1 .\" This man page is Copyright (C) 1999 Andi Kleen <ak@muc.de>.
3 .\" %%%LICENSE_START(VERBATIM_ONE_PARA)
4 .\" Permission is granted to distribute possibly modified copies
5 .\" of this page provided the header is included verbatim,
6 .\" and in case of nontrivial modification author and date
7 .\" of the modification is added to the header.
10 .\" Modified, 2003-12-02, Michael Kerrisk, <mtk.manpages@gmail.com>
11 .\" Modified, 2003-09-23, Adam Langley
12 .\" Modified, 2004-05-27, Michael Kerrisk, <mtk.manpages@gmail.com>
13 .\" Added SOCK_SEQPACKET
14 .\" 2008-05-27, mtk, Provide a clear description of the three types of
15 .\" address that can appear in the sockaddr_un structure: pathname,
16 .\" unnamed, and abstract.
18 .TH UNIX 7 2012-05-10 "Linux" "Linux Programmer's Manual"
20 unix \- sockets for local interprocess communication
22 .B #include <sys/socket.h>
24 .B #include <sys/un.h>
26 .IB unix_socket " = socket(AF_UNIX, type, 0);"
28 .IB error " = socketpair(AF_UNIX, type, 0, int *" sv ");"
34 socket family is used to communicate between processes on the same machine
36 Traditionally, UNIX domain sockets can be either unnamed,
37 or bound to a file system pathname (marked as being of type socket).
38 Linux also supports an abstract namespace which is independent of the
43 for a stream-oriented socket and
45 for a datagram-oriented socket that preserves message boundaries
46 (as on most UNIX implementations, UNIX domain datagram
47 sockets are always reliable and don't reorder datagrams);
48 and (since Linux 2.6.4)
50 for a connection-oriented socket that preserves message boundaries
51 and delivers messages in the order that they were sent.
53 UNIX domain sockets support passing file descriptors or process credentials
54 to other processes using ancillary data.
56 A UNIX domain socket address is represented in the following structure:
60 #define UNIX_PATH_MAX 108
63 sa_family_t sun_family; /* AF_UNIX */
64 char sun_path[UNIX_PATH_MAX]; /* pathname */
73 Three types of address are distinguished in this structure:
76 a UNIX domain socket can be bound to a null-terminated file
79 When the address of the socket is returned by
85 .IR "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1" ,
88 contains the null-terminated pathname.
91 A stream socket that has not been bound to a pathname using
94 Likewise, the two sockets created by
97 When the address of an unnamed socket is returned by
103 .IR "sizeof(sa_family_t)" ,
106 should not be inspected.
107 .\" There is quite some variation across implementations: FreeBSD
108 .\" says the length is 16 bytes, HP-UX 11 says it's zero bytes.
111 an abstract socket address is distinguished by the fact that
113 is a null byte (\(aq\\0\(aq).
114 The socket's address in this namespace is given by the additional
117 that are covered by the specified length of the address structure.
118 (Null bytes in the name have no special significance.)
119 The name has no connection with file system pathnames.
120 When the address of an abstract socket is returned by
128 .IR "sizeof(sa_family_t)"
129 (i.e., greater than 2), and the name of the socket is contained in
131 .IR "(addrlen \- sizeof(sa_family_t))"
134 The abstract socket namespace is a nonportable Linux extension.
136 For historical reasons these socket options are specified with a
138 type even though they are
147 as the socket family.
150 Enables the receiving of the credentials of the sending process in an
152 When this option is set and the socket is not yet connected
153 a unique name in the abstract namespace will be generated automatically.
154 Expects an integer boolean flag.
161 .IR sizeof(sa_family_t) ,
162 .\" i.e. sizeof(short)
165 socket option was specified for a socket that was
166 not explicitly bound to an address,
167 then the socket is autobound to an abstract address.
168 The address consists of a null byte
169 followed by 5 bytes in the character set
171 Thus, there is a limit of 2^20 autobind addresses.
172 (From Linux 2.1.15, when the autobind feature was added,
173 8 bytes were used, and the limit was thus 2^32 autobind addresses.
174 The change to 5 bytes came in Linux 2.3.15.)
176 The following paragraphs describe domain-specific details and
177 unsupported features of the sockets API for UNIX domain sockets on Linux.
179 UNIX domain sockets do not support the transmission of
180 out-of-band data (the
190 flag is not supported by UNIX domain sockets.
198 is not supported by UNIX domain sockets.
202 socket option does have an effect for UNIX domain sockets, but the
205 For datagram sockets, the
207 value imposes an upper limit on the size of outgoing datagrams.
208 This limit is calculated as the doubled (see
210 option value less 32 bytes used for overhead.
211 .SS Ancillary messages
212 Ancillary data is sent and received using
216 For historical reasons the ancillary message types listed below
219 type even though they are
231 For more information see
235 Send or receive a set of open file descriptors from another process.
236 The data portion contains an integer array of the file descriptors.
237 The passed file descriptors behave as though they have been created with
241 Send or receive UNIX credentials.
242 This can be used for authentication.
243 The credentials are passed as a
246 Thus structure is defined in
253 pid_t pid; /* process ID of the sending process */
254 uid_t uid; /* user ID of the sending process */
255 gid_t gid; /* group ID of the sending process */
262 feature test macro must be defined (before including
264 header files) in order to obtain the definition
267 The credentials which the sender specifies are checked by the kernel.
268 A process with effective user ID 0 is allowed to specify values that do
270 The sender must specify its own process ID (unless it has the capability
272 its user ID, effective user ID, or saved set-user-ID (unless it has
274 and its group ID, effective group ID, or saved set-group-ID
281 option must be enabled on the socket.
285 calls return information in
287 The correct syntax is:
292 .IB error " = ioctl(" unix_socket ", " ioctl_type ", &" value ");"
300 Returns the amount of queued unread data in the receive buffer.
301 The socket must not be in LISTEN state, otherwise an error
306 .IR <linux/sockios.h> .
307 .\" FIXME http://sources.redhat.com/bugzilla/show_bug.cgi?id=12002,
308 .\" filed 2010-09-10, may cause SIOCINQ to be defined in glibc headers
310 you can use the synonymous
314 .\" SIOCOUTQ also has an effect for UNIX domain sockets, but not
315 .\" quite what userland might expect. It seems to return the number
316 .\" of bytes allocated for buffers containing pending output.
317 .\" That number is normally larger than the number of bytes of pending
318 .\" output. Since this info is, from userland's point of view, imprecise,
319 .\" and it may well change, probably best not to document this now.
323 The specified local address is already in use or the file system socket
324 object already exists.
327 The remote address specified by
329 was not a listening socket.
330 This error can also occur if the target filename is not a socket.
333 Remote socket was unexpectedly closed.
336 User memory address was not valid.
339 Invalid argument passed.
340 A common cause is that the value
342 was not specified in the
344 field of passed addresses, or the socket was in an
345 invalid state for the applied operation.
349 called on an already connected socket or a target address was
350 specified on a connected socket.
353 The pathname in the remote address specified to
361 Socket operation needs a target address, but the socket is not connected.
364 Stream operation called on non-stream oriented socket or tried to
365 use the out-of-band data option.
368 The sender passed invalid credentials in the
372 Remote socket was closed on a stream socket.
376 This can be avoided by passing the
384 Passed protocol is not
388 Remote socket does not match the local socket type
396 Other errors can be generated by the generic socket layer or
397 by the file system while generating a file system socket object.
398 See the appropriate manual pages for more information.
401 and the abstract namespace were introduced with Linux 2.2 and should not
402 be used in portable programs.
403 (Some BSD-derived systems also support credential passing,
404 but the implementation details differ.)
406 In the Linux implementation, sockets which are visible in the
407 file system honor the permissions of the directory they are in.
408 Their owner, group and their permissions can be changed.
409 Creation of a new socket will fail if the process does not have write and
410 search (execute) permission on the directory the socket is created in.
411 Connecting to the socket object requires read/write permission.
412 This behavior differs from many BSD-derived systems which
413 ignore permissions for UNIX domain sockets.
414 Portable programs should not rely on
415 this feature for security.
417 Binding to a socket with a filename creates a socket
418 in the file system that must be deleted by the caller when it is no
421 The usual UNIX close-behind semantics apply; the socket can be unlinked
422 at any time and will be finally removed from the file system when the last
423 reference to it is closed.
425 To pass file descriptors or credentials over a
428 to send or receive at least one byte of nonancillary data in the same
434 UNIX domain stream sockets do not support the notion of out-of-band data.
439 For an example of the use of
449 .BR capabilities (7),