| IP_PASSSEC(2const) | IP_PASSSEC(2const) |
NAME
IP_PASSSEC - receive the security context of the peer socket
LIBRARY
Standard C library (libc, -lc)
SYNOPSIS
#include <netinet/in.h> /* Definition of IP* constants */ #include <sys/socket.h>
int setsockopt(int sockfd, IPPROTO_IP, IP_PASSSEC,
const int *enable, sizeof(int));
int getsockopt(int sockfd, IPPROTO_IP, IP_PASSSEC,
int *enabled, sizeof(int));
DESCRIPTION
If labeled IPSEC or NetLabel is configured on the sending and receiving hosts, this option enables receiving of the security context of the peer socket in an ancillary message of type SCM_SECURITY retrieved using recvmsg(2).
This option is supported only for UDP sockets; for TCP or SCTP sockets, see SO_PEERSEC(2const).
The security context returned in the SCM_SECURITY ancillary message is of the same format as the one described in SO_PEERSEC(2const).
ERRORS
See IPPROTO_IP(2const). See setsockopt(2). See ip(7).
STANDARDS
Linux.
HISTORY
Linux 2.6.17.
CAVEATS
The reuse of the SCM_SECURITY message type for the IP_PASSSEC socket option was likely a mistake, since other IP control messages use their own numbering scheme in the IP namespace and often use the socket option value as the message type. There is no conflict currently since the IP option with the same value as SCM_SECURITY is IP_HDRINCL(2const) and this is never used for a control message type.
SEE ALSO
IPPROTO_IP(2const), setsockopt(2), ip(7)
| 2025-11-25 | Linux man-pages 6.17 |