get and set options on
s, int level,
s, int level,
const void *optval,
setsockopt() manipulate the
associated with a socket. Options may exist at multiple protocol levels;
they are always present at the uppermost “socket” level.
When manipulating socket options the level at which the option
resides and the name of the option must be specified. To manipulate options
at the socket level, level is specified as
SOL_SOCKET. To manipulate options at any other level
the protocol number of the appropriate protocol controlling the option is
supplied. For example, to indicate that an option is to be interpreted by
the TCP protocol, level should be set to the protocol
number of TCP; see
The parameters optval and
optlen are used to access option values for
getsockopt() they identify a buffer in which the
value for the requested option(s) are to be returned. For
getsockopt(), optlen is a
value-result parameter, initially containing the size of the buffer pointed
to by optval, and modified on return to indicate the
actual size of the value returned. If no option value is to be supplied or
returned, optval may be
optname and any specified options are passed
uninterpreted to the appropriate protocol module for interpretation. The
contains definitions for socket level options, described below. Options at
other protocol levels vary in format and name; consult the appropriate
entries in section 4 of the manual.
Most socket-level options utilize an
int parameter for optval. For
the parameter should be non-zero to enable a boolean option, or zero if the
option is to be disabled.
SO_LINGER uses a
struct linger parameter, defined in
specifies the desired state of the option and the linger interval (see
SO_RCVTIMEO use a
timeval parameter, defined in
The following options are recognized at the
socket level. Except as noted, each may be examined with
and set with
- enables recording of debugging information
- enables local address reuse
- enables duplicate address and port bindings
- enables keep connections alive
- enables routing bypass; not supported
- linger on close if data present
- enables permission to transmit broadcast messages
- enables reception of out-of-band data in band
- enables binding to any address
- set buffer size for output
- set buffer size for input
- set minimum count for output
- set minimum count for input
- set timeout value for output
- set timeout value for input
- enables reception of a timestamp with datagrams
- get the credentials from other side of connection
- set the routing table used for route lookups
- splice two sockets together or get data length
- clear all memory containing user supplied data
- get the type of the socket (get only)
- get and clear error on the socket (get only)
- get the domain of the socket (get only)
- get the protocol of the socket (get only)
SO_DEBUG enables debugging in the
underlying protocol modules.
that the rules used in validating addresses supplied in a
bind(2) call should allow reuse of local addresses by callers with
the same user ID (or the superuser).
allows completely duplicate bindings by multiple processes if they all set
SO_REUSEPORT before binding the port. This option
permits multiple instances of a program to each receive UDP/IP multicast or
broadcast datagrams destined for the bound port.
SO_KEEPALIVE enables the periodic transmission of
messages on a connected socket. Should the connected party fail to respond
to these messages, the connection is considered broken and processes using
the socket are notified via a
SIGPIPE signal when
attempting to send data.
SO_LINGER controls the
action taken when unsent messages are queued on socket and a
close(2) is performed. If the socket promises reliable delivery of
SO_LINGER is set, the system will block the
process on the close(2) attempt until it is able to transmit the data or
until it decides it is unable to deliver the information (a timeout period
measured in seconds, termed the linger interval, is specified in the
SO_LINGER is requested). If
SO_LINGER is disabled and a
close(2) is issued, the system will process the close in a manner
that allows the process to continue as quickly as possible.
permission to send broadcast datagrams on the socket. Broadcast was a
privileged operation in earlier versions of the system. With protocols that
support out-of-band data, the
requests that out-of-band data be placed in the normal data input queue as
received; it will then be accessible with
recv(2) or read(2) calls without the
flag. Some protocols always behave as if this option is set.
SO_BINDANY allows the socket to be bound
to addresses which are not local to the machine, so it can be used to make a
transparent proxy. Note that this option is limited to the superuser. In
order to receive packets for these addresses,
SO_BINDANY needs to be combined with matching
outgoing pf(4) rules with the divert-reply parameter.
For example, with the following rule the socket receives packets for
192.168.0.10 even if it is not a local address:
pass out inet from 192.168.0.10 divert-reply
SO_RCVBUF are options to adjust the normal buffer
sizes allocated for output and input buffers, respectively. The buffer size
may be increased for high-volume connections, or may be decreased to limit
the possible backlog of incoming data. The system places an absolute limit
on these values.
SO_SNDLOWAT is an option to set the
minimum count for output operations. Most output operations process all of
the data supplied by the call, delivering data to the protocol for
transmission and blocking as necessary for flow control. Nonblocking output
operations will process as much data as permitted subject to flow control
without blocking, but will process no data if flow control does not allow
the smaller of the low water mark value or the entire request to be
processed. A select(2) or
poll(2) operation testing the ability to write to a socket will
return true only if the low water mark amount could be processed. The
default value for
SO_SNDLOWAT is set to a convenient
size for network efficiency, often 1024.
is an option to set the minimum count for input operations. In general,
receive calls will block until any (non-zero) amount of data is received,
then return with the smaller of the amount available or the amount
requested. The default value for
SO_RCVLOWAT is 1.
SO_RCVLOWAT is set to a larger value, blocking
receive calls normally wait until they have received the smaller of the low
water mark value or the requested amount. Receive calls may still return
less than the low water mark if an error occurs, a signal is caught, or the
type of data next in the receive queue is different than that returned.
SO_SNDTIMEO is an option to set a timeout
value for output operations. It accepts a
timeval parameter with the number of seconds and microseconds used to
limit waits for output operations to complete. If a send operation has
blocked for this much time, it returns with a partial count or with the
EWOULDBLOCK if no data was sent. In the
current implementation, this timer is restarted each time additional data
are delivered to the protocol, implying that the limit applies to output
portions ranging in size from the low water mark to the high water mark for
SO_RCVTIMEO is an option to set a timeout
value for input operations. It accepts a
timeval parameter with the number of seconds and microseconds used to
limit waits for input operations to complete. In the current implementation,
this timer is restarted each time additional data are received by the
protocol, and thus the limit is in effect an inactivity timer. If a receive
operation has been blocked for this much time without receiving additional
data, it returns with a short count or with the error
EWOULDBLOCK if no data were received.
SO_TIMESTAMP option is enabled on a
SOCK_DGRAM socket, the
recvmsg(2) call will return a timestamp corresponding to when the
datagram was received. The msg_control field in the msghdr structure points
to a buffer that contains a cmsghdr structure followed by a struct timeval.
The cmsghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(struct timeval)) cmsg_level = SOL_SOCKET cmsg_type = SCM_TIMESTAMP
SO_PEERCRED fetches the
struct sockpeercred credentials from the other side of
the connection (currently only possible on
sockets). These credentials are from the time that
socketpair(2) were called.
SO_RTABLE option gets or sets the
routing table which will be used by the socket for address lookups. If a
protocol family of the socket doesn't support switching routing tables, the
ENOPROTOOPT error is returned. Only the superuser is
allowed to change the routing table if it is already set to a non-zero
value. A socket's chosen routing table is initialized from the process's
configuration, previously selected using
SO_SPLICE can splice
together two TCP or UDP sockets for unidirectional zero-copy data transfers.
Splice also the other way around to get bidirectional data flow. Both
sockets must be of the same type. In the first form,
is called with the source socket s and the drain
socket's int file descriptor as
optval. In the second form,
optval is a struct splice with
the drain socket in sp_fd, a positive maximum number
of bytes or 0 in sp_max and an idle timeout
sp_idle in the form of a struct
timeval. If -1 is given as drain socket, the source socket
s gets unspliced. Otherwise the spliced data transfer
continues within the kernel until the optional maximum is reached, one of
the connections terminates, idle timeout expires or an error occurs. A
kqueue(2) operation testing the ability to read from the source
socket indicates that the splicing has terminated. When one of the sockets
gets closed, splicing ends. The error status can be examined with
SO_ERROR at the source socket. The
ELOOP error is set if userland created a loop by
splicing sockets connected to localhost. The
ETIMEDOUT error is set if there was no data
transferred between two sockets during the sp_idle
period of time. The
EFBIG error is set after exactly
sp_max bytes have been transferred. Note that if a
maximum is given, it is only guaranteed that no more bytes are transferred.
A short splice can happen, but then a second call to splice will transfer
the remaining data immediately. The
getsockopt() and an off_t
value as optval can be used to retrieve the number of
bytes transferred so far from the source socket s. A
successful new splice resets this number.
Userland may write sensitive data into a socket. If
SO_ZEROIZE is set, overwrite kernel memory after
SO_ERROR are options used only with
SO_TYPE returns the type of the socket, such as
SOCK_STREAM; it is useful for servers that inherit
sockets on startup.
SO_DOMAIN returns the domain of
the socket, such as
SO_PROTOCOL returns the protocol of the socket such
returns any pending error on the socket and clears the error status. It may
be used to check for asynchronous errors on connected datagram sockets or
for other asynchronous errors.
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
The call succeeds unless:
- The argument s is not a valid descriptor.
- The argument s is a file, not a socket.
- The option is unknown at the level indicated.
- The option is unsupported.
- The address pointed to by optval is not in a valid
part of the process address space. For
getsockopt(), this error may also be returned if optlen is not in a valid part of the process address space.
connect(2), getrtable(2), ioctl(2), poll(2), select(2), socket(2), getprotoent(3), divert(4), pf.conf(5), protocols(5), sosplice(9)
setsockopt() functions conform to
IEEE Std 1003.1-2008 (“POSIX.1”).
getsockopt() system call appeared in
Several of the socket options should be handled at lower levels of the system.