<socket> Element (Network Settings)
Specifies whether socket operations use completion ports.
<system.net> Element (Network Settings)
<settings> Element (Network Settings)
<socket> Element (Network Settings)
<socket alwaysUseCompletionPortsForConnect="true|false" alwaysUseCompletionPortsForAccept="true|false" ipProtectionLevel ="EdgeRestricted|Restricted|Unrestricted|Unspecified" /socket>
The following sections describe attributes, child elements, and parent elements.
Indicates whether the socket should always use completion ports for Accept method calls. The default value is false.
Indicates whether the socket should always use completion ports for Connect method calls. The default value is false.
Specifies the default System.Net.Sockets.IPProtectionLevel to use for a socket. The default value depends on the version of Windows.
The alwaysUseCompletionPortsForAccept and alwaysUseCompletionPortsForConnect attributes are used to specify the default behavior regarding the use of completion ports by the classes in the System.Net.Sockets.namespace. Completion ports are recommended for high performance server applications.
The default value for the alwaysUseCompletionPortsForAccept and alwaysUseCompletionPortsForConnect attributes is false.
The AlwaysUseCompletionPortsForAccept can be used to get the current value of the alwaysUseCompletionPortsForAccept attribute from applicable configuration files. The AlwaysUseCompletionPortsForConnect can be used to get the current value of the alwaysUseCompletionPortsForConnect attribute from applicable configuration files.
The ipProtectionLevel attribute specifies the default System.Net.Sockets.IPProtectionLevel to use for a socket. The IPProtectionLevel property enables configuration of a restriction for an IPv6 socket to a specified scope, such as addresses with the same link local or site local prefix. This option enables applications to place access restrictions on IPv6 sockets. Such restrictions enable an application running on a private LAN to simply and robustly harden itself against external attacks. This option widens or narrows the scope of a listening socket, enabling unrestricted access from public and private users when appropriate, or restricting access only to the same site, as required.
This ipProtectionLevel attribute setting affects only initial incoming traffic:
A TCP server listening for incoming connections on a socket.
A UDP application receiving a packet on a socket.
This configuration setting does not affect already established TCP connections (traffic is unrestricted in both directions) and does not affect an application sending UDP packets.
The possible values for the ipProtectionLevel attribute setting correspond with the defined protection levels specified in the System.Net.Sockets.IPProtectionLevel enumeration as follows:
The IP protection level is edge restricted. This value would be used by applications designed to operate across the Internet. This setting does not allow Network Address Translation (NAT) traversal using the Windows Teredo implementation. These applications may bypass IPv4 firewalls, so applications must be hardened against Internet attacks directed at the opened port. On Windows Server 2003 and Windows XP, the default value for the IP Protection level on a socket is edge restricted.
The IP protection level is restricted. This value would be used by intranet applications that do not implement Internet scenarios. These applications are generally not tested or hardened against Internet-style attacks. This setting will limit the received traffic to link-local only.
The IP protection level is unrestricted. This value would be used by applications designed to operate across the Internet, including applications taking advantage of IPv6 NAT traversal capabilities built into Windows (Teredo, for example). These applications may bypass IPv4 firewalls, so applications must be hardened against Internet attacks directed at the opened port. On Windows Server 2008 R2 and Windows Vista, the default value for the IP Protection level on a socket is unrestricted.
The IP protection level is unspecified. On Windows 7 and Windows Server 2008 R2, the default value for the IP Protection level on a socket is unspecified.
The default value for the ipProtectionLevel attribute is Unspecified.
The IPProtectionLevel property can be used to get the current value of the ipProtectionLevel attribute from applicable configuration files.
This element can be used in the application configuration file or the machine configuration file (Machine.config).
The following code example shows how to specify that completion ports should be used and that the default System.Net.Sockets.IPProtectionLevel should be unrestricted.
<configuration> <system.net> <settings> <socket alwaysUseCompletionPortsForAccept="true" alwaysUseCompletionPortsForConnect="true" ipProtectionLevel="Unrestricted" /> </settings> </system.net> </configuration>