From 7f1234e893ade1422db0c9c84cc01135ab677f77 Mon Sep 17 00:00:00 2001
From: Dave Bakker <github@davebakker.io>
Date: Wed, 8 Nov 2023 15:41:48 +0100
Subject: [PATCH 1/3] Sync changes from wasmtime:

- Allow `accept()` to return transient errors.
  The original provision was added to align with preview3 streams that may only fail once. However, after discussing with Dan Gohman, we came to the conclusion that a `stream` of `result<>` could do the trick fine too.
    Fixes: https://github.com/WebAssembly/wasi-sockets/issues/22
- Fold `ephemeral-ports-exhausted` into `address-in-use`. There is no cross-platform way to know the distinction between them.
- Remove `concurrency-conflict` clutter,
  and just document it to be always possible.
- Simplify "not supported", "invalid argument" and "invalid state" error cases.
  There is a myriad of reasons why an argument might be invalid or an operation might be not supported. But there is few cross platform consistency in which of those error cases result in which error codes. Many wasi-sockets codes were unnecessarily detailed and had no standardized equivalent in POSIX, so wasi-libc will probably just map them all back into a single EOPNOTSUPP or EINVAL or ...
- Remove create-tcp/udp-socket not supported errors.
  These stem from back when the entire wasi-sockets proposal was one big single thing. In this day and age, when an implementation doesn't want to support TCP and/or UDP, it can simply _not_ implement that interface, rather than returning an error at runtime.
- Document that `connect` may return ECONNABORTED
- Document the set of socket options that are inherited through `accept`
- Clarify `connect` failure state:
```md
	POSIX mentions:
	> If connect() fails, the state of the socket is unspecified. Conforming applications should
	> close the file descriptor and create a new socket before attempting to reconnect.

	WASI prescribes the following behavior:
	- If `connect` fails because an input/state validation error, the socket should remain usable.
	- If a connection was actually attempted but failed, the socket should become unusable for further network communication.
```
- Clarify `local-address` behavior on unbound socket:
```md
POSIX mentions:
> If the socket has not been bound to a local name, the value
> stored in the object pointed to by `address` is unspecified.

WASI is stricter and requires `local-address` to return `not-bound` when the socket hasn't been bound yet.
```
- Remove TCP_NODELAY for the time being. The semantics of TCP_NODELAY (and TCP_CORK for that matter) and its effects on the output-stream needs to investigated and specified. I don't expect there to be anything insurmountable. Its just that I haven't had the time to do so yet and I can't promise to have it done before the stabilization Preview2. So, in order to get wasi-sockets ready for Preview2, it was discussed to temporarily remove `no-delay` and reevaluate its inclusion before Preview3.

- Introduce new `incoming-datagram-stream` and `outgoing-datagram-stream` types and moved `receive` and `send` methods to those respectively. These streams are returned by `stream` and can be individually subscribed to. This resolves a design issue where a UDP server would end up in a spin loop because `receive` returned EWOULDBLOCK but poll_* always returned immediately because the socket was ready for sending. In this new setup, users can poll each direction separately. Fixes https://github.com/WebAssembly/wasi-sockets/issues/64
- Dropped the `network` parameter from the `connect` call, because `bind` is now _required_ to perform IO.
- Enable send-like behaviour by making `outgoing-datagram::remote-address` optional. Fixes https://github.com/WebAssembly/wasi-sockets/pull/57

- Remove the non-essential parameters for now. Post-preview2 these can be reevaluated again.
- Lift the restriction against parsing IP addresses. Before, implementations still needed to parse IP addresses to decide whether or not to return an error.
---
 imports.md                | 570 +++++++++++++++++++-------------------
 wit/ip-name-lookup.wit    |  46 ++-
 wit/network.wit           |  81 ++----
 wit/tcp-create-socket.wit |  15 +-
 wit/tcp.wit               | 184 ++++++------
 wit/udp-create-socket.wit |  17 +-
 wit/udp.wit               | 302 ++++++++++++--------
 7 files changed, 627 insertions(+), 588 deletions(-)

diff --git a/imports.md b/imports.md
index 7555963..c59a6a2 100644
--- a/imports.md
+++ b/imports.md
@@ -28,6 +28,7 @@ combined with a couple of errors that are always possible:</p>
 <li><code>access-denied</code></li>
 <li><code>not-supported</code></li>
 <li><code>out-of-memory</code></li>
+<li><code>concurrency-conflict</code></li>
 </ul>
 <p>See each individual API for what the POSIX equivalents are. They sometimes differ per API.</p>
 <h5>Enum Cases</h5>
@@ -47,6 +48,11 @@ combined with a couple of errors that are always possible:</p>
 <p>POSIX equivalent: EOPNOTSUPP</p>
 </li>
 <li>
+<p><a name="error_code.invalid_argument"><code>invalid-argument</code></a></p>
+<p>One of the arguments is invalid.
+<p>POSIX equivalent: EINVAL</p>
+</li>
+<li>
 <p><a name="error_code.out_of_memory"><code>out-of-memory</code></a></p>
 <p>Not enough memory to complete the operation.
 <p>POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY</p>
@@ -58,6 +64,7 @@ combined with a couple of errors that are always possible:</p>
 <li>
 <p><a name="error_code.concurrency_conflict"><code>concurrency-conflict</code></a></p>
 <p>This operation is incompatible with another asynchronous operation that is already in progress.
+<p>POSIX equivalent: EALREADY</p>
 </li>
 <li>
 <p><a name="error_code.not_in_progress"><code>not-in-progress</code></a></p>
@@ -72,74 +79,26 @@ combined with a couple of errors that are always possible:</p>
 <p>Note: this is scheduled to be removed when <code>future</code>s are natively supported.</p>
 </li>
 <li>
-<p><a name="error_code.address_family_not_supported"><code>address-family-not-supported</code></a></p>
-<p>The specified address-family is not supported.
-</li>
-<li>
-<p><a name="error_code.address_family_mismatch"><code>address-family-mismatch</code></a></p>
-<p>An IPv4 address was passed to an IPv6 resource, or vice versa.
-</li>
-<li>
-<p><a name="error_code.invalid_remote_address"><code>invalid-remote-address</code></a></p>
-<p>The socket address is not a valid remote address. E.g. the IP address is set to INADDR_ANY, or the port is set to 0.
-</li>
-<li>
-<p><a name="error_code.ipv4_only_operation"><code>ipv4-only-operation</code></a></p>
-<p>The operation is only supported on IPv4 resources.
-</li>
-<li>
-<p><a name="error_code.ipv6_only_operation"><code>ipv6-only-operation</code></a></p>
-<p>The operation is only supported on IPv6 resources.
+<p><a name="error_code.invalid_state"><code>invalid-state</code></a></p>
+<p>The operation is not valid in the socket's current state.
 </li>
 <li>
 <p><a name="error_code.new_socket_limit"><code>new-socket-limit</code></a></p>
 <p>A new socket resource could not be created because of a system limit.
 </li>
 <li>
-<p><a name="error_code.already_attached"><code>already-attached</code></a></p>
-<p>The socket is already attached to another network.
-</li>
-<li>
-<p><a name="error_code.already_bound"><code>already-bound</code></a></p>
-<p>The socket is already bound.
-</li>
-<li>
-<p><a name="error_code.already_connected"><code>already-connected</code></a></p>
-<p>The socket is already in the Connection state.
-</li>
-<li>
-<p><a name="error_code.not_bound"><code>not-bound</code></a></p>
-<p>The socket is not bound to any local address.
-</li>
-<li>
-<p><a name="error_code.not_connected"><code>not-connected</code></a></p>
-<p>The socket is not in the Connection state.
-</li>
-<li>
 <p><a name="error_code.address_not_bindable"><code>address-not-bindable</code></a></p>
 <p>A bind operation failed because the provided address is not an address that the `network` can bind to.
 </li>
 <li>
 <p><a name="error_code.address_in_use"><code>address-in-use</code></a></p>
-<p>A bind operation failed because the provided address is already in use.
-</li>
-<li>
-<p><a name="error_code.ephemeral_ports_exhausted"><code>ephemeral-ports-exhausted</code></a></p>
-<p>A bind operation failed because there are no ephemeral ports available.
+<p>A bind operation failed because the provided address is already in use or because there are no ephemeral ports available.
 </li>
 <li>
 <p><a name="error_code.remote_unreachable"><code>remote-unreachable</code></a></p>
 <p>The remote address is not reachable
 </li>
 <li>
-<p><a name="error_code.already_listening"><code>already-listening</code></a></p>
-<p>The socket is already in the Listener state.
-</li>
-<li>
-<p><a name="error_code.not_listening"><code>not-listening</code></a></p>
-<p>The socket is already in the Listener state.
-</li>
-<li>
 <p><a name="error_code.connection_refused"><code>connection-refused</code></a></p>
 <p>The connection was forcefully rejected
 </li>
@@ -148,11 +107,11 @@ combined with a couple of errors that are always possible:</p>
 <p>The connection was reset.
 </li>
 <li>
-<p><a name="error_code.datagram_too_large"><code>datagram-too-large</code></a></p>
+<p><a name="error_code.connection_aborted"><code>connection-aborted</code></a></p>
+<p>A connection was aborted.
 </li>
 <li>
-<p><a name="error_code.invalid_name"><code>invalid-name</code></a></p>
-<p>The provided name is a syntactically invalid domain name.
+<p><a name="error_code.datagram_too_large"><code>datagram-too-large</code></a></p>
 </li>
 <li>
 <p><a name="error_code.name_unresolvable"><code>name-unresolvable</code></a></p>
@@ -308,31 +267,60 @@ being reaedy for I/O.</p>
 #### <a name="ip_address_family">`type ip-address-family`</a>
 [`ip-address-family`](#ip_address_family)
 <p>
-#### <a name="datagram">`record datagram`</a>
+#### <a name="incoming_datagram">`record incoming-datagram`</a>
+<p>A received datagram.</p>
+<h5>Record Fields</h5>
+<ul>
+<li>
+<p><a name="incoming_datagram.data"><code>data</code></a>: list&lt;<code>u8</code>&gt;</p>
+<p>The payload.
+<p>Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes.</p>
+</li>
+<li>
+<p><a name="incoming_datagram.remote_address"><code>remote-address</code></a>: <a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a></p>
+<p>The source address.
+<p>This field is guaranteed to match the remote address the stream was initialized with, if any.</p>
+<p>Equivalent to the <code>src_addr</code> out parameter of <code>recvfrom</code>.</p>
+</li>
+</ul>
+<h4><a name="outgoing_datagram"><code>record outgoing-datagram</code></a></h4>
+<p>A datagram to be sent out.</p>
 <h5>Record Fields</h5>
 <ul>
-<li><a name="datagram.data"><code>data</code></a>: list&lt;<code>u8</code>&gt;</li>
-<li><a name="datagram.remote_address"><code>remote-address</code></a>: <a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a></li>
+<li>
+<p><a name="outgoing_datagram.data"><code>data</code></a>: list&lt;<code>u8</code>&gt;</p>
+<p>The payload.
+</li>
+<li>
+<p><a name="outgoing_datagram.remote_address"><code>remote-address</code></a>: option&lt;<a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a>&gt;</p>
+<p>The destination address.
+<p>The requirements on this field depend on how the stream was initialized:</p>
+<ul>
+<li>with a remote address: this field must be None or match the stream's remote address exactly.</li>
+<li>without a remote address: this field is required.</li>
+</ul>
+<p>If this value is None, the send operation is equivalent to <code>send</code> in POSIX. Otherwise it is equivalent to <code>sendto</code>.</p>
+</li>
 </ul>
 <h4><a name="udp_socket"><code>resource udp-socket</code></a></h4>
+<h4><a name="incoming_datagram_stream"><code>resource incoming-datagram-stream</code></a></h4>
+<h4><a name="outgoing_datagram_stream"><code>resource outgoing-datagram-stream</code></a></h4>
 <hr />
 <h3>Functions</h3>
 <h4><a name="method_udp_socket.start_bind"><code>[method]udp-socket.start-bind: func</code></a></h4>
 <p>Bind the socket to a specific network on the provided IP address and port.</p>
 <p>If the IP address is zero (<code>0.0.0.0</code> in IPv4, <code>::</code> in IPv6), it is left to the implementation to decide which
 network interface(s) to bind to.
-If the TCP/UDP port is zero, the socket will be bound to a random free port.</p>
-<p>When a socket is not explicitly bound, the first invocation to connect will implicitly bind the socket.</p>
+If the port is zero, the socket will be bound to a random free port.</p>
 <p>Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.</p>
 <h1>Typical <code>start</code> errors</h1>
 <ul>
-<li><code>address-family-mismatch</code>:   The <code>local-address</code> has the wrong address family. (EINVAL)</li>
-<li><code>already-bound</code>:             The socket is already bound. (EINVAL)</li>
-<li><code>concurrency-conflict</code>:      Another <code>bind</code> or <code>connect</code> operation is already in progress. (EALREADY)</li>
+<li><code>invalid-argument</code>:          The <code>local-address</code> has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows)</li>
+<li><code>invalid-state</code>:             The socket is already bound. (EINVAL)</li>
 </ul>
 <h1>Typical <code>finish</code> errors</h1>
 <ul>
-<li><code>ephemeral-ports-exhausted</code>: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)</li>
+<li><code>address-in-use</code>:            No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)</li>
 <li><code>address-in-use</code>:            Address is already in use. (EADDRINUSE)</li>
 <li><code>address-not-bindable</code>:      <code>local-address</code> is not an address that the <a href="#network"><code>network</code></a> can bind to. (EADDRNOTAVAIL)</li>
 <li><code>not-in-progress</code>:           A <code>bind</code> operation is not in progress.</li>
@@ -364,29 +352,38 @@ If the TCP/UDP port is zero, the socket will be bound to a random free port.</p>
 <ul>
 <li><a name="method_udp_socket.finish_bind.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_udp_socket.start_connect"><code>[method]udp-socket.start-connect: func</code></a></h4>
-<p>Set the destination address.</p>
-<p>The local-address is updated based on the best network path to <code>remote-address</code>.</p>
-<p>When a destination address is set:</p>
-<ul>
-<li>all receive operations will only return datagrams sent from the provided <code>remote-address</code>.</li>
-<li>the <code>send</code> function can only be used to send to this destination.</li>
-</ul>
-<p>Note that this function does not generate any network traffic and the peer is not aware of this &quot;connection&quot;.</p>
-<p>Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.</p>
-<h1>Typical <code>start</code> errors</h1>
-<ul>
-<li><code>address-family-mismatch</code>:   The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
-<li><code>invalid-remote-address</code>:    The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EDESTADDRREQ, EADDRNOTAVAIL)</li>
-<li><code>invalid-remote-address</code>:    The port in <code>remote-address</code> is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)</li>
-<li><code>already-attached</code>:          The socket is already bound to a different network. The <a href="#network"><code>network</code></a> passed to <code>connect</code> must be identical to the one passed to <code>bind</code>.</li>
-<li><code>concurrency-conflict</code>:      Another <code>bind</code> or <code>connect</code> operation is already in progress. (EALREADY)</li>
-</ul>
-<h1>Typical <code>finish</code> errors</h1>
+<h4><a name="method_udp_socket.stream"><code>[method]udp-socket.stream: func</code></a></h4>
+<p>Set up inbound &amp; outbound communication channels, optionally to a specific peer.</p>
+<p>This function only changes the local socket configuration and does not generate any network traffic.
+On success, the <code>remote-address</code> of the socket is updated. The <code>local-address</code> may be updated as well,
+based on the best network path to <code>remote-address</code>.</p>
+<p>When a <code>remote-address</code> is provided, the returned streams are limited to communicating with that specific peer:</p>
+<ul>
+<li><code>send</code> can only be used to send to this destination.</li>
+<li><code>receive</code> will only return datagrams sent from the provided <code>remote-address</code>.</li>
+</ul>
+<p>This method may be called multiple times on the same socket to change its association, but
+only the most recently returned pair of streams will be operational. Implementations may trap if
+the streams returned by a previous invocation haven't been dropped yet before calling <code>stream</code> again.</p>
+<p>The POSIX equivalent in pseudo-code is:</p>
+<pre><code class="language-text">if (was previously connected) {
+  connect(s, AF_UNSPEC)
+}
+if (remote_address is Some) {
+  connect(s, remote_address)
+}
+</code></pre>
+<p>Unlike in POSIX, the socket must already be explicitly bound.</p>
+<h1>Typical errors</h1>
 <ul>
-<li><code>ephemeral-ports-exhausted</code>: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)</li>
-<li><code>not-in-progress</code>:           A <code>connect</code> operation is not in progress.</li>
-<li><code>would-block</code>:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)</li>
+<li><code>invalid-argument</code>:          The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
+<li><code>invalid-argument</code>:          <code>remote-address</code> is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)</li>
+<li><code>invalid-argument</code>:          The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EDESTADDRREQ, EADDRNOTAVAIL)</li>
+<li><code>invalid-argument</code>:          The port in <code>remote-address</code> is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)</li>
+<li><code>invalid-state</code>:             The socket is not bound.</li>
+<li><code>address-in-use</code>:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)</li>
+<li><code>remote-unreachable</code>:        The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)</li>
+<li><code>connection-refused</code>:        The connection was refused. (ECONNREFUSED)</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -397,100 +394,24 @@ If the TCP/UDP port is zero, the socket will be bound to a random free port.</p>
 </ul>
 <h5>Params</h5>
 <ul>
-<li><a name="method_udp_socket.start_connect.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
-<li><a name="method_udp_socket.start_connect.network"><a href="#network"><code>network</code></a></a>: borrow&lt;<a href="#network"><a href="#network"><code>network</code></a></a>&gt;</li>
-<li><a name="method_udp_socket.start_connect.remote_address"><code>remote-address</code></a>: <a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a></li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_udp_socket.start_connect.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
-</ul>
-<h4><a name="method_udp_socket.finish_connect"><code>[method]udp-socket.finish-connect: func</code></a></h4>
-<h5>Params</h5>
-<ul>
-<li><a name="method_udp_socket.finish_connect.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_udp_socket.finish_connect.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
-</ul>
-<h4><a name="method_udp_socket.receive"><code>[method]udp-socket.receive: func</code></a></h4>
-<p>Receive messages on the socket.</p>
-<p>This function attempts to receive up to <code>max-results</code> datagrams on the socket without blocking.
-The returned list may contain fewer elements than requested, but never more.
-If <code>max-results</code> is 0, this function returns successfully with an empty list.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>not-bound</code>:          The socket is not bound to any local address. (EINVAL)</li>
-<li><code>remote-unreachable</code>: The remote address is not reachable. (ECONNREFUSED, ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)</li>
-<li><code>would-block</code>:        There is no pending data available to be read at the moment. (EWOULDBLOCK, EAGAIN)</li>
-</ul>
-<h1>References</h1>
-<ul>
-<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html</a></li>
-<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html</a></li>
-<li><a href="https://man7.org/linux/man-pages/man2/recv.2.html">https://man7.org/linux/man-pages/man2/recv.2.html</a></li>
-<li><a href="https://man7.org/linux/man-pages/man2/recvmmsg.2.html">https://man7.org/linux/man-pages/man2/recvmmsg.2.html</a></li>
-<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv">https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv</a></li>
-<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom">https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom</a></li>
-<li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)">https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)</a></li>
-<li><a href="https://man.freebsd.org/cgi/man.cgi?query=recv&amp;sektion=2">https://man.freebsd.org/cgi/man.cgi?query=recv&amp;sektion=2</a></li>
-</ul>
-<h5>Params</h5>
-<ul>
-<li><a name="method_udp_socket.receive.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
-<li><a name="method_udp_socket.receive.max_results"><code>max-results</code></a>: <code>u64</code></li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_udp_socket.receive.0"></a> result&lt;list&lt;<a href="#datagram"><a href="#datagram"><code>datagram</code></a></a>&gt;, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
-</ul>
-<h4><a name="method_udp_socket.send"><code>[method]udp-socket.send: func</code></a></h4>
-<p>Send messages on the socket.</p>
-<p>This function attempts to send all provided <code>datagrams</code> on the socket without blocking and
-returns how many messages were actually sent (or queued for sending).</p>
-<p>This function semantically behaves the same as iterating the <code>datagrams</code> list and sequentially
-sending each individual datagram until either the end of the list has been reached or the first error occurred.
-If at least one datagram has been sent successfully, this function never returns an error.</p>
-<p>If the input list is empty, the function returns <code>ok(0)</code>.</p>
-<p>The remote address option is required. To send a message to the &quot;connected&quot; peer,
-call <code>remote-address</code> to get their address.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>address-family-mismatch</code>: The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
-<li><code>invalid-remote-address</code>:  The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EDESTADDRREQ, EADDRNOTAVAIL)</li>
-<li><code>invalid-remote-address</code>:  The port in <code>remote-address</code> is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)</li>
-<li><code>already-connected</code>:       The socket is in &quot;connected&quot; mode and the <code>datagram.remote-address</code> does not match the address passed to <code>connect</code>. (EISCONN)</li>
-<li><code>not-bound</code>:               The socket is not bound to any local address. Unlike POSIX, this function does not perform an implicit bind.</li>
-<li><code>remote-unreachable</code>:      The remote address is not reachable. (ECONNREFUSED, ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)</li>
-<li><code>datagram-too-large</code>:      The datagram is too large. (EMSGSIZE)</li>
-<li><code>would-block</code>:             The send buffer is currently full. (EWOULDBLOCK, EAGAIN)</li>
-</ul>
-<h1>References</h1>
-<ul>
-<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html</a></li>
-<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html</a></li>
-<li><a href="https://man7.org/linux/man-pages/man2/send.2.html">https://man7.org/linux/man-pages/man2/send.2.html</a></li>
-<li><a href="https://man7.org/linux/man-pages/man2/sendmmsg.2.html">https://man7.org/linux/man-pages/man2/sendmmsg.2.html</a></li>
-<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send</a></li>
-<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto</a></li>
-<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg</a></li>
-<li><a href="https://man.freebsd.org/cgi/man.cgi?query=send&amp;sektion=2">https://man.freebsd.org/cgi/man.cgi?query=send&amp;sektion=2</a></li>
-</ul>
-<h5>Params</h5>
-<ul>
-<li><a name="method_udp_socket.send.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
-<li><a name="method_udp_socket.send.datagrams"><code>datagrams</code></a>: list&lt;<a href="#datagram"><a href="#datagram"><code>datagram</code></a></a>&gt;</li>
+<li><a name="method_udp_socket.stream.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
+<li><a name="method_udp_socket.stream.remote_address"><code>remote-address</code></a>: option&lt;<a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a>&gt;</li>
 </ul>
 <h5>Return values</h5>
 <ul>
-<li><a name="method_udp_socket.send.0"></a> result&lt;<code>u64</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+<li><a name="method_udp_socket.stream.0"></a> result&lt;(own&lt;<a href="#incoming_datagram_stream"><a href="#incoming_datagram_stream"><code>incoming-datagram-stream</code></a></a>&gt;, own&lt;<a href="#outgoing_datagram_stream"><a href="#outgoing_datagram_stream"><code>outgoing-datagram-stream</code></a></a>&gt;), <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
 <h4><a name="method_udp_socket.local_address"><code>[method]udp-socket.local-address: func</code></a></h4>
 <p>Get the current bound address.</p>
+<p>POSIX mentions:</p>
+<blockquote>
+<p>If the socket has not been bound to a local name, the value
+stored in the object pointed to by <code>address</code> is unspecified.</p>
+</blockquote>
+<p>WASI is stricter and requires <code>local-address</code> to return <code>invalid-state</code> when the socket hasn't been bound yet.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-bound</code>: The socket is not bound to any local address.</li>
+<li><code>invalid-state</code>: The socket is not bound to any local address.</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -508,10 +429,10 @@ call <code>remote-address</code> to get their address.</p>
 <li><a name="method_udp_socket.local_address.0"></a> result&lt;<a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
 <h4><a name="method_udp_socket.remote_address"><code>[method]udp-socket.remote-address: func</code></a></h4>
-<p>Get the address set with <code>connect</code>.</p>
+<p>Get the address the socket is currently streaming to.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-connected</code>: The socket is not connected to a remote address. (ENOTCONN)</li>
+<li><code>invalid-state</code>: The socket is not streaming to a specific remote address. (ENOTCONN)</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -544,10 +465,9 @@ call <code>remote-address</code> to get their address.</p>
 <p>Equivalent to the IPV6_V6ONLY socket option.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>ipv6-only-operation</code>:  (get/set) <code>this</code> socket is an IPv4 socket.</li>
-<li><code>already-bound</code>:        (set) The socket is already bound.</li>
+<li><code>not-supported</code>:        (get/set) <code>this</code> socket is an IPv4 socket.</li>
+<li><code>invalid-state</code>:        (set) The socket is already bound.</li>
 <li><code>not-supported</code>:        (set) Host does not support dual-stack sockets. (Implementations are not required to.)</li>
-<li><code>concurrency-conflict</code>: (set) Another <code>bind</code> or <code>connect</code> operation is already in progress. (EALREADY)</li>
 </ul>
 <h5>Params</h5>
 <ul>
@@ -569,10 +489,6 @@ call <code>remote-address</code> to get their address.</p>
 </ul>
 <h4><a name="method_udp_socket.unicast_hop_limit"><code>[method]udp-socket.unicast-hop-limit: func</code></a></h4>
 <p>Equivalent to the IP_TTL &amp; IPV6_UNICAST_HOPS socket options.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>concurrency-conflict</code>: (set) Another <code>bind</code> or <code>connect</code> operation is already in progress. (EALREADY)</li>
-</ul>
 <h5>Params</h5>
 <ul>
 <li><a name="method_udp_socket.unicast_hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
@@ -599,10 +515,6 @@ In other words, after setting a value, reading the same setting back may return
 actual data to be sent/received by the application, because the kernel might also use the buffer space
 for internal metadata structures.</p>
 <p>Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>concurrency-conflict</code>: (set) Another <code>bind</code> or <code>connect</code> operation is already in progress. (EALREADY)</li>
-</ul>
 <h5>Params</h5>
 <ul>
 <li><a name="method_udp_socket.receive_buffer_size.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
@@ -652,6 +564,125 @@ It's planned to be removed when <code>future</code> is natively supported in Pre
 <ul>
 <li><a name="method_udp_socket.subscribe.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
 </ul>
+<h4><a name="method_incoming_datagram_stream.receive"><code>[method]incoming-datagram-stream.receive: func</code></a></h4>
+<p>Receive messages on the socket.</p>
+<p>This function attempts to receive up to <code>max-results</code> datagrams on the socket without blocking.
+The returned list may contain fewer elements than requested, but never more.</p>
+<p>This function returns successfully with an empty list when either:</p>
+<ul>
+<li><code>max-results</code> is 0, or:</li>
+<li><code>max-results</code> is greater than 0, but no results are immediately available.
+This function never returns <code>error(would-block)</code>.</li>
+</ul>
+<h1>Typical errors</h1>
+<ul>
+<li><code>remote-unreachable</code>: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)</li>
+<li><code>connection-refused</code>: The connection was refused. (ECONNREFUSED)</li>
+</ul>
+<h1>References</h1>
+<ul>
+<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html</a></li>
+<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html</a></li>
+<li><a href="https://man7.org/linux/man-pages/man2/recv.2.html">https://man7.org/linux/man-pages/man2/recv.2.html</a></li>
+<li><a href="https://man7.org/linux/man-pages/man2/recvmmsg.2.html">https://man7.org/linux/man-pages/man2/recvmmsg.2.html</a></li>
+<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv">https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv</a></li>
+<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom">https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom</a></li>
+<li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)">https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)</a></li>
+<li><a href="https://man.freebsd.org/cgi/man.cgi?query=recv&amp;sektion=2">https://man.freebsd.org/cgi/man.cgi?query=recv&amp;sektion=2</a></li>
+</ul>
+<h5>Params</h5>
+<ul>
+<li><a name="method_incoming_datagram_stream.receive.self"><code>self</code></a>: borrow&lt;<a href="#incoming_datagram_stream"><a href="#incoming_datagram_stream"><code>incoming-datagram-stream</code></a></a>&gt;</li>
+<li><a name="method_incoming_datagram_stream.receive.max_results"><code>max-results</code></a>: <code>u64</code></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_incoming_datagram_stream.receive.0"></a> result&lt;list&lt;<a href="#incoming_datagram"><a href="#incoming_datagram"><code>incoming-datagram</code></a></a>&gt;, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_incoming_datagram_stream.subscribe"><code>[method]incoming-datagram-stream.subscribe: func</code></a></h4>
+<p>Create a <a href="#pollable"><code>pollable</code></a> which will resolve once the stream is ready to receive again.</p>
+<p>Note: this function is here for WASI Preview2 only.
+It's planned to be removed when <code>future</code> is natively supported in Preview3.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="method_incoming_datagram_stream.subscribe.self"><code>self</code></a>: borrow&lt;<a href="#incoming_datagram_stream"><a href="#incoming_datagram_stream"><code>incoming-datagram-stream</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_incoming_datagram_stream.subscribe.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_outgoing_datagram_stream.check_send"><code>[method]outgoing-datagram-stream.check-send: func</code></a></h4>
+<p>Check readiness for sending. This function never blocks.</p>
+<p>Returns the number of datagrams permitted for the next call to <code>send</code>,
+or an error. Calling <code>send</code> with more datagrams than this function has
+permitted will trap.</p>
+<p>When this function returns ok(0), the <code>subscribe</code> pollable will
+become ready when this function will report at least ok(1), or an
+error.</p>
+<p>Never returns <code>would-block</code>.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.check_send.self"><code>self</code></a>: borrow&lt;<a href="#outgoing_datagram_stream"><a href="#outgoing_datagram_stream"><code>outgoing-datagram-stream</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.check_send.0"></a> result&lt;<code>u64</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_outgoing_datagram_stream.send"><code>[method]outgoing-datagram-stream.send: func</code></a></h4>
+<p>Send messages on the socket.</p>
+<p>This function attempts to send all provided <code>datagrams</code> on the socket without blocking and
+returns how many messages were actually sent (or queued for sending). This function never
+returns <code>error(would-block)</code>. If none of the datagrams were able to be sent, <code>ok(0)</code> is returned.</p>
+<p>This function semantically behaves the same as iterating the <code>datagrams</code> list and sequentially
+sending each individual datagram until either the end of the list has been reached or the first error occurred.
+If at least one datagram has been sent successfully, this function never returns an error.</p>
+<p>If the input list is empty, the function returns <code>ok(0)</code>.</p>
+<p>Each call to <code>send</code> must be permitted by a preceding <code>check-send</code>. Implementations must trap if
+either <code>check-send</code> was not called or <code>datagrams</code> contains more items than <code>check-send</code> permitted.</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:        The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
+<li><code>invalid-argument</code>:        <code>remote-address</code> is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)</li>
+<li><code>invalid-argument</code>:        The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EDESTADDRREQ, EADDRNOTAVAIL)</li>
+<li><code>invalid-argument</code>:        The port in <code>remote-address</code> is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)</li>
+<li><code>invalid-argument</code>:        The socket is in &quot;connected&quot; mode and <code>remote-address</code> is <code>some</code> value that does not match the address passed to <code>stream</code>. (EISCONN)</li>
+<li><code>invalid-argument</code>:        The socket is not &quot;connected&quot; and no value for <code>remote-address</code> was provided. (EDESTADDRREQ)</li>
+<li><code>remote-unreachable</code>:      The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)</li>
+<li><code>connection-refused</code>:      The connection was refused. (ECONNREFUSED)</li>
+<li><code>datagram-too-large</code>:      The datagram is too large. (EMSGSIZE)</li>
+</ul>
+<h1>References</h1>
+<ul>
+<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html</a></li>
+<li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html</a></li>
+<li><a href="https://man7.org/linux/man-pages/man2/send.2.html">https://man7.org/linux/man-pages/man2/send.2.html</a></li>
+<li><a href="https://man7.org/linux/man-pages/man2/sendmmsg.2.html">https://man7.org/linux/man-pages/man2/sendmmsg.2.html</a></li>
+<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send</a></li>
+<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto</a></li>
+<li><a href="https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg">https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg</a></li>
+<li><a href="https://man.freebsd.org/cgi/man.cgi?query=send&amp;sektion=2">https://man.freebsd.org/cgi/man.cgi?query=send&amp;sektion=2</a></li>
+</ul>
+<h5>Params</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.send.self"><code>self</code></a>: borrow&lt;<a href="#outgoing_datagram_stream"><a href="#outgoing_datagram_stream"><code>outgoing-datagram-stream</code></a></a>&gt;</li>
+<li><a name="method_outgoing_datagram_stream.send.datagrams"><code>datagrams</code></a>: list&lt;<a href="#outgoing_datagram"><a href="#outgoing_datagram"><code>outgoing-datagram</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.send.0"></a> result&lt;<code>u64</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_outgoing_datagram_stream.subscribe"><code>[method]outgoing-datagram-stream.subscribe: func</code></a></h4>
+<p>Create a <a href="#pollable"><code>pollable</code></a> which will resolve once the stream is ready to send again.</p>
+<p>Note: this function is here for WASI Preview2 only.
+It's planned to be removed when <code>future</code> is natively supported in Preview3.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.subscribe.self"><code>self</code></a>: borrow&lt;<a href="#outgoing_datagram_stream"><a href="#outgoing_datagram_stream"><code>outgoing-datagram-stream</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_outgoing_datagram_stream.subscribe.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
+</ul>
 <h2><a name="wasi:sockets_udp_create_socket">Import interface wasi:sockets/udp-create-socket</a></h2>
 <hr />
 <h3>Types</h3>
@@ -673,14 +704,13 @@ It's planned to be removed when <code>future</code> is natively supported in Pre
 <p>Create a new UDP socket.</p>
 <p>Similar to <code>socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)</code> in POSIX.</p>
 <p>This function does not require a network capability handle. This is considered to be safe because
-at time of creation, the socket is not bound to any <a href="#network"><code>network</code></a> yet. Up to the moment <code>bind</code>/<code>connect</code> is called,
+at time of creation, the socket is not bound to any <a href="#network"><code>network</code></a> yet. Up to the moment <code>bind</code> is called,
 the socket is effectively an in-memory configuration object, unable to communicate with the outside world.</p>
 <p>All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-supported</code>:                The host does not support UDP sockets. (EOPNOTSUPP)</li>
-<li><code>address-family-not-supported</code>: The specified <code>address-family</code> is not supported. (EAFNOSUPPORT)</li>
-<li><code>new-socket-limit</code>:             The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)</li>
+<li><code>not-supported</code>:     The specified <code>address-family</code> is not supported. (EAFNOSUPPORT)</li>
+<li><code>new-socket-limit</code>:  The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)</li>
 </ul>
 <h1>References:</h1>
 <ul>
@@ -1065,13 +1095,14 @@ implicitly bind the socket.</p>
 <p>Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.</p>
 <h1>Typical <code>start</code> errors</h1>
 <ul>
-<li><code>address-family-mismatch</code>:   The <code>local-address</code> has the wrong address family. (EINVAL)</li>
-<li><code>already-bound</code>:             The socket is already bound. (EINVAL)</li>
-<li><code>concurrency-conflict</code>:      Another <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
+<li><code>invalid-argument</code>:          The <code>local-address</code> has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows)</li>
+<li><code>invalid-argument</code>:          <code>local-address</code> is not a unicast address. (EINVAL)</li>
+<li><code>invalid-argument</code>:          <code>local-address</code> is an IPv4-mapped IPv6 address, but the socket has <code>ipv6-only</code> enabled. (EINVAL)</li>
+<li><code>invalid-state</code>:             The socket is already bound. (EINVAL)</li>
 </ul>
 <h1>Typical <code>finish</code> errors</h1>
 <ul>
-<li><code>ephemeral-ports-exhausted</code>: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)</li>
+<li><code>address-in-use</code>:            No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)</li>
 <li><code>address-in-use</code>:            Address is already in use. (EADDRINUSE)</li>
 <li><code>address-not-bindable</code>:      <code>local-address</code> is not an address that the <a href="#network"><code>network</code></a> can bind to. (EADDRNOTAVAIL)</li>
 <li><code>not-in-progress</code>:           A <code>bind</code> operation is not in progress.</li>
@@ -1110,23 +1141,37 @@ implicitly bind the socket.</p>
 <li>the socket is transitioned into the Connection state</li>
 <li>a pair of streams is returned that can be used to read &amp; write to the connection</li>
 </ul>
+<p>POSIX mentions:</p>
+<blockquote>
+<p>If connect() fails, the state of the socket is unspecified. Conforming applications should
+close the file descriptor and create a new socket before attempting to reconnect.</p>
+</blockquote>
+<p>WASI prescribes the following behavior:</p>
+<ul>
+<li>If <code>connect</code> fails because an input/state validation error, the socket should remain usable.</li>
+<li>If a connection was actually attempted but failed, the socket should become unusable for further network communication.
+Besides <code>drop</code>, any method after such a failure may return an error.</li>
+</ul>
 <h1>Typical <code>start</code> errors</h1>
 <ul>
-<li><code>address-family-mismatch</code>:   The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
-<li><code>invalid-remote-address</code>:    The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EADDRNOTAVAIL on Windows)</li>
-<li><code>invalid-remote-address</code>:    The port in <code>remote-address</code> is set to 0. (EADDRNOTAVAIL on Windows)</li>
-<li><code>already-attached</code>:          The socket is already attached to a different network. The <a href="#network"><code>network</code></a> passed to <code>connect</code> must be identical to the one passed to <code>bind</code>.</li>
-<li><code>already-connected</code>:         The socket is already in the Connection state. (EISCONN)</li>
-<li><code>already-listening</code>:         The socket is already in the Listener state. (EOPNOTSUPP, EINVAL on Windows)</li>
-<li><code>concurrency-conflict</code>:      Another <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
+<li><code>invalid-argument</code>:          The <code>remote-address</code> has the wrong address family. (EAFNOSUPPORT)</li>
+<li><code>invalid-argument</code>:          <code>remote-address</code> is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS)</li>
+<li><code>invalid-argument</code>:          <code>remote-address</code> is an IPv4-mapped IPv6 address, but the socket has <code>ipv6-only</code> enabled. (EINVAL, EADDRNOTAVAIL on Illumos)</li>
+<li><code>invalid-argument</code>:          <code>remote-address</code> is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)</li>
+<li><code>invalid-argument</code>:          The IP address in <code>remote-address</code> is set to INADDR_ANY (<code>0.0.0.0</code> / <code>::</code>). (EADDRNOTAVAIL on Windows)</li>
+<li><code>invalid-argument</code>:          The port in <code>remote-address</code> is set to 0. (EADDRNOTAVAIL on Windows)</li>
+<li><code>invalid-argument</code>:          The socket is already attached to a different network. The <a href="#network"><code>network</code></a> passed to <code>connect</code> must be identical to the one passed to <code>bind</code>.</li>
+<li><code>invalid-state</code>:             The socket is already in the Connection state. (EISCONN)</li>
+<li><code>invalid-state</code>:             The socket is already in the Listener state. (EOPNOTSUPP, EINVAL on Windows)</li>
 </ul>
 <h1>Typical <code>finish</code> errors</h1>
 <ul>
 <li><code>timeout</code>:                   Connection timed out. (ETIMEDOUT)</li>
 <li><code>connection-refused</code>:        The connection was forcefully rejected. (ECONNREFUSED)</li>
 <li><code>connection-reset</code>:          The connection was reset. (ECONNRESET)</li>
-<li><code>remote-unreachable</code>:        The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)</li>
-<li><code>ephemeral-ports-exhausted</code>: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)</li>
+<li><code>connection-aborted</code>:        The connection was aborted. (ECONNABORTED)</li>
+<li><code>remote-unreachable</code>:        The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)</li>
+<li><code>address-in-use</code>:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)</li>
 <li><code>not-in-progress</code>:           A <code>connect</code> operation is not in progress.</li>
 <li><code>would-block</code>:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)</li>
 </ul>
@@ -1166,14 +1211,13 @@ implicitly bind the socket.</p>
 </ul>
 <h1>Typical <code>start</code> errors</h1>
 <ul>
-<li><code>not-bound</code>:                 The socket is not bound to any local address. (EDESTADDRREQ)</li>
-<li><code>already-connected</code>:         The socket is already in the Connection state. (EISCONN, EINVAL on BSD)</li>
-<li><code>already-listening</code>:         The socket is already in the Listener state.</li>
-<li><code>concurrency-conflict</code>:      Another <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EINVAL on BSD)</li>
+<li><code>invalid-state</code>:             The socket is not bound to any local address. (EDESTADDRREQ)</li>
+<li><code>invalid-state</code>:             The socket is already in the Connection state. (EISCONN, EINVAL on BSD)</li>
+<li><code>invalid-state</code>:             The socket is already in the Listener state.</li>
 </ul>
 <h1>Typical <code>finish</code> errors</h1>
 <ul>
-<li><code>ephemeral-ports-exhausted</code>: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE)</li>
+<li><code>address-in-use</code>:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE)</li>
 <li><code>not-in-progress</code>:           A <code>listen</code> operation is not in progress.</li>
 <li><code>would-block</code>:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)</li>
 </ul>
@@ -1203,15 +1247,24 @@ implicitly bind the socket.</p>
 </ul>
 <h4><a name="method_tcp_socket.accept"><code>[method]tcp-socket.accept: func</code></a></h4>
 <p>Accept a new client socket.</p>
-<p>The returned socket is bound and in the Connection state.</p>
+<p>The returned socket is bound and in the Connection state. The following properties are inherited from the listener socket:</p>
+<ul>
+<li><code>address-family</code></li>
+<li><code>ipv6-only</code></li>
+<li><code>keep-alive</code></li>
+<li><code>unicast-hop-limit</code></li>
+<li><code>receive-buffer-size</code></li>
+<li><code>send-buffer-size</code></li>
+</ul>
 <p>On success, this function returns the newly accepted client socket along with
 a pair of streams that can be used to read &amp; write to the connection.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-listening</code>: Socket is not in the Listener state. (EINVAL)</li>
-<li><code>would-block</code>:   No pending connections at the moment. (EWOULDBLOCK, EAGAIN)</li>
+<li><code>invalid-state</code>:      Socket is not in the Listener state. (EINVAL)</li>
+<li><code>would-block</code>:        No pending connections at the moment. (EWOULDBLOCK, EAGAIN)</li>
+<li><code>connection-aborted</code>: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED)</li>
+<li><code>new-socket-limit</code>:   The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)</li>
 </ul>
-<p>Host implementations must skip over transient errors returned by the native accept syscall.</p>
 <h1>References</h1>
 <ul>
 <li><a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/accept.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/accept.html</a></li>
@@ -1229,9 +1282,15 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 </ul>
 <h4><a name="method_tcp_socket.local_address"><code>[method]tcp-socket.local-address: func</code></a></h4>
 <p>Get the bound local address.</p>
+<p>POSIX mentions:</p>
+<blockquote>
+<p>If the socket has not been bound to a local name, the value
+stored in the object pointed to by <code>address</code> is unspecified.</p>
+</blockquote>
+<p>WASI is stricter and requires <code>local-address</code> to return <code>invalid-state</code> when the socket hasn't been bound yet.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-bound</code>: The socket is not bound to any local address.</li>
+<li><code>invalid-state</code>: The socket is not bound to any local address.</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -1249,10 +1308,10 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 <li><a name="method_tcp_socket.local_address.0"></a> result&lt;<a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
 <h4><a name="method_tcp_socket.remote_address"><code>[method]tcp-socket.remote-address: func</code></a></h4>
-<p>Get the bound remote address.</p>
+<p>Get the remote address.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-connected</code>: The socket is not connected to a remote address. (ENOTCONN)</li>
+<li><code>invalid-state</code>: The socket is not connected to a remote address. (ENOTCONN)</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -1285,10 +1344,9 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 <p>Equivalent to the IPV6_V6ONLY socket option.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>ipv6-only-operation</code>:  (get/set) <code>this</code> socket is an IPv4 socket.</li>
-<li><code>already-bound</code>:        (set) The socket is already bound.</li>
+<li><code>invalid-state</code>:        (set) The socket is already bound.</li>
+<li><code>not-supported</code>:        (get/set) <code>this</code> socket is an IPv4 socket.</li>
 <li><code>not-supported</code>:        (set) Host does not support dual-stack sockets. (Implementations are not required to.)</li>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
 </ul>
 <h5>Params</h5>
 <ul>
@@ -1312,8 +1370,8 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 <p>Hints the desired listen queue size. Implementations are free to ignore this.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>already-connected</code>:    (set) The socket is already in the Connection state.</li>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
+<li><code>not-supported</code>:        (set) The platform does not support changing the backlog size after the initial listen.</li>
+<li><code>invalid-state</code>:        (set) The socket is already in the Connection state.</li>
 </ul>
 <h5>Params</h5>
 <ul>
@@ -1326,10 +1384,6 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 </ul>
 <h4><a name="method_tcp_socket.keep_alive"><code>[method]tcp-socket.keep-alive: func</code></a></h4>
 <p>Equivalent to the SO_KEEPALIVE socket option.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
-</ul>
 <h5>Params</h5>
 <ul>
 <li><a name="method_tcp_socket.keep_alive.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
@@ -1348,37 +1402,13 @@ a pair of streams that can be used to read &amp; write to the connection.</p>
 <ul>
 <li><a name="method_tcp_socket.set_keep_alive.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_tcp_socket.no_delay"><code>[method]tcp-socket.no-delay: func</code></a></h4>
-<p>Equivalent to the TCP_NODELAY socket option.</p>
-<h1>Typical errors</h1>
-<ul>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
-</ul>
-<h5>Params</h5>
-<ul>
-<li><a name="method_tcp_socket.no_delay.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_tcp_socket.no_delay.0"></a> result&lt;<code>bool</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
-</ul>
-<h4><a name="method_tcp_socket.set_no_delay"><code>[method]tcp-socket.set-no-delay: func</code></a></h4>
-<h5>Params</h5>
-<ul>
-<li><a name="method_tcp_socket.set_no_delay.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
-<li><a name="method_tcp_socket.set_no_delay.value"><code>value</code></a>: <code>bool</code></li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_tcp_socket.set_no_delay.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
-</ul>
 <h4><a name="method_tcp_socket.unicast_hop_limit"><code>[method]tcp-socket.unicast-hop-limit: func</code></a></h4>
 <p>Equivalent to the IP_TTL &amp; IPV6_UNICAST_HOPS socket options.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>already-connected</code>:    (set) The socket is already in the Connection state.</li>
-<li><code>already-listening</code>:    (set) The socket is already in the Listener state.</li>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
+<li><code>invalid-argument</code>:     (set) The TTL value must be 1 or higher.</li>
+<li><code>invalid-state</code>:        (set) The socket is already in the Connection state.</li>
+<li><code>invalid-state</code>:        (set) The socket is already in the Listener state.</li>
 </ul>
 <h5>Params</h5>
 <ul>
@@ -1408,9 +1438,8 @@ for internal metadata structures.</p>
 <p>Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>already-connected</code>:    (set) The socket is already in the Connection state.</li>
-<li><code>already-listening</code>:    (set) The socket is already in the Listener state.</li>
-<li><code>concurrency-conflict</code>: (set) A <code>bind</code>, <code>connect</code> or <code>listen</code> operation is already in progress. (EALREADY)</li>
+<li><code>invalid-state</code>:        (set) The socket is already in the Connection state.</li>
+<li><code>invalid-state</code>:        (set) The socket is already in the Listener state.</li>
 </ul>
 <h5>Params</h5>
 <ul>
@@ -1474,7 +1503,7 @@ operations on the <a href="#output_stream"><code>output-stream</code></a> associ
 <p>The shutdown function does not close (drop) the socket.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-connected</code>: The socket is not in the Connection state. (ENOTCONN)</li>
+<li><code>invalid-state</code>: The socket is not in the Connection state. (ENOTCONN)</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -1518,9 +1547,8 @@ is called, the socket is effectively an in-memory configuration object, unable t
 <p>All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>not-supported</code>:                The host does not support TCP sockets. (EOPNOTSUPP)</li>
-<li><code>address-family-not-supported</code>: The specified <code>address-family</code> is not supported. (EAFNOSUPPORT)</li>
-<li><code>new-socket-limit</code>:             The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)</li>
+<li><code>not-supported</code>:     The specified <code>address-family</code> is not supported. (EAFNOSUPPORT)</li>
+<li><code>new-socket-limit</code>:  The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)</li>
 </ul>
 <h1>References</h1>
 <ul>
@@ -1552,35 +1580,21 @@ is called, the socket is effectively an in-memory configuration object, unable t
 #### <a name="ip_address">`type ip-address`</a>
 [`ip-address`](#ip_address)
 <p>
-#### <a name="ip_address_family">`type ip-address-family`</a>
-[`ip-address-family`](#ip_address_family)
-<p>
 #### <a name="resolve_address_stream">`resource resolve-address-stream`</a>
 <hr />
 <h3>Functions</h3>
 <h4><a name="resolve_addresses"><code>resolve-addresses: func</code></a></h4>
 <p>Resolve an internet host name to a list of IP addresses.</p>
+<p>Unicode domain names are automatically converted to ASCII using IDNA encoding.
+If the input is an IP address string, the address is parsed and returned
+as-is without making any external requests.</p>
 <p>See the wasi-socket proposal README.md for a comparison with getaddrinfo.</p>
-<h1>Parameters</h1>
-<ul>
-<li><code>name</code>: The name to look up. IP addresses are not allowed. Unicode domain names are automatically converted
-to ASCII using IDNA encoding.</li>
-<li><code>address-family</code>: If provided, limit the results to addresses of this specific address family.</li>
-<li><code>include-unavailable</code>: When set to true, this function will also return addresses of which the runtime
-thinks (or knows) can't be connected to at the moment. For example, this will return IPv6 addresses on
-systems without an active IPv6 interface. Notes:</li>
-<li>Even when no public IPv6 interfaces are present or active, names like &quot;localhost&quot; can still resolve to an IPv6 address.</li>
-<li>Whatever is &quot;available&quot; or &quot;unavailable&quot; is volatile and can change everytime a network cable is unplugged.</li>
-</ul>
-<p>This function never blocks. It either immediately fails or immediately returns successfully with a <a href="#resolve_address_stream"><code>resolve-address-stream</code></a>
-that can be used to (asynchronously) fetch the results.</p>
-<p>At the moment, the stream never completes successfully with 0 items. Ie. the first call
-to <code>resolve-next-address</code> never returns <code>ok(none)</code>. This may change in the future.</p>
+<p>This function never blocks. It either immediately fails or immediately
+returns successfully with a <a href="#resolve_address_stream"><code>resolve-address-stream</code></a> that can be used
+to (asynchronously) fetch the results.</p>
 <h1>Typical errors</h1>
 <ul>
-<li><code>invalid-name</code>:                 <code>name</code> is a syntactically invalid domain name.</li>
-<li><code>invalid-name</code>:                 <code>name</code> is an IP address.</li>
-<li><code>address-family-not-supported</code>: The specified <code>address-family</code> is not supported. (EAI_FAMILY)</li>
+<li><code>invalid-argument</code>: <code>name</code> is a syntactically invalid domain name or IP address.</li>
 </ul>
 <h1>References:</h1>
 <ul>
@@ -1593,8 +1607,6 @@ to <code>resolve-next-address</code> never returns <code>ok(none)</code>. This m
 <ul>
 <li><a name="resolve_addresses.network"><a href="#network"><code>network</code></a></a>: borrow&lt;<a href="#network"><a href="#network"><code>network</code></a></a>&gt;</li>
 <li><a name="resolve_addresses.name"><code>name</code></a>: <code>string</code></li>
-<li><a name="resolve_addresses.address_family"><code>address-family</code></a>: option&lt;<a href="#ip_address_family"><a href="#ip_address_family"><code>ip-address-family</code></a></a>&gt;</li>
-<li><a name="resolve_addresses.include_unavailable"><code>include-unavailable</code></a>: <code>bool</code></li>
 </ul>
 <h5>Return values</h5>
 <ul>
diff --git a/wit/ip-name-lookup.wit b/wit/ip-name-lookup.wit
index 22113ae..cd8d5c4 100644
--- a/wit/ip-name-lookup.wit
+++ b/wit/ip-name-lookup.wit
@@ -1,50 +1,40 @@
 
 interface ip-name-lookup {
     use wasi:io/poll.{pollable};
-    use network.{network, error-code, ip-address, ip-address-family};
+    use network.{network, error-code, ip-address};
 
 
     /// Resolve an internet host name to a list of IP addresses.
-    /// 
+    ///
+    /// Unicode domain names are automatically converted to ASCII using IDNA encoding.
+    /// If the input is an IP address string, the address is parsed and returned
+    /// as-is without making any external requests.
+    ///
     /// See the wasi-socket proposal README.md for a comparison with getaddrinfo.
-    /// 
-    /// # Parameters
-    /// - `name`: The name to look up. IP addresses are not allowed. Unicode domain names are automatically converted
-    ///     to ASCII using IDNA encoding.
-    /// - `address-family`: If provided, limit the results to addresses of this specific address family.
-    /// - `include-unavailable`: When set to true, this function will also return addresses of which the runtime
-    ///   thinks (or knows) can't be connected to at the moment. For example, this will return IPv6 addresses on
-    ///   systems without an active IPv6 interface. Notes:
-    ///     - Even when no public IPv6 interfaces are present or active, names like "localhost" can still resolve to an IPv6 address.
-    ///     - Whatever is "available" or "unavailable" is volatile and can change everytime a network cable is unplugged.
-    /// 
-    /// This function never blocks. It either immediately fails or immediately returns successfully with a `resolve-address-stream`
-    /// that can be used to (asynchronously) fetch the results.
-    /// 
-    /// At the moment, the stream never completes successfully with 0 items. Ie. the first call
-    /// to `resolve-next-address` never returns `ok(none)`. This may change in the future.
-    /// 
+    ///
+    /// This function never blocks. It either immediately fails or immediately
+    /// returns successfully with a `resolve-address-stream` that can be used
+    /// to (asynchronously) fetch the results.
+    ///
     /// # Typical errors
-    /// - `invalid-name`:                 `name` is a syntactically invalid domain name.
-    /// - `invalid-name`:                 `name` is an IP address.
-    /// - `address-family-not-supported`: The specified `address-family` is not supported. (EAI_FAMILY)
-    /// 
+    /// - `invalid-argument`: `name` is a syntactically invalid domain name or IP address.
+    ///
     /// # References:
     /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/getaddrinfo.html>
     /// - <https://man7.org/linux/man-pages/man3/getaddrinfo.3.html>
     /// - <https://learn.microsoft.com/en-us/windows/win32/api/ws2tcpip/nf-ws2tcpip-getaddrinfo>
     /// - <https://man.freebsd.org/cgi/man.cgi?query=getaddrinfo&sektion=3>
-    resolve-addresses: func(network: borrow<network>, name: string, address-family: option<ip-address-family>, include-unavailable: bool) -> result<resolve-address-stream, error-code>;
+    resolve-addresses: func(network: borrow<network>, name: string) -> result<resolve-address-stream, error-code>;
 
     resource resolve-address-stream {
         /// Returns the next address from the resolver.
-        /// 
+        ///
         /// This function should be called multiple times. On each call, it will
         /// return the next address in connection order preference. If all
         /// addresses have been exhausted, this function returns `none`.
-        /// 
+        ///
         /// This function never returns IPv4-mapped IPv6 addresses.
-        /// 
+        ///
         /// # Typical errors
         /// - `name-unresolvable`:          Name does not exist or has no suitable associated IP addresses. (EAI_NONAME, EAI_NODATA, EAI_ADDRFAMILY)
         /// - `temporary-resolver-failure`: A temporary failure in name resolution occurred. (EAI_AGAIN)
@@ -53,7 +43,7 @@ interface ip-name-lookup {
         resolve-next-address: func() -> result<option<ip-address>, error-code>;
 
         /// Create a `pollable` which will resolve once the stream is ready for I/O.
-        /// 
+        ///
         /// Note: this function is here for WASI Preview2 only.
         /// It's planned to be removed when `future` is natively supported in Preview3.
         subscribe: func() -> pollable;
diff --git a/wit/network.wit b/wit/network.wit
index 901a4a8..6bb07cd 100644
--- a/wit/network.wit
+++ b/wit/network.wit
@@ -6,7 +6,7 @@ interface network {
     resource network;
 
     /// Error codes.
-    /// 
+    ///
     /// In theory, every API can return any error code.
     /// In practice, API's typically only return the errors documented per API
     /// combined with a couple of errors that are always possible:
@@ -14,7 +14,8 @@ interface network {
     /// - `access-denied`
     /// - `not-supported`
     /// - `out-of-memory`
-    /// 
+    /// - `concurrency-conflict`
+    ///
     /// See each individual API for what the POSIX equivalents are. They sometimes differ per API.
     enum error-code {
         // ### GENERAL ERRORS ###
@@ -23,17 +24,22 @@ interface network {
         unknown,
 
         /// Access denied.
-        /// 
+        ///
         /// POSIX equivalent: EACCES, EPERM
         access-denied,
 
         /// The operation is not supported.
-        /// 
+        ///
         /// POSIX equivalent: EOPNOTSUPP
         not-supported,
 
+        /// One of the arguments is invalid.
+        ///
+        /// POSIX equivalent: EINVAL
+        invalid-argument,
+
         /// Not enough memory to complete the operation.
-        /// 
+        ///
         /// POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY
         out-of-memory,
 
@@ -41,96 +47,59 @@ interface network {
         timeout,
 
         /// This operation is incompatible with another asynchronous operation that is already in progress.
+        ///
+        /// POSIX equivalent: EALREADY
         concurrency-conflict,
 
         /// Trying to finish an asynchronous operation that:
         /// - has not been started yet, or:
         /// - was already finished by a previous `finish-*` call.
-        /// 
+        ///
         /// Note: this is scheduled to be removed when `future`s are natively supported.
         not-in-progress,
 
         /// The operation has been aborted because it could not be completed immediately.
-        /// 
+        ///
         /// Note: this is scheduled to be removed when `future`s are natively supported.
         would-block,
 
 
-        // ### IP ERRORS ###
-
-        /// The specified address-family is not supported.
-        address-family-not-supported,
-
-        /// An IPv4 address was passed to an IPv6 resource, or vice versa.
-        address-family-mismatch,
-
-        /// The socket address is not a valid remote address. E.g. the IP address is set to INADDR_ANY, or the port is set to 0.
-        invalid-remote-address,
-
-        /// The operation is only supported on IPv4 resources.
-        ipv4-only-operation,
-
-        /// The operation is only supported on IPv6 resources.
-        ipv6-only-operation,
-
-
 
         // ### TCP & UDP SOCKET ERRORS ###
 
+        /// The operation is not valid in the socket's current state.
+        invalid-state,
+
         /// A new socket resource could not be created because of a system limit.
         new-socket-limit,
-        
-        /// The socket is already attached to another network.
-        already-attached,
-
-        /// The socket is already bound.
-        already-bound,
-
-        /// The socket is already in the Connection state.
-        already-connected,
-
-        /// The socket is not bound to any local address.
-        not-bound,
-
-        /// The socket is not in the Connection state.
-        not-connected,
 
         /// A bind operation failed because the provided address is not an address that the `network` can bind to.
         address-not-bindable,
 
-        /// A bind operation failed because the provided address is already in use.
+        /// A bind operation failed because the provided address is already in use or because there are no ephemeral ports available.
         address-in-use,
 
-        /// A bind operation failed because there are no ephemeral ports available.
-        ephemeral-ports-exhausted,
-
         /// The remote address is not reachable
         remote-unreachable,
-        
 
-        // ### TCP SOCKET ERRORS ###
-        
-        /// The socket is already in the Listener state.
-        already-listening,
 
-        /// The socket is already in the Listener state.
-        not-listening,
+        // ### TCP SOCKET ERRORS ###
 
         /// The connection was forcefully rejected
         connection-refused,
 
         /// The connection was reset.
         connection-reset,
-        
+
+        /// A connection was aborted.
+        connection-aborted,
+
 
         // ### UDP SOCKET ERRORS ###
         datagram-too-large,
 
 
         // ### NAME LOOKUP ERRORS ###
-        
-        /// The provided name is a syntactically invalid domain name.
-        invalid-name,
 
         /// Name does not exist or has no suitable associated IP addresses.
         name-unresolvable,
@@ -144,7 +113,7 @@ interface network {
 
     enum ip-address-family {
         /// Similar to `AF_INET` in POSIX.
-        ipv4, 
+        ipv4,
 
         /// Similar to `AF_INET6` in POSIX.
         ipv6,
diff --git a/wit/tcp-create-socket.wit b/wit/tcp-create-socket.wit
index cc4c6fa..768a07c 100644
--- a/wit/tcp-create-socket.wit
+++ b/wit/tcp-create-socket.wit
@@ -4,20 +4,19 @@ interface tcp-create-socket {
     use tcp.{tcp-socket};
 
     /// Create a new TCP socket.
-    /// 
+    ///
     /// Similar to `socket(AF_INET or AF_INET6, SOCK_STREAM, IPPROTO_TCP)` in POSIX.
-    /// 
+    ///
     /// This function does not require a network capability handle. This is considered to be safe because
     /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`listen`/`connect`
     /// is called, the socket is effectively an in-memory configuration object, unable to communicate with the outside world.
-    /// 
+    ///
     /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations.
-    /// 
+    ///
     /// # Typical errors
-    /// - `not-supported`:                The host does not support TCP sockets. (EOPNOTSUPP)
-    /// - `address-family-not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT)
-    /// - `new-socket-limit`:             The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)
-    /// 
+    /// - `not-supported`:     The specified `address-family` is not supported. (EAFNOSUPPORT)
+    /// - `new-socket-limit`:  The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)
+    ///
     /// # References
     /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/socket.html>
     /// - <https://man7.org/linux/man-pages/man2/socket.2.html>
diff --git a/wit/tcp.wit b/wit/tcp.wit
index 1de68a7..836b0a8 100644
--- a/wit/tcp.wit
+++ b/wit/tcp.wit
@@ -23,24 +23,25 @@ interface tcp {
         /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which
         /// network interface(s) to bind to.
         /// If the TCP/UDP port is zero, the socket will be bound to a random free port.
-        /// 
+        ///
         /// When a socket is not explicitly bound, the first invocation to a listen or connect operation will
         /// implicitly bind the socket.
-        /// 
+        ///
         /// Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.
-        /// 
+        ///
         /// # Typical `start` errors
-        /// - `address-family-mismatch`:   The `local-address` has the wrong address family. (EINVAL)
-        /// - `already-bound`:             The socket is already bound. (EINVAL)
-        /// - `concurrency-conflict`:      Another `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
-        /// 
+        /// - `invalid-argument`:          The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows)
+        /// - `invalid-argument`:          `local-address` is not a unicast address. (EINVAL)
+        /// - `invalid-argument`:          `local-address` is an IPv4-mapped IPv6 address, but the socket has `ipv6-only` enabled. (EINVAL)
+        /// - `invalid-state`:             The socket is already bound. (EINVAL)
+        ///
         /// # Typical `finish` errors
-        /// - `ephemeral-ports-exhausted`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)
+        /// - `address-in-use`:            No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)
         /// - `address-in-use`:            Address is already in use. (EADDRINUSE)
         /// - `address-not-bindable`:      `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL)
         /// - `not-in-progress`:           A `bind` operation is not in progress.
         /// - `would-block`:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)
-        /// 
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/bind.html>
         /// - <https://man7.org/linux/man-pages/man2/bind.2.html>
@@ -50,29 +51,41 @@ interface tcp {
         finish-bind: func() -> result<_, error-code>;
 
         /// Connect to a remote endpoint.
-        /// 
+        ///
         /// On success:
         /// - the socket is transitioned into the Connection state
         /// - a pair of streams is returned that can be used to read & write to the connection
-        /// 
+        ///
+        /// POSIX mentions:
+        /// > If connect() fails, the state of the socket is unspecified. Conforming applications should
+        /// > close the file descriptor and create a new socket before attempting to reconnect.
+        ///
+        /// WASI prescribes the following behavior:
+        /// - If `connect` fails because an input/state validation error, the socket should remain usable.
+        /// - If a connection was actually attempted but failed, the socket should become unusable for further network communication.
+        ///   Besides `drop`, any method after such a failure may return an error.
+        ///
         /// # Typical `start` errors
-        /// - `address-family-mismatch`:   The `remote-address` has the wrong address family. (EAFNOSUPPORT)
-        /// - `invalid-remote-address`:    The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows)
-        /// - `invalid-remote-address`:    The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows)
-        /// - `already-attached`:          The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`.
-        /// - `already-connected`:         The socket is already in the Connection state. (EISCONN)
-        /// - `already-listening`:         The socket is already in the Listener state. (EOPNOTSUPP, EINVAL on Windows)
-        /// - `concurrency-conflict`:      Another `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
-        /// 
+        /// - `invalid-argument`:          The `remote-address` has the wrong address family. (EAFNOSUPPORT)
+        /// - `invalid-argument`:          `remote-address` is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS)
+        /// - `invalid-argument`:          `remote-address` is an IPv4-mapped IPv6 address, but the socket has `ipv6-only` enabled. (EINVAL, EADDRNOTAVAIL on Illumos)
+        /// - `invalid-argument`:          `remote-address` is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)
+        /// - `invalid-argument`:          The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows)
+        /// - `invalid-argument`:          The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows)
+        /// - `invalid-argument`:          The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`.
+        /// - `invalid-state`:             The socket is already in the Connection state. (EISCONN)
+        /// - `invalid-state`:             The socket is already in the Listener state. (EOPNOTSUPP, EINVAL on Windows)
+        ///
         /// # Typical `finish` errors
         /// - `timeout`:                   Connection timed out. (ETIMEDOUT)
         /// - `connection-refused`:        The connection was forcefully rejected. (ECONNREFUSED)
         /// - `connection-reset`:          The connection was reset. (ECONNRESET)
-        /// - `remote-unreachable`:        The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)
-        /// - `ephemeral-ports-exhausted`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)
+        /// - `connection-aborted`:        The connection was aborted. (ECONNABORTED)
+        /// - `remote-unreachable`:        The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)
+        /// - `address-in-use`:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)
         /// - `not-in-progress`:           A `connect` operation is not in progress.
         /// - `would-block`:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)
-        /// 
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/connect.html>
         /// - <https://man7.org/linux/man-pages/man2/connect.2.html>
@@ -82,21 +95,20 @@ interface tcp {
         finish-connect: func() -> result<tuple<input-stream, output-stream>, error-code>;
 
         /// Start listening for new connections.
-        /// 
+        ///
         /// Transitions the socket into the Listener state.
-        /// 
+        ///
         /// Unlike POSIX:
         /// - this function is async. This enables interactive WASI hosts to inject permission prompts.
         /// - the socket must already be explicitly bound.
-        /// 
+        ///
         /// # Typical `start` errors
-        /// - `not-bound`:                 The socket is not bound to any local address. (EDESTADDRREQ)
-        /// - `already-connected`:         The socket is already in the Connection state. (EISCONN, EINVAL on BSD)
-        /// - `already-listening`:         The socket is already in the Listener state.
-        /// - `concurrency-conflict`:      Another `bind`, `connect` or `listen` operation is already in progress. (EINVAL on BSD)
+        /// - `invalid-state`:             The socket is not bound to any local address. (EDESTADDRREQ)
+        /// - `invalid-state`:             The socket is already in the Connection state. (EISCONN, EINVAL on BSD)
+        /// - `invalid-state`:             The socket is already in the Listener state.
         ///
         /// # Typical `finish` errors
-        /// - `ephemeral-ports-exhausted`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE)
+        /// - `address-in-use`:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE)
         /// - `not-in-progress`:           A `listen` operation is not in progress.
         /// - `would-block`:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)
         ///
@@ -109,18 +121,24 @@ interface tcp {
         finish-listen: func() -> result<_, error-code>;
 
         /// Accept a new client socket.
-        /// 
-        /// The returned socket is bound and in the Connection state.
-        /// 
+        ///
+        /// The returned socket is bound and in the Connection state. The following properties are inherited from the listener socket:
+        /// - `address-family`
+        /// - `ipv6-only`
+        /// - `keep-alive`
+        /// - `unicast-hop-limit`
+        /// - `receive-buffer-size`
+        /// - `send-buffer-size`
+        ///
         /// On success, this function returns the newly accepted client socket along with
         /// a pair of streams that can be used to read & write to the connection.
-        /// 
+        ///
         /// # Typical errors
-        /// - `not-listening`: Socket is not in the Listener state. (EINVAL)
-        /// - `would-block`:   No pending connections at the moment. (EWOULDBLOCK, EAGAIN)
-        /// 
-        /// Host implementations must skip over transient errors returned by the native accept syscall.
-        /// 
+        /// - `invalid-state`:      Socket is not in the Listener state. (EINVAL)
+        /// - `would-block`:        No pending connections at the moment. (EWOULDBLOCK, EAGAIN)
+        /// - `connection-aborted`: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED)
+        /// - `new-socket-limit`:   The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/accept.html>
         /// - <https://man7.org/linux/man-pages/man2/accept.2.html>
@@ -129,10 +147,16 @@ interface tcp {
         accept: func() -> result<tuple<tcp-socket, input-stream, output-stream>, error-code>;
 
         /// Get the bound local address.
-        /// 
+        ///
+        /// POSIX mentions:
+        /// > If the socket has not been bound to a local name, the value
+        /// > stored in the object pointed to by `address` is unspecified.
+        ///
+        /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet.
+        ///
         /// # Typical errors
-        /// - `not-bound`: The socket is not bound to any local address.
-        /// 
+        /// - `invalid-state`: The socket is not bound to any local address.
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/getsockname.html>
         /// - <https://man7.org/linux/man-pages/man2/getsockname.2.html>
@@ -140,11 +164,11 @@ interface tcp {
         /// - <https://man.freebsd.org/cgi/man.cgi?getsockname>
         local-address: func() -> result<ip-socket-address, error-code>;
 
-        /// Get the bound remote address.
-        /// 
+        /// Get the remote address.
+        ///
         /// # Typical errors
-        /// - `not-connected`: The socket is not connected to a remote address. (ENOTCONN)
-        /// 
+        /// - `invalid-state`: The socket is not connected to a remote address. (ENOTCONN)
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpeername.html>
         /// - <https://man7.org/linux/man-pages/man2/getpeername.2.html>
@@ -153,92 +177,80 @@ interface tcp {
         remote-address: func() -> result<ip-socket-address, error-code>;
 
         /// Whether this is a IPv4 or IPv6 socket.
-        /// 
+        ///
         /// Equivalent to the SO_DOMAIN socket option.
         address-family: func() -> ip-address-family;
-    
+
         /// Whether IPv4 compatibility (dual-stack) mode is disabled or not.
-        /// 
+        ///
         /// Equivalent to the IPV6_V6ONLY socket option.
-        /// 
+        ///
         /// # Typical errors
-        /// - `ipv6-only-operation`:  (get/set) `this` socket is an IPv4 socket.
-        /// - `already-bound`:        (set) The socket is already bound.
+        /// - `invalid-state`:        (set) The socket is already bound.
+        /// - `not-supported`:        (get/set) `this` socket is an IPv4 socket.
         /// - `not-supported`:        (set) Host does not support dual-stack sockets. (Implementations are not required to.)
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
         ipv6-only: func() -> result<bool, error-code>;
         set-ipv6-only: func(value: bool) -> result<_, error-code>;
 
         /// Hints the desired listen queue size. Implementations are free to ignore this.
-        /// 
+        ///
         /// # Typical errors
-        /// - `already-connected`:    (set) The socket is already in the Connection state.
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
+        /// - `not-supported`:        (set) The platform does not support changing the backlog size after the initial listen.
+        /// - `invalid-state`:        (set) The socket is already in the Connection state.
         set-listen-backlog-size: func(value: u64) -> result<_, error-code>;
 
         /// Equivalent to the SO_KEEPALIVE socket option.
-        /// 
-        /// # Typical errors
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
         keep-alive: func() -> result<bool, error-code>;
         set-keep-alive: func(value: bool) -> result<_, error-code>;
 
-        /// Equivalent to the TCP_NODELAY socket option.
-        /// 
-        /// # Typical errors
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
-        no-delay: func() -> result<bool, error-code>;
-        set-no-delay: func(value: bool) -> result<_, error-code>;
-    
         /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options.
-        /// 
+        ///
         /// # Typical errors
-        /// - `already-connected`:    (set) The socket is already in the Connection state.
-        /// - `already-listening`:    (set) The socket is already in the Listener state.
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
+        /// - `invalid-argument`:     (set) The TTL value must be 1 or higher.
+        /// - `invalid-state`:        (set) The socket is already in the Connection state.
+        /// - `invalid-state`:        (set) The socket is already in the Listener state.
         unicast-hop-limit: func() -> result<u8, error-code>;
         set-unicast-hop-limit: func(value: u8) -> result<_, error-code>;
 
         /// The kernel buffer space reserved for sends/receives on this socket.
-        /// 
+        ///
         /// Note #1: an implementation may choose to cap or round the buffer size when setting the value.
-        /// 	In other words, after setting a value, reading the same setting back may return a different value.
-        /// 
+        ///     In other words, after setting a value, reading the same setting back may return a different value.
+        ///
         /// Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
-        /// 	actual data to be sent/received by the application, because the kernel might also use the buffer space
-        /// 	for internal metadata structures.
-        /// 
+        ///     actual data to be sent/received by the application, because the kernel might also use the buffer space
+        ///     for internal metadata structures.
+        ///
         /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.
-        /// 
+        ///
         /// # Typical errors
-        /// - `already-connected`:    (set) The socket is already in the Connection state.
-        /// - `already-listening`:    (set) The socket is already in the Listener state.
-        /// - `concurrency-conflict`: (set) A `bind`, `connect` or `listen` operation is already in progress. (EALREADY)
+        /// - `invalid-state`:        (set) The socket is already in the Connection state.
+        /// - `invalid-state`:        (set) The socket is already in the Listener state.
         receive-buffer-size: func() -> result<u64, error-code>;
         set-receive-buffer-size: func(value: u64) -> result<_, error-code>;
         send-buffer-size: func() -> result<u64, error-code>;
         set-send-buffer-size: func(value: u64) -> result<_, error-code>;
 
         /// Create a `pollable` which will resolve once the socket is ready for I/O.
-        /// 
+        ///
         /// Note: this function is here for WASI Preview2 only.
         /// It's planned to be removed when `future` is natively supported in Preview3.
         subscribe: func() -> pollable;
 
         /// Initiate a graceful shutdown.
-        /// 
+        ///
         /// - receive: the socket is not expecting to receive any more data from the peer. All subsequent read
         ///   operations on the `input-stream` associated with this socket will return an End Of Stream indication.
         ///   Any data still in the receive queue at time of calling `shutdown` will be discarded.
         /// - send: the socket is not expecting to send any more data to the peer. All subsequent write
         ///   operations on the `output-stream` associated with this socket will return an error.
         /// - both: same effect as receive & send combined.
-        /// 
+        ///
         /// The shutdown function does not close (drop) the socket.
-        /// 
+        ///
         /// # Typical errors
-        /// - `not-connected`: The socket is not in the Connection state. (ENOTCONN)
-        /// 
+        /// - `invalid-state`: The socket is not in the Connection state. (ENOTCONN)
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/shutdown.html>
         /// - <https://man7.org/linux/man-pages/man2/shutdown.2.html>
diff --git a/wit/udp-create-socket.wit b/wit/udp-create-socket.wit
index 3358e2c..cc58234 100644
--- a/wit/udp-create-socket.wit
+++ b/wit/udp-create-socket.wit
@@ -4,20 +4,19 @@ interface udp-create-socket {
     use udp.{udp-socket};
 
     /// Create a new UDP socket.
-    /// 
+    ///
     /// Similar to `socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)` in POSIX.
-    /// 
+    ///
     /// This function does not require a network capability handle. This is considered to be safe because
-    /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`connect` is called,
+    /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind` is called,
     /// the socket is effectively an in-memory configuration object, unable to communicate with the outside world.
-    /// 
+    ///
     /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations.
-    /// 
+    ///
     /// # Typical errors
-    /// - `not-supported`:                The host does not support UDP sockets. (EOPNOTSUPP)
-    /// - `address-family-not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT)
-    /// - `new-socket-limit`:             The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)
-    /// 
+    /// - `not-supported`:     The specified `address-family` is not supported. (EAFNOSUPPORT)
+    /// - `new-socket-limit`:  The new socket resource could not be created because of a system limit. (EMFILE, ENFILE)
+    ///
     /// # References:
     /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/socket.html>
     /// - <https://man7.org/linux/man-pages/man2/socket.2.html>
diff --git a/wit/udp.wit b/wit/udp.wit
index ca497b3..aa3783a 100644
--- a/wit/udp.wit
+++ b/wit/udp.wit
@@ -3,17 +3,34 @@ interface udp {
     use wasi:io/poll.{pollable};
     use network.{network, error-code, ip-socket-address, ip-address-family};
 
+    /// A received datagram.
+    record incoming-datagram {
+        /// The payload.
+        /// 
+        /// Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes.
+        data: list<u8>,
 
-    record datagram {
-        data: list<u8>, // Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes.
+        /// The source address.
+        ///
+        /// This field is guaranteed to match the remote address the stream was initialized with, if any.
+        ///
+        /// Equivalent to the `src_addr` out parameter of `recvfrom`.
         remote-address: ip-socket-address,
+    }
+
+    /// A datagram to be sent out.
+    record outgoing-datagram {
+        /// The payload.
+        data: list<u8>,
 
-        /// Possible future additions:
-        /// local-address: ip-socket-address, // IP_PKTINFO / IP_RECVDSTADDR / IPV6_PKTINFO
-        /// local-interface: u32, // IP_PKTINFO / IP_RECVIF
-        /// ttl: u8, // IP_RECVTTL
-        /// dscp: u6, // IP_RECVTOS
-        /// ecn: u2, // IP_RECVTOS
+        /// The destination address.
+        ///
+        /// The requirements on this field depend on how the stream was initialized:
+        /// - with a remote address: this field must be None or match the stream's remote address exactly.
+        /// - without a remote address: this field is required.
+        ///
+        /// If this value is None, the send operation is equivalent to `send` in POSIX. Otherwise it is equivalent to `sendto`.
+        remote-address: option<ip-socket-address>,
     }
 
 
@@ -24,24 +41,21 @@ interface udp {
         ///
         /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which
         /// network interface(s) to bind to.
-        /// If the TCP/UDP port is zero, the socket will be bound to a random free port.
-        /// 
-        /// When a socket is not explicitly bound, the first invocation to connect will implicitly bind the socket.
-        /// 
+        /// If the port is zero, the socket will be bound to a random free port.
+        ///
         /// Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.
-        /// 
+        ///
         /// # Typical `start` errors
-        /// - `address-family-mismatch`:   The `local-address` has the wrong address family. (EINVAL)
-        /// - `already-bound`:             The socket is already bound. (EINVAL)
-        /// - `concurrency-conflict`:      Another `bind` or `connect` operation is already in progress. (EALREADY)
-        /// 
+        /// - `invalid-argument`:          The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows)
+        /// - `invalid-state`:             The socket is already bound. (EINVAL)
+        ///
         /// # Typical `finish` errors
-        /// - `ephemeral-ports-exhausted`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)
+        /// - `address-in-use`:            No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows)
         /// - `address-in-use`:            Address is already in use. (EADDRINUSE)
         /// - `address-not-bindable`:      `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL)
         /// - `not-in-progress`:           A `bind` operation is not in progress.
         /// - `would-block`:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)
-        /// 
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/bind.html>
         /// - <https://man7.org/linux/man-pages/man2/bind.2.html>
@@ -50,100 +64,60 @@ interface udp {
         start-bind: func(network: borrow<network>, local-address: ip-socket-address) -> result<_, error-code>;
         finish-bind: func() -> result<_, error-code>;
 
-        /// Set the destination address.
-        /// 
-        /// The local-address is updated based on the best network path to `remote-address`.
-        /// 
-        /// When a destination address is set:
-        /// - all receive operations will only return datagrams sent from the provided `remote-address`.
-        /// - the `send` function can only be used to send to this destination.
-        /// 
-        /// Note that this function does not generate any network traffic and the peer is not aware of this "connection".
-        /// 
-        /// Unlike in POSIX, this function is async. This enables interactive WASI hosts to inject permission prompts.
-        /// 
-        /// # Typical `start` errors
-        /// - `address-family-mismatch`:   The `remote-address` has the wrong address family. (EAFNOSUPPORT)
-        /// - `invalid-remote-address`:    The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL)
-        /// - `invalid-remote-address`:    The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)
-        /// - `already-attached`:          The socket is already bound to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`.
-        /// - `concurrency-conflict`:      Another `bind` or `connect` operation is already in progress. (EALREADY)
-        /// 
-        /// # Typical `finish` errors
-        /// - `ephemeral-ports-exhausted`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)
-        /// - `not-in-progress`:           A `connect` operation is not in progress.
-        /// - `would-block`:               Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN)
+        /// Set up inbound & outbound communication channels, optionally to a specific peer.
+        ///
+        /// This function only changes the local socket configuration and does not generate any network traffic.
+        /// On success, the `remote-address` of the socket is updated. The `local-address` may be updated as well,
+        /// based on the best network path to `remote-address`.
+        ///
+        /// When a `remote-address` is provided, the returned streams are limited to communicating with that specific peer:
+        /// - `send` can only be used to send to this destination.
+        /// - `receive` will only return datagrams sent from the provided `remote-address`.
+        ///
+        /// This method may be called multiple times on the same socket to change its association, but
+        /// only the most recently returned pair of streams will be operational. Implementations may trap if
+        /// the streams returned by a previous invocation haven't been dropped yet before calling `stream` again.
+        /// 
+        /// The POSIX equivalent in pseudo-code is:
+        /// ```text
+        /// if (was previously connected) {
+        /// 	connect(s, AF_UNSPEC)
+        /// }
+        /// if (remote_address is Some) {
+        /// 	connect(s, remote_address)
+        /// }
+        /// ```
+        ///
+        /// Unlike in POSIX, the socket must already be explicitly bound.
         /// 
+        /// # Typical errors
+        /// - `invalid-argument`:          The `remote-address` has the wrong address family. (EAFNOSUPPORT)
+        /// - `invalid-argument`:          `remote-address` is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)
+        /// - `invalid-argument`:          The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL)
+        /// - `invalid-argument`:          The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)
+        /// - `invalid-state`:             The socket is not bound.
+        /// - `address-in-use`:            Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD)
+        /// - `remote-unreachable`:        The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)
+        /// - `connection-refused`:        The connection was refused. (ECONNREFUSED)
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/connect.html>
         /// - <https://man7.org/linux/man-pages/man2/connect.2.html>
         /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-connect>
         /// - <https://man.freebsd.org/cgi/man.cgi?connect>
-        start-connect: func(network: borrow<network>, remote-address: ip-socket-address) -> result<_, error-code>;
-        finish-connect: func() -> result<_, error-code>;
-
-        /// Receive messages on the socket.
-        /// 
-        /// This function attempts to receive up to `max-results` datagrams on the socket without blocking.
-        /// The returned list may contain fewer elements than requested, but never more.
-        /// If `max-results` is 0, this function returns successfully with an empty list.
-        /// 
-        /// # Typical errors
-        /// - `not-bound`:          The socket is not bound to any local address. (EINVAL)
-        /// - `remote-unreachable`: The remote address is not reachable. (ECONNREFUSED, ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)
-        /// - `would-block`:        There is no pending data available to be read at the moment. (EWOULDBLOCK, EAGAIN)
-        /// 
-        /// # References
-        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html>
-        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html>
-        /// - <https://man7.org/linux/man-pages/man2/recv.2.html>
-        /// - <https://man7.org/linux/man-pages/man2/recvmmsg.2.html>
-        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv>
-        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom>
-        /// - <https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)>
-        /// - <https://man.freebsd.org/cgi/man.cgi?query=recv&sektion=2>
-        receive: func(max-results: u64) -> result<list<datagram>, error-code>;
-
-        /// Send messages on the socket.
-        /// 
-        /// This function attempts to send all provided `datagrams` on the socket without blocking and
-        /// returns how many messages were actually sent (or queued for sending).
-        /// 
-        /// This function semantically behaves the same as iterating the `datagrams` list and sequentially
-        /// sending each individual datagram until either the end of the list has been reached or the first error occurred.
-        /// If at least one datagram has been sent successfully, this function never returns an error.
-        /// 
-        /// If the input list is empty, the function returns `ok(0)`.
-        /// 
-        /// The remote address option is required. To send a message to the "connected" peer,
-        /// call `remote-address` to get their address.
-        /// 
-        /// # Typical errors
-        /// - `address-family-mismatch`: The `remote-address` has the wrong address family. (EAFNOSUPPORT)
-        /// - `invalid-remote-address`:  The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL)
-        /// - `invalid-remote-address`:  The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)
-        /// - `already-connected`:       The socket is in "connected" mode and the `datagram.remote-address` does not match the address passed to `connect`. (EISCONN)
-        /// - `not-bound`:               The socket is not bound to any local address. Unlike POSIX, this function does not perform an implicit bind.
-        /// - `remote-unreachable`:      The remote address is not reachable. (ECONNREFUSED, ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN)
-        /// - `datagram-too-large`:      The datagram is too large. (EMSGSIZE)
-        /// - `would-block`:             The send buffer is currently full. (EWOULDBLOCK, EAGAIN)
-        /// 
-        /// # References
-        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html>
-        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html>
-        /// - <https://man7.org/linux/man-pages/man2/send.2.html>
-        /// - <https://man7.org/linux/man-pages/man2/sendmmsg.2.html>
-        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send>
-        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto>
-        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg>
-        /// - <https://man.freebsd.org/cgi/man.cgi?query=send&sektion=2>
-        send: func(datagrams: list<datagram>) -> result<u64, error-code>;
+        %stream: func(remote-address: option<ip-socket-address>) -> result<tuple<incoming-datagram-stream, outgoing-datagram-stream>, error-code>;
 
         /// Get the current bound address.
+        ///
+        /// POSIX mentions:
+        /// > If the socket has not been bound to a local name, the value
+        /// > stored in the object pointed to by `address` is unspecified.
+        ///
+        /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet.
         /// 
         /// # Typical errors
-        /// - `not-bound`: The socket is not bound to any local address.
-        /// 
+        /// - `invalid-state`: The socket is not bound to any local address.
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/getsockname.html>
         /// - <https://man7.org/linux/man-pages/man2/getsockname.2.html>
@@ -151,11 +125,11 @@ interface udp {
         /// - <https://man.freebsd.org/cgi/man.cgi?getsockname>
         local-address: func() -> result<ip-socket-address, error-code>;
 
-        /// Get the address set with `connect`.
-        /// 
+        /// Get the address the socket is currently streaming to.
+        ///
         /// # Typical errors
-        /// - `not-connected`: The socket is not connected to a remote address. (ENOTCONN)
-        /// 
+        /// - `invalid-state`: The socket is not streaming to a specific remote address. (ENOTCONN)
+        ///
         /// # References
         /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpeername.html>
         /// - <https://man7.org/linux/man-pages/man2/getpeername.2.html>
@@ -164,49 +138,133 @@ interface udp {
         remote-address: func() -> result<ip-socket-address, error-code>;
 
         /// Whether this is a IPv4 or IPv6 socket.
-        /// 
+        ///
         /// Equivalent to the SO_DOMAIN socket option.
         address-family: func() -> ip-address-family;
 
         /// Whether IPv4 compatibility (dual-stack) mode is disabled or not.
-        /// 
+        ///
         /// Equivalent to the IPV6_V6ONLY socket option.
-        /// 
+        ///
         /// # Typical errors
-        /// - `ipv6-only-operation`:  (get/set) `this` socket is an IPv4 socket.
-        /// - `already-bound`:        (set) The socket is already bound.
+        /// - `not-supported`:        (get/set) `this` socket is an IPv4 socket.
+        /// - `invalid-state`:        (set) The socket is already bound.
         /// - `not-supported`:        (set) Host does not support dual-stack sockets. (Implementations are not required to.)
-        /// - `concurrency-conflict`: (set) Another `bind` or `connect` operation is already in progress. (EALREADY)
         ipv6-only: func() -> result<bool, error-code>;
         set-ipv6-only: func(value: bool) -> result<_, error-code>;
 
         /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options.
-        /// 
-        /// # Typical errors
-        /// - `concurrency-conflict`: (set) Another `bind` or `connect` operation is already in progress. (EALREADY)
         unicast-hop-limit: func() -> result<u8, error-code>;
         set-unicast-hop-limit: func(value: u8) -> result<_, error-code>;
 
         /// The kernel buffer space reserved for sends/receives on this socket.
-        /// 
+        ///
         /// Note #1: an implementation may choose to cap or round the buffer size when setting the value.
         /// 	In other words, after setting a value, reading the same setting back may return a different value.
-        /// 
+        ///
         /// Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
         /// 	actual data to be sent/received by the application, because the kernel might also use the buffer space
         /// 	for internal metadata structures.
-        /// 
+        ///
         /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.
-        /// 
-        /// # Typical errors
-        /// - `concurrency-conflict`: (set) Another `bind` or `connect` operation is already in progress. (EALREADY)
         receive-buffer-size: func() -> result<u64, error-code>;
         set-receive-buffer-size: func(value: u64) -> result<_, error-code>;
         send-buffer-size: func() -> result<u64, error-code>;
         set-send-buffer-size: func(value: u64) -> result<_, error-code>;
 
         /// Create a `pollable` which will resolve once the socket is ready for I/O.
+        ///
+        /// Note: this function is here for WASI Preview2 only.
+        /// It's planned to be removed when `future` is natively supported in Preview3.
+        subscribe: func() -> pollable;
+    }
+
+    resource incoming-datagram-stream {
+        /// Receive messages on the socket.
+        ///
+        /// This function attempts to receive up to `max-results` datagrams on the socket without blocking.
+        /// The returned list may contain fewer elements than requested, but never more.
+        ///
+        /// This function returns successfully with an empty list when either:
+        /// - `max-results` is 0, or:
+        /// - `max-results` is greater than 0, but no results are immediately available.
+        /// This function never returns `error(would-block)`.
+        ///
+        /// # Typical errors
+        /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)
+        /// - `connection-refused`: The connection was refused. (ECONNREFUSED)
+        ///
+        /// # References
+        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvfrom.html>
+        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html>
+        /// - <https://man7.org/linux/man-pages/man2/recv.2.html>
+        /// - <https://man7.org/linux/man-pages/man2/recvmmsg.2.html>
+        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recv>
+        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-recvfrom>
+        /// - <https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms741687(v=vs.85)>
+        /// - <https://man.freebsd.org/cgi/man.cgi?query=recv&sektion=2>
+        receive: func(max-results: u64) -> result<list<incoming-datagram>, error-code>;
+
+        /// Create a `pollable` which will resolve once the stream is ready to receive again.
+        ///
+        /// Note: this function is here for WASI Preview2 only.
+        /// It's planned to be removed when `future` is natively supported in Preview3.
+        subscribe: func() -> pollable;
+    }
+
+    resource outgoing-datagram-stream {
+        /// Check readiness for sending. This function never blocks.
+        ///
+        /// Returns the number of datagrams permitted for the next call to `send`,
+        /// or an error. Calling `send` with more datagrams than this function has
+        /// permitted will trap.
+        ///
+        /// When this function returns ok(0), the `subscribe` pollable will
+        /// become ready when this function will report at least ok(1), or an
+        /// error.
         /// 
+        /// Never returns `would-block`.
+        check-send: func() -> result<u64, error-code>;
+
+        /// Send messages on the socket.
+        ///
+        /// This function attempts to send all provided `datagrams` on the socket without blocking and
+        /// returns how many messages were actually sent (or queued for sending). This function never
+        /// returns `error(would-block)`. If none of the datagrams were able to be sent, `ok(0)` is returned.
+        ///
+        /// This function semantically behaves the same as iterating the `datagrams` list and sequentially
+        /// sending each individual datagram until either the end of the list has been reached or the first error occurred.
+        /// If at least one datagram has been sent successfully, this function never returns an error.
+        ///
+        /// If the input list is empty, the function returns `ok(0)`.
+        ///
+        /// Each call to `send` must be permitted by a preceding `check-send`. Implementations must trap if
+        /// either `check-send` was not called or `datagrams` contains more items than `check-send` permitted.
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:        The `remote-address` has the wrong address family. (EAFNOSUPPORT)
+        /// - `invalid-argument`:        `remote-address` is a non-IPv4-mapped IPv6 address, but the socket was bound to a specific IPv4-mapped IPv6 address. (or vice versa)
+        /// - `invalid-argument`:        The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL)
+        /// - `invalid-argument`:        The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL)
+        /// - `invalid-argument`:        The socket is in "connected" mode and `remote-address` is `some` value that does not match the address passed to `stream`. (EISCONN)
+        /// - `invalid-argument`:        The socket is not "connected" and no value for `remote-address` was provided. (EDESTADDRREQ)
+        /// - `remote-unreachable`:      The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET)
+        /// - `connection-refused`:      The connection was refused. (ECONNREFUSED)
+        /// - `datagram-too-large`:      The datagram is too large. (EMSGSIZE)
+        ///
+        /// # References
+        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendto.html>
+        /// - <https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html>
+        /// - <https://man7.org/linux/man-pages/man2/send.2.html>
+        /// - <https://man7.org/linux/man-pages/man2/sendmmsg.2.html>
+        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-send>
+        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-sendto>
+        /// - <https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsasendmsg>
+        /// - <https://man.freebsd.org/cgi/man.cgi?query=send&sektion=2>
+        send: func(datagrams: list<outgoing-datagram>) -> result<u64, error-code>;
+        
+        /// Create a `pollable` which will resolve once the stream is ready to send again.
+        ///
         /// Note: this function is here for WASI Preview2 only.
         /// It's planned to be removed when `future` is natively supported in Preview3.
         subscribe: func() -> pollable;

From e226d4508c469c27b269e4a6f9547ae5763e482b Mon Sep 17 00:00:00 2001
From: Dave Bakker <github@davebakker.io>
Date: Sat, 11 Nov 2023 09:44:19 +0100
Subject: [PATCH 2/3] Update dependencies

---
 wit/deps.lock           |  4 ++--
 wit/deps/io/error.wit   | 34 ++++++++++++++++++++++++++++++++++
 wit/deps/io/poll.wit    |  2 +-
 wit/deps/io/streams.wit | 23 ++---------------------
 wit/deps/io/world.wit   |  2 +-
 wit/ip-name-lookup.wit  |  2 +-
 wit/tcp.wit             |  4 ++--
 wit/udp.wit             |  2 +-
 wit/world.wit           |  2 +-
 9 files changed, 45 insertions(+), 30 deletions(-)
 create mode 100644 wit/deps/io/error.wit

diff --git a/wit/deps.lock b/wit/deps.lock
index 472b87f..48ee47f 100644
--- a/wit/deps.lock
+++ b/wit/deps.lock
@@ -1,4 +1,4 @@
 [io]
 url = "https://github.com/WebAssembly/wasi-io/archive/main.tar.gz"
-sha256 = "fb76f4449eea54d06b56fc6a7ca988da51bd84a54d2021cf18da67b5e2c7ebcf"
-sha512 = "c005e2a91522958a9537827a49ae344e1cb39d66e85492901a86bcc7e322ba8d0a7f1a02c9b9f840c123b4ad97e297355fac98d4822536d1426d1096dd1d73ac"
+sha256 = "f2e6127b235c37c06be675a904d6acf08db953ea688d78c42892c6ad3bd194e4"
+sha512 = "32feefbc115c34bf6968cb6e9dc15e755698ee90648e5a5d84448917c36a318bd61b401195eb64330e2475e1d098bfb8dee1440d594a68e0797748762bd84ae5"
diff --git a/wit/deps/io/error.wit b/wit/deps/io/error.wit
new file mode 100644
index 0000000..31918ac
--- /dev/null
+++ b/wit/deps/io/error.wit
@@ -0,0 +1,34 @@
+package wasi:io@0.2.0-rc-2023-11-10;
+
+
+interface error {
+    /// A resource which represents some error information.
+    ///
+    /// The only method provided by this resource is `to-debug-string`,
+    /// which provides some human-readable information about the error.
+    ///
+    /// In the `wasi:io` package, this resource is returned through the
+    /// `wasi:io/streams/stream-error` type.
+    ///
+    /// To provide more specific error information, other interfaces may
+    /// provide functions to further "downcast" this error into more specific
+    /// error information. For example, `error`s returned in streams derived
+    /// from filesystem types to be described using the filesystem's own
+    /// error-code type, using the function
+    /// `wasi:filesystem/types/filesystem-error-code`, which takes a parameter
+    /// `borrow<error>` and returns
+    /// `option<wasi:filesystem/types/error-code>`.
+    ///
+    /// The set of functions which can "downcast" an `error` into a more
+    /// concrete type is open.
+    resource error {
+        /// Returns a string that is suitable to assist humans in debugging
+        /// this error.
+        ///
+        /// WARNING: The returned string should not be consumed mechanically!
+        /// It may change across platforms, hosts, or other implementation
+        /// details. Parsing this string is a major platform-compatibility
+        /// hazard.
+        to-debug-string: func() -> string;
+    }
+}
diff --git a/wit/deps/io/poll.wit b/wit/deps/io/poll.wit
index 0829a7d..bddde3c 100644
--- a/wit/deps/io/poll.wit
+++ b/wit/deps/io/poll.wit
@@ -1,4 +1,4 @@
-package wasi:io;
+package wasi:io@0.2.0-rc-2023-11-10;
 
 /// A poll API intended to let users wait for I/O events on multiple handles
 /// at once.
diff --git a/wit/deps/io/streams.wit b/wit/deps/io/streams.wit
index 8999b28..e7e1b68 100644
--- a/wit/deps/io/streams.wit
+++ b/wit/deps/io/streams.wit
@@ -1,4 +1,4 @@
-package wasi:io;
+package wasi:io@0.2.0-rc-2023-11-10;
 
 /// WASI I/O is an I/O abstraction API which is currently focused on providing
 /// stream types.
@@ -6,6 +6,7 @@ package wasi:io;
 /// In the future, the component model is expected to add built-in stream types;
 /// when it does, they are expected to subsume this API.
 interface streams {
+    use error.{error};
     use poll.{pollable};
 
     /// An error for input-stream and output-stream operations.
@@ -20,26 +21,6 @@ interface streams {
         closed
     }
 
-    /// Contextual error information about the last failure that happened on
-    /// a read, write, or flush from an `input-stream` or `output-stream`.
-    ///
-    /// This type is returned through the `stream-error` type whenever an
-    /// operation on a stream directly fails or an error is discovered
-    /// after-the-fact, for example when a write's failure shows up through a
-    /// later `flush` or `check-write`.
-    ///
-    /// Interfaces such as `wasi:filesystem/types` provide functionality to
-    /// further "downcast" this error into interface-specific error information.
-    resource error {
-        /// Returns a string that's suitable to assist humans in debugging this
-        /// error.
-        ///
-        /// The returned string will change across platforms and hosts which
-        /// means that parsing it, for example, would be a
-        /// platform-compatibility hazard.
-        to-debug-string: func() -> string;
-    }
-
     /// An input bytestream.
     ///
     /// `input-stream`s are *non-blocking* to the extent practical on underlying
diff --git a/wit/deps/io/world.wit b/wit/deps/io/world.wit
index 05244a9..8243da2 100644
--- a/wit/deps/io/world.wit
+++ b/wit/deps/io/world.wit
@@ -1,4 +1,4 @@
-package wasi:io;
+package wasi:io@0.2.0-rc-2023-11-10;
 
 world imports {
     import streams;
diff --git a/wit/ip-name-lookup.wit b/wit/ip-name-lookup.wit
index cd8d5c4..931ccf7 100644
--- a/wit/ip-name-lookup.wit
+++ b/wit/ip-name-lookup.wit
@@ -1,6 +1,6 @@
 
 interface ip-name-lookup {
-    use wasi:io/poll.{pollable};
+    use wasi:io/poll@0.2.0-rc-2023-11-10.{pollable};
     use network.{network, error-code, ip-address};
 
 
diff --git a/wit/tcp.wit b/wit/tcp.wit
index 836b0a8..ac12746 100644
--- a/wit/tcp.wit
+++ b/wit/tcp.wit
@@ -1,7 +1,7 @@
 
 interface tcp {
-    use wasi:io/streams.{input-stream, output-stream};
-    use wasi:io/poll.{pollable};
+    use wasi:io/streams@0.2.0-rc-2023-11-10.{input-stream, output-stream};
+    use wasi:io/poll@0.2.0-rc-2023-11-10.{pollable};
     use network.{network, error-code, ip-socket-address, ip-address-family};
 
     enum shutdown-type {
diff --git a/wit/udp.wit b/wit/udp.wit
index aa3783a..8817686 100644
--- a/wit/udp.wit
+++ b/wit/udp.wit
@@ -1,6 +1,6 @@
 
 interface udp {
-    use wasi:io/poll.{pollable};
+    use wasi:io/poll@0.2.0-rc-2023-11-10.{pollable};
     use network.{network, error-code, ip-socket-address, ip-address-family};
 
     /// A received datagram.
diff --git a/wit/world.wit b/wit/world.wit
index 432b0dc..49ad8d3 100644
--- a/wit/world.wit
+++ b/wit/world.wit
@@ -1,4 +1,4 @@
-package wasi:sockets;
+package wasi:sockets@0.2.0-rc-2023-11-10;
 
 world imports {
     import instance-network;

From df2e6d3de2eba9187c3e791429687e8e02b6b551 Mon Sep 17 00:00:00 2001
From: Dave Bakker <github@davebakker.io>
Date: Sat, 11 Nov 2023 09:46:39 +0100
Subject: [PATCH 3/3] Add & refine socket options. (SO_ACCEPTCONN,
 TCP_KEEPIDLE/INTVL/CNT)

- Add support for the socket options:
  - `is-listening` (`SO_ACCEPTCONN`)
  - `keep-alive-count` (`TCP_KEEPCNT`)
  - `keep-alive-idle-time` (`TCP_KEEPIDLE`)
  - `keep-alive-interval` (`TCP_KEEPINTVL`)
- Tweak existing socket options:
  - Rename `keep-alive` to `keep-alive-enabled`, since it is no longer the only "keep-alive"-related option.
  - Rename `(set-)unicast-hop-limit` to `(set-)hop-limit`, because the "unicast" qualifier is redundant for TCP.
  - Be stricter in that `0` is not a valid value for:
    - `set-listen-backlog-size`
    - `set-hop-limit`
    - `set-receive-buffer-size`
    - `set-send-buffer-size`
---
 imports.md                          | 315 ++++++++++++++++++++++------
 wit/deps.lock                       |   5 +
 wit/deps.toml                       |   1 +
 wit/deps/clocks/monotonic-clock.wit |  45 ++++
 wit/deps/clocks/wall-clock.wit      |  42 ++++
 wit/deps/clocks/world.wit           |   6 +
 wit/tcp.wit                         |  84 ++++++--
 wit/udp.wit                         |  17 +-
 8 files changed, 435 insertions(+), 80 deletions(-)
 create mode 100644 wit/deps/clocks/monotonic-clock.wit
 create mode 100644 wit/deps/clocks/wall-clock.wit
 create mode 100644 wit/deps/clocks/world.wit

diff --git a/imports.md b/imports.md
index c59a6a2..497f48d 100644
--- a/imports.md
+++ b/imports.md
@@ -2,19 +2,21 @@
 <ul>
 <li>Imports:
 <ul>
-<li>interface <a href="#wasi:sockets_network"><code>wasi:sockets/network</code></a></li>
-<li>interface <a href="#wasi:sockets_instance_network"><code>wasi:sockets/instance-network</code></a></li>
-<li>interface <a href="#wasi:io_poll"><code>wasi:io/poll</code></a></li>
-<li>interface <a href="#wasi:sockets_udp"><code>wasi:sockets/udp</code></a></li>
-<li>interface <a href="#wasi:sockets_udp_create_socket"><code>wasi:sockets/udp-create-socket</code></a></li>
-<li>interface <a href="#wasi:io_streams"><code>wasi:io/streams</code></a></li>
-<li>interface <a href="#wasi:sockets_tcp"><code>wasi:sockets/tcp</code></a></li>
-<li>interface <a href="#wasi:sockets_tcp_create_socket"><code>wasi:sockets/tcp-create-socket</code></a></li>
-<li>interface <a href="#wasi:sockets_ip_name_lookup"><code>wasi:sockets/ip-name-lookup</code></a></li>
+<li>interface <a href="#wasi:sockets_network_0.2.0_rc_2023_11_10"><code>wasi:sockets/network@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_instance_network_0.2.0_rc_2023_11_10"><code>wasi:sockets/instance-network@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:io_poll_0.2.0_rc_2023_11_10"><code>wasi:io/poll@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_udp_0.2.0_rc_2023_11_10"><code>wasi:sockets/udp@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_udp_create_socket_0.2.0_rc_2023_11_10"><code>wasi:sockets/udp-create-socket@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:io_error_0.2.0_rc_2023_11_10"><code>wasi:io/error@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:io_streams_0.2.0_rc_2023_11_10"><code>wasi:io/streams@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:clocks_monotonic_clock_0.2.0_rc_2023_11_10"><code>wasi:clocks/monotonic-clock@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_tcp_0.2.0_rc_2023_11_10"><code>wasi:sockets/tcp@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_tcp_create_socket_0.2.0_rc_2023_11_10"><code>wasi:sockets/tcp-create-socket@0.2.0-rc-2023-11-10</code></a></li>
+<li>interface <a href="#wasi:sockets_ip_name_lookup_0.2.0_rc_2023_11_10"><code>wasi:sockets/ip-name-lookup@0.2.0-rc-2023-11-10</code></a></li>
 </ul>
 </li>
 </ul>
-<h2><a name="wasi:sockets_network">Import interface wasi:sockets/network</a></h2>
+<h2><a name="wasi:sockets_network_0.2.0_rc_2023_11_10">Import interface wasi:sockets/network@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="network"><code>resource network</code></a></h4>
@@ -184,7 +186,7 @@ combined with a couple of errors that are always possible:</p>
 <li><a name="ip_socket_address.ipv4"><code>ipv4</code></a>: <a href="#ipv4_socket_address"><a href="#ipv4_socket_address"><code>ipv4-socket-address</code></a></a></li>
 <li><a name="ip_socket_address.ipv6"><code>ipv6</code></a>: <a href="#ipv6_socket_address"><a href="#ipv6_socket_address"><code>ipv6-socket-address</code></a></a></li>
 </ul>
-<h2><a name="wasi:sockets_instance_network">Import interface wasi:sockets/instance-network</a></h2>
+<h2><a name="wasi:sockets_instance_network_0.2.0_rc_2023_11_10">Import interface wasi:sockets/instance-network@0.2.0-rc-2023-11-10</a></h2>
 <p>This interface provides a value-export of the default network handle..</p>
 <hr />
 <h3>Types</h3>
@@ -199,7 +201,7 @@ combined with a couple of errors that are always possible:</p>
 <ul>
 <li><a name="instance_network.0"></a> own&lt;<a href="#network"><a href="#network"><code>network</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:io_poll">Import interface wasi:io/poll</a></h2>
+<h2><a name="wasi:io_poll_0.2.0_rc_2023_11_10">Import interface wasi:io/poll@0.2.0-rc-2023-11-10</a></h2>
 <p>A poll API intended to let users wait for I/O events on multiple handles
 at once.</p>
 <hr />
@@ -249,7 +251,7 @@ being reaedy for I/O.</p>
 <ul>
 <li><a name="poll.0"></a> list&lt;<code>u32</code>&gt;</li>
 </ul>
-<h2><a name="wasi:sockets_udp">Import interface wasi:sockets/udp</a></h2>
+<h2><a name="wasi:sockets_udp_0.2.0_rc_2023_11_10">Import interface wasi:sockets/udp@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="pollable"><code>type pollable</code></a></h4>
@@ -489,6 +491,11 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 </ul>
 <h4><a name="method_udp_socket.unicast_hop_limit"><code>[method]udp-socket.unicast-hop-limit: func</code></a></h4>
 <p>Equivalent to the IP_TTL &amp; IPV6_UNICAST_HOPS socket options.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:     (set) The TTL value must be 1 or higher.</li>
+</ul>
 <h5>Params</h5>
 <ul>
 <li><a name="method_udp_socket.unicast_hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
@@ -509,12 +516,14 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 </ul>
 <h4><a name="method_udp_socket.receive_buffer_size"><code>[method]udp-socket.receive-buffer-size: func</code></a></h4>
 <p>The kernel buffer space reserved for sends/receives on this socket.</p>
-<p>Note #1: an implementation may choose to cap or round the buffer size when setting the value.
-In other words, after setting a value, reading the same setting back may return a different value.</p>
-<p>Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
-actual data to be sent/received by the application, because the kernel might also use the buffer space
-for internal metadata structures.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.
+I.e. after setting a value, reading the same setting back may return a different value.</p>
 <p>Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
+</ul>
 <h5>Params</h5>
 <ul>
 <li><a name="method_udp_socket.receive_buffer_size.self"><code>self</code></a>: borrow&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;</li>
@@ -683,7 +692,7 @@ It's planned to be removed when <code>future</code> is natively supported in Pre
 <ul>
 <li><a name="method_outgoing_datagram_stream.subscribe.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:sockets_udp_create_socket">Import interface wasi:sockets/udp-create-socket</a></h2>
+<h2><a name="wasi:sockets_udp_create_socket_0.2.0_rc_2023_11_10">Import interface wasi:sockets/udp-create-socket@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="network"><code>type network</code></a></h4>
@@ -727,18 +736,41 @@ the socket is effectively an in-memory configuration object, unable to communica
 <ul>
 <li><a name="create_udp_socket.0"></a> result&lt;own&lt;<a href="#udp_socket"><a href="#udp_socket"><code>udp-socket</code></a></a>&gt;, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:io_streams">Import interface wasi:io/streams</a></h2>
+<h2><a name="wasi:io_error_0.2.0_rc_2023_11_10">Import interface wasi:io/error@0.2.0-rc-2023-11-10</a></h2>
+<hr />
+<h3>Types</h3>
+<h4><a name="error"><code>resource error</code></a></h4>
+<hr />
+<h3>Functions</h3>
+<h4><a name="method_error.to_debug_string"><code>[method]error.to-debug-string: func</code></a></h4>
+<p>Returns a string that is suitable to assist humans in debugging
+this error.</p>
+<p>WARNING: The returned string should not be consumed mechanically!
+It may change across platforms, hosts, or other implementation
+details. Parsing this string is a major platform-compatibility
+hazard.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="method_error.to_debug_string.self"><code>self</code></a>: borrow&lt;<a href="#error"><a href="#error"><code>error</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_error.to_debug_string.0"></a> <code>string</code></li>
+</ul>
+<h2><a name="wasi:io_streams_0.2.0_rc_2023_11_10">Import interface wasi:io/streams@0.2.0-rc-2023-11-10</a></h2>
 <p>WASI I/O is an I/O abstraction API which is currently focused on providing
 stream types.</p>
 <p>In the future, the component model is expected to add built-in stream types;
 when it does, they are expected to subsume this API.</p>
 <hr />
 <h3>Types</h3>
-<h4><a name="pollable"><code>type pollable</code></a></h4>
-<p><a href="#pollable"><a href="#pollable"><code>pollable</code></a></a></p>
+<h4><a name="error"><code>type error</code></a></h4>
+<p><a href="#error"><a href="#error"><code>error</code></a></a></p>
 <p>
-#### <a name="error">`resource error`</a>
-<h4><a name="stream_error"><code>variant stream-error</code></a></h4>
+#### <a name="pollable">`type pollable`</a>
+[`pollable`](#pollable)
+<p>
+#### <a name="stream_error">`variant stream-error`</a>
 <p>An error for input-stream and output-stream operations.</p>
 <h5>Variant Cases</h5>
 <ul>
@@ -758,20 +790,6 @@ future operations.
 <h4><a name="output_stream"><code>resource output-stream</code></a></h4>
 <hr />
 <h3>Functions</h3>
-<h4><a name="method_error.to_debug_string"><code>[method]error.to-debug-string: func</code></a></h4>
-<p>Returns a string that's suitable to assist humans in debugging this
-error.</p>
-<p>The returned string will change across platforms and hosts which
-means that parsing it, for example, would be a
-platform-compatibility hazard.</p>
-<h5>Params</h5>
-<ul>
-<li><a name="method_error.to_debug_string.self"><code>self</code></a>: borrow&lt;<a href="#error"><a href="#error"><code>error</code></a></a>&gt;</li>
-</ul>
-<h5>Return values</h5>
-<ul>
-<li><a name="method_error.to_debug_string.0"></a> <code>string</code></li>
-</ul>
 <h4><a name="method_input_stream.read"><code>[method]input-stream.read: func</code></a></h4>
 <p>Perform a non-blocking read from the stream.</p>
 <p>This function returns a list of bytes containing the read data,
@@ -1042,7 +1060,68 @@ is ready for reading, before performing the <code>splice</code>.</p>
 <ul>
 <li><a name="method_output_stream.blocking_splice.0"></a> result&lt;<code>u64</code>, <a href="#stream_error"><a href="#stream_error"><code>stream-error</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:sockets_tcp">Import interface wasi:sockets/tcp</a></h2>
+<h2><a name="wasi:clocks_monotonic_clock_0.2.0_rc_2023_11_10">Import interface wasi:clocks/monotonic-clock@0.2.0-rc-2023-11-10</a></h2>
+<p>WASI Monotonic Clock is a clock API intended to let users measure elapsed
+time.</p>
+<p>It is intended to be portable at least between Unix-family platforms and
+Windows.</p>
+<p>A monotonic clock is a clock which has an unspecified initial value, and
+successive reads of the clock will produce non-decreasing values.</p>
+<p>It is intended for measuring elapsed time.</p>
+<hr />
+<h3>Types</h3>
+<h4><a name="pollable"><code>type pollable</code></a></h4>
+<p><a href="#pollable"><a href="#pollable"><code>pollable</code></a></a></p>
+<p>
+#### <a name="instant">`type instant`</a>
+`u64`
+<p>An instant in time, in nanoseconds. An instant is relative to an
+unspecified initial value, and can only be compared to instances from
+the same monotonic-clock.
+<h4><a name="duration"><code>type duration</code></a></h4>
+<p><code>u64</code></p>
+<p>A duration of time, in nanoseconds.
+<hr />
+<h3>Functions</h3>
+<h4><a name="now"><code>now: func</code></a></h4>
+<p>Read the current value of the clock.</p>
+<p>The clock is monotonic, therefore calling this function repeatedly will
+produce a sequence of non-decreasing values.</p>
+<h5>Return values</h5>
+<ul>
+<li><a name="now.0"></a> <a href="#instant"><a href="#instant"><code>instant</code></a></a></li>
+</ul>
+<h4><a name="resolution"><code>resolution: func</code></a></h4>
+<p>Query the resolution of the clock. Returns the duration of time
+corresponding to a clock tick.</p>
+<h5>Return values</h5>
+<ul>
+<li><a name="resolution.0"></a> <a href="#duration"><a href="#duration"><code>duration</code></a></a></li>
+</ul>
+<h4><a name="subscribe_instant"><code>subscribe-instant: func</code></a></h4>
+<p>Create a <a href="#pollable"><code>pollable</code></a> which will resolve once the specified instant
+occured.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="subscribe_instant.when"><code>when</code></a>: <a href="#instant"><a href="#instant"><code>instant</code></a></a></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="subscribe_instant.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
+</ul>
+<h4><a name="subscribe_duration"><code>subscribe-duration: func</code></a></h4>
+<p>Create a <a href="#pollable"><code>pollable</code></a> which will resolve once the given duration has
+elapsed, starting at the time at which this function was called.
+occured.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="subscribe_duration.when"><code>when</code></a>: <a href="#duration"><a href="#duration"><code>duration</code></a></a></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="subscribe_duration.0"></a> own&lt;<a href="#pollable"><a href="#pollable"><code>pollable</code></a></a>&gt;</li>
+</ul>
+<h2><a name="wasi:sockets_tcp_0.2.0_rc_2023_11_10">Import interface wasi:sockets/tcp@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="input_stream"><code>type input-stream</code></a></h4>
@@ -1054,6 +1133,9 @@ is ready for reading, before performing the <code>splice</code>.</p>
 #### <a name="pollable">`type pollable`</a>
 [`pollable`](#pollable)
 <p>
+#### <a name="duration">`type duration`</a>
+[`duration`](#duration)
+<p>
 #### <a name="network">`type network`</a>
 [`network`](#network)
 <p>
@@ -1251,8 +1333,11 @@ Besides <code>drop</code>, any method after such a failure may return an error.<
 <ul>
 <li><code>address-family</code></li>
 <li><code>ipv6-only</code></li>
-<li><code>keep-alive</code></li>
-<li><code>unicast-hop-limit</code></li>
+<li><code>keep-alive-enabled</code></li>
+<li><code>keep-alive-idle-time</code></li>
+<li><code>keep-alive-interval</code></li>
+<li><code>keep-alive-count</code></li>
+<li><code>hop-limit</code></li>
 <li><code>receive-buffer-size</code></li>
 <li><code>send-buffer-size</code></li>
 </ul>
@@ -1328,6 +1413,17 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 <ul>
 <li><a name="method_tcp_socket.remote_address.0"></a> result&lt;<a href="#ip_socket_address"><a href="#ip_socket_address"><code>ip-socket-address</code></a></a>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
+<h4><a name="method_tcp_socket.is_listening"><code>[method]tcp-socket.is-listening: func</code></a></h4>
+<p>Whether the socket is listening for new connections.</p>
+<p>Equivalent to the SO_ACCEPTCONN socket option.</p>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.is_listening.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.is_listening.0"></a> <code>bool</code></li>
+</ul>
 <h4><a name="method_tcp_socket.address_family"><code>[method]tcp-socket.address-family: func</code></a></h4>
 <p>Whether this is a IPv4 or IPv6 socket.</p>
 <p>Equivalent to the SO_DOMAIN socket option.</p>
@@ -1368,9 +1464,12 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 </ul>
 <h4><a name="method_tcp_socket.set_listen_backlog_size"><code>[method]tcp-socket.set-listen-backlog-size: func</code></a></h4>
 <p>Hints the desired listen queue size. Implementations are free to ignore this.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.</p>
 <h1>Typical errors</h1>
 <ul>
 <li><code>not-supported</code>:        (set) The platform does not support changing the backlog size after the initial listen.</li>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
 <li><code>invalid-state</code>:        (set) The socket is already in the Connection state.</li>
 </ul>
 <h5>Params</h5>
@@ -1382,28 +1481,121 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 <ul>
 <li><a name="method_tcp_socket.set_listen_backlog_size.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_tcp_socket.keep_alive"><code>[method]tcp-socket.keep-alive: func</code></a></h4>
+<h4><a name="method_tcp_socket.keep_alive_enabled"><code>[method]tcp-socket.keep-alive-enabled: func</code></a></h4>
+<p>Enables or disables keepalive.</p>
+<p>The keepalive behavior can be adjusted using:</p>
+<ul>
+<li><code>keep-alive-idle-time</code></li>
+<li><code>keep-alive-interval</code></li>
+<li><code>keep-alive-count</code>
+These properties can be configured while <code>keep-alive-enabled</code> is false, but only come into effect when <code>keep-alive-enabled</code> is true.</li>
+</ul>
 <p>Equivalent to the SO_KEEPALIVE socket option.</p>
 <h5>Params</h5>
 <ul>
-<li><a name="method_tcp_socket.keep_alive.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.keep_alive_enabled.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_enabled.0"></a> result&lt;<code>bool</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.set_keep_alive_enabled"><code>[method]tcp-socket.set-keep-alive-enabled: func</code></a></h4>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_enabled.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_keep_alive_enabled.value"><code>value</code></a>: <code>bool</code></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_enabled.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.keep_alive_idle_time"><code>[method]tcp-socket.keep-alive-idle-time: func</code></a></h4>
+<p>Amount of time the connection has to be idle before TCP starts sending keepalive packets.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.
+I.e. after setting a value, reading the same setting back may return a different value.</p>
+<p>Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS)</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
+</ul>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_idle_time.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_idle_time.0"></a> result&lt;<a href="#duration"><a href="#duration"><code>duration</code></a></a>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.set_keep_alive_idle_time"><code>[method]tcp-socket.set-keep-alive-idle-time: func</code></a></h4>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_idle_time.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_keep_alive_idle_time.value"><code>value</code></a>: <a href="#duration"><a href="#duration"><code>duration</code></a></a></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_idle_time.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.keep_alive_interval"><code>[method]tcp-socket.keep-alive-interval: func</code></a></h4>
+<p>The time between keepalive packets.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.
+I.e. after setting a value, reading the same setting back may return a different value.</p>
+<p>Equivalent to the TCP_KEEPINTVL socket option.</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
+</ul>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_interval.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_interval.0"></a> result&lt;<a href="#duration"><a href="#duration"><code>duration</code></a></a>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.set_keep_alive_interval"><code>[method]tcp-socket.set-keep-alive-interval: func</code></a></h4>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_interval.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_keep_alive_interval.value"><code>value</code></a>: <a href="#duration"><a href="#duration"><code>duration</code></a></a></li>
+</ul>
+<h5>Return values</h5>
+<ul>
+<li><a name="method_tcp_socket.set_keep_alive_interval.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+</ul>
+<h4><a name="method_tcp_socket.keep_alive_count"><code>[method]tcp-socket.keep-alive-count: func</code></a></h4>
+<p>The maximum amount of keepalive packets TCP should send before aborting the connection.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.
+I.e. after setting a value, reading the same setting back may return a different value.</p>
+<p>Equivalent to the TCP_KEEPCNT socket option.</p>
+<h1>Typical errors</h1>
+<ul>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
+</ul>
+<h5>Params</h5>
+<ul>
+<li><a name="method_tcp_socket.keep_alive_count.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
 </ul>
 <h5>Return values</h5>
 <ul>
-<li><a name="method_tcp_socket.keep_alive.0"></a> result&lt;<code>bool</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.keep_alive_count.0"></a> result&lt;<code>u32</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_tcp_socket.set_keep_alive"><code>[method]tcp-socket.set-keep-alive: func</code></a></h4>
+<h4><a name="method_tcp_socket.set_keep_alive_count"><code>[method]tcp-socket.set-keep-alive-count: func</code></a></h4>
 <h5>Params</h5>
 <ul>
-<li><a name="method_tcp_socket.set_keep_alive.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
-<li><a name="method_tcp_socket.set_keep_alive.value"><code>value</code></a>: <code>bool</code></li>
+<li><a name="method_tcp_socket.set_keep_alive_count.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_keep_alive_count.value"><code>value</code></a>: <code>u32</code></li>
 </ul>
 <h5>Return values</h5>
 <ul>
-<li><a name="method_tcp_socket.set_keep_alive.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_keep_alive_count.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_tcp_socket.unicast_hop_limit"><code>[method]tcp-socket.unicast-hop-limit: func</code></a></h4>
+<h4><a name="method_tcp_socket.hop_limit"><code>[method]tcp-socket.hop-limit: func</code></a></h4>
 <p>Equivalent to the IP_TTL &amp; IPV6_UNICAST_HOPS socket options.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.</p>
 <h1>Typical errors</h1>
 <ul>
 <li><code>invalid-argument</code>:     (set) The TTL value must be 1 or higher.</li>
@@ -1412,32 +1604,31 @@ stored in the object pointed to by <code>address</code> is unspecified.</p>
 </ul>
 <h5>Params</h5>
 <ul>
-<li><a name="method_tcp_socket.unicast_hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
 </ul>
 <h5>Return values</h5>
 <ul>
-<li><a name="method_tcp_socket.unicast_hop_limit.0"></a> result&lt;<code>u8</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.hop_limit.0"></a> result&lt;<code>u8</code>, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h4><a name="method_tcp_socket.set_unicast_hop_limit"><code>[method]tcp-socket.set-unicast-hop-limit: func</code></a></h4>
+<h4><a name="method_tcp_socket.set_hop_limit"><code>[method]tcp-socket.set-hop-limit: func</code></a></h4>
 <h5>Params</h5>
 <ul>
-<li><a name="method_tcp_socket.set_unicast_hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
-<li><a name="method_tcp_socket.set_unicast_hop_limit.value"><code>value</code></a>: <code>u8</code></li>
+<li><a name="method_tcp_socket.set_hop_limit.self"><code>self</code></a>: borrow&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_hop_limit.value"><code>value</code></a>: <code>u8</code></li>
 </ul>
 <h5>Return values</h5>
 <ul>
-<li><a name="method_tcp_socket.set_unicast_hop_limit.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
+<li><a name="method_tcp_socket.set_hop_limit.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
 <h4><a name="method_tcp_socket.receive_buffer_size"><code>[method]tcp-socket.receive-buffer-size: func</code></a></h4>
 <p>The kernel buffer space reserved for sends/receives on this socket.</p>
-<p>Note #1: an implementation may choose to cap or round the buffer size when setting the value.
-In other words, after setting a value, reading the same setting back may return a different value.</p>
-<p>Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
-actual data to be sent/received by the application, because the kernel might also use the buffer space
-for internal metadata structures.</p>
+<p>If the provided value is 0, an <code>invalid-argument</code> error is returned.
+Any other value will never cause an error, but it might be silently clamped and/or rounded.
+I.e. after setting a value, reading the same setting back may return a different value.</p>
 <p>Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.</p>
 <h1>Typical errors</h1>
 <ul>
+<li><code>invalid-argument</code>:     (set) The provided value was 0.</li>
 <li><code>invalid-state</code>:        (set) The socket is already in the Connection state.</li>
 <li><code>invalid-state</code>:        (set) The socket is already in the Listener state.</li>
 </ul>
@@ -1521,7 +1712,7 @@ operations on the <a href="#output_stream"><code>output-stream</code></a> associ
 <ul>
 <li><a name="method_tcp_socket.shutdown.0"></a> result&lt;_, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:sockets_tcp_create_socket">Import interface wasi:sockets/tcp-create-socket</a></h2>
+<h2><a name="wasi:sockets_tcp_create_socket_0.2.0_rc_2023_11_10">Import interface wasi:sockets/tcp-create-socket@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="network"><code>type network</code></a></h4>
@@ -1565,7 +1756,7 @@ is called, the socket is effectively an in-memory configuration object, unable t
 <ul>
 <li><a name="create_tcp_socket.0"></a> result&lt;own&lt;<a href="#tcp_socket"><a href="#tcp_socket"><code>tcp-socket</code></a></a>&gt;, <a href="#error_code"><a href="#error_code"><code>error-code</code></a></a>&gt;</li>
 </ul>
-<h2><a name="wasi:sockets_ip_name_lookup">Import interface wasi:sockets/ip-name-lookup</a></h2>
+<h2><a name="wasi:sockets_ip_name_lookup_0.2.0_rc_2023_11_10">Import interface wasi:sockets/ip-name-lookup@0.2.0-rc-2023-11-10</a></h2>
 <hr />
 <h3>Types</h3>
 <h4><a name="pollable"><code>type pollable</code></a></h4>
diff --git a/wit/deps.lock b/wit/deps.lock
index 48ee47f..be53c76 100644
--- a/wit/deps.lock
+++ b/wit/deps.lock
@@ -1,3 +1,8 @@
+[clocks]
+url = "https://github.com/WebAssembly/wasi-clocks/archive/main.tar.gz"
+sha256 = "89da8eca4cd195516574c89c5b3c24a7b5af3ff2565c16753d20d3bdbc5fc60f"
+sha512 = "244079b3f592d58478a97adbd0bee8d49ae9dd1a3e435651ee40997b50da9fe62cfaba7e3ec7f7406d7d0288d278a43a3a0bc5150226ba40ce0f8ac6d33f7ddb"
+
 [io]
 url = "https://github.com/WebAssembly/wasi-io/archive/main.tar.gz"
 sha256 = "f2e6127b235c37c06be675a904d6acf08db953ea688d78c42892c6ad3bd194e4"
diff --git a/wit/deps.toml b/wit/deps.toml
index b178cb2..c07efaf 100644
--- a/wit/deps.toml
+++ b/wit/deps.toml
@@ -1 +1,2 @@
+clocks = "https://github.com/WebAssembly/wasi-clocks/archive/main.tar.gz"
 io = "https://github.com/WebAssembly/wasi-io/archive/main.tar.gz"
diff --git a/wit/deps/clocks/monotonic-clock.wit b/wit/deps/clocks/monotonic-clock.wit
new file mode 100644
index 0000000..09ef32c
--- /dev/null
+++ b/wit/deps/clocks/monotonic-clock.wit
@@ -0,0 +1,45 @@
+package wasi:clocks@0.2.0-rc-2023-11-10;
+/// WASI Monotonic Clock is a clock API intended to let users measure elapsed
+/// time.
+///
+/// It is intended to be portable at least between Unix-family platforms and
+/// Windows.
+///
+/// A monotonic clock is a clock which has an unspecified initial value, and
+/// successive reads of the clock will produce non-decreasing values.
+///
+/// It is intended for measuring elapsed time.
+interface monotonic-clock {
+    use wasi:io/poll@0.2.0-rc-2023-11-10.{pollable};
+
+    /// An instant in time, in nanoseconds. An instant is relative to an
+    /// unspecified initial value, and can only be compared to instances from
+    /// the same monotonic-clock.
+    type instant = u64;
+
+    /// A duration of time, in nanoseconds.
+    type duration = u64;
+
+    /// Read the current value of the clock.
+    ///
+    /// The clock is monotonic, therefore calling this function repeatedly will
+    /// produce a sequence of non-decreasing values.
+    now: func() -> instant;
+
+    /// Query the resolution of the clock. Returns the duration of time
+    /// corresponding to a clock tick.
+    resolution: func() -> duration;
+
+    /// Create a `pollable` which will resolve once the specified instant
+    /// occured.
+    subscribe-instant: func(
+        when: instant,
+    ) -> pollable;
+
+    /// Create a `pollable` which will resolve once the given duration has
+    /// elapsed, starting at the time at which this function was called.
+    /// occured.
+    subscribe-duration: func(
+        when: duration,
+    ) -> pollable;
+}
diff --git a/wit/deps/clocks/wall-clock.wit b/wit/deps/clocks/wall-clock.wit
new file mode 100644
index 0000000..8abb9a0
--- /dev/null
+++ b/wit/deps/clocks/wall-clock.wit
@@ -0,0 +1,42 @@
+package wasi:clocks@0.2.0-rc-2023-11-10;
+/// WASI Wall Clock is a clock API intended to let users query the current
+/// time. The name "wall" makes an analogy to a "clock on the wall", which
+/// is not necessarily monotonic as it may be reset.
+///
+/// It is intended to be portable at least between Unix-family platforms and
+/// Windows.
+///
+/// A wall clock is a clock which measures the date and time according to
+/// some external reference.
+///
+/// External references may be reset, so this clock is not necessarily
+/// monotonic, making it unsuitable for measuring elapsed time.
+///
+/// It is intended for reporting the current date and time for humans.
+interface wall-clock {
+    /// A time and date in seconds plus nanoseconds.
+    record datetime {
+        seconds: u64,
+        nanoseconds: u32,
+    }
+
+    /// Read the current value of the clock.
+    ///
+    /// This clock is not monotonic, therefore calling this function repeatedly
+    /// will not necessarily produce a sequence of non-decreasing values.
+    ///
+    /// The returned timestamps represent the number of seconds since
+    /// 1970-01-01T00:00:00Z, also known as [POSIX's Seconds Since the Epoch],
+    /// also known as [Unix Time].
+    ///
+    /// The nanoseconds field of the output is always less than 1000000000.
+    ///
+    /// [POSIX's Seconds Since the Epoch]: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html#tag_21_04_16
+    /// [Unix Time]: https://en.wikipedia.org/wiki/Unix_time
+    now: func() -> datetime;
+
+    /// Query the resolution of the clock.
+    ///
+    /// The nanoseconds field of the output is always less than 1000000000.
+    resolution: func() -> datetime;
+}
diff --git a/wit/deps/clocks/world.wit b/wit/deps/clocks/world.wit
new file mode 100644
index 0000000..8fa080f
--- /dev/null
+++ b/wit/deps/clocks/world.wit
@@ -0,0 +1,6 @@
+package wasi:clocks@0.2.0-rc-2023-11-10;
+
+world imports {
+    import monotonic-clock;
+    import wall-clock;
+}
diff --git a/wit/tcp.wit b/wit/tcp.wit
index ac12746..b01b65e 100644
--- a/wit/tcp.wit
+++ b/wit/tcp.wit
@@ -2,6 +2,7 @@
 interface tcp {
     use wasi:io/streams@0.2.0-rc-2023-11-10.{input-stream, output-stream};
     use wasi:io/poll@0.2.0-rc-2023-11-10.{pollable};
+    use wasi:clocks/monotonic-clock@0.2.0-rc-2023-11-10.{duration};
     use network.{network, error-code, ip-socket-address, ip-address-family};
 
     enum shutdown-type {
@@ -125,8 +126,11 @@ interface tcp {
         /// The returned socket is bound and in the Connection state. The following properties are inherited from the listener socket:
         /// - `address-family`
         /// - `ipv6-only`
-        /// - `keep-alive`
-        /// - `unicast-hop-limit`
+        /// - `keep-alive-enabled`
+        /// - `keep-alive-idle-time`
+        /// - `keep-alive-interval`
+        /// - `keep-alive-count`
+        /// - `hop-limit`
         /// - `receive-buffer-size`
         /// - `send-buffer-size`
         ///
@@ -176,6 +180,11 @@ interface tcp {
         /// - <https://man.freebsd.org/cgi/man.cgi?query=getpeername&sektion=2&n=1>
         remote-address: func() -> result<ip-socket-address, error-code>;
 
+        /// Whether the socket is listening for new connections.
+        ///
+        /// Equivalent to the SO_ACCEPTCONN socket option.
+        is-listening: func() -> bool;
+
         /// Whether this is a IPv4 or IPv6 socket.
         ///
         /// Equivalent to the SO_DOMAIN socket option.
@@ -194,36 +203,87 @@ interface tcp {
 
         /// Hints the desired listen queue size. Implementations are free to ignore this.
         ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        ///
         /// # Typical errors
         /// - `not-supported`:        (set) The platform does not support changing the backlog size after the initial listen.
+        /// - `invalid-argument`:     (set) The provided value was 0.
         /// - `invalid-state`:        (set) The socket is already in the Connection state.
         set-listen-backlog-size: func(value: u64) -> result<_, error-code>;
 
+        /// Enables or disables keepalive.
+        ///
+        /// The keepalive behavior can be adjusted using:
+        /// - `keep-alive-idle-time`
+        /// - `keep-alive-interval`
+        /// - `keep-alive-count`
+        /// These properties can be configured while `keep-alive-enabled` is false, but only come into effect when `keep-alive-enabled` is true.
+        ///
         /// Equivalent to the SO_KEEPALIVE socket option.
-        keep-alive: func() -> result<bool, error-code>;
-        set-keep-alive: func(value: bool) -> result<_, error-code>;
+        keep-alive-enabled: func() -> result<bool, error-code>;
+        set-keep-alive-enabled: func(value: bool) -> result<_, error-code>;
+
+        /// Amount of time the connection has to be idle before TCP starts sending keepalive packets.
+        ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        /// I.e. after setting a value, reading the same setting back may return a different value.
+        ///
+        /// Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS)
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:     (set) The provided value was 0.
+        keep-alive-idle-time: func() -> result<duration, error-code>;
+        set-keep-alive-idle-time: func(value: duration) -> result<_, error-code>;
+
+        /// The time between keepalive packets.
+        ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        /// I.e. after setting a value, reading the same setting back may return a different value.
+        ///
+        /// Equivalent to the TCP_KEEPINTVL socket option.
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:     (set) The provided value was 0.
+        keep-alive-interval: func() -> result<duration, error-code>;
+        set-keep-alive-interval: func(value: duration) -> result<_, error-code>;
+
+        /// The maximum amount of keepalive packets TCP should send before aborting the connection.
+        ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        /// I.e. after setting a value, reading the same setting back may return a different value.
+        ///
+        /// Equivalent to the TCP_KEEPCNT socket option.
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:     (set) The provided value was 0.
+        keep-alive-count: func() -> result<u32, error-code>;
+        set-keep-alive-count: func(value: u32) -> result<_, error-code>;
 
         /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options.
         ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        ///
         /// # Typical errors
         /// - `invalid-argument`:     (set) The TTL value must be 1 or higher.
         /// - `invalid-state`:        (set) The socket is already in the Connection state.
         /// - `invalid-state`:        (set) The socket is already in the Listener state.
-        unicast-hop-limit: func() -> result<u8, error-code>;
-        set-unicast-hop-limit: func(value: u8) -> result<_, error-code>;
+        hop-limit: func() -> result<u8, error-code>;
+        set-hop-limit: func(value: u8) -> result<_, error-code>;
 
         /// The kernel buffer space reserved for sends/receives on this socket.
         ///
-        /// Note #1: an implementation may choose to cap or round the buffer size when setting the value.
-        ///     In other words, after setting a value, reading the same setting back may return a different value.
-        ///
-        /// Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
-        ///     actual data to be sent/received by the application, because the kernel might also use the buffer space
-        ///     for internal metadata structures.
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        /// I.e. after setting a value, reading the same setting back may return a different value.
         ///
         /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.
         ///
         /// # Typical errors
+        /// - `invalid-argument`:     (set) The provided value was 0.
         /// - `invalid-state`:        (set) The socket is already in the Connection state.
         /// - `invalid-state`:        (set) The socket is already in the Listener state.
         receive-buffer-size: func() -> result<u64, error-code>;
diff --git a/wit/udp.wit b/wit/udp.wit
index 8817686..c8dafad 100644
--- a/wit/udp.wit
+++ b/wit/udp.wit
@@ -154,19 +154,24 @@ interface udp {
         set-ipv6-only: func(value: bool) -> result<_, error-code>;
 
         /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options.
+        ///
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:     (set) The TTL value must be 1 or higher.
         unicast-hop-limit: func() -> result<u8, error-code>;
         set-unicast-hop-limit: func(value: u8) -> result<_, error-code>;
 
         /// The kernel buffer space reserved for sends/receives on this socket.
         ///
-        /// Note #1: an implementation may choose to cap or round the buffer size when setting the value.
-        /// 	In other words, after setting a value, reading the same setting back may return a different value.
-        ///
-        /// Note #2: there is not necessarily a direct relationship between the kernel buffer size and the bytes of
-        /// 	actual data to be sent/received by the application, because the kernel might also use the buffer space
-        /// 	for internal metadata structures.
+        /// If the provided value is 0, an `invalid-argument` error is returned.
+        /// Any other value will never cause an error, but it might be silently clamped and/or rounded.
+        /// I.e. after setting a value, reading the same setting back may return a different value.
         ///
         /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options.
+        ///
+        /// # Typical errors
+        /// - `invalid-argument`:     (set) The provided value was 0.
         receive-buffer-size: func() -> result<u64, error-code>;
         set-receive-buffer-size: func(value: u64) -> result<_, error-code>;
         send-buffer-size: func() -> result<u64, error-code>;