1.\" $OpenBSD: getsockopt.2,v 1.62 2024/04/02 14:23:15 claudio Exp $ 2.\" $NetBSD: getsockopt.2,v 1.7 1995/02/27 12:33:29 cgd Exp $ 3.\" 4.\" Copyright (c) 1983, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)getsockopt.2 8.3 (Berkeley) 4/19/94 32.\" 33.Dd $Mdocdate: April 2 2024 $ 34.Dt GETSOCKOPT 2 35.Os 36.Sh NAME 37.Nm getsockopt , 38.Nm setsockopt 39.Nd get or set options on sockets 40.Sh SYNOPSIS 41.In sys/socket.h 42.Ft int 43.Fn getsockopt "int s" "int level" "int optname" "void *optval" "socklen_t *optlen" 44.Ft int 45.Fn setsockopt "int s" "int level" "int optname" "const void *optval" "socklen_t optlen" 46.Sh DESCRIPTION 47.Fn getsockopt 48and 49.Fn setsockopt 50manipulate the 51.Em options 52associated with a socket. 53Options may exist at multiple protocol levels; 54they are always present at the uppermost 55.Dq socket 56level. 57.Pp 58When manipulating socket options, the level at which the 59option resides and the name of the option must be specified. 60To manipulate options at the socket level, 61.Fa level 62is specified as 63.Dv SOL_SOCKET . 64To manipulate options at any other level the protocol number of the 65appropriate protocol controlling the option is supplied. 66For example, to indicate that an option is to be interpreted by the 67TCP protocol, 68.Fa level 69should be set to the protocol number of TCP; see 70.Xr getprotoent 3 . 71.Pp 72The parameters 73.Fa optval 74and 75.Fa optlen 76are used to access option values for 77.Fn setsockopt . 78For 79.Fn getsockopt 80they identify a buffer in which the value for the 81requested option(s) are to be returned. 82For 83.Fn getsockopt , 84.Fa optlen 85is a value-result parameter, initially containing the 86size of the buffer pointed to by 87.Fa optval , 88and modified on return to indicate the actual size of the value returned. 89If no option value is to be supplied or returned, 90.Fa optval 91may be 92.Dv NULL . 93.Pp 94.Fa optname 95and any specified options are passed uninterpreted to the appropriate 96protocol module for interpretation. 97The include file 98.In sys/socket.h 99contains definitions for socket level options, described below. 100Options at other protocol levels vary in format and name; 101consult the appropriate entries in section 4 of the manual. 102.Pp 103Most socket-level options utilize an 104.Vt int 105parameter for 106.Fa optval . 107For 108.Fn setsockopt , 109the parameter should be non-zero to enable a boolean option, 110or zero if the option is to be disabled. 111.Dv SO_LINGER 112uses a 113.Vt struct linger 114parameter, defined in 115.In sys/socket.h , 116which specifies the desired state of the option and the 117linger interval (see below). 118.Dv SO_SNDTIMEO 119and 120.Dv SO_RCVTIMEO 121use a 122.Vt struct timeval 123parameter, defined in 124.In sys/time.h . 125.Pp 126The following options are recognized at the socket level. 127Except as noted, each may be examined with 128.Fn getsockopt 129and set with 130.Fn setsockopt . 131.Pp 132.Bl -tag -width SO_OOBINLINE -offset indent -compact 133.It Dv SO_DEBUG 134enables recording of debugging information 135.It Dv SO_REUSEADDR 136enables local address reuse 137.It Dv SO_REUSEPORT 138enables duplicate address and port bindings 139.It Dv SO_KEEPALIVE 140enables keep connections alive 141.It Dv SO_DONTROUTE 142enables routing bypass; not supported 143.It Dv SO_LINGER 144linger on close if data present 145.It Dv SO_BROADCAST 146enables permission to transmit broadcast messages 147.It Dv SO_OOBINLINE 148enables reception of out-of-band data in band 149.It Dv SO_BINDANY 150enables binding to any address 151.It Dv SO_SNDBUF 152set buffer size for output 153.It Dv SO_RCVBUF 154set buffer size for input 155.It Dv SO_SNDLOWAT 156set minimum count for output 157.It Dv SO_RCVLOWAT 158set minimum count for input 159.It Dv SO_SNDTIMEO 160set timeout value for output 161.It Dv SO_RCVTIMEO 162set timeout value for input 163.It Dv SO_TIMESTAMP 164enables reception of a timestamp with datagrams 165.It Dv SO_RTABLE 166set the routing table used for route lookups 167.It Dv SO_SPLICE 168splice two sockets together or get data length 169.It Dv SO_ZEROIZE 170clear all memory containing user supplied data 171.It Dv SO_TYPE 172get the type of the socket (get only) 173.It Dv SO_ERROR 174get and clear error on the socket (get only) 175.It Dv SO_DOMAIN 176get the domain of the socket (get only) 177.It Dv SO_PROTOCOL 178get the protocol of the socket (get only) 179.It Dv SO_ACCEPTCONN 180get listening status of the socket (get only) 181.It Dv SO_PEERCRED 182get the credentials from other side of connection (get only) 183.El 184.Pp 185.Dv SO_DEBUG 186enables debugging in the underlying protocol modules. 187Transliterate the protocol trace with 188.Xr trpt 8 . 189.Dv SO_REUSEADDR 190indicates that the rules used in validating addresses supplied in a 191.Xr bind 2 192call should allow reuse of local addresses 193by callers with the same user ID (or the superuser). 194.Dv SO_REUSEPORT 195allows completely duplicate bindings by multiple processes if they all set 196.Dv SO_REUSEPORT 197before binding the port. 198This option permits multiple instances of a program to each 199receive UDP/IP multicast or broadcast datagrams destined for the bound port. 200.Dv SO_KEEPALIVE 201enables the periodic transmission of messages on a connected socket. 202Should the connected party fail to respond to these messages, the connection 203is considered broken and processes using the socket are notified via a 204.Dv SIGPIPE 205signal when attempting to send data. 206.Pp 207.Dv SO_LINGER 208controls the action taken when unsent messages 209are queued on socket and a 210.Xr close 2 211is performed. 212If the socket promises reliable delivery of data and 213.Dv SO_LINGER 214is set, the system will block the process on the 215.Xr close 2 216attempt until it is able to transmit the data or until it decides it 217is unable to deliver the information (a timeout period measured in seconds, 218termed the linger interval, is specified in the 219.Fn setsockopt 220call when 221.Dv SO_LINGER 222is requested). 223If 224.Dv SO_LINGER 225is disabled and a 226.Xr close 2 227is issued, the system will process the close in a manner that allows 228the process to continue as quickly as possible. 229.Pp 230The option 231.Dv SO_BROADCAST 232requests permission to send broadcast datagrams 233on the socket. 234Broadcast was a privileged operation in earlier versions of the system. 235With protocols that support out-of-band data, the 236.Dv SO_OOBINLINE 237option requests that out-of-band data be placed in the normal data input 238queue as received; it will then be accessible with 239.Xr recv 2 240or 241.Xr read 2 242calls without the 243.Dv MSG_OOB 244flag. 245Some protocols always behave as if this option is set. 246.Pp 247.Dv SO_BINDANY 248allows the socket to be bound to addresses 249which are not local to the machine, so it 250can be used to make a transparent proxy. 251Note that this option is limited to the superuser. 252In order to receive packets for these addresses, 253.Dv SO_BINDANY 254needs to be combined with matching outgoing 255.Xr pf 4 256rules with the 257.Ar divert-reply 258parameter. 259For example, with the following rule the socket receives packets 260for 192.168.0.10 even if it is not a local address: 261.Pp 262.Dl pass out inet from 192.168.0.10 divert-reply 263.Pp 264.Dv SO_SNDBUF 265and 266.Dv SO_RCVBUF 267are options to adjust the normal 268buffer sizes allocated for output and input buffers, respectively. 269The buffer size may be increased for high-volume connections, 270or may be decreased to limit the possible backlog of incoming data. 271The system places an absolute limit on these values. 272.Pp 273.Dv SO_SNDLOWAT 274is an option to set the minimum count for output operations. 275Most output operations process all of the data supplied 276by the call, delivering data to the protocol for transmission 277and blocking as necessary for flow control. 278Nonblocking output operations will process as much data as permitted 279subject to flow control without blocking, but will process no data 280if flow control does not allow the smaller of the low water mark value 281or the entire request to be processed. 282A 283.Xr select 2 284or 285.Xr poll 2 286operation testing the ability to write to a socket will return true 287only if the low water mark amount could be processed. 288The default value for 289.Dv SO_SNDLOWAT 290is set to a convenient size for network efficiency, often 1024. 291.Dv SO_RCVLOWAT 292is an option to set the minimum count for input operations. 293In general, receive calls will block until any (non-zero) amount of data 294is received, then return with the smaller of the amount available or the amount 295requested. 296The default value for 297.Dv SO_RCVLOWAT 298is 1. 299If 300.Dv SO_RCVLOWAT 301is set to a larger value, blocking receive calls normally 302wait until they have received the smaller of the low water mark value 303or the requested amount. 304Receive calls may still return less than the low water mark if an error 305occurs, a signal is caught, or the type of data next in the receive queue 306is different than that returned. 307.Pp 308.Dv SO_SNDTIMEO 309is an option to set a timeout value for output operations. 310It accepts a 311.Vt struct timeval 312parameter with the number of seconds and microseconds 313used to limit waits for output operations to complete. 314If a send operation has blocked for this much time, 315it returns with a partial count or with the error 316.Er EWOULDBLOCK 317if no data was sent. 318In the current implementation, this timer is restarted each time additional 319data are delivered to the protocol, 320implying that the limit applies to output portions ranging in size 321from the low water mark to the high water mark for output. 322.Dv SO_RCVTIMEO 323is an option to set a timeout value for input operations. 324It accepts a 325.Vt struct timeval 326parameter with the number of seconds and microseconds 327used to limit waits for input operations to complete. 328In the current implementation, this timer is restarted each time additional 329data are received by the protocol, 330and thus the limit is in effect an inactivity timer. 331If a receive operation has been blocked for this much time without 332receiving additional data, it returns with a short count 333or with the error 334.Er EWOULDBLOCK 335if no data were received. 336.Pp 337If the 338.Dv SO_TIMESTAMP 339option is enabled on a 340.Dv SOCK_DGRAM 341socket, the 342.Xr recvmsg 2 343call will return a timestamp corresponding to when the datagram was 344received. 345The msg_control field in the msghdr structure points to a buffer 346that contains a cmsghdr structure followed by a struct timeval. 347The cmsghdr fields have the following values: 348.Bd -literal -offset indent 349cmsg_len = CMSG_LEN(sizeof(struct timeval)) 350cmsg_level = SOL_SOCKET 351cmsg_type = SCM_TIMESTAMP 352.Ed 353.Pp 354The 355.Dv SO_RTABLE 356option gets or sets the routing table which will be used by the socket 357for address lookups. 358If a protocol family of the socket doesn't support switching routing tables, 359the 360.Er ENOPROTOOPT 361error is returned. 362Only the superuser is allowed to change the routing table if it is already 363set to a non-zero value. 364A socket's chosen routing table is initialized from the process's configuration, 365previously selected using 366.Xr setrtable 2 . 367.Pp 368.Dv SO_SPLICE 369can splice together two TCP or UDP sockets for unidirectional 370zero-copy data transfers. 371Splice also the other way around to get bidirectional data flow. 372Both sockets must be of the same type. 373In the first form, 374.Fn setsockopt 375is called with the source socket 376.Fa s 377and the drain socket's 378.Vt int 379file descriptor as 380.Fa optval . 381In the second form, 382.Fa optval 383is a 384.Vt struct splice 385with the drain socket in 386.Va sp_fd , 387a positive maximum number of bytes or 0 in 388.Va sp_max 389and an idle timeout 390.Va sp_idle 391in the form of a 392.Vt struct timeval . 393If \-1 is given as drain socket, the source socket 394.Fa s 395gets unspliced. 396Otherwise the spliced data transfer continues within the kernel 397until the optional maximum is reached, one of the connections 398terminates, idle timeout expires or an error occurs. 399A successful 400.Xr select 2 , 401.Xr poll 2 , 402or 403.Xr kqueue 2 404operation testing the ability to read from the source socket indicates 405that the splicing has terminated. 406When one of the sockets gets closed, splicing ends. 407The error status can be examined with 408.Dv SO_ERROR 409at the source socket. 410The 411.Er ELOOP 412error is set if userland created a loop by splicing sockets connected 413to localhost. 414The 415.Er ETIMEDOUT 416error is set if there was no data transferred between two sockets 417during the 418.Va sp_idle 419period of time. 420The 421.Er EFBIG 422error is set after exactly 423.Va sp_max 424bytes have been transferred. 425Note that if a maximum is given, it is only guaranteed that no more 426bytes are transferred. 427A short splice can happen, but then a second call to splice will 428transfer the remaining data immediately. 429The 430.Dv SO_SPLICE 431option with 432.Fn getsockopt 433and an 434.Vt off_t 435value as 436.Fa optval 437can be used to retrieve the number of bytes transferred so far from the 438source socket 439.Fa s . 440A successful new splice resets this number. 441.Pp 442Userland may write sensitive data into a socket. 443If 444.Dv SO_ZEROIZE 445is set, overwrite kernel memory after sending data. 446.Pp 447Finally, 448.Dv SO_TYPE , 449.Dv SO_DOMAIN , 450.Dv SO_PROTOCOL , 451.Dv SO_ERROR , 452.Dv SO_ACCEPTCONN , 453and 454.Dv SO_PEERCRED 455are options used only with 456.Fn getsockopt . 457.Dv SO_TYPE 458returns the type of the socket, such as 459.Dv SOCK_STREAM ; 460it is useful for servers that inherit sockets on startup. 461.Dv SO_DOMAIN 462returns the domain of the socket, such as 463.Dv AF_INET . 464.Dv SO_PROTOCOL 465returns the protocol of the socket such as 466.Dv IPPROTO_TCP . 467.Dv SO_ERROR 468returns any pending error on the socket and clears the error status. 469It may be used to check for asynchronous errors on connected 470datagram sockets or for other asynchronous errors. 471.Dv SO_ACCEPTCONN 472returns whether the socket is currently accepting connections, that is, 473whether or not 474.Xr listen 2 475was called. 476.Dv SO_PEERCRED 477fetches the 478.Va struct sockpeercred 479credentials from the other side of the connection 480(currently only possible on 481.Dv AF_UNIX 482sockets). 483These credentials are from the time that 484.Xr bind 2 , 485.Xr connect 2 486or 487.Xr socketpair 2 488were called. 489.Sh RETURN VALUES 490.Rv -std 491.Sh ERRORS 492The call succeeds unless: 493.Bl -tag -width Er 494.It Bq Er EBADF 495The argument 496.Fa s 497is not a valid descriptor. 498.It Bq Er ENOTSOCK 499The argument 500.Fa s 501is a file, not a socket. 502.It Bq Er ENOPROTOOPT 503The option is unknown at the level indicated. 504.It Bq Er EOPNOTSUPP 505The option is unsupported. 506.It Bq Er EFAULT 507The address pointed to by 508.Fa optval 509is not in a valid part of the process address space. 510For 511.Fn getsockopt , 512this error may also be returned if 513.Fa optlen 514is not in a valid part of the process address space. 515.El 516.Sh SEE ALSO 517.Xr connect 2 , 518.Xr getrtable 2 , 519.Xr ioctl 2 , 520.Xr poll 2 , 521.Xr select 2 , 522.Xr socket 2 , 523.Xr getprotoent 3 , 524.Xr divert 4 , 525.Xr pf.conf 5 , 526.Xr protocols 5 , 527.Xr sosplice 9 528.Sh STANDARDS 529The 530.Fn getsockopt 531and 532.Fn setsockopt 533functions conform to 534.St -p1003.1-2008 . 535.Sh HISTORY 536The 537.Fn getsockopt 538system call appeared in 539.Bx 4.1c . 540.Sh BUGS 541Several of the socket options should be handled at lower levels of the system. 542