</varlistentry>
<varlistentry>
- <term><varname>KeepAliveTime=</varname></term>
+ <term><varname>KeepAliveTimeSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument . The connection needs to remain
idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE
socket option (see
</varlistentry>
<varlistentry>
- <term><varname>KeepAliveInterval=</varname></term>
+ <term><varname>KeepAliveIntervalSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument between individual keepalive probes,
if the socket option SO_KEEPALIVE has been set on this socket seconds as argument.
This controls the TCP_KEEPINTVL socket option (see
<varlistentry>
<term><varname>KeepAliveProbes=</varname></term>
- <listitem><para>Takes interger as argument. It's the number of unacknowledged probes to
+ <listitem><para>Takes integer as argument. It's the number of unacknowledged probes to
send before considering the connection dead and notifying the application layer.
This controls the TCP_KEEPCNT socket option (see
<citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.).</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DeferAcceptSec=</varname></term>
+
+ <listitem><para>Takes time (in
+ seconds) as argument. If set, the
+ listening process will be awakened
+ only when data arrives on the socket,
+ and not immediately when connection is
+ established. When this option is set,
+ the
+ <constant>TCP_DEFER_ACCEPT</constant>
+ socket option will be used (see
+ <citerefentry><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>),
+ and the kernel will ignore initial ACK
+ packets without any data. The argument
+ specifies the approximate amount of
+ time the kernel should wait for
+ incoming data before falling back to
+ the normal behaviour of honouring
+ empty ACK packets. This option is
+ beneficial for protocols where the
+ client sends the data first (e.g.
+ HTTP, in contrast to SMTP), because
+ the server process will not be woken
+ up unnecessarily before it can take
+ any action.
+ </para>
+
+ <para>If the client also uses the
+ <constant>TCP_DEFER_ACCEPT</constant>
+ option, the latency of the initial
+ connection may be reduced, because the
+ kernel will send data in the final
+ packet establishing the connection
+ (the third packet in the "three-way
+ handshake").</para>
+
+ <para>Disabled by default.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>ReceiveBuffer=</varname></term>
<term><varname>SendBuffer=</varname></term>
for details.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SELinuxContextFromNet=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. When true, systemd will attempt
+ to figure out the SELinux label used
+ for the instantiated service from the
+ information handed by the peer over the
+ network. Note that only the security
+ level is used from the information
+ provided by the peer. Other parts of
+ the resulting SELinux context originate
+ from either the target binary that is
+ effectively triggered by socket unit
+ or from the value of the
+ <varname>SELinuxContext=</varname>
+ option. This configuration option only
+ affects sockets with
+ <varname>Accept=</varname> mode set to
+ <literal>true</literal>. Also note that
+ this option is useful only when
+ MLS/MCS SELinux policy is
+ deployed. Defaults to
+ <literal>false</literal>.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>PipeSize=</varname></term>
<listitem><para>Takes a size in
20s". Pass <literal>0</literal> to disable the timeout
logic. Defaults to <varname>DefaultTimeoutStartSec=</varname> from the
manager configuration file
- (see <citerefentry><refentrytitle>systemd-systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
+ (see <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
</para></listitem>
</varlistentry>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,