Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
UNIX(7)			   Linux Programmer's Manual		       UNIX(7)

       unix - sockets for local	interprocess communication

       #include	<sys/socket.h>
       #include	<sys/un.h>

       unix_socket = socket(AF_UNIX, type, 0);
       error = socketpair(AF_UNIX, type, 0, int	*sv);

       The  AF_UNIX (also known	as AF_LOCAL) socket family is used to communi-
       cate between processes on the same machine efficiently.	Traditionally,
       UNIX  domain  sockets  can  be either unnamed, or bound to a filesystem
       pathname	(marked	as being of type socket).  Linux also supports an  ab-
       stract namespace	which is independent of	the filesystem.

       Valid   types  are:  SOCK_STREAM,  for  a  stream-oriented  socket  and
       SOCK_DGRAM, for	a  datagram-oriented  socket  that  preserves  message
       boundaries (as on most UNIX implementations, UNIX domain	datagram sock-
       ets are always reliable and don't reorder datagrams); and (since	 Linux
       2.6.4)  SOCK_SEQPACKET, for a connection-oriented socket	that preserves
       message boundaries and delivers messages	in the order  that  they  were

       UNIX domain sockets support passing file	descriptors or process creden-
       tials to	other processes	using ancillary	data.

   Address format
       A UNIX domain socket address is represented in the following structure:

	   #define UNIX_PATH_MAX    108

	   struct sockaddr_un {
	       sa_family_t sun_family;		     /*	AF_UNIX	*/
	       char	   sun_path[UNIX_PATH_MAX];  /*	pathname */

       sun_family always contains AF_UNIX.

       Three types of address are distinguished	in this	structure:

       *  pathname: a UNIX domain socket can be	 bound	to  a  null-terminated
	  filesystem  pathname	using bind(2).	When the address of the	socket
	  is returned by getsockname(2), getpeername(2),  and  accept(2),  its
	  length is

	      offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)	+ 1

	  and sun_path contains	the null-terminated pathname.

       *  unnamed: A stream socket that	has not	been bound to a	pathname using
	  bind(2) has no name.	Likewise, the two sockets created  by  socket-
	  pair(2)  are	unnamed.  When the address of an unnamed socket	is re-
	  turned by getsockname(2), getpeername(2), and	accept(2), its	length
	  is sizeof(sa_family_t), and sun_path should not be inspected.

       *  abstract:  an	 abstract  socket address is distinguished by the fact
	  that sun_path[0] is a	null byte ('\0').   The	 socket's  address  in
	  this namespace is given by the additional bytes in sun_path that are
	  covered by the specified length of  the  address  structure.	 (Null
	  bytes	 in  the  name have no special significance.)  The name	has no
	  connection with filesystem pathnames.	 When the address  of  an  ab-
	  stract socket	is returned by getsockname(2), getpeername(2), and ac-
	  cept(2), the returned	addrlen	is  greater  than  sizeof(sa_family_t)
	  (i.e.,  greater  than	2), and	the name of the	socket is contained in
	  the first (addrlen - sizeof(sa_family_t)) bytes  of  sun_path.   The
	  abstract socket namespace is a nonportable Linux extension.

   Socket options
       For  historical	reasons	 these	socket	options	 are  specified	with a
       SOL_SOCKET type even though they	are AF_UNIX specific.  They can	be set
       with setsockopt(2) and read with	getsockopt(2) by specifying SOL_SOCKET
       as the socket family.

	      Enables the receiving of the credentials of the sending  process
	      in an ancillary message.	When this option is set	and the	socket
	      is not yet connected a unique name  in  the  abstract  namespace
	      will  be	generated  automatically.   Expects an integer boolean

   Autobind feature
       If a bind(2) call specifies  addrlen  as	 sizeof(sa_family_t),  or  the
       SO_PASSCRED  socket  option was specified for a socket that was not ex-
       plicitly	bound to an address, then the socket is	autobound  to  an  ab-
       stract  address.	  The  address	consists  of a null byte followed by 5
       bytes in	the character set [0-9a-f].  Thus, there is a  limit  of  2^20
       autobind	 addresses.  (From Linux 2.1.15, when the autobind feature was
       added, 8	bytes were used, and the limit	was  thus  2^32	 autobind  ad-
       dresses.	 The change to 5 bytes came in Linux 2.3.15.)

   Sockets API
       The  following  paragraphs  describe domain-specific details and	unsup-
       ported features of the sockets API for UNIX domain sockets on Linux.

       UNIX domain sockets do not support the transmission of out-of-band data
       (the MSG_OOB flag for send(2) and recv(2)).

       The send(2) MSG_MORE flag is not	supported by UNIX domain sockets.

       The  use	of MSG_TRUNC in	the flags argument of recv(2) is not supported
       by UNIX domain sockets.

       The SO_SNDBUF socket option does	have an	effect for UNIX	 domain	 sock-
       ets,  but  the  SO_RCVBUF  option  does not.  For datagram sockets, the
       SO_SNDBUF value imposes an upper	limit on the size  of  outgoing	 data-
       grams.	This limit is calculated as the	doubled	(see socket(7))	option
       value less 32 bytes used	for overhead.

   Ancillary messages
       Ancillary data is sent and received using  sendmsg(2)  and  recvmsg(2).
       For  historical	reasons	 the  ancillary	message	types listed below are
       specified with a	SOL_SOCKET type	even though they are AF_UNIX specific.
       To  send	 them  set  the	 cmsg_level  field  of	the  struct cmsghdr to
       SOL_SOCKET and the cmsg_type field to the type.	For  more  information
       see cmsg(3).

	      Send  or	receive	 a  set	 of open file descriptors from another
	      process.	The data portion contains an integer array of the file
	      descriptors.   The passed	file descriptors behave	as though they
	      have been	created	with dup(2).

	      Send or receive UNIX credentials.	 This can be used for  authen-
	      tication.	  The  credentials are passed as a struct ucred	ancil-
	      lary message.  Thus structure is defined	in  _sys/socket.h_  as

		  struct ucred {
		      pid_t pid;    /* process ID of the sending process */
		      uid_t uid;    /* user ID of the sending process */
		      gid_t gid;    /* group ID	of the sending process */

	      Since  glibc 2.8,	the _GNU_SOURCE	feature	test macro must	be de-
	      fined (before including any header files)	in order to obtain the
	      definition of this structure.

	      The  credentials	which  the sender specifies are	checked	by the
	      kernel.  A process with effective	user ID	0 is allowed to	 spec-
	      ify  values  that	do not match its own.  The sender must specify
	      its own process ID (unless it has	the capability CAP_SYS_ADMIN),
	      its  user	ID, effective user ID, or saved	set-user-ID (unless it
	      has CAP_SETUID), and its group ID, effective group ID, or	 saved
	      set-group-ID  (unless  it	 has CAP_SETGID).  To receive a	struct
	      ucred message the	SO_PASSCRED option  must  be  enabled  on  the

       The  following ioctl(2) calls return information	in value.  The correct
       syntax is:

	      int value;
	      error = ioctl(unix_socket, ioctl_type, &value);

       ioctl_type can be:

	      Returns the amount of queued unread data in the receive  buffer.
	      The socket must not be in	LISTEN state, otherwise	an error (EIN-
	      VAL) is returned.	 SIOCINQ is defined in _linux/sockios.h_.  Al-
	      ternatively,  you	 can  use  the synonymous FIONREAD, defined in

	      The specified local address is already in	use or the  filesystem
	      socket object already exists.

	      The  remote  address specified by	connect(2) was not a listening
	      socket.  This error can also occur if the	target filename	is not
	      a	socket.

	      Remote socket was	unexpectedly closed.

       EFAULT User memory address was not valid.

       EINVAL Invalid  argument	 passed.   A  common  cause  is	that the value
	      AF_UNIX was not specified	in the sun_type	field  of  passed  ad-
	      dresses,	or  the	socket was in an invalid state for the applied

	      connect(2) called	on an already connected	socket or a target ad-
	      dress was	specified on a connected socket.

       ENOENT The  pathname  in	the remote address specified to	connect(2) did
	      not exist.

       ENOMEM Out of memory.

	      Socket operation needs a target address, but the socket  is  not

	      Stream  operation	 called	on non-stream oriented socket or tried
	      to use the out-of-band data option.

       EPERM  The sender passed	invalid	credentials in the struct ucred.

       EPIPE  Remote socket was	closed on a stream socket.  If enabled,	a SIG-
	      PIPE  is	sent  as  well.	  This	can  be	avoided	by passing the
	      MSG_NOSIGNAL flag	to sendmsg(2) or recvmsg(2).

	      Passed protocol is not AF_UNIX.

	      Remote socket does not match the local socket  type  (SOCK_DGRAM
	      versus SOCK_STREAM)

	      Unknown socket type.

       Other  errors  can  be  generated by the	generic	socket layer or	by the
       filesystem while	generating a filesystem	socket object.	See the	appro-
       priate manual pages for more information.

       SCM_CREDENTIALS	and  the abstract namespace were introduced with Linux
       2.2 and should not be used in  portable	programs.   (Some  BSD-derived
       systems also support credential passing,	but the	implementation details

       In the Linux implementation, sockets which are visible in the  filesys-
       tem  honor  the permissions of the directory they are in.  Their	owner,
       group and their permissions can be changed.  Creation of	a  new	socket
       will  fail if the process does not have write and search	(execute) per-
       mission on the directory	the socket is created in.  Connecting  to  the
       socket  object  requires	 read/write permission.	 This behavior differs
       from many BSD-derived systems which ignore permissions for UNIX	domain
       sockets.	  Portable  programs should not	rely on	this feature for secu-

       Binding to a socket with	a filename creates a socket in the  filesystem
       that  must  be deleted by the caller when it is no longer needed	(using
       unlink(2)).  The	usual UNIX close-behind	semantics  apply;  the	socket
       can  be	unlinked  at  any  time	 and  will be finally removed from the
       filesystem when the last	reference to it	is closed.

       To pass file descriptors	or credentials over a SOCK_STREAM, you need to
       send  or	 receive  at  least  one byte of nonancillary data in the same
       sendmsg(2) or recvmsg(2)	call.

       UNIX domain stream sockets do not support  the  notion  of  out-of-band

       See bind(2).

       For an example of the use of SCM_RIGHTS see cmsg(3).

       recvmsg(2),  sendmsg(2),	 socket(2),  socketpair(2), cmsg(3), capabili-
       ties(7),	credentials(7),	socket(7)

       This page is part of release 3.74 of the	Linux  man-pages  project.   A
       description  of	the project, information about reporting bugs, and the
       latest	 version    of	  this	  page,	   can	   be	  found	    at

Linux				  2012-05-10			       UNIX(7)


Want to link to this manual page? Use this URL:

home | help