tcp-socket-listen — create a socket listening for incoming TCP connections and chain
tcp-socket-listen [--no-reuse-address] [--reuse-port] [--bind-to-any] [--numeric] [--check-interfaces] [--combine4and6] [--backlog number] [--systemd-compatibility] {host} {port} {next-prog}
tcp-socket-listen is a chain-loading utility that opens a TCP socket bound to
host and port, executes a call to listen(1), sets the socket to
file descriptor 3 (closing whatever that descriptor was),
and then chain loads to next-prog with the execvp(3) function.
next-prog may contain its own command line options, which tcp-socket-listen will ignore.
If the [--numeric] command line option is used, then no name lookup is done on
host and port, and they must be (human readable forms of) IP addresses and
port numbers.
Otherwise, host is looked up using the system name resolution facility, with
the first IP address found being used, and port can be an alphanumeric
service name.
The [--backlog] option specifies the allowed backlog level (defaulting to 5) of outstanding not-yet-accepted connections to the socket. The [--no-reuse-address] sets a flag that prevents the kernel from re-using an IP address and port combination if there are still TCP connections for that address and port in the CLOSE_WAIT state,
The [--reuse-port] sets a flag that allows the same IP address and port combination to be used by multiple TCP listeners, as long as they all use the flag. The [--check-interfaces] option prevents the use of any IPv4 addresses if there are no IPv4 addresses on any network interface, and the use of any IPv6 addresses if there are no IPv6 addresses. This isn't particularly useful on a dynamically configured system where network interface IP addresses can come and go. Conversely, the [--bind-to-any] option is quite useful on such a system, as it allows binding to any IPV4 or IPV6 address, even one that is not on any network interface.
The [--systemd-compatibility] option causes tcp-socket-listen to set the
LISTEN_FDS environment variable to 1, and the LISTEN_PID environment
variable to its own process ID.
This is for compatibility with daemons that expect to be run under
systemd(1).
For compatibility with daemons that expect to be run under inetd(1),
inheriting the listening socket as their standard input, simply use
fdmove 0 3
in next-prog.
See fdmove(1).
On systems that support such, the [--combine4and6] option allows a
listener to communicate with both IPv4 and IPv6 clients.
(host must denote an IPv6 address for this to work.)
On other systems, and also the default if [--combine4and6] is not used,
one must run an IPv4 listener for IPv4 clients and an IPv6 listener for
IPv6 clients.
See RFCs 3493 and 4038 for more details.
tcp-socket-listen is fully IPv6 capable, albeit that by the nature of IP versions it is not possible on some operating system kernels to handle both IPv4 and IPv6 with a single socket. To listen on an IPv4 address and an IPv6 address on such kernels, one must have two tcp-socket-listen processes.
tcp-socket-listen can be used as a simple daemon monitored by
service-manager(1)
that chains to
tcp-socket-accept(1).
Together, the two replace
tcpserver(1)
from ucspi-tcp.
tcp-socket-listen overlaps the functionality of
inetd(1)
and
systemd(1),
with which only the
tcp-socket-accept(1)
half of the pair would be needed (in the systemd-recommended configuration of
Accept=false sockets).
To change the process' UID and GID after a successful call to listen(2), simply chain through setuidgid(1).