname></term>
728 <term><varname>ExecStopPost=</varname></term>
729 <listitem><para>Additional commands that are executed before
730 or after the listening sockets/FIFOs are closed and removed,
731 respectively. Multiple command lines may be specified
732 following the same scheme as used for
733 <varname>ExecStartPre=</varname> of service unit
734 files.</para></listitem>
735 </varlistentry>
736
737 <varlistentry>
738 <term><varname>TimeoutSec=</varname></term>
739 <listitem><para>Configures the time to wait for the commands
740 specified in <varname>ExecStartPre=</varname>,
741 <varname>ExecStartPost=</varname>,
742 <varname>ExecStopPre=</varname> and
743 <varname>ExecStopPost=</varname> to finish. If a command does
744 not exit within the configured time, the socket will be
745 considered failed and be shut down again. All commands still
746 running will be terminated forcibly via
747 <constant>SIGTERM</constant>, and after another delay of this
748 time with <constant>SIGKILL</constant>. (See
749 <option>KillMode=</option> in
750 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
751 Takes a unit-less value in seconds, or a time span value such
752 as "5min 20s". Pass <literal>0</literal> to disable the
753 timeout logic. Defaults to
754 <varname>DefaultTimeoutStartSec=</varname> from the manager
755 configuration file (see
756 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
757 </para></listitem>
758 </varlistentry>
759
760 <varlistentry>
761 <term><varname>Service=</varname></term>
762 <listitem><para>Specifies the service unit name to activate on
763 incoming traffic. This setting is only allowed for sockets
764 with <varname>Accept=no</varname>. It defaults to the service
765 that bears the same name as the socket (with the suffix
766 replaced). In most cases, it should not be necessary to use
c129bd5d
LP		 767 this option. Note that setting this parameter might result in
768 additional dependencies to be added to the unit (see
769 above).</para></listitem>
798d3a52
ZJS		 770 </varlistentry>
771
772 <varlistentry>
773 <term><varname>RemoveOnStop=</varname></term>
774 <listitem><para>Takes a boolean argument. If enabled, any file
775 nodes created by this socket unit are removed when it is
776 stopped. This applies to AF_UNIX sockets in the file system,
777 POSIX message queues, FIFOs, as well as any symlinks to them
778 configured with <varname>Symlinks=</varname>. Normally, it
779 should not be necessary to use this option, and is not
780 recommended as services might continue to run after the socket
781 unit has been terminated and it should still be possible to
782 communicate with them via their file system node. Defaults to
783 off.</para></listitem>
784 </varlistentry>
785
786 <varlistentry>
787 <term><varname>Symlinks=</varname></term>
788 <listitem><para>Takes a list of file system paths. The
789 specified paths will be created as symlinks to the AF_UNIX
790 socket path or FIFO path of this socket unit. If this setting
791 is used, only one AF_UNIX socket in the file system or one
792 FIFO may be configured for the socket unit. Use this option to
793 manage one or more symlinked alias names for a socket, binding
794 their lifecycle together. Defaults to the empty
795 list.</para></listitem>
796 </varlistentry>
797
8dd4c05b
LP		 798 <varlistentry>
799 <term><varname>FileDescriptorName=</varname></term>
800 <listitem><para>Assigns a name to all file descriptors this
801 socket unit encapsulates. This is useful to help activated
a8eaaee7 802 services identify specific file descriptors, if multiple fds
8dd4c05b
LP		 803 are passed. Services may use the
804 <citerefentry><refentrytitle>sd_listen_fds_with_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>
805 call to acquire the names configured for the received file
806 descriptors. Names may contain any ASCII character, but must
a8eaaee7 807 exclude control characters and <literal>:</literal>, and must
8dd4c05b 808 be at most 255 characters in length. If this setting is not
b938cb90 809 used, the file descriptor name defaults to the name of the
8dd4c05b
LP		 810 socket unit, including its <filename>.socket</filename>
811 suffix.</para></listitem>
812 </varlistentry>
813
798d3a52
ZJS		 814 </variablelist>
815
816 <para>Check
817 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
818 and
819 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
820 for more settings.</para>
821
822 </refsect1>
823
824 <refsect1>
825 <title>See Also</title>
826 <para>
827 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
828 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
829 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
830 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
831 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
832 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
833 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
8dd4c05b
LP		 834 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
835 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
836 <citerefentry><refentrytitle>sd_listen_fds_with_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52 837 </para>
798d3a52
ZJS		 838 <para>
839 For more extensive descriptions see the "systemd for Developers" series:
840 <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
841 <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
842 <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
843 <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.
844 </para>
845 </refsect1>
1f812fea
LP		 846
847</refentry>
Unnamed repository; edit this file 'description' to name the repository.