diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md
index d9b1c20c77..f828275297 100644
--- a/docs/TRANSIENT-SETTINGS.md
+++ b/docs/TRANSIENT-SETTINGS.md
@@ -429,6 +429,7 @@ Most socket unit settings are available to transient units.
✓ Broadcast=
✓ PassCredentials=
✓ PassSecurity=
+✓ PassPacketInfo=
✓ TCPCongestion=
✓ ReusePort=
✓ MessageQueueMaxMessages=
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 60ea63f742..46a2dbc7ed 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -709,6 +709,15 @@
Defaults to .
+
+ PassPacketInfo=
+ Takes a boolean value. This controls the IP_PKTINFO,
+ IPV6_RECVPKTINFO and NETLINK_PKTINFO socket options, which
+ enable reception of additional per-packet metadata as ancillary message, on
+ AF_INET, AF_INET6 and AF_UNIX sockets.
+ Defaults to .
+
+
TCPCongestion=
Takes a string value. Controls the TCP
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index ad7b41a95b..73e6a74914 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -104,6 +104,7 @@ const sd_bus_vtable bus_socket_vtable[] = {
SD_BUS_PROPERTY("Broadcast", "b", bus_property_get_bool, offsetof(Socket, broadcast), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassCredentials", "b", bus_property_get_bool, offsetof(Socket, pass_cred), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassSecurity", "b", bus_property_get_bool, offsetof(Socket, pass_sec), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("PassPacketInfo", "b", bus_property_get_bool, offsetof(Socket, pass_pktinfo), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RemoveOnStop", "b", bus_property_get_bool, offsetof(Socket, remove_on_stop), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Listen", "a(ss)", property_get_listen, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Symlinks", "as", NULL, offsetof(Socket, symlinks), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -202,6 +203,9 @@ static int bus_socket_set_transient_property(
if (streq(name, "PassSecurity"))
return bus_set_transient_bool(u, name, &s->pass_sec, message, flags, error);
+ if (streq(name, "PassPacketInfo"))
+ return bus_set_transient_bool(u, name, &s->pass_pktinfo, message, flags, error);
+
if (streq(name, "ReusePort"))
return bus_set_transient_bool(u, name, &s->reuse_port, message, flags, error);
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5fd58b379b..c76d08b3a6 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -396,6 +396,7 @@ Socket.Transparent, config_parse_bool, 0,
Socket.Broadcast, config_parse_bool, 0, offsetof(Socket, broadcast)
Socket.PassCredentials, config_parse_bool, 0, offsetof(Socket, pass_cred)
Socket.PassSecurity, config_parse_bool, 0, offsetof(Socket, pass_sec)
+Socket.PassPacketInfo, config_parse_bool, 0, offsetof(Socket, pass_pktinfo)
Socket.TCPCongestion, config_parse_string, 0, offsetof(Socket, tcp_congestion)
Socket.ReusePort, config_parse_bool, 0, offsetof(Socket, reuse_port)
Socket.MessageQueueMaxMessages, config_parse_long, 0, offsetof(Socket, mq_maxmsg)
diff --git a/src/core/socket.c b/src/core/socket.c
index 218b4b245d..359683a426 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -635,6 +635,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
"%sBroadcast: %s\n"
"%sPassCredentials: %s\n"
"%sPassSecurity: %s\n"
+ "%sPassPacketInfo: %s\n"
"%sTCPCongestion: %s\n"
"%sRemoveOnStop: %s\n"
"%sWritable: %s\n"
@@ -654,6 +655,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, yes_no(s->broadcast),
prefix, yes_no(s->pass_cred),
prefix, yes_no(s->pass_sec),
+ prefix, yes_no(s->pass_pktinfo),
prefix, strna(s->tcp_congestion),
prefix, yes_no(s->remove_on_stop),
prefix, yes_no(s->writable),
@@ -1070,6 +1072,12 @@ static void socket_apply_socket_options(Socket *s, int fd) {
log_unit_warning_errno(UNIT(s), r, "SO_PASSSEC failed: %m");
}
+ if (s->pass_pktinfo) {
+ r = socket_pass_pktinfo(fd, true);
+ if (r < 0)
+ log_unit_warning_errno(UNIT(s), r, "Failed to enable packet info socket option: %m");
+ }
+
if (s->priority >= 0) {
r = setsockopt_int(fd, SOL_SOCKET, SO_PRIORITY, s->priority);
if (r < 0)
diff --git a/src/core/socket.h b/src/core/socket.h
index 9e0be15ba8..482e45fce7 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -121,6 +121,7 @@ struct Socket {
bool broadcast;
bool pass_cred;
bool pass_sec;
+ bool pass_pktinfo;
/* Only for INET6 sockets: issue IPV6_V6ONLY sockopt */
SocketAddressBindIPv6Only bind_ipv6_only;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 3be75e6b4d..9a5730f3ea 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1632,6 +1632,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
"Broadcast",
"PassCredentials",
"PassSecurity",
+ "PassPacketInfo",
"ReusePort",
"RemoveOnStop",
"SELinuxContextFromNet"))
diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service
index 048bd34e9e..7435d7abec 100644
--- a/test/fuzz/fuzz-unit-file/directives.service
+++ b/test/fuzz/fuzz-unit-file/directives.service
@@ -164,6 +164,7 @@ PIDFile=
PartOf=
PassCredentials=
PassSecurity=
+PassPacketInfo=
PathChanged=
PathExists=
PathExistsGlob=