]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.socket.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tmpfiles: fix compilation without acl support
[thirdparty/systemd.git] / man / systemd.socket.xml
CommitLineData
1f812fea
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6<!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
1f812fea
LP		 14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 19 Lesser General Public License for more details.
1f812fea 20
5430f7f2 21 You should have received a copy of the GNU Lesser General Public License
1f812fea
LP		 22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23-->
24
25<refentry id="systemd.socket">
26 <refentryinfo>
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.socket</refname>
34511ca7 47 <refpurpose>Socket unit configuration</refpurpose>
1f812fea
LP		 48 </refnamediv>
49
50 <refsynopsisdiv>
e670b166 51 <para><filename><replaceable>socket</replaceable>.socket</filename></para>
1f812fea
LP		 52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
65232ea7 57 <para>A unit configuration file whose name ends in
479fe882 58 <literal>.socket</literal> encodes information about
65232ea7
LP		 59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
61 activation.</para>
1f812fea
LP		 62
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
cdb788e4 69 socket specific configuration options are configured
1f812fea
LP		 70 in the [Socket] section.</para>
71
72 <para>Additional options are listed in
ba60f905
LP		 73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
89ca6994 78 <option>ExecStopPost=</option> commands are executed
4819ff03 79 in, and in
d868475a 80 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
3fde5f30
LP		 81 which define the way the processes are terminated, and
82 in
83 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
84 which configure resource control settings for the
85 processes of the socket.</para>
1f812fea 86
73e231ab 87 <para>For each socket file, a matching service file
3cf148f3
ZJS		 88 must exist, describing the service to start on
89 incoming traffic on the socket (see
65232ea7 90 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
3cf148f3
ZJS		 91 for more information about .service files). The name
92 of the .service unit is by default the same as the
66f756d4 93 name of the .socket unit, but can be altered with the
3cf148f3 94 <option>Service=</option> option described below.
66f756d4 95 Depending on the setting of the <option>Accept=</option>
3cf148f3
ZJS		 96 option described below, this .service unit must either
97 be named like the .socket unit, but with the suffix
98 replaced, unless overridden with
99 <option>Service=</option>; or it must be a template
100 unit named the same way. Example: a socket file
1f812fea
LP		 101 <filename>foo.socket</filename> needs a matching
102 service <filename>foo.service</filename> if
103 <option>Accept=false</option> is set. If
3cf148f3
ZJS		 104 <option>Accept=true</option> is set, a service
105 template file <filename>foo@.service</filename> must
106 exist from which services are instantiated for each
107 incoming connection.</para>
65232ea7 108
62adf224
LP		 109 <para>Unless <varname>DefaultDependencies=</varname>
110 is set to <option>false</option>, socket units will
111 implicitly have dependencies of type
112 <varname>Requires=</varname> and
113 <varname>After=</varname> on
114 <filename>sysinit.target</filename> as well as
115 dependencies of type <varname>Conflicts=</varname> and
116 <varname>Before=</varname> on
117 <filename>shutdown.target</filename>. These ensure
118 that socket units pull in basic system
119 initialization, and are terminated cleanly prior to
120 system shutdown. Only sockets involved with early
121 boot or late system shutdown should disable this
122 option.</para>
123
b200a92c
JSJ		 124 <para>Socket units will have a
125 <varname>Before=</varname> dependency on the service
126 which they trigger added implicitly. No implicit
127 <varname>WantedBy=</varname> or
128 <varname>RequiredBy=</varname> dependency from the
129 socket to the service is added. This means that the
130 service may be started without the socket, in which
131 case it must be able to open sockets by itself. To
132 prevent this, an explicit <varname>Requires=</varname>
133 dependency may be added.</para>
3cf148f3 134
65232ea7 135 <para>Socket units may be used to implement on-demand
b439c6ee 136 starting of services, as well as parallelized starting
3cf148f3 137 of services. See the blog stories linked at the end
66f756d4 138 for an introduction.</para>
be039669
LP		 139
140 <para>Note that the daemon software configured for
141 socket activation with socket units needs to be able
142 to accept sockets from systemd, either via systemd's
143 native socket passing interface (see
144 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
145 for details) or via the traditional
146 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
6db27428
ZJS		 147 socket passing (i.e. sockets passed in via standard input and
148 output, using <varname>StandardInput=socket</varname>
be039669 149 in the service file).</para>
1f812fea
LP		 150 </refsect1>
151
152 <refsect1>
153 <title>Options</title>
154
155 <para>Socket files must include a [Socket] section,
156 which carries information about the socket or FIFO it
157 supervises. A number of options that may be used in
158 this section are shared with other unit types. These
159 options are documented in
4819ff03
LP		 160 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
161 and
162 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
65232ea7 163 options specific to the [Socket] section of socket
1f812fea
LP		 164 units are the following:</para>
165
ccc9a4f9 166 <variablelist class='unit-directives'>
1f812fea
LP		 167 <varlistentry>
168 <term><varname>ListenStream=</varname></term>
169 <term><varname>ListenDatagram=</varname></term>
170 <term><varname>ListenSequentialPacket=</varname></term>
171 <listitem><para>Specifies an address
172 to listen on for a stream
74d00578 173 (<constant>SOCK_STREAM</constant>), datagram (<constant>SOCK_DGRAM</constant>),
16dad32e 174 or sequential packet
74d00578 175 (<constant>SOCK_SEQPACKET</constant>) socket, respectively. The address
1f812fea
LP		 176 can be written in various formats:</para>
177
178 <para>If the address starts with a
05cc7267 179 slash (<literal>/</literal>), it is read as file system
74d00578 180 socket in the <constant>AF_UNIX</constant> socket
1f812fea
LP		 181 family.</para>
182
05cc7267 183 <para>If the address starts with an at
79640424 184 symbol (<literal>@</literal>), it is read as abstract
05cc7267
ZJS		 185 namespace socket in the
186 <constant>AF_UNIX</constant>
187 family. The <literal>@</literal> is
188 replaced with a
189 <constant>NUL</constant> character
79640424 190 before binding. For details, see
5aded369 191 <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
1f812fea
LP		 192
193 <para>If the address string is a
79640424 194 single number, it is read as port
5198dabc
LP		 195 number to listen on via
196 IPv6. Depending on the value of
197 <varname>BindIPv6Only=</varname> (see below) this
198 might result in the service being
199 available via both IPv6 and IPv4 (default) or
200 just via IPv6.
201 </para>
1f812fea
LP		 202
203 <para>If the address string is a
79640424 204 string in the format v.w.x.y:z, it is
1f812fea
LP		 205 read as IPv4 specifier for listening
206 on an address v.w.x.y on a port
207 z.</para>
208
209 <para>If the address string is a
79640424 210 string in the format [x]:y, it is read
5198dabc
LP		 211 as IPv6 address x on a port y. Note
212 that this might make the service
213 available via IPv4, too, depending on
214 the <varname>BindIPv6Only=</varname>
215 setting (see below).
216 </para>
1f812fea 217
74d00578 218 <para>Note that <constant>SOCK_SEQPACKET</constant>
1f812fea 219 (i.e. <varname>ListenSequentialPacket=</varname>)
74d00578
ZJS		 220 is only available for <constant>AF_UNIX</constant>
221 sockets. <constant>SOCK_STREAM</constant>
1f812fea
LP		 222 (i.e. <varname>ListenStream=</varname>)
223 when used for IP sockets refers to TCP
74d00578 224 sockets, <constant>SOCK_DGRAM</constant>
1f812fea
LP		 225 (i.e. <varname>ListenDatagram=</varname>)
226 to UDP.</para>
227
228 <para>These options may be specified
229 more than once in which case incoming
74051b9b
LP		 230 traffic on any of the sockets will
231 trigger service activation, and all
232 listed sockets will be passed to the
494a6682 233 service, regardless of whether there is
74051b9b
LP		 234 incoming traffic on them or not. If
235 the empty string is assigned to any of
236 these options, the list of addresses
237 to listen on is reset, all prior uses
238 of any of these options will have no
239 effect.</para>
240
3cf148f3
ZJS		 241 <para>It is also possible to have more
242 than one socket unit for the same
243 service when using
244 <varname>Service=</varname>, and the
245 service will receive all the sockets
246 configured in all the socket units.
247 Sockets configured in one unit are
248 passed in the order of configuration,
249 but no ordering between socket units
250 is specified.</para>
251
74051b9b
LP		 252 <para>If an IP address is used here,
253 it is often desirable to listen on it
1f812fea
LP		 254 before the interface it is configured
255 on is up and running, and even
494a6682 256 regardless of whether it will be up and
73e231ab 257 running at any point. To deal with this,
74051b9b 258 it is recommended to set the
1f812fea
LP		 259 <varname>FreeBind=</varname> option
260 described below.</para></listitem>
261 </varlistentry>
262
263 <varlistentry>
264 <term><varname>ListenFIFO=</varname></term>
265 <listitem><para>Specifies a file
266 system FIFO to listen on. This expects
267 an absolute file system path as
c5315881 268 argument. Behavior otherwise is very
1f812fea
LP		 269 similar to the
270 <varname>ListenDatagram=</varname>
7a22745a
LP		 271 directive above.</para></listitem>
272 </varlistentry>
273
b0a3f2bc
LP		 274 <varlistentry>
275 <term><varname>ListenSpecial=</varname></term>
276 <listitem><para>Specifies a special
277 file in the file system to listen
278 on. This expects an absolute file
c5315881 279 system path as argument. Behavior
b0a3f2bc
LP		 280 otherwise is very similar to the
281 <varname>ListenFIFO=</varname>
282 directive above. Use this to open
283 character device nodes as well as
284 special files in
285 <filename>/proc</filename> and
286 <filename>/sys</filename>.</para></listitem>
287 </varlistentry>
288
7a22745a
LP		 289 <varlistentry>
290 <term><varname>ListenNetlink=</varname></term>
291 <listitem><para>Specifies a Netlink
292 family to create a socket for to
293 listen on. This expects a short string
74d00578 294 referring to the <constant>AF_NETLINK</constant> family
7a22745a
LP		 295 name (such as <varname>audit</varname>
296 or <varname>kobject-uevent</varname>)
297 as argument, optionally suffixed by a
298 whitespace followed by a multicast
c5315881 299 group integer. Behavior otherwise is
7a22745a
LP		 300 very similar to the
301 <varname>ListenDatagram=</varname>
1f812fea
LP		 302 directive above.</para></listitem>
303 </varlistentry>
304
916abb21
LP		 305 <varlistentry>
306 <term><varname>ListenMessageQueue=</varname></term>
307 <listitem><para>Specifies a POSIX
308 message queue name to listen on. This
309 expects a valid message queue name
c5315881 310 (i.e. beginning with /). Behavior
916abb21
LP		 311 otherwise is very similar to the
312 <varname>ListenFIFO=</varname>
313 directive above. On Linux message
314 queue descriptors are actually file
315 descriptors and can be inherited
316 between processes.</para></listitem>
317 </varlistentry>
318
1f812fea
LP		 319 <varlistentry>
320 <term><varname>BindIPv6Only=</varname></term>
321 <listitem><para>Takes a one of
322 <option>default</option>,
323 <option>both</option> or
324 <option>ipv6-only</option>. Controls
325 the IPV6_V6ONLY socket option (see
326 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
327 for details). If
328 <option>both</option>, IPv6 sockets
329 bound will be accessible via both IPv4
330 and IPv6. If
331 <option>ipv6-only</option>, they will
332 be accessible via IPv6 only. If
333 <option>default</option> (which is the
79640424 334 default, surprise!), the system wide
1f812fea
LP		 335 default setting is used, as controlled
336 by
5198dabc
LP		 337 <filename>/proc/sys/net/ipv6/bindv6only</filename>,
338 which in turn defaults to the
339 equivalent of
340 <option>both</option>.</para>
1f812fea
LP		 341 </listitem>
342 </varlistentry>
343
344 <varlistentry>
345 <term><varname>Backlog=</varname></term>
346 <listitem><para>Takes an unsigned
347 integer argument. Specifies the number
348 of connections to queue that have not
349 been accepted yet. This setting
350 matters only for stream and sequential
351 packet sockets. See
352 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
353 for details. Defaults to SOMAXCONN
354 (128).</para></listitem>
355 </varlistentry>
356
357 <varlistentry>
358 <term><varname>BindToDevice=</varname></term>
359 <listitem><para>Specifies a network
360 interface name to bind this socket
79640424 361 to. If set, traffic will only be
1f812fea
LP		 362 accepted from the specified network
363 interfaces. This controls the
364 SO_BINDTODEVICE socket option (see
365 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
b439c6ee 366 for details). If this option is used,
1f812fea
LP		 367 an automatic dependency from this
368 socket unit on the network interface
369 device unit
370 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
371 is created.</para></listitem>
372 </varlistentry>
373
374 <varlistentry>
3900e5fd
LP		 375 <term><varname>SocketUser=</varname></term>
376 <term><varname>SocketGroup=</varname></term>
377
378 <listitem><para>Takes a UNIX
8d0e0ddd 379 user/group name. When specified,
3900e5fd
LP		 380 all AF_UNIX sockets and FIFO nodes in
381 the file system are owned by the
382 specified user and group. If unset
383 (the default), the nodes are owned by
384 the root user/group (if run in system
385 context) or the invoking user/group
386 (if run in user context). If only a
387 user is specified but no group, then
388 the group is derived from the user's
389 default group.</para></listitem>
1f812fea
LP		 390 </varlistentry>
391
392 <varlistentry>
393 <term><varname>SocketMode=</varname></term>
394 <listitem><para>If listening on a file
7277f5a9 395 system socket or FIFO, this option
1f812fea
LP		 396 specifies the file system access mode
397 used when creating the file
dd1eb43b
LP		 398 node. Takes an access mode in octal
399 notation. Defaults to
1f812fea
LP		 400 0666.</para></listitem>
401 </varlistentry>
402
3900e5fd
LP		 403 <varlistentry>
404 <term><varname>DirectoryMode=</varname></term>
405 <listitem><para>If listening on a file
406 system socket or FIFO, the parent
407 directories are automatically created
408 if needed. This option specifies the
409 file system access mode used when
410 creating these directories. Takes an
411 access mode in octal
412 notation. Defaults to
413 0755.</para></listitem>
414 </varlistentry>
415
1f812fea
LP		 416 <varlistentry>
417 <term><varname>Accept=</varname></term>
418 <listitem><para>Takes a boolean
b439c6ee 419 argument. If true, a service instance
1f812fea
LP		 420 is spawned for each incoming
421 connection and only the connection
b439c6ee 422 socket is passed to it. If false, all
1f812fea
LP		 423 listening sockets themselves are
424 passed to the started service unit,
425 and only one service unit is spawned
426 for all connections (also see
427 above). This value is ignored for
3c86d34c
LP		 428 datagram sockets and FIFOs where a
429 single service unit unconditionally
1f812fea
LP		 430 handles all incoming traffic. Defaults
431 to <option>false</option>. For
b439c6ee 432 performance reasons, it is recommended
1f812fea
LP		 433 to write new daemons only in a way
434 that is suitable for
3c86d34c 435 <option>Accept=false</option>. A
74d00578 436 daemon listening on an <constant>AF_UNIX</constant> socket
3c86d34c 437 may, but does not need to, call
77f40f16 438 <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
3c86d34c
LP		 439 on the received socket before
440 exiting. However, it must not unlink
e9dd9f95
JSJ		 441 the socket from a file system. It
442 should not invoke
77f40f16 443 <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
3c86d34c
LP		 444 on sockets it got with
445 <varname>Accept=false</varname>, but
446 it may do so for sockets it got with
447 <varname>Accept=true</varname> set.
448 Setting <varname>Accept=true</varname>
449 is mostly useful to allow daemons
450 designed for usage with
451 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
b439c6ee 452 to work unmodified with systemd socket
1f812fea
LP		 453 activation.</para></listitem>
454 </varlistentry>
455
456 <varlistentry>
457 <term><varname>MaxConnections=</varname></term>
458 <listitem><para>The maximum number of
459 connections to simultaneously run
460 services instances for, when
461 <option>Accept=true</option> is
462 set. If more concurrent connections
b439c6ee 463 are coming in, they will be refused
1f812fea
LP		 464 until at least one existing connection
465 is terminated. This setting has no
e9dd9f95 466 effect on sockets configured with
f848f8d8 467 <option>Accept=false</option> or datagram
1f812fea
LP		 468 sockets. Defaults to
469 64.</para></listitem>
470 </varlistentry>
471
472 <varlistentry>
473 <term><varname>KeepAlive=</varname></term>
474 <listitem><para>Takes a boolean
475 argument. If true, the TCP/IP stack
476 will send a keep alive message after
477 2h (depending on the configuration of
478 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
479 for all TCP streams accepted on this
480 socket. This controls the SO_KEEPALIVE
481 socket option (see
482 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
483 and the <ulink
484 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
485 Keepalive HOWTO</ulink> for details.)
486 Defaults to
487 <option>false</option>.</para></listitem>
488 </varlistentry>
489
209e9dcd 490 <varlistentry>
3cd761e4 491 <term><varname>KeepAliveTimeSec=</varname></term>
209e9dcd
SS		 492 <listitem><para>Takes time (in seconds) as argument . The connection needs to remain
493 idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE
494 socket option (see
495 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
496 and the <ulink
497 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
498 Keepalive HOWTO</ulink> for details.)
499 Defaults value is 7200 seconds (2 hours).</para></listitem>
500 </varlistentry>
501
502 <varlistentry>
3cd761e4 503 <term><varname>KeepAliveIntervalSec=</varname></term>
209e9dcd
SS		 504 <listitem><para>Takes time (in seconds) as argument between individual keepalive probes,
505 if the socket option SO_KEEPALIVE has been set on this socket seconds as argument.
506 This controls the TCP_KEEPINTVL socket option (see
507 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
508 and the <ulink
509 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
510 Keepalive HOWTO</ulink> for details.)
511 Defaults value is 75 seconds.</para></listitem>
512 </varlistentry>
513
514 <varlistentry>
515 <term><varname>KeepAliveProbes=</varname></term>
06b643e7 516 <listitem><para>Takes integer as argument. It's the number of unacknowledged probes to
209e9dcd
SS		 517 send before considering the connection dead and notifying the application layer.
518 This controls the TCP_KEEPCNT socket option (see
519 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
520 and the <ulink
521 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
522 Keepalive HOWTO</ulink> for details.)
523 Defaults value is 9.</para></listitem>
524 </varlistentry>
525
4427c3f4
SS		 526 <varlistentry>
527 <term><varname>NoDelay=</varname></term>
528 <listitem><para>Takes a boolean
529 argument. TCP Nagle's algorithm works by combining a number of
530 small outgoing messages, and sending them all at once.
531 This controls the TCP_NODELAY socket option (see
532 <citerefentry><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
533 Defaults to
534 <option>false</option>.</para></listitem>
535 </varlistentry>
536
1f812fea
LP		 537 <varlistentry>
538 <term><varname>Priority=</varname></term>
539 <listitem><para>Takes an integer
540 argument controlling the priority for
541 all traffic sent from this
542 socket. This controls the SO_PRIORITY
543 socket option (see
544 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
545 for details.).</para></listitem>
546 </varlistentry>
547
cc567c9b 548 <varlistentry>
3cd761e4 549 <term><varname>DeferAcceptSec=</varname></term>
cc567c9b
SS		 550
551 <listitem><para>Takes time (in
552 seconds) as argument. If set, the
553 listening process will be awakened
554 only when data arrives on the socket,
555 and not immediately when connection is
556 established. When this option is set,
557 the
558 <constant>TCP_DEFER_ACCEPT</constant>
559 socket option will be used (see
560 <citerefentry><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>),
561 and the kernel will ignore initial ACK
562 packets without any data. The argument
563 specifies the approximate amount of
564 time the kernel should wait for
565 incoming data before falling back to
566 the normal behaviour of honouring
567 empty ACK packets. This option is
568 beneficial for protocols where the
569 client sends the data first (e.g.
570 HTTP, in contrast to SMTP), because
571 the server process will not be woken
572 up unnecessarily before it can take
573 any action.
574 </para>
575
576 <para>If the client also uses the
577 <constant>TCP_DEFER_ACCEPT</constant>
578 option, the latency of the initial
579 connection may be reduced, because the
580 kernel will send data in the final
581 packet establishing the connection
582 (the third packet in the "three-way
583 handshake").</para>
584
585 <para>Disabled by default.</para>
586 </listitem>
587 </varlistentry>
588
1f812fea
LP		 589 <varlistentry>
590 <term><varname>ReceiveBuffer=</varname></term>
591 <term><varname>SendBuffer=</varname></term>
592 <listitem><para>Takes an integer
5556b5fe
LP		 593 argument controlling the receive or
594 send buffer sizes of this socket,
595 respectively. This controls the
596 SO_RCVBUF and SO_SNDBUF socket options
597 (see
1f812fea 598 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
5556b5fe
LP		 599 for details.). The usual suffixes K,
600 M, G are supported and are understood
601 to the base of 1024.</para></listitem>
1f812fea
LP		 602 </varlistentry>
603
604 <varlistentry>
605 <term><varname>IPTOS=</varname></term>
606 <listitem><para>Takes an integer
607 argument controlling the IP
608 Type-Of-Service field for packets
609 generated from this socket. This
610 controls the IP_TOS socket option (see
611 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
612 for details.). Either a numeric string
613 or one of <option>low-delay</option>,
614 <option>throughput</option>,
615 <option>reliability</option> or
616 <option>low-cost</option> may be
617 specified.</para></listitem>
618 </varlistentry>
619
620 <varlistentry>
621 <term><varname>IPTTL=</varname></term>
622 <listitem><para>Takes an integer
623 argument controlling the IPv4
624 Time-To-Live/IPv6 Hop-Count field for
625 packets generated from this
626 socket. This sets the
627 IP_TTL/IPV6_UNICAST_HOPS socket
628 options (see
629 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
630 and
631 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
632 for details.)</para></listitem>
633 </varlistentry>
634
635 <varlistentry>
636 <term><varname>Mark=</varname></term>
637 <listitem><para>Takes an integer
638 value. Controls the firewall mark of
639 packets generated by this socket. This
640 can be used in the firewall logic to
641 filter packets from this socket. This
642 sets the SO_MARK socket option. See
643 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
644 for details.</para></listitem>
645 </varlistentry>
646
f7db7a69
SL		 647 <varlistentry>
648 <term><varname>ReusePort=</varname></term>
649 <listitem><para>Takes a boolean
ac8e20c6 650 value. If true, allows multiple <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
f7db7a69
SL		 651 to this TCP or UDP port. This
652 controls the SO_REUSEPORT socket
653 option. See
654 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
655 for details.</para></listitem>
656 </varlistentry>
657
0eb59ccf
AK		 658 <varlistentry>
659 <term><varname>SmackLabel=</varname></term>
660 <term><varname>SmackLabelIPIn=</varname></term>
661 <term><varname>SmackLabelIPOut=</varname></term>
662 <listitem><para>Takes a string
663 value. Controls the extended
664 attributes
665 <literal>security.SMACK64</literal>,
666 <literal>security.SMACK64IPIN</literal>
667 and
668 <literal>security.SMACK64IPOUT</literal>,
669 respectively, i.e. the security label
670 of the FIFO, or the security label for
671 the incoming or outgoing connections
e9dd9f95 672 of the socket, respectively. See
0eb59ccf
AK		 673 <ulink
674 url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
675 for details.</para></listitem>
676 </varlistentry>
677
16115b0a
MS		 678 <varlistentry>
679 <term><varname>SELinuxContextFromNet=</varname></term>
680 <listitem><para>Takes a boolean
281a92f8 681 argument. When true, systemd will attempt
16115b0a
MS		 682 to figure out the SELinux label used
683 for the instantiated service from the
684 information handed by the peer over the
685 network. Note that only the security
686 level is used from the information
687 provided by the peer. Other parts of
688 the resulting SELinux context originate
689 from either the target binary that is
690 effectively triggered by socket unit
281a92f8 691 or from the value of the
16115b0a 692 <varname>SELinuxContext=</varname>
281a92f8 693 option. This configuration option only
16115b0a
MS		 694 affects sockets with
695 <varname>Accept=</varname> mode set to
696 <literal>true</literal>. Also note that
697 this option is useful only when
698 MLS/MCS SELinux policy is
699 deployed. Defaults to
700 <literal>false</literal>.
701 </para></listitem>
702 </varlistentry>
703
1f812fea
LP		 704 <varlistentry>
705 <term><varname>PipeSize=</varname></term>
dca348bc 706 <listitem><para>Takes a size in
5556b5fe 707 bytes. Controls the pipe buffer size
1f812fea 708 of FIFOs configured in this socket
e9dd9f95 709 unit. See
1f812fea 710 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
5556b5fe
LP		 711 for details. The usual suffixes K, M,
712 G are supported and are understood to
713 the base of 1024.</para></listitem>
1f812fea
LP		 714 </varlistentry>
715
916abb21
LP		 716 <varlistentry>
717 <term><varname>MessageQueueMaxMessages=</varname>,
718 <varname>MessageQueueMessageSize=</varname></term>
719 <listitem><para>These two settings
720 take integer values and control the
16dad32e 721 mq_maxmsg field or the mq_msgsize field, respectively, when
916abb21
LP		 722 creating the message queue. Note that
723 either none or both of these variables
724 need to be set. See
725 <citerefentry><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry>
726 for details.</para></listitem>
727 </varlistentry>
728
1f812fea
LP		 729 <varlistentry>
730 <term><varname>FreeBind=</varname></term>
731 <listitem><para>Takes a boolean
732 value. Controls whether the socket can
733 be bound to non-local IP
734 addresses. This is useful to configure
735 sockets listening on specific IP
736 addresses before those IP addresses
737 are successfully configured on a
738 network interface. This sets the
739 IP_FREEBIND socket option. For
740 robustness reasons it is recommended
741 to use this option whenever you bind a
742 socket to a specific IP
743 address. Defaults to <option>false</option>.</para></listitem>
744 </varlistentry>
745
6b6d2dee
LP		 746 <varlistentry>
747 <term><varname>Transparent=</varname></term>
748 <listitem><para>Takes a boolean
749 value. Controls the IP_TRANSPARENT
271b032a 750 socket option. Defaults to
6b6d2dee
LP		 751 <option>false</option>.</para></listitem>
752 </varlistentry>
753
ec6370a2
LP		 754 <varlistentry>
755 <term><varname>Broadcast=</varname></term>
756 <listitem><para>Takes a boolean
757 value. This controls the SO_BROADCAST
271b032a 758 socket option, which allows broadcast
ec6370a2
LP		 759 datagrams to be sent from this
760 socket. Defaults to
761 <option>false</option>.</para></listitem>
762 </varlistentry>
763
42e87475 764 <varlistentry>
271b032a 765 <term><varname>PassCredentials=</varname></term>
42e87475
MS		 766 <listitem><para>Takes a boolean
767 value. This controls the SO_PASSCRED
74d00578 768 socket option, which allows <constant>AF_UNIX</constant> sockets to
42e87475
MS		 769 receive the credentials of the sending
770 process in an ancillary message.
771 Defaults to
772 <option>false</option>.</para></listitem>
773 </varlistentry>
774
54ecda32
LP		 775 <varlistentry>
776 <term><varname>PassSecurity=</varname></term>
777 <listitem><para>Takes a boolean
778 value. This controls the SO_PASSSEC
74d00578 779 socket option, which allows <constant>AF_UNIX</constant>
54ecda32
LP		 780 sockets to receive the security
781 context of the sending process in an
e9dd9f95 782 ancillary message. Defaults to
54ecda32
LP		 783 <option>false</option>.</para></listitem>
784 </varlistentry>
785
cebf8b20
TT		 786 <varlistentry>
787 <term><varname>TCPCongestion=</varname></term>
788 <listitem><para>Takes a string
789 value. Controls the TCP congestion
790 algorithm used by this socket. Should
791 be one of "westwood", "veno", "cubic",
792 "lp" or any other available algorithm
793 supported by the IP stack. This
794 setting applies only to stream
795 sockets.</para></listitem>
796 </varlistentry>
797
1f812fea
LP		 798 <varlistentry>
799 <term><varname>ExecStartPre=</varname></term>
800 <term><varname>ExecStartPost=</varname></term>
b3eaa628
LP		 801 <listitem><para>Takes one or more
802 command lines, which are executed
16dad32e 803 before or after the listening
b3eaa628 804 sockets/FIFOs are created and
16dad32e 805 bound, respectively. The first token of the command
e9dd9f95 806 line must be an absolute filename,
1f812fea 807 then followed by arguments for the
b3eaa628
LP		 808 process. Multiple command lines may be
809 specified following the same scheme as
810 used for
811 <varname>ExecStartPre=</varname> of
812 service unit files.</para></listitem>
1f812fea
LP		 813 </varlistentry>
814
815 <varlistentry>
816 <term><varname>ExecStopPre=</varname></term>
817 <term><varname>ExecStopPost=</varname></term>
818 <listitem><para>Additional commands
16dad32e 819 that are executed before or after
1f812fea 820 the listening sockets/FIFOs are closed
16dad32e 821 and removed, respectively. Multiple command lines
b3eaa628
LP		 822 may be specified following the same
823 scheme as used for
824 <varname>ExecStartPre=</varname> of
825 service unit files.</para></listitem>
1f812fea
LP		 826 </varlistentry>
827
1f812fea
LP		 828 <varlistentry>
829 <term><varname>TimeoutSec=</varname></term>
830 <listitem><para>Configures the time to
831 wait for the commands specified in
832 <varname>ExecStartPre=</varname>,
833 <varname>ExecStartPost=</varname>,
834 <varname>ExecStopPre=</varname> and
835 <varname>ExecStopPost=</varname> to
b439c6ee
KS		 836 finish. If a command does not exit
837 within the configured time, the socket
1f812fea 838 will be considered failed and be shut
5e34b37c 839 down again. All commands still running
1f812fea 840 will be terminated forcibly via
05cc7267
ZJS		 841 <constant>SIGTERM</constant>, and after another delay of
842 this time with <constant>SIGKILL</constant>. (See
4819ff03 843 <option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
1f812fea
LP		 844 Takes a unit-less value in seconds, or
845 a time span value such as "5min
5e34b37c
ZJS		 846 20s". Pass <literal>0</literal> to disable the timeout
847 logic. Defaults to <varname>DefaultTimeoutStartSec=</varname> from the
848 manager configuration file
97426dcf 849 (see <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
5e34b37c 850 </para></listitem>
1f812fea
LP		 851 </varlistentry>
852
d9ff321a
LP		 853 <varlistentry>
854 <term><varname>Service=</varname></term>
855 <listitem><para>Specifies the service
856 unit name to activate on incoming
3cf148f3
ZJS		 857 traffic. This setting is only allowed
858 for sockets with
859 <varname>Accept=no</varname>. It
860 defaults to the service that bears the
861 same name as the socket (with the
73e231ab 862 suffix replaced). In most cases, it
3cf148f3
ZJS		 863 should not be necessary to use this
864 option.</para></listitem>
d9ff321a
LP		 865 </varlistentry>
866
bd1fe7c7
LP		 867 <varlistentry>
868 <term><varname>RemoveOnStop=</varname></term>
869 <listitem><para>Takes a boolean
8d0e0ddd 870 argument. If enabled, any file nodes
bd1fe7c7
LP		 871 created by this socket unit are
872 removed when it is stopped. This
873 applies to AF_UNIX sockets in the file
8d0e0ddd
JE		 874 system, POSIX message queues, FIFOs,
875 as well as any symlinks to
811ba7a0 876 them configured with
8d0e0ddd 877 <varname>Symlinks=</varname>. Normally,
811ba7a0
LP		 878 it should not be necessary to use this
879 option, and is not recommended as
880 services might continue to run after
881 the socket unit has been terminated
882 and it should still be possible to
883 communicate with them via their file
884 system node. Defaults to
bd1fe7c7
LP		 885 off.</para></listitem>
886 </varlistentry>
887
811ba7a0
LP		 888 <varlistentry>
889 <term><varname>Symlinks=</varname></term>
890 <listitem><para>Takes a list of file
891 system paths. The specified paths will
892 be created as symlinks to the AF_UNIX
893 socket path or FIFO path of this
8d0e0ddd 894 socket unit. If this setting is used,
811ba7a0
LP		 895 only one AF_UNIX socket in the file
896 system or one FIFO may be configured
897 for the socket unit. Use this option
898 to manage one or more symlinked alias
899 names for a socket, binding their
900 lifecycle together. Defaults to the
901 empty list.</para></listitem>
902 </varlistentry>
903
1f812fea 904 </variablelist>
4819ff03
LP		 905
906 <para>Check
907 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
908 and
909 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
910 for more settings.</para>
911
1f812fea
LP		 912 </refsect1>
913
914 <refsect1>
915 <title>See Also</title>
916 <para>
f3e219a2 917 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
67826132 918 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1f812fea
LP		 919 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
920 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
4819ff03 921 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
3fde5f30 922 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
9cc2c8b7
ZJS		 923 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
924 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
1f812fea 925 </para>
7d617113
ZJS		 926
927 <para>
e9dd9f95 928 For more extensive descriptions see the "systemd for Developers" series:
7d617113
ZJS		 929 <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
930 <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
931 <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
932 <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.
933 </para>
1f812fea
LP		 934 </refsect1>
935
936</refentry>
Unnamed repository; edit this file 'description' to name the repository.