]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
cc527a47 | 2 | |
cc527a47 | 3 | #include <errno.h> |
11c3a366 TA |
4 | #include <netinet/in.h> |
5 | #include <stdbool.h> | |
cc527a47 | 6 | #include <stddef.h> |
3ffd4af2 | 7 | #include <string.h> |
11c3a366 | 8 | #include <sys/socket.h> |
11c3a366 | 9 | #include <sys/un.h> |
3ffd4af2 | 10 | #include <unistd.h> |
cc527a47 | 11 | |
b5efdb8a | 12 | #include "alloc-util.h" |
3ffd4af2 | 13 | #include "fd-util.h" |
294d46f1 | 14 | #include "fs-util.h" |
93cc7779 | 15 | #include "log.h" |
cc527a47 | 16 | #include "macro.h" |
cc527a47 | 17 | #include "missing.h" |
3ffd4af2 | 18 | #include "mkdir.h" |
d7b8eec7 LP |
19 | #include "selinux-util.h" |
20 | #include "socket-util.h" | |
825546ef | 21 | #include "umask-util.h" |
cc527a47 KS |
22 | |
23 | int socket_address_listen( | |
24 | const SocketAddress *a, | |
175a3d25 | 25 | int flags, |
cc527a47 KS |
26 | int backlog, |
27 | SocketAddressBindIPv6Only only, | |
28 | const char *bind_to_device, | |
54255c64 | 29 | bool reuse_port, |
cc527a47 KS |
30 | bool free_bind, |
31 | bool transparent, | |
32 | mode_t directory_mode, | |
33 | mode_t socket_mode, | |
175a3d25 LP |
34 | const char *label) { |
35 | ||
36 | _cleanup_close_ int fd = -1; | |
294d46f1 | 37 | const char *p; |
175a3d25 | 38 | int r, one; |
cc527a47 | 39 | |
cc527a47 | 40 | assert(a); |
cc527a47 | 41 | |
175a3d25 LP |
42 | r = socket_address_verify(a); |
43 | if (r < 0) | |
cc527a47 KS |
44 | return r; |
45 | ||
46 | if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported()) | |
47 | return -EAFNOSUPPORT; | |
48 | ||
175a3d25 | 49 | if (label) { |
ecabcf8b | 50 | r = mac_selinux_create_socket_prepare(label); |
175a3d25 LP |
51 | if (r < 0) |
52 | return r; | |
53 | } | |
cc527a47 | 54 | |
175a3d25 | 55 | fd = socket(socket_address_family(a), a->type | flags, a->protocol); |
cc527a47 KS |
56 | r = fd < 0 ? -errno : 0; |
57 | ||
175a3d25 | 58 | if (label) |
ecabcf8b | 59 | mac_selinux_create_socket_clear(); |
cc527a47 KS |
60 | |
61 | if (r < 0) | |
62 | return r; | |
63 | ||
64 | if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) { | |
65 | int flag = only == SOCKET_ADDRESS_IPV6_ONLY; | |
66 | ||
67 | if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0) | |
175a3d25 | 68 | return -errno; |
cc527a47 KS |
69 | } |
70 | ||
5ed272cf | 71 | if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) { |
cc527a47 KS |
72 | if (bind_to_device) |
73 | if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0) | |
175a3d25 | 74 | return -errno; |
cc527a47 | 75 | |
54255c64 CT |
76 | if (reuse_port) { |
77 | one = 1; | |
78 | if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) < 0) | |
79 | log_warning_errno(errno, "SO_REUSEPORT failed: %m"); | |
80 | } | |
81 | ||
cc527a47 KS |
82 | if (free_bind) { |
83 | one = 1; | |
84 | if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0) | |
56f64d95 | 85 | log_warning_errno(errno, "IP_FREEBIND failed: %m"); |
cc527a47 KS |
86 | } |
87 | ||
88 | if (transparent) { | |
89 | one = 1; | |
90 | if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) | |
56f64d95 | 91 | log_warning_errno(errno, "IP_TRANSPARENT failed: %m"); |
cc527a47 KS |
92 | } |
93 | } | |
94 | ||
95 | one = 1; | |
96 | if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) | |
175a3d25 | 97 | return -errno; |
cc527a47 | 98 | |
294d46f1 LP |
99 | p = socket_address_get_path(a); |
100 | if (p) { | |
cc527a47 | 101 | /* Create parents */ |
294d46f1 | 102 | (void) mkdir_parents_label(p, directory_mode); |
cc527a47 | 103 | |
175a3d25 | 104 | /* Enforce the right access mode for the socket */ |
825546ef ZJS |
105 | RUN_WITH_UMASK(~socket_mode) { |
106 | r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size); | |
107 | if (r == -EADDRINUSE) { | |
108 | /* Unlink and try again */ | |
706d7c27 LP |
109 | |
110 | if (unlink(p) < 0) | |
111 | return r; /* didn't work, return original error */ | |
112 | ||
113 | r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size); | |
114 | } | |
115 | if (r < 0) | |
825546ef | 116 | return r; |
cc527a47 | 117 | } |
825546ef ZJS |
118 | } else { |
119 | if (bind(fd, &a->sockaddr.sa, a->size) < 0) | |
120 | return -errno; | |
121 | } | |
cc527a47 KS |
122 | |
123 | if (socket_address_can_accept(a)) | |
124 | if (listen(fd, backlog) < 0) | |
175a3d25 | 125 | return -errno; |
cc527a47 | 126 | |
5b5e6dea LP |
127 | /* Let's trigger an inotify event on the socket node, so that anyone waiting for this socket to be connectable |
128 | * gets notified */ | |
129 | if (p) | |
130 | (void) touch(p); | |
131 | ||
175a3d25 LP |
132 | r = fd; |
133 | fd = -1; | |
cc527a47 | 134 | |
cc527a47 KS |
135 | return r; |
136 | } | |
e0aa3726 | 137 | |
7b7afdfc | 138 | int make_socket_fd(int log_level, const char* address, int type, int flags) { |
e0aa3726 ZJS |
139 | SocketAddress a; |
140 | int fd, r; | |
141 | ||
142 | r = socket_address_parse(&a, address); | |
e53fc357 LP |
143 | if (r < 0) |
144 | return log_error_errno(r, "Failed to parse socket address \"%s\": %m", address); | |
e0aa3726 | 145 | |
7b7afdfc SS |
146 | a.type = type; |
147 | ||
148 | fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT, | |
54255c64 | 149 | NULL, false, false, false, 0755, 0644, NULL); |
e0aa3726 | 150 | if (fd < 0 || log_get_max_level() >= log_level) { |
c8b32e11 | 151 | _cleanup_free_ char *p = NULL; |
e0aa3726 ZJS |
152 | |
153 | r = socket_address_print(&a, &p); | |
f647962d MS |
154 | if (r < 0) |
155 | return log_error_errno(r, "socket_address_print(): %m"); | |
e0aa3726 ZJS |
156 | |
157 | if (fd < 0) | |
da927ba9 | 158 | log_error_errno(fd, "Failed to listen on %s: %m", p); |
e0aa3726 ZJS |
159 | else |
160 | log_full(log_level, "Listening on %s", p); | |
161 | } | |
162 | ||
163 | return fd; | |
164 | } |