Share via


<socket> Element (Network Settings)

Specifies whether socket operations use completion ports.

<configuration> Element
  <system.net> Element (Network Settings)
    <settings> Element (Network Settings)
      <socket> Element (Network Settings)

<socket
  alwaysUseCompletionPortsForConnect="true|false"
  alwaysUseCompletionPortsForAccept="true|false"
  ipProtectionLevel ="EdgeRestricted|Restricted|Unrestricted|Unspecified"
/socket>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

alwaysUseCompletionPortsForAccept

Indicates whether the socket should always use completion ports for Accept method calls. The default value is false.

alwaysUseCompletionPortsForConnect

Indicates whether the socket should always use completion ports for Connect method calls. The default value is false.

ipProtectionLevel

Specifies the default System.Net.Sockets.IPProtectionLevel to use for a socket. The default value depends on the version of Windows.

Child Elements

None.

Parent Elements

Element

Description

<settings>

Configures basic network options for the System.Net namespace.

Remarks

The alwaysUseCompletionPortsForAccept and alwaysUseCompletionPortsForConnect attributes are used to specify the default behavior regarding the use of completion ports by the classes in the System.Net.Sockets.namespace. Completion ports are recommended for high performance server applications.

The default value for the alwaysUseCompletionPortsForAccept and alwaysUseCompletionPortsForConnect attributes is false.

The AlwaysUseCompletionPortsForAccept can be used to get the current value of the alwaysUseCompletionPortsForAccept attribute from applicable configuration files. The AlwaysUseCompletionPortsForConnect can be used to get the current value of the alwaysUseCompletionPortsForConnect attribute from applicable configuration files.

The ipProtectionLevel attribute specifies the default System.Net.Sockets.IPProtectionLevel to use for a socket. The IPProtectionLevel property enables configuration of a restriction for an IPv6 socket to a specified scope, such as addresses with the same link local or site local prefix. This option enables applications to place access restrictions on IPv6 sockets. Such restrictions enable an application running on a private LAN to simply and robustly harden itself against external attacks. This option widens or narrows the scope of a listening socket, enabling unrestricted access from public and private users when appropriate, or restricting access only to the same site, as required.

This ipProtectionLevel attribute setting affects only initial incoming traffic:

  • A TCP server listening for incoming connections on a socket.

  • A UDP application receiving a packet on a socket.

This configuration setting does not affect already established TCP connections (traffic is unrestricted in both directions) and does not affect an application sending UDP packets.

The possible values for the ipProtectionLevel attribute setting correspond with the defined protection levels specified in the System.Net.Sockets.IPProtectionLevel enumeration as follows:

Attribute Value

Description

EdgeRestricted

The IP protection level is edge restricted. This value would be used by applications designed to operate across the Internet. This setting does not allow Network Address Translation (NAT) traversal using the Windows Teredo implementation. These applications may bypass IPv4 firewalls, so applications must be hardened against Internet attacks directed at the opened port. On Windows Server 2003 and Windows XP, the default value for the IP Protection level on a socket is edge restricted.

Restricted

The IP protection level is restricted. This value would be used by intranet applications that do not implement Internet scenarios. These applications are generally not tested or hardened against Internet-style attacks. This setting will limit the received traffic to link-local only.

Unrestricted

The IP protection level is unrestricted. This value would be used by applications designed to operate across the Internet, including applications taking advantage of IPv6 NAT traversal capabilities built into Windows (Teredo, for example). These applications may bypass IPv4 firewalls, so applications must be hardened against Internet attacks directed at the opened port. On Windows Server 2008 R2 and Windows Vista, the default value for the IP Protection level on a socket is unrestricted.

Unspecified

The IP protection level is unspecified. On Windows 7 and Windows Server 2008 R2, the default value for the IP Protection level on a socket is unspecified.

The default value for the ipProtectionLevel attribute is Unspecified.

The IPProtectionLevel property can be used to get the current value of the ipProtectionLevel attribute from applicable configuration files.

Configuration Files

This element can be used in the application configuration file or the machine configuration file (Machine.config).

Example

The following code example shows how to specify that completion ports should be used and that the default System.Net.Sockets.IPProtectionLevel should be unrestricted.

<configuration>
  <system.net>
    <settings>
      <socket
        alwaysUseCompletionPortsForAccept="true"
        alwaysUseCompletionPortsForConnect="true"
        ipProtectionLevel="Unrestricted"
       />
    </settings>
  </system.net>
</configuration>

See Also

Reference

Network Settings Schema

System.Net

System.Net.Configuration.SocketElement

System.Net.Sockets

System.Net.Sockets.IPProtectionLevel

SocketOptionName.IPProtectionLevel