]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mount: clarify that User= and Group= are useless with an explicit Type=
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
916abb21 30#include <mqueue.h>
0eb59ccf 31#include <attr/xattr.h>
83c60c9f 32
87f0e418 33#include "unit.h"
5cb5a6ff 34#include "socket.h"
cebf8b20 35#include "netinet/tcp.h"
83c60c9f 36#include "log.h"
23a177ef
LP		 37#include "load-dropin.h"
38#include "load-fragment.h"
9e2f7c11 39#include "strv.h"
49e942b2 40#include "mkdir.h"
9eb977db 41#include "path-util.h"
4f2d528d 42#include "unit-name.h"
41f9172f 43#include "unit-printf.h"
4139c1b2 44#include "dbus-socket.h"
4fd5948e 45#include "missing.h"
a40eb732 46#include "special.h"
398ef8ba 47#include "bus-errors.h"
e51bc1a2 48#include "label.h"
9a57c629 49#include "exit-status.h"
f6a6225e 50#include "def.h"
83c60c9f 51
acbb0225 52static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 53 [SOCKET_DEAD] = UNIT_INACTIVE,
54 [SOCKET_START_PRE] = UNIT_ACTIVATING,
55 [SOCKET_START_POST] = UNIT_ACTIVATING,
56 [SOCKET_LISTENING] = UNIT_ACTIVE,
57 [SOCKET_RUNNING] = UNIT_ACTIVE,
58 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
59 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
60 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 62 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 64 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 65};
5cb5a6ff 66
a16e1123
LP		 67static void socket_init(Unit *u) {
68 Socket *s = SOCKET(u);
69
70 assert(u);
ac155bb8 71 assert(u->load_state == UNIT_STUB);
a16e1123 72
a16e1123
LP		 73 s->backlog = SOMAXCONN;
74 s->timeout_usec = DEFAULT_TIMEOUT_USEC;
75 s->directory_mode = 0755;
9131f660 76 s->socket_mode = 0666;
a16e1123 77
6cf6bbc2
LP		 78 s->max_connections = 64;
79
4fd5948e 80 s->priority = -1;
4fd5948e
LP		 81 s->ip_tos = -1;
82 s->ip_ttl = -1;
4fd5948e 83 s->mark = -1;
4fd5948e 84
a16e1123 85 exec_context_init(&s->exec_context);
ac155bb8
MS		 86 s->exec_context.std_output = u->manager->default_std_output;
87 s->exec_context.std_error = u->manager->default_std_error;
4819ff03 88 kill_context_init(&s->kill_context);
a16e1123
LP		 89
90 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
91}
acbb0225 92
5e94833f
LP		 93static void socket_unwatch_control_pid(Socket *s) {
94 assert(s);
95
96 if (s->control_pid <= 0)
97 return;
98
99 unit_unwatch_pid(UNIT(s), s->control_pid);
100 s->control_pid = 0;
101}
102
87f0e418
LP		 103static void socket_done(Unit *u) {
104 Socket *s = SOCKET(u);
034c6ed7
LP		 105 SocketPort *p;
106
107 assert(s);
108
109 while ((p = s->ports)) {
110 LIST_REMOVE(SocketPort, port, s->ports, p);
111
a16e1123
LP		 112 if (p->fd >= 0) {
113 unit_unwatch_fd(UNIT(s), &p->fd_watch);
114 close_nointr_nofail(p->fd);
115 }
116
034c6ed7
LP		 117 free(p->path);
118 free(p);
119 }
120
121 exec_context_done(&s->exec_context);
e537352b 122 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 123 s->control_command = NULL;
124
5e94833f 125 socket_unwatch_control_pid(s);
034c6ed7 126
57020a3a 127 unit_ref_unset(&s->service);
034c6ed7 128
cebf8b20
TT		 129 free(s->tcp_congestion);
130 s->tcp_congestion = NULL;
131
acbb0225 132 free(s->bind_to_device);
e537352b 133 s->bind_to_device = NULL;
acbb0225 134
0eb59ccf
AK		 135 free(s->smack);
136 free(s->smack_ip_in);
137 free(s->smack_ip_out);
138
acbb0225 139 unit_unwatch_timer(u, &s->timer_watch);
5cb5a6ff
LP		 140}
141
b15bdda8
LP		 142static int socket_instantiate_service(Socket *s) {
143 char *prefix, *name;
144 int r;
145 Unit *u;
146
147 assert(s);
148
149 /* This fills in s->service if it isn't filled in yet. For
150 * Accept=yes sockets we create the next connection service
151 * here. For Accept=no this is mostly a NOP since the service
152 * is figured out at load time anyway. */
153
57020a3a 154 if (UNIT_DEREF(s->service))
b15bdda8
LP		 155 return 0;
156
157 assert(s->accept);
158
1124fe6f 159 if (!(prefix = unit_name_to_prefix(UNIT(s)->id)))
b15bdda8
LP		 160 return -ENOMEM;
161
162 r = asprintf(&name, "%s@%u.service", prefix, s->n_accepted);
163 free(prefix);
164
165 if (r < 0)
166 return -ENOMEM;
167
1124fe6f 168 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 169 free(name);
170
171 if (r < 0)
172 return r;
173
7b4bf06b 174#ifdef HAVE_SYSV_COMPAT
1b64d026 175 if (SERVICE(u)->is_sysv) {
7b4bf06b
LP		 176 log_error("Using SysV services for socket activation is not supported. Refusing.");
177 return -ENOENT;
178 }
179#endif
180
ac155bb8 181 u->no_gc = true;
57020a3a
LP		 182 unit_ref_set(&s->service, u);
183
184 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 185}
186
4f2d528d
LP		 187static bool have_non_accept_socket(Socket *s) {
188 SocketPort *p;
189
190 assert(s);
191
192 if (!s->accept)
193 return true;
194
dd5ad9d4
LP		 195 LIST_FOREACH(port, p, s->ports) {
196
197 if (p->type != SOCKET_SOCKET)
198 return true;
199
4f2d528d
LP		 200 if (!socket_address_can_accept(&p->address))
201 return true;
dd5ad9d4 202 }
4f2d528d
LP		 203
204 return false;
205}
206
207static int socket_verify(Socket *s) {
208 assert(s);
209
1124fe6f 210 if (UNIT(s)->load_state != UNIT_LOADED)
4f2d528d
LP		 211 return 0;
212
213 if (!s->ports) {
1124fe6f 214 log_error("%s lacks Listen setting. Refusing.", UNIT(s)->id);
4f2d528d
LP		 215 return -EINVAL;
216 }
217
0009d2a6 218 if (s->accept && have_non_accept_socket(s)) {
1124fe6f 219 log_error("%s configured for accepting sockets, but sockets are non-accepting. Refusing.", UNIT(s)->id);
0009d2a6
LP		 220 return -EINVAL;
221 }
222
6cf6bbc2 223 if (s->accept && s->max_connections <= 0) {
1124fe6f 224 log_error("%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
4d0e5dbd
LP		 225 return -EINVAL;
226 }
227
57020a3a 228 if (s->accept && UNIT_DEREF(s->service)) {
1124fe6f 229 log_error("Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
d9ff321a
LP		 230 return -EINVAL;
231 }
232
4819ff03 233 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
1124fe6f 234 log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
6cf6bbc2
LP		 235 return -EINVAL;
236 }
237
4f2d528d
LP		 238 return 0;
239}
240
6e2ef85b
LP		 241static bool socket_needs_mount(Socket *s, const char *prefix) {
242 SocketPort *p;
243
244 assert(s);
245
246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type == SOCKET_SOCKET) {
249 if (socket_address_needs_mount(&p->address, prefix))
250 return true;
916abb21 251 } else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL) {
6e2ef85b
LP		 252 if (path_startswith(p->path, prefix))
253 return true;
254 }
255 }
256
257 return false;
258}
259
260int socket_add_one_mount_link(Socket *s, Mount *m) {
261 int r;
262
263 assert(s);
264 assert(m);
265
1124fe6f
MS		 266 if (UNIT(s)->load_state != UNIT_LOADED ||
267 UNIT(m)->load_state != UNIT_LOADED)
6e2ef85b
LP		 268 return 0;
269
270 if (!socket_needs_mount(s, m->where))
271 return 0;
272
b87705cd
LP		 273 r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true);
274 if (r < 0)
6e2ef85b
LP		 275 return r;
276
277 return 0;
278}
279
280static int socket_add_mount_links(Socket *s) {
ac155bb8 281 Unit *other;
6e2ef85b
LP		 282 int r;
283
284 assert(s);
285
b87705cd
LP		 286 LIST_FOREACH(units_by_type, other, UNIT(s)->manager->units_by_type[UNIT_MOUNT]) {
287 r = socket_add_one_mount_link(s, MOUNT(other));
288 if (r < 0)
6e2ef85b 289 return r;
b87705cd 290 }
6e2ef85b
LP		 291
292 return 0;
293}
294
295static int socket_add_device_link(Socket *s) {
296 char *t;
297 int r;
298
299 assert(s);
300
301 if (!s->bind_to_device)
302 return 0;
303
304 if (asprintf(&t, "/sys/subsystem/net/devices/%s", s->bind_to_device) < 0)
305 return -ENOMEM;
306
307 r = unit_add_node_link(UNIT(s), t, false);
308 free(t);
309
310 return r;
311}
312
a40eb732
LP		 313static int socket_add_default_dependencies(Socket *s) {
314 int r;
315 assert(s);
316
67445f4e 317 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
2a77d31d
LP		 318 if ((r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true)) < 0)
319 return r;
320
a40eb732
LP		 321 if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0)
322 return r;
2a77d31d 323 }
a40eb732 324
ead8e478 325 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 326}
327
4cfc6dbe
LP		 328static bool socket_has_exec(Socket *s) {
329 unsigned i;
330 assert(s);
331
332 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
333 if (s->exec_command[i])
334 return true;
335
336 return false;
337}
338
e537352b
LP		 339static int socket_load(Unit *u) {
340 Socket *s = SOCKET(u);
341 int r;
44d8db9e 342
e537352b 343 assert(u);
ac155bb8 344 assert(u->load_state == UNIT_STUB);
44d8db9e 345
e537352b 346 if ((r = unit_load_fragment_and_dropin(u)) < 0)
23a177ef 347 return r;
44d8db9e 348
23a177ef 349 /* This is a new unit? Then let's add in some extras */
ac155bb8 350 if (u->load_state == UNIT_LOADED) {
44d8db9e 351
4f2d528d 352 if (have_non_accept_socket(s)) {
d9ff321a 353
57020a3a
LP		 354 if (!UNIT_DEREF(s->service)) {
355 Unit *x;
356
357 r = unit_load_related_unit(u, ".service", &x);
358 if (r < 0)
d9ff321a 359 return r;
23a177ef 360
57020a3a
LP		 361 unit_ref_set(&s->service, x);
362 }
363
364 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
365 if (r < 0)
4f2d528d
LP		 366 return r;
367 }
44d8db9e 368
6e2ef85b
LP		 369 if ((r = socket_add_mount_links(s)) < 0)
370 return r;
371
372 if ((r = socket_add_device_link(s)) < 0)
373 return r;
374
4cfc6dbe
LP		 375 if (socket_has_exec(s))
376 if ((r = unit_add_exec_dependencies(u, &s->exec_context)) < 0)
377 return r;
23a177ef 378
d686d8a9 379 if ((r = unit_add_default_cgroups(u)) < 0)
23a177ef 380 return r;
a40eb732 381
1124fe6f 382 if (UNIT(s)->default_dependencies)
a40eb732
LP		 383 if ((r = socket_add_default_dependencies(s)) < 0)
384 return r;
e06c73cc 385
cba6e062 386 r = unit_exec_context_defaults(u, &s->exec_context);
e06c73cc
LP		 387 if (r < 0)
388 return r;
23a177ef
LP		 389 }
390
4f2d528d 391 return socket_verify(s);
44d8db9e
LP		 392}
393
7a22745a
LP		 394static const char* listen_lookup(int family, int type) {
395
396 if (family == AF_NETLINK)
397 return "ListenNetlink";
542563ba
LP		 398
399 if (type == SOCK_STREAM)
400 return "ListenStream";
401 else if (type == SOCK_DGRAM)
402 return "ListenDatagram";
403 else if (type == SOCK_SEQPACKET)
404 return "ListenSequentialPacket";
405
034c6ed7 406 assert_not_reached("Unknown socket type");
542563ba
LP		 407 return NULL;
408}
409
87f0e418 410static void socket_dump(Unit *u, FILE *f, const char *prefix) {
5cb5a6ff 411
5cb5a6ff 412 SocketExecCommand c;
87f0e418 413 Socket *s = SOCKET(u);
542563ba 414 SocketPort *p;
82ba9f08
LP		 415 const char *prefix2;
416 char *p2;
5cb5a6ff
LP		 417
418 assert(s);
fa068367 419 assert(f);
5cb5a6ff 420
82ba9f08
LP		 421 p2 = strappend(prefix, "\t");
422 prefix2 = p2 ? p2 : prefix;
c43d20a0 423
5cb5a6ff
LP		 424 fprintf(f,
425 "%sSocket State: %s\n"
81a5c6d0 426 "%sResult: %s\n"
542563ba 427 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 428 "%sBacklog: %u\n"
429 "%sSocketMode: %04o\n"
4fd5948e
LP		 430 "%sDirectoryMode: %04o\n"
431 "%sKeepAlive: %s\n"
cebf8b20 432 "%sFreeBind: %s\n"
6b6d2dee 433 "%sTransparent: %s\n"
ec6370a2 434 "%sBroadcast: %s\n"
ede3deb4 435 "%sPassCredentials: %s\n"
54ecda32 436 "%sPassSecurity: %s\n"
cebf8b20 437 "%sTCPCongestion: %s\n",
a16e1123 438 prefix, socket_state_to_string(s->state),
81a5c6d0 439 prefix, socket_result_to_string(s->result),
c0120d99 440 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 441 prefix, s->backlog,
442 prefix, s->socket_mode,
4fd5948e
LP		 443 prefix, s->directory_mode,
444 prefix, yes_no(s->keep_alive),
cebf8b20 445 prefix, yes_no(s->free_bind),
6b6d2dee 446 prefix, yes_no(s->transparent),
ec6370a2 447 prefix, yes_no(s->broadcast),
d68af586 448 prefix, yes_no(s->pass_cred),
54ecda32 449 prefix, yes_no(s->pass_sec),
83a95334 450 prefix, strna(s->tcp_congestion));
542563ba 451
70123e68
LP		 452 if (s->control_pid > 0)
453 fprintf(f,
bb00e604
LP		 454 "%sControl PID: %lu\n",
455 prefix, (unsigned long) s->control_pid);
70123e68 456
acbb0225
LP		 457 if (s->bind_to_device)
458 fprintf(f,
459 "%sBindToDevice: %s\n",
460 prefix, s->bind_to_device);
461
4f2d528d
LP		 462 if (s->accept)
463 fprintf(f,
6cf6bbc2
LP		 464 "%sAccepted: %u\n"
465 "%sNConnections: %u\n"
466 "%sMaxConnections: %u\n",
467 prefix, s->n_accepted,
468 prefix, s->n_connections,
469 prefix, s->max_connections);
4f2d528d 470
4fd5948e
LP		 471 if (s->priority >= 0)
472 fprintf(f,
473 "%sPriority: %i\n",
474 prefix, s->priority);
475
476 if (s->receive_buffer > 0)
477 fprintf(f,
478 "%sReceiveBuffer: %zu\n",
479 prefix, s->receive_buffer);
480
481 if (s->send_buffer > 0)
482 fprintf(f,
483 "%sSendBuffer: %zu\n",
484 prefix, s->send_buffer);
485
486 if (s->ip_tos >= 0)
487 fprintf(f,
488 "%sIPTOS: %i\n",
489 prefix, s->ip_tos);
490
491 if (s->ip_ttl >= 0)
492 fprintf(f,
493 "%sIPTTL: %i\n",
494 prefix, s->ip_ttl);
495
496 if (s->pipe_size > 0)
497 fprintf(f,
498 "%sPipeSize: %zu\n",
499 prefix, s->pipe_size);
500
501 if (s->mark >= 0)
502 fprintf(f,
503 "%sMark: %i\n",
504 prefix, s->mark);
505
916abb21
LP		 506 if (s->mq_maxmsg > 0)
507 fprintf(f,
508 "%sMessageQueueMaxMessages: %li\n",
509 prefix, s->mq_maxmsg);
510
511 if (s->mq_msgsize > 0)
512 fprintf(f,
513 "%sMessageQueueMessageSize: %li\n",
514 prefix, s->mq_msgsize);
515
0eb59ccf
AK		 516 if (s->smack)
517 fprintf(f,
518 "%sSmackLabel: %s\n",
519 prefix, s->smack);
520
521 if (s->smack_ip_in)
522 fprintf(f,
523 "%sSmackLabelIPIn: %s\n",
524 prefix, s->smack_ip_in);
525
526 if (s->smack_ip_out)
527 fprintf(f,
528 "%sSmackLabelIPOut: %s\n",
529 prefix, s->smack_ip_out);
530
034c6ed7 531 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 532
542563ba
LP		 533 if (p->type == SOCKET_SOCKET) {
534 const char *t;
535 int r;
e364ad06 536 char *k = NULL;
542563ba
LP		 537
538 if ((r = socket_address_print(&p->address, &k)) < 0)
539 t = strerror(-r);
540 else
541 t = k;
542
7a22745a 543 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 544 free(k);
b0a3f2bc
LP		 545 } else if (p->type == SOCKET_SPECIAL)
546 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 547 else if (p->type == SOCKET_MQUEUE)
548 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 549 else
542563ba
LP		 550 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
551 }
5cb5a6ff
LP		 552
553 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 554 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 555
e537352b 556 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 557 if (!s->exec_command[c])
558 continue;
5cb5a6ff 559
40d50879 560 fprintf(f, "%s-> %s:\n",
a16e1123 561 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 562
563 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff 564 }
c43d20a0 565
82ba9f08 566 free(p2);
5cb5a6ff
LP		 567}
568
4f2d528d
LP		 569static int instance_from_socket(int fd, unsigned nr, char **instance) {
570 socklen_t l;
571 char *r;
572 union {
573 struct sockaddr sa;
574 struct sockaddr_un un;
575 struct sockaddr_in in;
576 struct sockaddr_in6 in6;
577 struct sockaddr_storage storage;
578 } local, remote;
579
580 assert(fd >= 0);
581 assert(instance);
582
583 l = sizeof(local);
584 if (getsockname(fd, &local.sa, &l) < 0)
585 return -errno;
586
587 l = sizeof(remote);
588 if (getpeername(fd, &remote.sa, &l) < 0)
589 return -errno;
590
591 switch (local.sa.sa_family) {
592
593 case AF_INET: {
594 uint32_t
595 a = ntohl(local.in.sin_addr.s_addr),
596 b = ntohl(remote.in.sin_addr.s_addr);
597
598 if (asprintf(&r,
77b088c2
LP		 599 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
600 nr,
4f2d528d
LP		 601 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
602 ntohs(local.in.sin_port),
603 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
604 ntohs(remote.in.sin_port)) < 0)
605 return -ENOMEM;
606
607 break;
608 }
609
610 case AF_INET6: {
c65a0b14 611 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 612 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
613 };
614
615 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
616 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
617 const uint8_t
618 *a = local.in6.sin6_addr.s6_addr+12,
619 *b = remote.in6.sin6_addr.s6_addr+12;
620
621 if (asprintf(&r,
77b088c2
LP		 622 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
623 nr,
2b061f5a
LP		 624 a[0], a[1], a[2], a[3],
625 ntohs(local.in6.sin6_port),
626 b[0], b[1], b[2], b[3],
627 ntohs(remote.in6.sin6_port)) < 0)
628 return -ENOMEM;
629 } else {
630 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
631
632 if (asprintf(&r,
77b088c2
LP		 633 "%u-%s:%u-%s:%u",
634 nr,
2b061f5a
LP		 635 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
636 ntohs(local.in6.sin6_port),
637 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
638 ntohs(remote.in6.sin6_port)) < 0)
639 return -ENOMEM;
640 }
4f2d528d
LP		 641
642 break;
643 }
644
645 case AF_UNIX: {
646 struct ucred ucred;
647
648 l = sizeof(ucred);
649 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
650 return -errno;
651
652 if (asprintf(&r,
bb00e604 653 "%u-%lu-%lu",
4f2d528d 654 nr,
bb00e604
LP		 655 (unsigned long) ucred.pid,
656 (unsigned long) ucred.uid) < 0)
4f2d528d
LP		 657 return -ENOMEM;
658
659 break;
660 }
661
662 default:
663 assert_not_reached("Unhandled socket type.");
664 }
665
666 *instance = r;
667 return 0;
668}
669
034c6ed7 670static void socket_close_fds(Socket *s) {
83c60c9f
LP		 671 SocketPort *p;
672
673 assert(s);
674
034c6ed7 675 LIST_FOREACH(port, p, s->ports) {
83c60c9f
LP		 676 if (p->fd < 0)
677 continue;
678
acbb0225 679 unit_unwatch_fd(UNIT(s), &p->fd_watch);
a16e1123
LP		 680 close_nointr_nofail(p->fd);
681
682 /* One little note: we should never delete any sockets
683 * in the file system here! After all some other
684 * process we spawned might still have a reference of
685 * this fd and wants to continue to use it. Therefore
686 * we delete sockets in the file system before we
687 * create a new one, not after we stopped using
688 * one! */
9152c765 689
83c60c9f
LP		 690 p->fd = -1;
691 }
692}
693
4fd5948e
LP		 694static void socket_apply_socket_options(Socket *s, int fd) {
695 assert(s);
696 assert(fd >= 0);
697
698 if (s->keep_alive) {
699 int b = s->keep_alive;
700 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
701 log_warning("SO_KEEPALIVE failed: %m");
702 }
703
ec6370a2
LP		 704 if (s->broadcast) {
705 int one = 1;
706 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
707 log_warning("SO_BROADCAST failed: %m");
708 }
709
d68af586
MS		 710 if (s->pass_cred) {
711 int one = 1;
712 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
713 log_warning("SO_PASSCRED failed: %m");
714 }
715
54ecda32
LP		 716 if (s->pass_sec) {
717 int one = 1;
718 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
719 log_warning("SO_PASSSEC failed: %m");
720 }
721
4fd5948e
LP		 722 if (s->priority >= 0)
723 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
724 log_warning("SO_PRIORITY failed: %m");
725
726 if (s->receive_buffer > 0) {
727 int value = (int) s->receive_buffer;
7d9eaa84
LP		 728
729 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
730
b8cef44e 731 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84
LP		 732 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
733 log_warning("SO_RCVBUF failed: %m");
4fd5948e
LP		 734 }
735
736 if (s->send_buffer > 0) {
737 int value = (int) s->send_buffer;
b8cef44e 738 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84
LP		 739 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
740 log_warning("SO_SNDBUF failed: %m");
4fd5948e
LP		 741 }
742
743 if (s->mark >= 0)
744 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
745 log_warning("SO_MARK failed: %m");
746
747 if (s->ip_tos >= 0)
748 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
749 log_warning("IP_TOS failed: %m");
750
46925ac5
LP		 751 if (s->ip_ttl >= 0) {
752 int r, x;
753
754 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 755
756 if (socket_ipv6_is_supported())
757 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
758 else {
759 x = -1;
760 errno = EAFNOSUPPORT;
761 }
46925ac5
LP		 762
763 if (r < 0 && x < 0)
764 log_warning("IP_TTL/IPV6_UNICAST_HOPS failed: %m");
765 }
cebf8b20
TT		 766
767 if (s->tcp_congestion)
768 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
769 log_warning("TCP_CONGESTION failed: %m");
0eb59ccf
AK		 770
771 if (s->smack_ip_in)
772 if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
773 log_error("fsetxattr(\"security.SMACK64IPIN\"): %m");
774
775 if (s->smack_ip_out)
776 if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
777 log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m");
4fd5948e
LP		 778}
779
b15bdda8 780static void socket_apply_fifo_options(Socket *s, int fd) {
4fd5948e
LP		 781 assert(s);
782 assert(fd >= 0);
783
784 if (s->pipe_size > 0)
785 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
786 log_warning("F_SETPIPE_SZ: %m");
0eb59ccf
AK		 787
788 if (s->smack)
789 if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
790 log_error("fsetxattr(\"security.SMACK64\"): %m");
4fd5948e
LP		 791}
792
b15bdda8
LP		 793static int fifo_address_create(
794 const char *path,
795 mode_t directory_mode,
796 mode_t socket_mode,
b15bdda8
LP		 797 int *_fd) {
798
7a58bfa4 799 int fd = -1, r = 0;
b15bdda8
LP		 800 struct stat st;
801 mode_t old_mask;
802
803 assert(path);
804 assert(_fd);
805
d2e54fae 806 mkdir_parents_label(path, directory_mode);
b15bdda8 807
e9a5ef7c
KS		 808 r = label_context_set(path, S_IFIFO);
809 if (r < 0)
56cf987f 810 goto fail;
b15bdda8
LP		 811
812 /* Enforce the right access mode for the fifo */
813 old_mask = umask(~ socket_mode);
814
815 /* Include the original umask in our mask */
816 umask(~socket_mode | old_mask);
817
818 r = mkfifo(path, socket_mode);
819 umask(old_mask);
820
94bc2731 821 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 822 r = -errno;
823 goto fail;
824 }
825
e4f44e73 826 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 827 r = -errno;
828 goto fail;
829 }
830
e9a5ef7c 831 label_context_clear();
7a58bfa4 832
b15bdda8
LP		 833 if (fstat(fd, &st) < 0) {
834 r = -errno;
835 goto fail;
836 }
837
838 if (!S_ISFIFO(st.st_mode) ||
de0200fc 839 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 840 st.st_uid != getuid() ||
841 st.st_gid != getgid()) {
b15bdda8
LP		 842
843 r = -EEXIST;
844 goto fail;
845 }
846
847 *_fd = fd;
848 return 0;
849
850fail:
e9a5ef7c 851 label_context_clear();
56cf987f 852
b15bdda8
LP		 853 if (fd >= 0)
854 close_nointr_nofail(fd);
855
856 return r;
857}
858
b0a3f2bc
LP		 859static int special_address_create(
860 const char *path,
861 int *_fd) {
862
863 int fd = -1, r = 0;
864 struct stat st;
865
866 assert(path);
867 assert(_fd);
868
869 if ((fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
870 r = -errno;
871 goto fail;
872 }
873
874 if (fstat(fd, &st) < 0) {
875 r = -errno;
876 goto fail;
877 }
878
879 /* Check whether this is a /proc, /sys or /dev file or char device */
880 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
881 r = -EEXIST;
882 goto fail;
883 }
884
885 *_fd = fd;
886 return 0;
887
888fail:
889 if (fd >= 0)
890 close_nointr_nofail(fd);
891
892 return r;
893}
894
916abb21
LP		 895static int mq_address_create(
896 const char *path,
897 mode_t mq_mode,
898 long maxmsg,
899 long msgsize,
900 int *_fd) {
901
902 int fd = -1, r = 0;
903 struct stat st;
904 mode_t old_mask;
905 struct mq_attr _attr, *attr = NULL;
906
907 assert(path);
908 assert(_fd);
909
910 if (maxmsg > 0 && msgsize > 0) {
911 zero(_attr);
912 _attr.mq_flags = O_NONBLOCK;
913 _attr.mq_maxmsg = maxmsg;
914 _attr.mq_msgsize = msgsize;
915 attr = &_attr;
916 }
917
918 /* Enforce the right access mode for the mq */
919 old_mask = umask(~ mq_mode);
920
921 /* Include the original umask in our mask */
922 umask(~mq_mode | old_mask);
923
924 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
925 umask(old_mask);
926
8ea913b2 927 if (fd < 0) {
916abb21
LP		 928 r = -errno;
929 goto fail;
930 }
931
932 if (fstat(fd, &st) < 0) {
933 r = -errno;
934 goto fail;
935 }
936
937 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
938 st.st_uid != getuid() ||
939 st.st_gid != getgid()) {
940
941 r = -EEXIST;
942 goto fail;
943 }
944
945 *_fd = fd;
946 return 0;
947
948fail:
949 if (fd >= 0)
950 close_nointr_nofail(fd);
951
952 return r;
953}
954
034c6ed7 955static int socket_open_fds(Socket *s) {
83c60c9f
LP		 956 SocketPort *p;
957 int r;
56cf987f 958 char *label = NULL;
049f8642 959 bool know_label = false;
83c60c9f
LP		 960
961 assert(s);
962
034c6ed7 963 LIST_FOREACH(port, p, s->ports) {
83c60c9f 964
034c6ed7
LP		 965 if (p->fd >= 0)
966 continue;
83c60c9f
LP		 967
968 if (p->type == SOCKET_SOCKET) {
969
049f8642
LP		 970 if (!know_label) {
971
972 if ((r = socket_instantiate_service(s)) < 0)
973 return r;
974
57020a3a
LP		 975 if (UNIT_DEREF(s->service) &&
976 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
977 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
189583d7
LP		 978
979 if (r < 0) {
a7444eda
LP		 980 if (r != -EPERM)
981 return r;
982 }
189583d7 983 }
049f8642
LP		 984
985 know_label = true;
986 }
987
b5a0699f
LP		 988 if ((r = socket_address_listen(
989 &p->address,
990 s->backlog,
991 s->bind_ipv6_only,
992 s->bind_to_device,
4fd5948e 993 s->free_bind,
6b6d2dee 994 s->transparent,
b5a0699f
LP		 995 s->directory_mode,
996 s->socket_mode,
56cf987f 997 label,
b5a0699f 998 &p->fd)) < 0)
83c60c9f
LP		 999 goto rollback;
1000
4fd5948e
LP		 1001 socket_apply_socket_options(s, p->fd);
1002
b0a3f2bc
LP		 1003 } else if (p->type == SOCKET_SPECIAL) {
1004
1005 if ((r = special_address_create(
1006 p->path,
1007 &p->fd)) < 0)
1008 goto rollback;
1009
b15bdda8 1010 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1011
b15bdda8
LP		 1012 if ((r = fifo_address_create(
1013 p->path,
1014 s->directory_mode,
1015 s->socket_mode,
b15bdda8 1016 &p->fd)) < 0)
83c60c9f 1017 goto rollback;
83c60c9f 1018
b15bdda8 1019 socket_apply_fifo_options(s, p->fd);
916abb21 1020 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1021
916abb21
LP		 1022 if ((r = mq_address_create(
1023 p->path,
1024 s->socket_mode,
1025 s->mq_maxmsg,
1026 s->mq_msgsize,
1027 &p->fd)) < 0)
1028 goto rollback;
b15bdda8
LP		 1029 } else
1030 assert_not_reached("Unknown port type");
034c6ed7
LP		 1031 }
1032
56cf987f 1033 label_free(label);
034c6ed7
LP		 1034 return 0;
1035
1036rollback:
1037 socket_close_fds(s);
56cf987f 1038 label_free(label);
034c6ed7
LP		 1039 return r;
1040}
1041
1042static void socket_unwatch_fds(Socket *s) {
1043 SocketPort *p;
9152c765 1044
034c6ed7
LP		 1045 assert(s);
1046
1047 LIST_FOREACH(port, p, s->ports) {
1048 if (p->fd < 0)
1049 continue;
1050
acbb0225 1051 unit_unwatch_fd(UNIT(s), &p->fd_watch);
83c60c9f 1052 }
034c6ed7
LP		 1053}
1054
1055static int socket_watch_fds(Socket *s) {
1056 SocketPort *p;
1057 int r;
1058
1059 assert(s);
83c60c9f 1060
034c6ed7
LP		 1061 LIST_FOREACH(port, p, s->ports) {
1062 if (p->fd < 0)
1063 continue;
1064
cabab516 1065 p->fd_watch.socket_accept =
4f2d528d 1066 s->accept &&
dd5ad9d4 1067 p->type == SOCKET_SOCKET &&
4f2d528d
LP		 1068 socket_address_can_accept(&p->address);
1069
f94ea366 1070 if ((r = unit_watch_fd(UNIT(s), p->fd, EPOLLIN, &p->fd_watch)) < 0)
034c6ed7
LP		 1071 goto fail;
1072 }
83c60c9f 1073
542563ba 1074 return 0;
83c60c9f 1075
034c6ed7
LP		 1076fail:
1077 socket_unwatch_fds(s);
1078 return r;
1079}
1080
1081static void socket_set_state(Socket *s, SocketState state) {
1082 SocketState old_state;
1083 assert(s);
1084
1085 old_state = s->state;
1086 s->state = state;
1087
1088 if (state != SOCKET_START_PRE &&
1089 state != SOCKET_START_POST &&
1090 state != SOCKET_STOP_PRE &&
1091 state != SOCKET_STOP_PRE_SIGTERM &&
1092 state != SOCKET_STOP_PRE_SIGKILL &&
1093 state != SOCKET_STOP_POST &&
80876c20
LP		 1094 state != SOCKET_FINAL_SIGTERM &&
1095 state != SOCKET_FINAL_SIGKILL) {
acbb0225 1096 unit_unwatch_timer(UNIT(s), &s->timer_watch);
5e94833f 1097 socket_unwatch_control_pid(s);
034c6ed7 1098 s->control_command = NULL;
a16e1123 1099 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1100 }
034c6ed7 1101
a16e1123
LP		 1102 if (state != SOCKET_LISTENING)
1103 socket_unwatch_fds(s);
1104
034c6ed7
LP		 1105 if (state != SOCKET_START_POST &&
1106 state != SOCKET_LISTENING &&
1107 state != SOCKET_RUNNING &&
1108 state != SOCKET_STOP_PRE &&
1109 state != SOCKET_STOP_PRE_SIGTERM &&
1110 state != SOCKET_STOP_PRE_SIGKILL)
1111 socket_close_fds(s);
1112
e537352b 1113 if (state != old_state)
40d50879 1114 log_debug("%s changed %s -> %s",
1124fe6f 1115 UNIT(s)->id,
a16e1123
LP		 1116 socket_state_to_string(old_state),
1117 socket_state_to_string(state));
acbb0225 1118
e2f3b44c 1119 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1120}
1121
a16e1123
LP		 1122static int socket_coldplug(Unit *u) {
1123 Socket *s = SOCKET(u);
1124 int r;
1125
1126 assert(s);
1127 assert(s->state == SOCKET_DEAD);
1128
1129 if (s->deserialized_state != s->state) {
1130
1131 if (s->deserialized_state == SOCKET_START_PRE ||
1132 s->deserialized_state == SOCKET_START_POST ||
1133 s->deserialized_state == SOCKET_STOP_PRE ||
1134 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1135 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL ||
1136 s->deserialized_state == SOCKET_STOP_POST ||
1137 s->deserialized_state == SOCKET_FINAL_SIGTERM ||
1138 s->deserialized_state == SOCKET_FINAL_SIGKILL) {
1139
1140 if (s->control_pid <= 0)
1141 return -EBADMSG;
1142
1143 if ((r = unit_watch_pid(UNIT(s), s->control_pid)) < 0)
1144 return r;
1145
1146 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1147 return r;
1148 }
1149
1150 if (s->deserialized_state == SOCKET_START_POST ||
1151 s->deserialized_state == SOCKET_LISTENING ||
1152 s->deserialized_state == SOCKET_RUNNING ||
1153 s->deserialized_state == SOCKET_STOP_PRE ||
1154 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1155 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL)
1156 if ((r = socket_open_fds(s)) < 0)
1157 return r;
1158
1159 if (s->deserialized_state == SOCKET_LISTENING)
1160 if ((r = socket_watch_fds(s)) < 0)
1161 return r;
1162
1163 socket_set_state(s, s->deserialized_state);
1164 }
1165
1166 return 0;
1167}
1168
e537352b 1169static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
034c6ed7
LP		 1170 pid_t pid;
1171 int r;
9e2f7c11 1172 char **argv;
034c6ed7
LP		 1173
1174 assert(s);
1175 assert(c);
1176 assert(_pid);
1177
e537352b
LP		 1178 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1179 goto fail;
034c6ed7 1180
9e2f7c11
LP		 1181 if (!(argv = unit_full_printf_strv(UNIT(s), c->argv))) {
1182 r = -ENOMEM;
1183 goto fail;
1184 }
1185
1186 r = exec_spawn(c,
1187 argv,
1188 &s->exec_context,
1189 NULL, 0,
1124fe6f 1190 UNIT(s)->manager->environment,
9e2f7c11
LP		 1191 true,
1192 true,
1e3ad081 1193 true,
1124fe6f
MS		 1194 UNIT(s)->manager->confirm_spawn,
1195 UNIT(s)->cgroup_bondings,
1196 UNIT(s)->cgroup_attributes,
ecedd90f 1197 NULL,
62bca2c6 1198 UNIT(s)->id,
f2b68789 1199 NULL,
9e2f7c11
LP		 1200 &pid);
1201
1202 strv_free(argv);
1203 if (r < 0)
034c6ed7
LP		 1204 goto fail;
1205
87f0e418 1206 if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
034c6ed7
LP		 1207 /* FIXME: we need to do something here */
1208 goto fail;
83c60c9f 1209
034c6ed7
LP		 1210 *_pid = pid;
1211
1212 return 0;
1213
1214fail:
e537352b 1215 unit_unwatch_timer(UNIT(s), &s->timer_watch);
83c60c9f
LP		 1216
1217 return r;
542563ba
LP		 1218}
1219
cfc4eb4c 1220static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1221 assert(s);
1222
cfc4eb4c
LP		 1223 if (f != SOCKET_SUCCESS)
1224 s->result = f;
034c6ed7 1225
cfc4eb4c 1226 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1227}
1228
cfc4eb4c 1229static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1230
cfc4eb4c 1231static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1232 int r;
1233 assert(s);
1234
cfc4eb4c
LP		 1235 if (f != SOCKET_SUCCESS)
1236 s->result = f;
034c6ed7 1237
5e94833f
LP		 1238 socket_unwatch_control_pid(s);
1239
a16e1123
LP		 1240 s->control_command_id = SOCKET_EXEC_STOP_POST;
1241
80876c20 1242 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
e537352b 1243 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1244 goto fail;
1245
80876c20
LP		 1246 socket_set_state(s, SOCKET_STOP_POST);
1247 } else
cfc4eb4c 1248 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1249
1250 return;
1251
1252fail:
1124fe6f 1253 log_warning("%s failed to run 'stop-post' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1254 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1255}
1256
cfc4eb4c 1257static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7 1258 int r;
ca949c9d
LP		 1259 Set *pid_set = NULL;
1260 bool wait_for_exit = false;
034c6ed7
LP		 1261
1262 assert(s);
1263
cfc4eb4c
LP		 1264 if (f != SOCKET_SUCCESS)
1265 s->result = f;
034c6ed7 1266
4819ff03
LP		 1267 if (s->kill_context.kill_mode != KILL_NONE) {
1268 int sig = (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_FINAL_SIGTERM) ? s->kill_context.kill_signal : SIGKILL;
034c6ed7 1269
ca949c9d 1270 if (s->control_pid > 0) {
cd25cce9 1271 if (kill_and_sigcont(s->control_pid, sig) < 0 && errno != ESRCH)
50159e6a 1272
ca949c9d
LP		 1273 log_warning("Failed to kill control process %li: %m", (long) s->control_pid);
1274 else
1275 wait_for_exit = true;
034c6ed7 1276 }
50159e6a 1277
4819ff03 1278 if (s->kill_context.kill_mode == KILL_CONTROL_GROUP) {
ca949c9d
LP		 1279
1280 if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func))) {
1281 r = -ENOMEM;
50159e6a
LP		 1282 goto fail;
1283 }
ca949c9d
LP		 1284
1285 /* Exclude the control pid from being killed via the cgroup */
1286 if (s->control_pid > 0)
1287 if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
1288 goto fail;
1289
88f3e0c9 1290 r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, false, pid_set, NULL);
ecedd90f 1291 if (r < 0) {
ca949c9d
LP		 1292 if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
1293 log_warning("Failed to kill control group: %s", strerror(-r));
1294 } else if (r > 0)
1295 wait_for_exit = true;
1296
1297 set_free(pid_set);
da19d5c1 1298 pid_set = NULL;
ca949c9d 1299 }
d6ea93e3 1300 }
034c6ed7 1301
ca949c9d 1302 if (wait_for_exit) {
80876c20
LP		 1303 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1304 goto fail;
d6ea93e3 1305
80876c20
LP		 1306 socket_set_state(s, state);
1307 } else if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1308 socket_enter_stop_post(s, SOCKET_SUCCESS);
80876c20 1309 else
cfc4eb4c 1310 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1311
1312 return;
1313
1314fail:
1124fe6f 1315 log_warning("%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1316
1317 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1318 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1319 else
cfc4eb4c 1320 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
ca949c9d
LP		 1321
1322 if (pid_set)
1323 set_free(pid_set);
034c6ed7
LP		 1324}
1325
cfc4eb4c 1326static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1327 int r;
1328 assert(s);
1329
cfc4eb4c
LP		 1330 if (f != SOCKET_SUCCESS)
1331 s->result = f;
034c6ed7 1332
5e94833f
LP		 1333 socket_unwatch_control_pid(s);
1334
a16e1123
LP		 1335 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1336
80876c20 1337 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
e537352b 1338 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1339 goto fail;
1340
80876c20
LP		 1341 socket_set_state(s, SOCKET_STOP_PRE);
1342 } else
cfc4eb4c 1343 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1344
1345 return;
1346
1347fail:
1124fe6f 1348 log_warning("%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1349 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1350}
1351
e9af15c3
LP		 1352static void socket_enter_listening(Socket *s) {
1353 int r;
1354 assert(s);
1355
cfc4eb4c
LP		 1356 r = socket_watch_fds(s);
1357 if (r < 0) {
1124fe6f 1358 log_warning("%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
e9af15c3
LP		 1359 goto fail;
1360 }
1361
1362 socket_set_state(s, SOCKET_LISTENING);
1363 return;
1364
1365fail:
cfc4eb4c 1366 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1367}
1368
034c6ed7
LP		 1369static void socket_enter_start_post(Socket *s) {
1370 int r;
1371 assert(s);
1372
cfc4eb4c
LP		 1373 r = socket_open_fds(s);
1374 if (r < 0) {
1124fe6f 1375 log_warning("%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1376 goto fail;
1377 }
1378
5e94833f
LP		 1379 socket_unwatch_control_pid(s);
1380
a16e1123
LP		 1381 s->control_command_id = SOCKET_EXEC_START_POST;
1382
80876c20 1383 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
cfc4eb4c
LP		 1384 r = socket_spawn(s, s->control_command, &s->control_pid);
1385 if (r < 0) {
1124fe6f 1386 log_warning("%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1387 goto fail;
1388 }
1389
80876c20
LP		 1390 socket_set_state(s, SOCKET_START_POST);
1391 } else
e9af15c3 1392 socket_enter_listening(s);
034c6ed7
LP		 1393
1394 return;
1395
1396fail:
cfc4eb4c 1397 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1398}
1399
1400static void socket_enter_start_pre(Socket *s) {
1401 int r;
1402 assert(s);
1403
5e94833f
LP		 1404 socket_unwatch_control_pid(s);
1405
a16e1123
LP		 1406 s->control_command_id = SOCKET_EXEC_START_PRE;
1407
80876c20 1408 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
e537352b 1409 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1410 goto fail;
1411
80876c20
LP		 1412 socket_set_state(s, SOCKET_START_PRE);
1413 } else
034c6ed7
LP		 1414 socket_enter_start_post(s);
1415
1416 return;
1417
1418fail:
1124fe6f 1419 log_warning("%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1420 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1421}
1422
4f2d528d 1423static void socket_enter_running(Socket *s, int cfd) {
034c6ed7 1424 int r;
398ef8ba 1425 DBusError error;
034c6ed7
LP		 1426
1427 assert(s);
398ef8ba 1428 dbus_error_init(&error);
034c6ed7 1429
ba3e67a7
LP		 1430 /* We don't take connections anymore if we are supposed to
1431 * shut down anyway */
18ffdfda 1432 if (unit_pending_inactive(UNIT(s))) {
1124fe6f 1433 log_debug("Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1434
7c610628
LP		 1435 if (cfd >= 0)
1436 close_nointr_nofail(cfd);
1437 else {
1438 /* Flush all sockets by closing and reopening them */
1439 socket_close_fds(s);
1440
1a710b43
MS		 1441 r = socket_watch_fds(s);
1442 if (r < 0) {
1124fe6f 1443 log_warning("%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1444 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1445 }
1446 }
1447
ba3e67a7
LP		 1448 return;
1449 }
1450
4f2d528d 1451 if (cfd < 0) {
57020a3a
LP		 1452 Iterator i;
1453 Unit *u;
f976f3f6 1454 bool pending = false;
f976f3f6
LP		 1455
1456 /* If there's already a start pending don't bother to
1457 * do anything */
1124fe6f 1458 SET_FOREACH(u, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
57020a3a
LP		 1459 if (unit_pending_active(u)) {
1460 pending = true;
1461 break;
1462 }
f976f3f6 1463
1a710b43
MS		 1464 if (!pending) {
1465 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1466 if (r < 0)
f976f3f6 1467 goto fail;
1a710b43 1468 }
4f2d528d
LP		 1469
1470 socket_set_state(s, SOCKET_RUNNING);
1471 } else {
b4f10a5e 1472 char *prefix, *instance = NULL, *name;
b15bdda8 1473 Service *service;
4f2d528d 1474
6cf6bbc2
LP		 1475 if (s->n_connections >= s->max_connections) {
1476 log_warning("Too many incoming connections (%u)", s->n_connections);
1477 close_nointr_nofail(cfd);
1478 return;
1479 }
1480
1a710b43
MS		 1481 r = socket_instantiate_service(s);
1482 if (r < 0)
b15bdda8
LP		 1483 goto fail;
1484
1a710b43
MS		 1485 r = instance_from_socket(cfd, s->n_accepted, &instance);
1486 if (r < 0) {
1487 if (r != -ENOTCONN)
1488 goto fail;
1489
1490 /* ENOTCONN is legitimate if TCP RST was received.
1491 * This connection is over, but the socket unit lives on. */
1492 close_nointr_nofail(cfd);
1493 return;
1494 }
4f2d528d 1495
1a710b43
MS		 1496 prefix = unit_name_to_prefix(UNIT(s)->id);
1497 if (!prefix) {
4f2d528d
LP		 1498 free(instance);
1499 r = -ENOMEM;
1500 goto fail;
1501 }
1502
1503 name = unit_name_build(prefix, instance, ".service");
1504 free(prefix);
1505 free(instance);
1506
b6dbbe1c 1507 if (!name) {
4f2d528d 1508 r = -ENOMEM;
b6dbbe1c
LP		 1509 goto fail;
1510 }
4f2d528d 1511
1a710b43
MS		 1512 r = unit_add_name(UNIT_DEREF(s->service), name);
1513 if (r < 0) {
b15bdda8 1514 free(name);
4f2d528d 1515 goto fail;
b15bdda8
LP		 1516 }
1517
57020a3a
LP		 1518 service = SERVICE(UNIT_DEREF(s->service));
1519 unit_ref_unset(&s->service);
b15bdda8 1520 s->n_accepted ++;
4f2d528d 1521
1124fe6f 1522 UNIT(service)->no_gc = false;
6c073082 1523
b15bdda8
LP		 1524 unit_choose_id(UNIT(service), name);
1525 free(name);
1526
1a710b43
MS		 1527 r = service_set_socket_fd(service, cfd, s);
1528 if (r < 0)
4f2d528d
LP		 1529 goto fail;
1530
1531 cfd = -1;
6cf6bbc2
LP		 1532 s->n_connections ++;
1533
1a710b43
MS		 1534 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1535 if (r < 0)
4f2d528d 1536 goto fail;
c4e2ceae
LP		 1537
1538 /* Notify clients about changed counters */
1539 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1540 }
034c6ed7 1541
034c6ed7
LP		 1542 return;
1543
1544fail:
10f70492 1545 log_warning("%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s", UNIT(s)->id, cfd >= 0 ? "template" : "non-template", bus_error(&error, r));
60089004 1546 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
4f2d528d
LP		 1547
1548 if (cfd >= 0)
1549 close_nointr_nofail(cfd);
398ef8ba
LP		 1550
1551 dbus_error_free(&error);
034c6ed7
LP		 1552}
1553
cfc4eb4c 1554static void socket_run_next(Socket *s) {
034c6ed7
LP		 1555 int r;
1556
1557 assert(s);
1558 assert(s->control_command);
1559 assert(s->control_command->command_next);
1560
5e94833f
LP		 1561 socket_unwatch_control_pid(s);
1562
034c6ed7
LP		 1563 s->control_command = s->control_command->command_next;
1564
e537352b 1565 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1566 goto fail;
1567
1568 return;
1569
1570fail:
1124fe6f 1571 log_warning("%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
80876c20
LP		 1572
1573 if (s->state == SOCKET_START_POST)
cfc4eb4c 1574 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1575 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1576 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1577 else
cfc4eb4c 1578 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1579}
1580
87f0e418
LP		 1581static int socket_start(Unit *u) {
1582 Socket *s = SOCKET(u);
83c60c9f
LP		 1583
1584 assert(s);
1585
034c6ed7
LP		 1586 /* We cannot fulfill this request right now, try again later
1587 * please! */
1588 if (s->state == SOCKET_STOP_PRE ||
1589 s->state == SOCKET_STOP_PRE_SIGKILL ||
1590 s->state == SOCKET_STOP_PRE_SIGTERM ||
1591 s->state == SOCKET_STOP_POST ||
80876c20
LP		 1592 s->state == SOCKET_FINAL_SIGTERM ||
1593 s->state == SOCKET_FINAL_SIGKILL)
034c6ed7
LP		 1594 return -EAGAIN;
1595
83c60c9f
LP		 1596 if (s->state == SOCKET_START_PRE ||
1597 s->state == SOCKET_START_POST)
034c6ed7 1598 return 0;
83c60c9f 1599
034c6ed7 1600 /* Cannot run this without the service being around */
57020a3a
LP		 1601 if (UNIT_DEREF(s->service)) {
1602 Service *service;
1603
1604 service = SERVICE(UNIT_DEREF(s->service));
1605
1124fe6f
MS		 1606 if (UNIT(service)->load_state != UNIT_LOADED) {
1607 log_error("Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1608 return -ENOENT;
4ac9236f 1609 }
4f2d528d 1610
35b8ca3a 1611 /* If the service is already active we cannot start the
4f2d528d 1612 * socket */
57020a3a
LP		 1613 if (service->state != SERVICE_DEAD &&
1614 service->state != SERVICE_FAILED &&
1615 service->state != SERVICE_AUTO_RESTART) {
1124fe6f 1616 log_error("Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1617 return -EBUSY;
4ac9236f 1618 }
7b4bf06b
LP		 1619
1620#ifdef HAVE_SYSV_COMPAT
1b64d026 1621 if (service->is_sysv) {
7b4bf06b
LP		 1622 log_error("Using SysV services for socket activation is not supported. Refusing.");
1623 return -ENOENT;
1624 }
1625#endif
4f2d528d 1626 }
e537352b 1627
fdf20a31 1628 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1629
cfc4eb4c 1630 s->result = SOCKET_SUCCESS;
034c6ed7
LP		 1631 socket_enter_start_pre(s);
1632 return 0;
1633}
83c60c9f 1634
87f0e418
LP		 1635static int socket_stop(Unit *u) {
1636 Socket *s = SOCKET(u);
034c6ed7
LP		 1637
1638 assert(s);
1639
e537352b
LP		 1640 /* Already on it */
1641 if (s->state == SOCKET_STOP_PRE ||
1642 s->state == SOCKET_STOP_PRE_SIGTERM ||
1643 s->state == SOCKET_STOP_PRE_SIGKILL ||
1644 s->state == SOCKET_STOP_POST ||
80876c20 1645 s->state == SOCKET_FINAL_SIGTERM ||
3f6c78dc 1646 s->state == SOCKET_FINAL_SIGKILL)
e537352b
LP		 1647 return 0;
1648
3f6c78dc
LP		 1649 /* If there's already something running we go directly into
1650 * kill mode. */
1651 if (s->state == SOCKET_START_PRE ||
1652 s->state == SOCKET_START_POST) {
cfc4eb4c 1653 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1654 return -EAGAIN;
1655 }
1656
034c6ed7 1657 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1658
cfc4eb4c 1659 socket_enter_stop_pre(s, SOCKET_SUCCESS);
542563ba
LP		 1660 return 0;
1661}
1662
a16e1123
LP		 1663static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1664 Socket *s = SOCKET(u);
1665 SocketPort *p;
1666 int r;
1667
1668 assert(u);
1669 assert(f);
1670 assert(fds);
1671
1672 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 1673 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 1674 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1675
1676 if (s->control_pid > 0)
5925dd3c 1677 unit_serialize_item_format(u, f, "control-pid", "%lu", (unsigned long) s->control_pid);
a16e1123
LP		 1678
1679 if (s->control_command_id >= 0)
1680 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1681
1682 LIST_FOREACH(port, p, s->ports) {
1683 int copy;
1684
1685 if (p->fd < 0)
1686 continue;
1687
1688 if ((copy = fdset_put_dup(fds, p->fd)) < 0)
1689 return copy;
1690
1691 if (p->type == SOCKET_SOCKET) {
1692 char *t;
1693
1694 if ((r = socket_address_print(&p->address, &t)) < 0)
1695 return r;
1696
7a22745a
LP		 1697 if (socket_address_family(&p->address) == AF_NETLINK)
1698 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1699 else
1700 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
a16e1123 1701 free(t);
b0a3f2bc
LP		 1702 } else if (p->type == SOCKET_SPECIAL)
1703 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1704 else {
a16e1123
LP		 1705 assert(p->type == SOCKET_FIFO);
1706 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1707 }
1708 }
1709
1710 return 0;
1711}
1712
1713static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1714 Socket *s = SOCKET(u);
a16e1123
LP		 1715
1716 assert(u);
1717 assert(key);
1718 assert(value);
1719 assert(fds);
1720
1721 if (streq(key, "state")) {
1722 SocketState state;
1723
1724 if ((state = socket_state_from_string(value)) < 0)
1725 log_debug("Failed to parse state value %s", value);
1726 else
1727 s->deserialized_state = state;
cfc4eb4c
LP		 1728 } else if (streq(key, "result")) {
1729 SocketResult f;
a16e1123 1730
cfc4eb4c
LP		 1731 f = socket_result_from_string(value);
1732 if (f < 0)
1733 log_debug("Failed to parse result value %s", value);
1734 else if (f != SOCKET_SUCCESS)
1735 s->result = f;
a16e1123
LP		 1736
1737 } else if (streq(key, "n-accepted")) {
1738 unsigned k;
1739
e364ad06 1740 if (safe_atou(value, &k) < 0)
a16e1123
LP		 1741 log_debug("Failed to parse n-accepted value %s", value);
1742 else
1743 s->n_accepted += k;
1744 } else if (streq(key, "control-pid")) {
5925dd3c 1745 pid_t pid;
a16e1123 1746
e364ad06 1747 if (parse_pid(value, &pid) < 0)
a16e1123
LP		 1748 log_debug("Failed to parse control-pid value %s", value);
1749 else
5925dd3c 1750 s->control_pid = pid;
a16e1123
LP		 1751 } else if (streq(key, "control-command")) {
1752 SocketExecCommand id;
1753
1754 if ((id = socket_exec_command_from_string(value)) < 0)
1755 log_debug("Failed to parse exec-command value %s", value);
1756 else {
1757 s->control_command_id = id;
1758 s->control_command = s->exec_command[id];
1759 }
1760 } else if (streq(key, "fifo")) {
1761 int fd, skip = 0;
1762 SocketPort *p;
1763
1764 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1765 log_debug("Failed to parse fifo value %s", value);
1766 else {
1767
1768 LIST_FOREACH(port, p, s->ports)
b0a3f2bc
LP		 1769 if (p->type == SOCKET_FIFO &&
1770 streq_ptr(p->path, value+skip))
1771 break;
1772
1773 if (p) {
1774 if (p->fd >= 0)
1775 close_nointr_nofail(p->fd);
1776 p->fd = fdset_remove(fds, fd);
1777 }
1778 }
1779
1780 } else if (streq(key, "special")) {
1781 int fd, skip = 0;
1782 SocketPort *p;
1783
1784 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1785 log_debug("Failed to parse special value %s", value);
1786 else {
1787
1788 LIST_FOREACH(port, p, s->ports)
1789 if (p->type == SOCKET_SPECIAL &&
1790 streq_ptr(p->path, value+skip))
a16e1123
LP		 1791 break;
1792
1793 if (p) {
1794 if (p->fd >= 0)
1795 close_nointr_nofail(p->fd);
1796 p->fd = fdset_remove(fds, fd);
1797 }
1798 }
1799
1800 } else if (streq(key, "socket")) {
27ca8d7a 1801 int fd, type, skip = 0;
a16e1123
LP		 1802 SocketPort *p;
1803
27ca8d7a 1804 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
a16e1123
LP		 1805 log_debug("Failed to parse socket value %s", value);
1806 else {
1807
1808 LIST_FOREACH(port, p, s->ports)
27ca8d7a 1809 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 1810 break;
1811
1812 if (p) {
1813 if (p->fd >= 0)
1814 close_nointr_nofail(p->fd);
1815 p->fd = fdset_remove(fds, fd);
1816 }
1817 }
1818
7a22745a
LP		 1819 } else if (streq(key, "netlink")) {
1820 int fd, skip = 0;
1821 SocketPort *p;
1822
1823 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1824 log_debug("Failed to parse socket value %s", value);
1825 else {
1826
1827 LIST_FOREACH(port, p, s->ports)
1828 if (socket_address_is_netlink(&p->address, value+skip))
1829 break;
1830
1831 if (p) {
1832 if (p->fd >= 0)
1833 close_nointr_nofail(p->fd);
1834 p->fd = fdset_remove(fds, fd);
1835 }
1836 }
1837
a16e1123
LP		 1838 } else
1839 log_debug("Unknown serialization key '%s'", key);
1840
1841 return 0;
1842}
1843
87f0e418
LP		 1844static UnitActiveState socket_active_state(Unit *u) {
1845 assert(u);
5cb5a6ff 1846
acbb0225 1847 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 1848}
1849
10a94420
LP		 1850static const char *socket_sub_state_to_string(Unit *u) {
1851 assert(u);
1852
a16e1123 1853 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 1854}
1855
6cf6bbc2
LP		 1856static bool socket_check_gc(Unit *u) {
1857 Socket *s = SOCKET(u);
1858
1859 assert(u);
1860
1861 return s->n_connections > 0;
1862}
1863
acbb0225 1864static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
87f0e418 1865 Socket *s = SOCKET(u);
4f2d528d 1866 int cfd = -1;
9152c765 1867
034c6ed7 1868 assert(s);
8d567588 1869 assert(fd >= 0);
9152c765 1870
871d7de4
LP		 1871 if (s->state != SOCKET_LISTENING)
1872 return;
1873
ac155bb8 1874 log_debug("Incoming traffic on %s", u->id);
9152c765 1875
4f2d528d 1876 if (events != EPOLLIN) {
641e01dc
LP		 1877
1878 if (events & EPOLLHUP)
ac155bb8 1879 log_error("%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.", u->id);
641e01dc 1880 else
ac155bb8 1881 log_error("%s: Got unexpected poll event (0x%x) on socket.", u->id, events);
641e01dc 1882
8d567588 1883 goto fail;
4f2d528d
LP		 1884 }
1885
cabab516 1886 if (w->socket_accept) {
4f2d528d
LP		 1887 for (;;) {
1888
b14eda96
LP		 1889 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
1890 if (cfd < 0) {
4f2d528d
LP		 1891
1892 if (errno == EINTR)
1893 continue;
1894
1895 log_error("Failed to accept socket: %m");
8d567588 1896 goto fail;
4f2d528d
LP		 1897 }
1898
1899 break;
1900 }
4fd5948e
LP		 1901
1902 socket_apply_socket_options(s, cfd);
4f2d528d 1903 }
9152c765 1904
4f2d528d 1905 socket_enter_running(s, cfd);
8d567588
LP		 1906 return;
1907
1908fail:
cfc4eb4c 1909 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
9152c765
LP		 1910}
1911
87f0e418
LP		 1912static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
1913 Socket *s = SOCKET(u);
cfc4eb4c 1914 SocketResult f;
5cb5a6ff
LP		 1915
1916 assert(s);
034c6ed7 1917 assert(pid >= 0);
5cb5a6ff 1918
8c47c732
LP		 1919 if (pid != s->control_pid)
1920 return;
542563ba 1921
034c6ed7
LP		 1922 s->control_pid = 0;
1923
96342de6 1924 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 1925 f = SOCKET_SUCCESS;
1926 else if (code == CLD_EXITED)
1927 f = SOCKET_FAILURE_EXIT_CODE;
1928 else if (code == CLD_KILLED)
1929 f = SOCKET_FAILURE_SIGNAL;
1930 else if (code == CLD_DUMPED)
1931 f = SOCKET_FAILURE_CORE_DUMP;
1932 else
1933 assert_not_reached("Unknown code");
8c47c732 1934
b708e7ce 1935 if (s->control_command) {
6ea832a2 1936 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 1937
b708e7ce 1938 if (s->control_command->ignore)
cfc4eb4c 1939 f = SOCKET_SUCCESS;
b708e7ce
LP		 1940 }
1941
cfc4eb4c 1942 log_full(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
ac155bb8 1943 "%s control process exited, code=%s status=%i", u->id, sigchld_code_to_string(code), status);
034c6ed7 1944
cfc4eb4c
LP		 1945 if (f != SOCKET_SUCCESS)
1946 s->result = f;
1947
1948 if (s->control_command &&
1949 s->control_command->command_next &&
1950 f == SOCKET_SUCCESS) {
1951
ac155bb8 1952 log_debug("%s running next command for state %s", u->id, socket_state_to_string(s->state));
cfc4eb4c 1953 socket_run_next(s);
acbb0225 1954 } else {
a16e1123
LP		 1955 s->control_command = NULL;
1956 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1957
034c6ed7
LP		 1958 /* No further commands for this step, so let's figure
1959 * out what to do next */
5cb5a6ff 1960
ac155bb8 1961 log_debug("%s got final SIGCHLD for state %s", u->id, socket_state_to_string(s->state));
acbb0225 1962
034c6ed7
LP		 1963 switch (s->state) {
1964
1965 case SOCKET_START_PRE:
cfc4eb4c 1966 if (f == SOCKET_SUCCESS)
acbb0225 1967 socket_enter_start_post(s);
034c6ed7 1968 else
cfc4eb4c 1969 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 1970 break;
1971
1972 case SOCKET_START_POST:
cfc4eb4c 1973 if (f == SOCKET_SUCCESS)
e9af15c3 1974 socket_enter_listening(s);
034c6ed7 1975 else
cfc4eb4c 1976 socket_enter_stop_pre(s, f);
034c6ed7
LP		 1977 break;
1978
1979 case SOCKET_STOP_PRE:
1980 case SOCKET_STOP_PRE_SIGTERM:
1981 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 1982 socket_enter_stop_post(s, f);
034c6ed7
LP		 1983 break;
1984
1985 case SOCKET_STOP_POST:
80876c20
LP		 1986 case SOCKET_FINAL_SIGTERM:
1987 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 1988 socket_enter_dead(s, f);
034c6ed7
LP		 1989 break;
1990
1991 default:
1992 assert_not_reached("Uh, control process died at wrong time.");
1993 }
1994 }
c4e2ceae
LP		 1995
1996 /* Notify clients about changed exit status */
1997 unit_add_to_dbus_queue(u);
034c6ed7 1998}
5cb5a6ff 1999
acbb0225 2000static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
87f0e418 2001 Socket *s = SOCKET(u);
5cb5a6ff 2002
034c6ed7
LP		 2003 assert(s);
2004 assert(elapsed == 1);
acbb0225 2005 assert(w == &s->timer_watch);
034c6ed7
LP		 2006
2007 switch (s->state) {
2008
2009 case SOCKET_START_PRE:
ac155bb8 2010 log_warning("%s starting timed out. Terminating.", u->id);
cfc4eb4c 2011 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2012 break;
80876c20 2013
034c6ed7 2014 case SOCKET_START_POST:
ac155bb8 2015 log_warning("%s starting timed out. Stopping.", u->id);
cfc4eb4c 2016 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2017 break;
2018
2019 case SOCKET_STOP_PRE:
ac155bb8 2020 log_warning("%s stopping timed out. Terminating.", u->id);
cfc4eb4c 2021 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2022 break;
2023
2024 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2025 if (s->kill_context.send_sigkill) {
ac155bb8 2026 log_warning("%s stopping timed out. Killing.", u->id);
cfc4eb4c 2027 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2028 } else {
ac155bb8 2029 log_warning("%s stopping timed out. Skipping SIGKILL. Ignoring.", u->id);
cfc4eb4c 2030 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2031 }
034c6ed7
LP		 2032 break;
2033
2034 case SOCKET_STOP_PRE_SIGKILL:
ac155bb8 2035 log_warning("%s still around after SIGKILL. Ignoring.", u->id);
cfc4eb4c 2036 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2037 break;
2038
2039 case SOCKET_STOP_POST:
ac155bb8 2040 log_warning("%s stopping timed out (2). Terminating.", u->id);
cfc4eb4c 2041 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2042 break;
2043
80876c20 2044 case SOCKET_FINAL_SIGTERM:
4819ff03 2045 if (s->kill_context.send_sigkill) {
ac155bb8 2046 log_warning("%s stopping timed out (2). Killing.", u->id);
cfc4eb4c 2047 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2048 } else {
ac155bb8 2049 log_warning("%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->id);
cfc4eb4c 2050 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2051 }
034c6ed7
LP		 2052 break;
2053
80876c20 2054 case SOCKET_FINAL_SIGKILL:
ac155bb8 2055 log_warning("%s still around after SIGKILL (2). Entering failed mode.", u->id);
cfc4eb4c 2056 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2057 break;
2058
2059 default:
2060 assert_not_reached("Timeout at wrong time.");
2061 }
5cb5a6ff
LP		 2062}
2063
44d8db9e
LP		 2064int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2065 int *rfds;
2066 unsigned rn_fds, k;
2067 SocketPort *p;
2068
2069 assert(s);
2070 assert(fds);
2071 assert(n_fds);
2072
2073 /* Called from the service code for requesting our fds */
2074
2075 rn_fds = 0;
2076 LIST_FOREACH(port, p, s->ports)
2077 if (p->fd >= 0)
2078 rn_fds++;
2079
de3756ab
LP		 2080 if (rn_fds <= 0) {
2081 *fds = NULL;
2082 *n_fds = 0;
2083 return 0;
2084 }
2085
e364ad06 2086 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2087 return -ENOMEM;
2088
2089 k = 0;
2090 LIST_FOREACH(port, p, s->ports)
2091 if (p->fd >= 0)
2092 rfds[k++] = p->fd;
2093
2094 assert(k == rn_fds);
2095
2096 *fds = rfds;
2097 *n_fds = rn_fds;
2098
2099 return 0;
2100}
2101
6bda96a0 2102void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2103 assert(s);
2104
6cf6bbc2
LP		 2105 /* The service is dead. Dang!
2106 *
2107 * This is strictly for one-instance-for-all-connections
2108 * services. */
ceee3d82
LP		 2109
2110 if (s->state == SOCKET_RUNNING) {
6bda96a0
LP		 2111 log_debug("%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2112 if (failed_permanent)
2113 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2114 else
2115 socket_enter_listening(s);
ceee3d82
LP		 2116 }
2117}
2118
6cf6bbc2
LP		 2119void socket_connection_unref(Socket *s) {
2120 assert(s);
2121
2122 /* The service is dead. Yay!
2123 *
35b8ca3a 2124 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2125 * services. */
2126
2127 assert(s->n_connections > 0);
2128 s->n_connections--;
2129
1124fe6f 2130 log_debug("%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
6cf6bbc2
LP		 2131}
2132
fdf20a31 2133static void socket_reset_failed(Unit *u) {
5632e374
LP		 2134 Socket *s = SOCKET(u);
2135
2136 assert(s);
2137
fdf20a31 2138 if (s->state == SOCKET_FAILED)
5632e374
LP		 2139 socket_set_state(s, SOCKET_DEAD);
2140
cfc4eb4c 2141 s->result = SOCKET_SUCCESS;
5632e374
LP		 2142}
2143
c74f17d9 2144static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
8a0867d6
LP		 2145 Socket *s = SOCKET(u);
2146 int r = 0;
2147 Set *pid_set = NULL;
2148
2149 assert(s);
2150
2151 if (who == KILL_MAIN) {
2152 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "Socket units have no main processes");
a17204af 2153 return -ESRCH;
8a0867d6
LP		 2154 }
2155
2156 if (s->control_pid <= 0 && who == KILL_CONTROL) {
2157 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
a17204af 2158 return -ESRCH;
8a0867d6
LP		 2159 }
2160
3611581e
LP		 2161 if (who == KILL_CONTROL || who == KILL_ALL)
2162 if (s->control_pid > 0)
2163 if (kill(s->control_pid, signo) < 0)
2164 r = -errno;
8a0867d6 2165
c74f17d9 2166 if (who == KILL_ALL) {
8a0867d6
LP		 2167 int q;
2168
c74f17d9
LP		 2169 pid_set = set_new(trivial_hash_func, trivial_compare_func);
2170 if (!pid_set)
8a0867d6
LP		 2171 return -ENOMEM;
2172
2173 /* Exclude the control pid from being killed via the cgroup */
c74f17d9
LP		 2174 if (s->control_pid > 0) {
2175 q = set_put(pid_set, LONG_TO_PTR(s->control_pid));
2176 if (q < 0) {
8a0867d6
LP		 2177 r = q;
2178 goto finish;
2179 }
c74f17d9 2180 }
8a0867d6 2181
88f3e0c9 2182 q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, false, pid_set, NULL);
c74f17d9
LP		 2183 if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
2184 r = q;
8a0867d6
LP		 2185 }
2186
2187finish:
2188 if (pid_set)
2189 set_free(pid_set);
2190
2191 return r;
2192}
2193
a16e1123
LP		 2194static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2195 [SOCKET_DEAD] = "dead",
2196 [SOCKET_START_PRE] = "start-pre",
2197 [SOCKET_START_POST] = "start-post",
2198 [SOCKET_LISTENING] = "listening",
2199 [SOCKET_RUNNING] = "running",
2200 [SOCKET_STOP_PRE] = "stop-pre",
2201 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2202 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2203 [SOCKET_STOP_POST] = "stop-post",
2204 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2205 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2206 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2207};
2208
2209DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2210
2211static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2212 [SOCKET_EXEC_START_PRE] = "StartPre",
2213 [SOCKET_EXEC_START_POST] = "StartPost",
2214 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2215 [SOCKET_EXEC_STOP_POST] = "StopPost"
2216};
2217
2218DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2219
cfc4eb4c
LP		 2220static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2221 [SOCKET_SUCCESS] = "success",
2222 [SOCKET_FAILURE_RESOURCES] = "resources",
2223 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2224 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2225 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2226 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2227 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2228};
2229
2230DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2231
87f0e418 2232const UnitVTable socket_vtable = {
7d17cfbc 2233 .object_size = sizeof(Socket),
3ef63c31
LP		 2234 .exec_context_offset = offsetof(Socket, exec_context),
2235
f975e971
LP		 2236 .sections =
2237 "Unit\0"
2238 "Socket\0"
2239 "Install\0",
5cb5a6ff 2240
034c6ed7
LP		 2241 .init = socket_init,
2242 .done = socket_done,
a16e1123
LP		 2243 .load = socket_load,
2244
8a0867d6
LP		 2245 .kill = socket_kill,
2246
a16e1123 2247 .coldplug = socket_coldplug,
034c6ed7 2248
5cb5a6ff
LP		 2249 .dump = socket_dump,
2250
542563ba
LP		 2251 .start = socket_start,
2252 .stop = socket_stop,
5cb5a6ff 2253
a16e1123
LP		 2254 .serialize = socket_serialize,
2255 .deserialize_item = socket_deserialize_item,
2256
5cb5a6ff 2257 .active_state = socket_active_state,
10a94420 2258 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2259
6cf6bbc2
LP		 2260 .check_gc = socket_check_gc,
2261
9152c765 2262 .fd_event = socket_fd_event,
034c6ed7 2263 .sigchld_event = socket_sigchld_event,
4139c1b2
LP		 2264 .timer_event = socket_timer_event,
2265
fdf20a31 2266 .reset_failed = socket_reset_failed,
5632e374 2267
c4e2ceae
LP		 2268 .bus_interface = "org.freedesktop.systemd1.Socket",
2269 .bus_message_handler = bus_socket_message_handler,
c6918296
MS		 2270 .bus_invalidating_properties = bus_socket_invalidating_properties,
2271
2272 .status_message_formats = {
2273 /*.starting_stopping = {
2274 [0] = "Starting socket %s...",
2275 [1] = "Stopping socket %s...",
2276 },*/
2277 .finished_start_job = {
2278 [JOB_DONE] = "Listening on %s.",
2279 [JOB_FAILED] = "Failed to listen on %s.",
2280 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2281 [JOB_TIMEOUT] = "Timed out starting %s.",
2282 },
2283 .finished_stop_job = {
2284 [JOB_DONE] = "Closed %s.",
2285 [JOB_FAILED] = "Failed stopping %s.",
2286 [JOB_TIMEOUT] = "Timed out stopping %s.",
2287 },
2288 },
5cb5a6ff 2289};
Unnamed repository; edit this file 'description' to name the repository.