1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.socket">
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.socket</refname>
47 <refpurpose>systemd socket configuration files</refpurpose>
51 <para><filename>systemd.socket</filename></para>
55 <title>Description</title>
57 <para>A unit configuration file whose name ends in
58 <filename>.socket</filename> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
69 socket specific configuration options are configured
70 in the [Socket] section.</para>
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
78 <option>ExecStoptPost=</option> commands are executed
81 <para>For each socket file a matching service file
83 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
84 for details) must exist, describing the service to
85 start on incoming traffic on the socket. Depending on
86 the setting of <option>Accept=</option> (see below),
87 this must either be named like the socket unit, but
88 with the suffix replaced; or it must be a template
89 file named the same way. Example: a socket file
90 <filename>foo.socket</filename> needs a matching
91 service <filename>foo.service</filename> if
92 <option>Accept=false</option> is set. If
93 <option>Accept=true</option> is set a service template
94 file <filename>foo@.service</filename> must exist from
95 which services are instantiated for each incoming
98 <para>Unless <varname>DefaultDependencies=</varname>
99 is set to <option>false</option>, socket units will
100 implicitly have dependencies of type
101 <varname>Requires=</varname> and
102 <varname>After=</varname> on
103 <filename>sysinit.target</filename> as well as
104 dependencies of type <varname>Conflicts=</varname> and
105 <varname>Before=</varname> on
106 <filename>shutdown.target</filename>. These ensure
107 that socket units pull in basic system
108 initialization, and are terminated cleanly prior to
109 system shutdown. Only sockets involved with early
110 boot or late system shutdown should disable this
113 <para>Socket units may be used to implement on-demand
114 starting of services, as well as parallelized starting
117 <para>Note that the daemon software configured for
118 socket activation with socket units needs to be able
119 to accept sockets from systemd, either via systemd's
120 native socket passing interface (see
121 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
122 for details) or via the traditional
123 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
124 socket passing (i.e. sockets passed in via STDIN and
125 STDOUT, using <varname>StandardInput=socket</varname>
126 in the service file).</para>
130 <title>Options</title>
132 <para>Socket files must include a [Socket] section,
133 which carries information about the socket or FIFO it
134 supervises. A number of options that may be used in
135 this section are shared with other unit types. These
136 options are documented in
137 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
138 options specific to the [Socket] section of socket
139 units are the following:</para>
143 <term><varname>ListenStream=</varname></term>
144 <term><varname>ListenDatagram=</varname></term>
145 <term><varname>ListenSequentialPacket=</varname></term>
146 <listitem><para>Specifies an address
147 to listen on for a stream
148 (SOCK_STREAM), datagram (SOCK_DGRAM)
149 resp. sequential packet
150 (SOCK_SEQPACKET) socket. The address
151 can be written in various formats:</para>
153 <para>If the address starts with a
154 slash (/), it is read as file system
155 socket in the AF_UNIX socket
158 <para>If the address starts with an
159 ampersand (@) it is read as abstract
160 namespace socket in the AF_UNIX
161 family. The @ is replaced with a NUL
162 character before binding. For details
164 <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
166 <para>If the address string is a
167 single number it is read as port
168 number to listen on for both IPv4 and
171 <para>If the address string is a
172 string in the format v.w.x.y:z it is
173 read as IPv4 specifier for listening
174 on an address v.w.x.y on a port
177 <para>If the address string is a
178 string in the format [x]:y it is read
179 as IPv6 address x on a port y.</para>
181 <para>Note that SOCK_SEQPACKET
182 (i.e. <varname>ListenSequentialPacket=</varname>)
183 is only available for AF_UNIX
185 (i.e. <varname>ListenStream=</varname>)
186 when used for IP sockets refers to TCP
188 (i.e. <varname>ListenDatagram=</varname>)
191 <para>These options may be specified
192 more than once in which case incoming
193 traffic on any of the sockets will trigger
194 service activation, and all listed
195 sockets will be passed to the service,
196 regardless whether there is incoming
197 traffic on them or not.</para>
199 <para>If an IP address is used here, it
200 is often desirable to listen on it
201 before the interface it is configured
202 on is up and running, and even
203 regardless whether it will be up and
204 running ever at all. To deal with this it is
205 recommended to set the
206 <varname>FreeBind=</varname> option
207 described below.</para></listitem>
211 <term><varname>ListenFIFO=</varname></term>
212 <listitem><para>Specifies a file
213 system FIFO to listen on. This expects
214 an absolute file system path as
215 argument. Behaviour otherwise is very
217 <varname>ListenDatagram=</varname>
218 directive above.</para></listitem>
222 <term><varname>BindIPv6Only=</varname></term>
223 <listitem><para>Takes a one of
224 <option>default</option>,
225 <option>both</option> or
226 <option>ipv6-only</option>. Controls
227 the IPV6_V6ONLY socket option (see
228 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
230 <option>both</option>, IPv6 sockets
231 bound will be accessible via both IPv4
233 <option>ipv6-only</option>, they will
234 be accessible via IPv6 only. If
235 <option>default</option> (which is the
236 default, surprise!) the system wide
237 default setting is used, as controlled
239 <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
244 <term><varname>Backlog=</varname></term>
245 <listitem><para>Takes an unsigned
246 integer argument. Specifies the number
247 of connections to queue that have not
248 been accepted yet. This setting
249 matters only for stream and sequential
251 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
252 for details. Defaults to SOMAXCONN
253 (128).</para></listitem>
257 <term><varname>BindToDevice=</varname></term>
258 <listitem><para>Specifies a network
259 interface name to bind this socket
260 to. If set traffic will only be
261 accepted from the specified network
262 interfaces. This controls the
263 SO_BINDTODEVICE socket option (see
264 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
265 for details). If this option is used,
266 an automatic dependency from this
267 socket unit on the network interface
269 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
270 is created.</para></listitem>
274 <term><varname>DirectoryMode=</varname></term>
275 <listitem><para>If listening on a file
276 system socket of FIFO, the parent
277 directories are automatically created
278 if needed. This option specifies the
279 file system access mode used when
280 creating these directories. Takes an
282 notation. Defaults to
283 0755.</para></listitem>
287 <term><varname>SocketMode=</varname></term>
288 <listitem><para>If listening on a file
289 system socket of FIFO, this option
290 specifies the file system access mode
291 used when creating the file
292 node. Takes an access mode in octal
293 notation. Defaults to
294 0666.</para></listitem>
298 <term><varname>Accept=</varname></term>
299 <listitem><para>Takes a boolean
300 argument. If true, a service instance
301 is spawned for each incoming
302 connection and only the connection
303 socket is passed to it. If false, all
304 listening sockets themselves are
305 passed to the started service unit,
306 and only one service unit is spawned
307 for all connections (also see
308 above). This value is ignored for
309 datagram sockets and FIFOs where
310 a single service unit unconditionally
311 handles all incoming traffic. Defaults
312 to <option>false</option>. For
313 performance reasons, it is recommended
314 to write new daemons only in a way
316 <option>Accept=false</option>. This
317 option is mostly useful to allow
318 daemons designed for usage with
319 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
320 to work unmodified with systemd socket
321 activation.</para></listitem>
325 <term><varname>MaxConnections=</varname></term>
326 <listitem><para>The maximum number of
327 connections to simultaneously run
328 services instances for, when
329 <option>Accept=true</option> is
330 set. If more concurrent connections
331 are coming in, they will be refused
332 until at least one existing connection
333 is terminated. This setting has no
334 effect for sockets configured with
335 <option>Accept=no</option> or datagram
337 64.</para></listitem>
341 <term><varname>KeepAlive=</varname></term>
342 <listitem><para>Takes a boolean
343 argument. If true, the TCP/IP stack
344 will send a keep alive message after
345 2h (depending on the configuration of
346 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
347 for all TCP streams accepted on this
348 socket. This controls the SO_KEEPALIVE
350 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
352 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
353 Keepalive HOWTO</ulink> for details.)
355 <option>false</option>.</para></listitem>
359 <term><varname>Priority=</varname></term>
360 <listitem><para>Takes an integer
361 argument controlling the priority for
362 all traffic sent from this
363 socket. This controls the SO_PRIORITY
365 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
366 for details.).</para></listitem>
370 <term><varname>ReceiveBuffer=</varname></term>
371 <term><varname>SendBuffer=</varname></term>
372 <listitem><para>Takes an integer
373 argument controlling the receive
374 resp. send buffer sizes of this
375 socket. This controls the SO_RCVBUF
376 resp. SO_SNDBUF socket options (see
377 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
378 for details.).</para></listitem>
382 <term><varname>IPTOS=</varname></term>
383 <listitem><para>Takes an integer
384 argument controlling the IP
385 Type-Of-Service field for packets
386 generated from this socket. This
387 controls the IP_TOS socket option (see
388 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
389 for details.). Either a numeric string
390 or one of <option>low-delay</option>,
391 <option>throughput</option>,
392 <option>reliability</option> or
393 <option>low-cost</option> may be
394 specified.</para></listitem>
398 <term><varname>IPTTL=</varname></term>
399 <listitem><para>Takes an integer
400 argument controlling the IPv4
401 Time-To-Live/IPv6 Hop-Count field for
402 packets generated from this
403 socket. This sets the
404 IP_TTL/IPV6_UNICAST_HOPS socket
406 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
408 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
409 for details.)</para></listitem>
413 <term><varname>Mark=</varname></term>
414 <listitem><para>Takes an integer
415 value. Controls the firewall mark of
416 packets generated by this socket. This
417 can be used in the firewall logic to
418 filter packets from this socket. This
419 sets the SO_MARK socket option. See
420 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
421 for details.</para></listitem>
425 <term><varname>PipeSize=</varname></term>
426 <listitem><para>Takes an integer
427 value. Controls the pipe buffer size
428 of FIFOs configured in this socket
430 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
431 for details.</para></listitem>
435 <term><varname>FreeBind=</varname></term>
436 <listitem><para>Takes a boolean
437 value. Controls whether the socket can
438 be bound to non-local IP
439 addresses. This is useful to configure
440 sockets listening on specific IP
441 addresses before those IP addresses
442 are successfully configured on a
443 network interface. This sets the
444 IP_FREEBIND socket option. For
445 robustness reasons it is recommended
446 to use this option whenever you bind a
447 socket to a specific IP
448 address. Defaults to <option>false</option>.</para></listitem>
452 <term><varname>TCPCongestion=</varname></term>
453 <listitem><para>Takes a string
454 value. Controls the TCP congestion
455 algorithm used by this socket. Should
456 be one of "westwood", "veno", "cubic",
457 "lp" or any other available algorithm
458 supported by the IP stack. This
459 setting applies only to stream
460 sockets.</para></listitem>
464 <term><varname>ExecStartPre=</varname></term>
465 <term><varname>ExecStartPost=</varname></term>
466 <listitem><para>Takes one or more
467 command lines, which are executed
468 before (resp. after) the listening
469 sockets/FIFOs are created and
470 bound. The first token of the command
471 line must be an absolute file name,
472 then followed by arguments for the
473 process. Multiple command lines may be
474 specified following the same scheme as
476 <varname>ExecStartPre=</varname> of
477 service unit files.</para></listitem>
481 <term><varname>ExecStopPre=</varname></term>
482 <term><varname>ExecStopPost=</varname></term>
483 <listitem><para>Additional commands
484 that are executed before (resp. after)
485 the listening sockets/FIFOs are closed
486 and removed. Multiple command lines
487 may be specified following the same
489 <varname>ExecStartPre=</varname> of
490 service unit files.</para></listitem>
494 <term><varname>TimeoutSec=</varname></term>
495 <listitem><para>Configures the time to
496 wait for the commands specified in
497 <varname>ExecStartPre=</varname>,
498 <varname>ExecStartPost=</varname>,
499 <varname>ExecStopPre=</varname> and
500 <varname>ExecStopPost=</varname> to
501 finish. If a command does not exit
502 within the configured time, the socket
503 will be considered failed and be shut
504 down again. All commands still running,
505 will be terminated forcibly via
506 SIGTERM, and after another delay of
507 this time with SIGKILL. (See
508 <option>KillMode=</option> below.)
509 Takes a unit-less value in seconds, or
510 a time span value such as "5min
511 20s". Pass 0 to disable the timeout
513 60s.</para></listitem>
517 <term><varname>KillMode=</varname></term>
518 <listitem><para>Specifies how
519 processes of this socket unit shall be
521 <option>control-group</option>,
522 <option>process</option>,
523 <option>none</option>.</para>
525 <para>This option is mostly equivalent
526 to the <option>KillMode=</option>
527 option of service files. See
528 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
529 for details.</para></listitem>
533 <term><varname>KillSignal=</varname></term>
534 <listitem><para>Specifies which signal
535 to use when killing a process of this
536 socket. Defaults to SIGTERM.
541 <term><varname>SendSIGKILL=</varname></term>
542 <listitem><para>Specifies whether to
543 send SIGKILL to remaining processes
544 after a timeout, if the normal
545 shutdown procedure left processes of
546 the socket around. Takes a boolean
547 value. Defaults to "yes".
552 <term><varname>Service=</varname></term>
553 <listitem><para>Specifies the service
554 unit name to activate on incoming
555 traffic. This defaults to the service
556 that bears the same name as the socket
557 (ignoring the different suffixes). In
558 most cases it should not be necessary
559 to use this option.</para></listitem>
566 <title>See Also</title>
568 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
569 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
570 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
571 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
572 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob