UNIX(7) Miscellaneous Information Manual UNIX(7) unix - #include #include unix_socket = socket(AF_UNIX, type, 0); error = socketpair(AF_UNIX, type, 0, int *sv); AF_UNIX ( , AF_LOCAL) . UNIX , ( ). Linux , . UNIX: SOCK_STREAM, SOCK_DGRAM, ( UNIX, UNIX ); ( Linux 2.6.4) SOCK_SEQPACKET, , . UNIX (credentials) , (ancillary) . UNIX : struct sockaddr_un { sa_family_t sun_family; /* AF_UNIX */ char sun_path[108]; /* */ }; The sun_family field always contains AF_UNIX. On Linux, sun_path is 108 bytes in size; see also BUGS, below. Various system calls (for example, bind(2), connect(2), and sendto(2)) take a sockaddr_un argument as input. Some other system calls (for example, getsockname(2), getpeername(2), recvfrom(2), and accept(2)) return an argument of this type. sockaddr_un : pathname () a UNIX domain socket can be bound to a null-terminated filesystem pathname using bind(2). When the address of a pathname socket is returned (by one of the system calls noted above), its length is offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1 sun_path , null ( Linux, offsetof() sizeof(sa_family_t), sun_path, offsetof() ). . unnamed A stream socket that has not been bound to a pathname using bind(2) has no name. Likewise, the two sockets created by socketpair(2) are unnamed. When the address of an unnamed socket is returned, its length is sizeof(sa_family_t), and sun_path should not be inspected. abstract an abstract socket address is distinguished (from a pathname socket) by the fact that sun_path[0] is a null byte ('\0'). The socket's address in this namespace is given by the additional bytes in sun_path that are covered by the specified length of the address structure. (Null bytes in the name have no special significance.) The name has no connection with filesystem pathnames. When the address of an abstract socket is returned, the returned addrlen is greater than sizeof(sa_family_t) (i.e., greater than 2), and the name of the socket is contained in the first (addrlen - sizeof(sa_family_t)) bytes of sun_path. : o sun_path null. o , null, sun_path. o addrlen, sockaddr_un, , : offsetof(struct sockaddr_un, sun_path)+strlen(addr.sun_path)+1 , , addrlen sizeof(struct sockaddr_un). UNIX, . , ( ) null, sun_path. , sun_path 92 . (, accept(2), recvfrom(2), getsockname(2), getpeername(2)) . UNIX - addrlen, , . . : , null sun_path ( ). Linux , . , () , . Linux ; , . POSIX (, BSD) . . . umask(2). , ( chown(2) chmod(2)). : umask(2) ( fchown(2) fchmod(2)) . . Linux. SOL_SOCKET, AF_UNIX. setsockopt(2) getsockopt(2); SOL_SOCKET . SO_PASSCRED SCM_CREDENTIALS . SCM_CREDENTIALS, , PID , ID, SCM_CREDENTIALS. , . setsockopt(2) getsockopt(2) . SO_PASSSEC SELinux SCM_SECURITY ( ). setsockopt(2) getsockopt(2) . SO_PASSSEC UNIX Linux 2.6.18; UNIX Linux 4.2. SO_PEEK_OFF socket(7). SO_PEERCRED This read-only socket option returns the credentials of the peer process connected to this socket. The returned credentials are those that were in effect at the time of the call to connect(2), listen(2), or socketpair(2). getsockopt(2) ucred; _GNU_SOURCE . AF_UNIX AF_UNIX , socketpair(2). SO_PEERSEC This read-only socket option returns the security context of the peer socket connected to this socket. By default, this will be the same as the security context of the process that created the peer socket unless overridden by the policy or by a process with the required permissions. The argument to getsockopt(2) is a pointer to a buffer of the specified length in bytes into which the security context string will be copied. If the buffer length is less than the length of the security context string, then getsockopt(2) returns -1, sets errno to ERANGE, and returns the required length via optlen. The caller should allocate at least NAME_MAX bytes for the buffer initially, although this is not guaranteed to be sufficient. Resizing the buffer to the returned length and retrying may be necessary. The security context string may include a terminating null character in the returned length, but is not guaranteed to do so: a security context "foo" might be represented as either {'f','o','o'} of length 3 or {'f','o','o','\0'} of length 4, which are considered to be interchangeable. The string is printable, does not contain non-terminating null characters, and is in an unspecified encoding (in particular, it is not guaranteed to be ASCII or UTF-8). The use of this option for sockets in the AF_UNIX address family is supported since Linux 2.6.2 for connected stream sockets, and since Linux 4.18 also for stream and datagram socket pairs created using socketpair(2). If a bind(2) call specifies addrlen as sizeof(sa_family_t), or the SO_PASSCRED socket option was specified for a socket that was not explicitly bound to an address, then the socket is autobound to an abstract address. The address consists of a null byte followed by 5 bytes in the character set [0-9a-f]. Thus, there is a limit of 2^20 autobind addresses. (From Linux 2.1.15, when the autobind feature was added, 8 bytes were used, and the limit was thus 2^32 autobind addresses. The change to 5 bytes came in Linux 2.3.15.) UNIX Linux. UNIX ( MSG_OOB send(2) recv(2)). MSG_MORE send(2) UNIX. Linux 3.4 MSG_TRUNC flags recv(2) UNIX. SO_SNDBUF UNIX, SO_RCVBUF -- . SO_SNDBUF . , (. socket(7)) , 32 . sendmsg(2) recvmsg(2). SOL_SOCKET, AF_UNIX. , , cmsg_level cmsghdr SOL_SOCKET, cmsg_type . cmsg(3). SCM_RIGHTS . . , << >> . , ( open(2)) , , . , (dup(2)) . ( ), ( ), . , , RLIMIT_NOFILE ( getrlimit(2)), . The kernel constant SCM_MAX_FD defines a limit on the number of file descriptors in the array. Attempting to send an array larger than this limit causes sendmsg(2) to fail with the error EINVAL. SCM_MAX_FD has the value 253 (or 255 before Linux 2.6.38). SCM_CREDENTIALS Send or receive UNIX credentials. This can be used for authentication. The credentials are passed as a struct ucred ancillary message. This structure is defined in as follows: struct ucred { pid_t pid; /* */ uid_t uid; /* */ gid_t gid; /* */ }; glibc 2.8, _GNU_SOURCE ( - ). The credentials which the sender specifies are checked by the kernel. A privileged process is allowed to specify values that do not match its own. The sender must specify its own process ID (unless it has the capability CAP_SYS_ADMIN, in which case the PID of any existing process may be specified), its real user ID, effective user ID, or saved set-user-ID (unless it has CAP_SETUID), and its real group ID, effective group ID, or saved set-group-ID (unless it has CAP_SETGID). struct ucred SO_PASSCRED. SCM_SECURITY SELinux ( ) . ( null ) . NAME_MAX . SO_PASSSEC ( ). sendmsg(2) , . . Linux UNIX. UNIX Linux - . , , . . , , : (1) sendmsg(2) . (2) sendmsg(2) . (3) sendmsg(2) . Suppose that the receiver now performs recvmsg(2) calls each with a buffer size of 20 bytes. The first call will receive five bytes of data, along with the ancillary data sent by the second sendmsg(2) call. The next call will receive the remaining four bytes of data. , , , , (, SCM_RIGHTS, ). (. ., msg_control msghdr, recvmsg(2), NULL), . , recvmsg(2) msg.msg_flags MSG_CTRUNC. ioctl ioctl(2) value. : int value; error = ioctl(unix_socket, ioctl_type, &value); ioctl_type : SIOCINQ SOCK_STREAM . LISTEN, (EINVAL). SIOCINQ . FIONREAD, . SOCK_DGRAM ; udp(7). EADDRINUSE , . EBADF sendmsg(2) UNIX ( SCM_RIGHTS ), , (, ). ECONNREFUSED , connect(2) . , . ECONNRESET . EFAULT . EINVAL . -- AF_UNIX sun_type . EISCONN connect(2) , . ENFILE . ENOENT , connect(2), . ENOMEM . ENOTCONN , . EOPNOTSUPP , . EPERM (credentials) struct ucred. EPIPE . , SIGPIPE. , MSG_NOSIGNAL send(2) sendmsg(2). EPROTONOSUPPORT AF_UNIX. EPROTOTYPE (SOCK_DGRAM SOCK_STREAM). ESOCKTNOSUPPORT . ESRCH While sending an ancillary message containing credentials (SCM_CREDENTIALS), the caller specified a PID that does not match any existing process. ETOOMANYREFS sendmsg(2) UNIX ( SCM_RIGHTS ). , << >> RLIMIT_NOFILE CAP_SYS_RESOURCE. sendmsg(2), - recvmsg(2). Linux 4.5 ( , ). , sendmsg(2) , RLIMIT_NOFILE. . . SCM_CREDENTIALS Linux 2.2 . BSD (credential), . , , ( unlink(2)). UNIX ; , . To pass file descriptors or credentials over a SOCK_STREAM socket, you must send or receive at least one byte of nonancillary data in the same sendmsg(2) or recvmsg(2) call. UNIX . When binding a socket to an address, Linux is one of the implementations that append a null terminator if none is supplied in sun_path. In most cases this is unproblematic: when the socket address is retrieved, it will be one byte longer than that supplied when the socket was bound. However, there is one case where confusing behavior can result: if 108 non-null bytes are supplied when a socket is bound, then the addition of the null terminator takes the length of the pathname beyond sizeof(sun_path). Consequently, when retrieving the socket address (for example, via accept(2)), if the input addrlen argument for the retrieving call is specified as sizeof(struct sockaddr_un), then the returned address structure won't have a null terminator in sun_path. , null ( sun_path addrlen) , sun_path null. , () , null sun_path, : strnlen(addr.sun_path, addrlen - offsetof(sockaddr_un, sun_path)) sizeof(struct sockaddr_un)+1, . addrlen sizeof(struct sockaddr_un), null , sun_path: void *addrp; addrlen = sizeof(struct sockaddr_un); addrp = malloc(addrlen + 1); if (addrp == NULL) /* Handle error */ ; memset(addrp, 0, addrlen + 1); if (getsockname(sfd, (struct sockaddr *) addrp, &addrlen)) == -1) /* handle error */ ; printf("sun_path = %s\n", ((struct sockaddr_un *) addrp)->sun_path); , , , , , . - . . - -. . . - <>. , . . . , <>. . - <>. $ ./server & [1] 25887 $ ./client 3 4 = 7 $ ./client 11 -5 = 6 $ ./client DOWN = 0 [1]+ Done ./server $ /* * File connection.h */ #ifndef CONNECTION_H #define CONNECTION_H #define SOCKET_NAME "/tmp/9Lq7BNBnBycd6nxy.socket" #define BUFFER_SIZE 12 #endif // include guard /* * File server.c */ #include #include #include #include #include #include #include #include "connection.h" int main(void) { int down_flag = 0; int ret; int connection_socket; int data_socket; int result; ssize_t r, w; struct sockaddr_un name; char buffer[BUFFER_SIZE]; /* Create local socket. */ connection_socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); if (connection_socket == -1) { perror("socket"); exit(EXIT_FAILURE); } /* * For portability clear the whole structure, since some * implementations have additional (nonstandard) fields in * the structure. */ memset(&name, 0, sizeof(name)); /* Bind socket to socket name. */ name.sun_family = AF_UNIX; strncpy(name.sun_path, SOCKET_NAME, sizeof(name.sun_path) - 1); ret = bind(connection_socket, (const struct sockaddr *) &name, sizeof(name)); if (ret == -1) { perror("bind"); exit(EXIT_FAILURE); } /* * Prepare for accepting connections. The backlog size is set * to 20. So while one request is being processed other requests * can be waiting. */ ret = listen(connection_socket, 20); if (ret == -1) { perror("listen"); exit(EXIT_FAILURE); } /* This is the main loop for handling connections. */ for (;;) { /* Wait for incoming connection. */ data_socket = accept(connection_socket, NULL, NULL); if (data_socket == -1) { perror("accept"); exit(EXIT_FAILURE); } result = 0; for (;;) { /* Wait for next data packet. */ r = read(data_socket, buffer, sizeof(buffer)); if (r == -1) { perror("read"); exit(EXIT_FAILURE); } /* Ensure buffer is 0-terminated. */ buffer[sizeof(buffer) - 1] = 0; /* Handle commands. */ if (!strncmp(buffer, "DOWN", sizeof(buffer))) { down_flag = 1; continue; } if (!strncmp(buffer, "END", sizeof(buffer))) { break; } if (down_flag) { continue; } /* Add received summand. */ result += atoi(buffer); } /* Send result. */ sprintf(buffer, "%d", result); w = write(data_socket, buffer, sizeof(buffer)); if (w == -1) { perror("write"); exit(EXIT_FAILURE); } /* Close socket. */ close(data_socket); /* Quit on DOWN command. */ if (down_flag) { break; } } close(connection_socket); /* Unlink the socket. */ unlink(SOCKET_NAME); exit(EXIT_SUCCESS); } /* * File client.c */ #include #include #include #include #include #include #include #include "connection.h" int main(int argc, char *argv[]) { int ret; int data_socket; ssize_t r, w; struct sockaddr_un addr; char buffer[BUFFER_SIZE]; /* Create local socket. */ data_socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); if (data_socket == -1) { perror("socket"); exit(EXIT_FAILURE); } /* * For portability clear the whole structure, since some * implementations have additional (nonstandard) fields in * the structure. */ memset(&addr, 0, sizeof(addr)); /* Connect socket to socket address. */ addr.sun_family = AF_UNIX; strncpy(addr.sun_path, SOCKET_NAME, sizeof(addr.sun_path) - 1); ret = connect(data_socket, (const struct sockaddr *) &addr, sizeof(addr)); if (ret == -1) { fprintf(stderr, "The server is down.\n"); exit(EXIT_FAILURE); } /* Send arguments. */ for (int i = 1; i < argc; ++i) { w = write(data_socket, argv[i], strlen(argv[i]) + 1); if (w == -1) { perror("write"); break; } } /* Request result. */ strcpy(buffer, "END"); w = write(data_socket, buffer, strlen(buffer) + 1); if (w == -1) { perror("write"); exit(EXIT_FAILURE); } /* Receive result. */ r = read(data_socket, buffer, sizeof(buffer)); if (r == -1) { perror("read"); exit(EXIT_FAILURE); } /* Ensure buffer is 0-terminated. */ buffer[sizeof(buffer) - 1] = 0; printf("Result = %s\n", buffer); /* Close socket. */ close(data_socket); exit(EXIT_SUCCESS); } For examples of the use of SCM_RIGHTS, see cmsg(3) and seccomp_unotify(2). recvmsg(2), sendmsg(2), socket(2), socketpair(2), cmsg(3), capabilities(7), credentials(7), socket(7), udp(7) () Azamat Hackimov , Dmitriy Ovchinnikov , Dmitry Bolkhovskikh , Katrin Kutepova , Yuri Kozlov , Kirill Rekhov ; GNU (GNU General Public License - GPL, 3 ) , - . - , , () () () <>. Linux man-pages 6.12 15 2024 . UNIX(7)