man7.org > Linux > man-pages

Linux/UNIX system programming training

IP_PASSSEC(2const) — Linux manual page

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | ERRORS | STANDARDS | HISTORY | CAVEATS | SEE ALSO | COLOPHON 

IP_PASSSEC(2const)                                     IP_PASSSEC(2const)

NAME         top

       IP_PASSSEC - receive the security context of the peer socket

LIBRARY         top

       Standard C library (libc, -lc)

SYNOPSIS         top

       #include <netinet/in.h>  /* Definition of IP* constants */
       #include <sys/socket.h>

       int setsockopt(int sockfd, IPPROTO_IP, IP_PASSSEC,
                      const int *enable, sizeof(int));
       int getsockopt(int sockfd, IPPROTO_IP, IP_PASSSEC,
                      int *enabled, sizeof(int));

DESCRIPTION         top

       If labeled IPSEC or NetLabel is configured on the sending and
       receiving hosts, this option enables receiving of the security
       context of the peer socket in an ancillary message of type
       SCM_SECURITY retrieved using recvmsg(2).

       This option is supported only for UDP sockets; for TCP or SCTP
       sockets, see SO_PEERSEC(2const).

       The security context returned in the SCM_SECURITY ancillary
       message is of the same format as the one described in
       SO_PEERSEC(2const).

ERRORS         top

       See IPPROTO_IP(2const).  See setsockopt(2).  See ip(7).

STANDARDS         top

       Linux.

HISTORY         top

       Linux 2.6.17.

CAVEATS         top

       The reuse of the SCM_SECURITY message type for the IP_PASSSEC
       socket option was likely a mistake, since other IP control
       messages use their own numbering scheme in the IP namespace and
       often use the socket option value as the message type.  There is
       no conflict currently since the IP option with the same value as
       SCM_SECURITY is IP_HDRINCL(2const) and this is never used for a
       control message type.

SEE ALSO         top

       IPPROTO_IP(2const), setsockopt(2), ip(7)

COLOPHON         top

       This page is part of the man-pages (Linux kernel and C library
       user-space interface documentation) project.  Information about
       the project can be found at 
       ⟨https://www.kernel.org/doc/man-pages/⟩.  If you have a bug report
       for this manual page, see
       ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩.
       This page was obtained from the tarball man-pages-6.18.tar.gz
       fetched from
       ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on
       2026-05-24.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to
       man-pages@man7.org

Linux man-pages 6.18            2025-11-25             IP_PASSSEC(2const)

Pages that refer to this page: IPPROTO_IP(2const)

HTML rendering created 2026-05-24 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI