Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
UNIX(4)                FreeBSD Kernel Interfaces Manual                UNIX(4)

     unix - UNIX-domain protocol family

     #include <sys/types.h>
     #include <sys/un.h>

     The UNIX-domain protocol family is a collection of protocols that
     provides local (on-machine) interprocess communication through the normal
     socket(2) mechanisms.  The UNIX-domain family supports the SOCK_STREAM,
     SOCK_SEQPACKET, and SOCK_DGRAM socket types and uses file system
     pathnames for addressing.

     UNIX-domain addresses are variable-length file system pathnames of at
     most 104 characters.  The include file <sys/un.h> defines this address:

           struct sockaddr_un {
                   u_char  sun_len;
                   u_char  sun_family;
                   char    sun_path[104];

     Binding a name to a UNIX-domain socket with bind(2) causes a socket file
     to be created in the file system.  This file is not removed when the
     socket is closed -- unlink(2) must be used to remove the file.

     The length of UNIX-domain address, required by bind(2) and connect(2),
     can be calculated by the macro SUN_LEN() defined in <sys/un.h>.  The
     sun_path field must be terminated by a NUL character to be used with
     SUN_LEN(), but the terminating NUL is not part of the address.

     The UNIX-domain protocol family does not support broadcast addressing or
     any form of ``wildcard'' matching on incoming messages.  All addresses
     are absolute- or relative-pathnames of other UNIX-domain sockets.  Normal
     file system access-control mechanisms are also applied when referencing
     pathnames; e.g., the destination of a connect(2) or sendto(2) must be

     The UNIX-domain sockets support the communication of UNIX file
     descriptors through the use of the msg_control field in the msg argument
     to sendmsg(2) and recvmsg(2).

     Any valid descriptor may be sent in a message.  The file descriptor(s) to
     be passed are described using a struct cmsghdr that is defined in the
     include file <sys/socket.h>.  The type of the message is SCM_RIGHTS, and
     the data portion of the messages is an array of integers representing the
     file descriptors to be passed.  The number of descriptors being passed is
     defined by the length field of the message; the length field is the sum
     of the size of the header plus the size of the array of file descriptors.

     The received descriptor is a duplicate of the sender's descriptor, as if
     it were created via dup(fd) or fcntl(fd, F_DUPFD_CLOEXEC, 0) depending on
     whether MSG_CMSG_CLOEXEC is passed in the recvmsg(2) call.  Descriptors
     that are awaiting delivery, or that are purposely not received, are
     automatically closed by the system when the destination socket is closed.

     UNIX domain sockets support a number of socket options which can be set
     with setsockopt(2) and tested with getsockopt(2):

     LOCAL_CREDS         This option may be enabled on SOCK_DGRAM,
                         SOCK_SEQPACKET, or a SOCK_STREAM socket.  This option
                         provides a mechanism for the receiver to receive the
                         credentials of the process as a recvmsg(2) control
                         message.  The msg_control field in the msghdr
                         structure points to a buffer that contains a cmsghdr
                         structure followed by a variable length sockcred
                         structure, defined in <sys/socket.h> as follows:

                         struct sockcred {
                           uid_t sc_uid;         /* real user id */
                           uid_t sc_euid;        /* effective user id */
                           gid_t sc_gid;         /* real group id */
                           gid_t sc_egid;        /* effective group id */
                           int   sc_ngroups;     /* number of supplemental groups */
                           gid_t sc_groups[1];   /* variable length */

                         The SOCKCREDSIZE() macro computes the size of the
                         sockcred structure for a specified number of groups.
                         The cmsghdr fields have the following values:

                         cmsg_len = CMSG_LEN(SOCKCREDSIZE(ngroups))
                         cmsg_level = SOL_SOCKET
                         cmsg_type = SCM_CREDS

                         On SOCK_STREAM and SOCK_SEQPACKET sockets credentials
                         are passed only on the first read from a socket, then
                         system clears the option on socket.

     LOCAL_CONNWAIT      Used with SOCK_STREAM sockets, this option causes the
                         connect(2) function to block until accept(2) has been
                         called on the listening socket.

     LOCAL_PEERCRED      Requested via getsockopt(2) on a SOCK_STREAM socket
                         returns credentials of the remote side.  These will
                         arrive in the form of a filled in xucred structure,
                         defined in <sys/ucred.h> as follows:

                         struct xucred {
                           u_int cr_version;             /* structure layout version */
                           uid_t cr_uid;                 /* effective user id */
                           short cr_ngroups;             /* number of groups */
                           gid_t cr_groups[XU_NGROUPS];  /* groups */
                         The cr_version fields should be checked against
                         XUCRED_VERSION define.

                         The credentials presented to the server (the
                         listen(2) caller) are those of the client when it
                         called connect(2); the credentials presented to the
                         client (the connect(2) caller) are those of the
                         server when it called listen(2).  This mechanism is
                         reliable; there is no way for either party to
                         influence the credentials presented to its peer
                         except by calling the appropriate system call (e.g.,
                         connect(2) or listen(2)) under different effective

                         To reliably obtain peer credentials on a SOCK_DGRAM
                         socket refer to the LOCAL_CREDS socket option.

     connect(2), dup(2), fcntl(2), getsockopt(2), listen(2), recvmsg(2),
     sendto(2), setsockopt(2), socket(2), intro(4)

     "An Introductory 4.3 BSD Interprocess Communication Tutorial", PS1, 7.

     "An Advanced 4.3 BSD Interprocess Communication Tutorial", PS1, 8.

FreeBSD 11.0-PRERELEASE         March 19, 2013         FreeBSD 11.0-PRERELEASE


Want to link to this manual page? Use this URL:

home | help