]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: clarify why User=/Group= don't work with mount units
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
916abb21 30#include <mqueue.h>
cf37cd2f 31#ifdef HAVE_ATTR_XATTR_H
0eb59ccf 32#include <attr/xattr.h>
cf37cd2f 33#endif
83c60c9f 34
87f0e418 35#include "unit.h"
5cb5a6ff 36#include "socket.h"
cebf8b20 37#include "netinet/tcp.h"
83c60c9f 38#include "log.h"
23a177ef
LP		 39#include "load-dropin.h"
40#include "load-fragment.h"
9e2f7c11 41#include "strv.h"
49e942b2 42#include "mkdir.h"
9eb977db 43#include "path-util.h"
4f2d528d 44#include "unit-name.h"
41f9172f 45#include "unit-printf.h"
4139c1b2 46#include "dbus-socket.h"
4fd5948e 47#include "missing.h"
a40eb732 48#include "special.h"
398ef8ba 49#include "bus-errors.h"
e51bc1a2 50#include "label.h"
9a57c629 51#include "exit-status.h"
f6a6225e 52#include "def.h"
83c60c9f 53
acbb0225 54static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 66 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 67};
5cb5a6ff 68
a16e1123
LP		 69static void socket_init(Unit *u) {
70 Socket *s = SOCKET(u);
71
72 assert(u);
ac155bb8 73 assert(u->load_state == UNIT_STUB);
a16e1123 74
a16e1123
LP		 75 s->backlog = SOMAXCONN;
76 s->timeout_usec = DEFAULT_TIMEOUT_USEC;
77 s->directory_mode = 0755;
9131f660 78 s->socket_mode = 0666;
a16e1123 79
6cf6bbc2
LP		 80 s->max_connections = 64;
81
4fd5948e 82 s->priority = -1;
4fd5948e
LP		 83 s->ip_tos = -1;
84 s->ip_ttl = -1;
4fd5948e 85 s->mark = -1;
4fd5948e 86
a16e1123 87 exec_context_init(&s->exec_context);
ac155bb8
MS		 88 s->exec_context.std_output = u->manager->default_std_output;
89 s->exec_context.std_error = u->manager->default_std_error;
4819ff03 90 kill_context_init(&s->kill_context);
a16e1123
LP		 91
92 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
93}
acbb0225 94
5e94833f
LP		 95static void socket_unwatch_control_pid(Socket *s) {
96 assert(s);
97
98 if (s->control_pid <= 0)
99 return;
100
101 unit_unwatch_pid(UNIT(s), s->control_pid);
102 s->control_pid = 0;
103}
104
87f0e418
LP		 105static void socket_done(Unit *u) {
106 Socket *s = SOCKET(u);
034c6ed7
LP		 107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(SocketPort, port, s->ports, p);
113
a16e1123
LP		 114 if (p->fd >= 0) {
115 unit_unwatch_fd(UNIT(s), &p->fd_watch);
116 close_nointr_nofail(p->fd);
117 }
118
034c6ed7
LP		 119 free(p->path);
120 free(p);
121 }
122
123 exec_context_done(&s->exec_context);
e537352b 124 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 125 s->control_command = NULL;
126
5e94833f 127 socket_unwatch_control_pid(s);
034c6ed7 128
57020a3a 129 unit_ref_unset(&s->service);
034c6ed7 130
cebf8b20
TT		 131 free(s->tcp_congestion);
132 s->tcp_congestion = NULL;
133
acbb0225 134 free(s->bind_to_device);
e537352b 135 s->bind_to_device = NULL;
acbb0225 136
0eb59ccf
AK		 137 free(s->smack);
138 free(s->smack_ip_in);
139 free(s->smack_ip_out);
140
acbb0225 141 unit_unwatch_timer(u, &s->timer_watch);
5cb5a6ff
LP		 142}
143
b15bdda8
LP		 144static int socket_instantiate_service(Socket *s) {
145 char *prefix, *name;
146 int r;
147 Unit *u;
148
149 assert(s);
150
151 /* This fills in s->service if it isn't filled in yet. For
152 * Accept=yes sockets we create the next connection service
153 * here. For Accept=no this is mostly a NOP since the service
154 * is figured out at load time anyway. */
155
57020a3a 156 if (UNIT_DEREF(s->service))
b15bdda8
LP		 157 return 0;
158
159 assert(s->accept);
160
1124fe6f 161 if (!(prefix = unit_name_to_prefix(UNIT(s)->id)))
b15bdda8
LP		 162 return -ENOMEM;
163
164 r = asprintf(&name, "%s@%u.service", prefix, s->n_accepted);
165 free(prefix);
166
167 if (r < 0)
168 return -ENOMEM;
169
1124fe6f 170 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 171 free(name);
172
173 if (r < 0)
174 return r;
175
7b4bf06b 176#ifdef HAVE_SYSV_COMPAT
1b64d026 177 if (SERVICE(u)->is_sysv) {
7b4bf06b
LP		 178 log_error("Using SysV services for socket activation is not supported. Refusing.");
179 return -ENOENT;
180 }
181#endif
182
ac155bb8 183 u->no_gc = true;
57020a3a
LP		 184 unit_ref_set(&s->service, u);
185
186 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 187}
188
4f2d528d
LP		 189static bool have_non_accept_socket(Socket *s) {
190 SocketPort *p;
191
192 assert(s);
193
194 if (!s->accept)
195 return true;
196
dd5ad9d4
LP		 197 LIST_FOREACH(port, p, s->ports) {
198
199 if (p->type != SOCKET_SOCKET)
200 return true;
201
4f2d528d
LP		 202 if (!socket_address_can_accept(&p->address))
203 return true;
dd5ad9d4 204 }
4f2d528d
LP		 205
206 return false;
207}
208
209static int socket_verify(Socket *s) {
210 assert(s);
211
1124fe6f 212 if (UNIT(s)->load_state != UNIT_LOADED)
4f2d528d
LP		 213 return 0;
214
215 if (!s->ports) {
1124fe6f 216 log_error("%s lacks Listen setting. Refusing.", UNIT(s)->id);
4f2d528d
LP		 217 return -EINVAL;
218 }
219
0009d2a6 220 if (s->accept && have_non_accept_socket(s)) {
1124fe6f 221 log_error("%s configured for accepting sockets, but sockets are non-accepting. Refusing.", UNIT(s)->id);
0009d2a6
LP		 222 return -EINVAL;
223 }
224
6cf6bbc2 225 if (s->accept && s->max_connections <= 0) {
1124fe6f 226 log_error("%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
4d0e5dbd
LP		 227 return -EINVAL;
228 }
229
57020a3a 230 if (s->accept && UNIT_DEREF(s->service)) {
1124fe6f 231 log_error("Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
d9ff321a
LP		 232 return -EINVAL;
233 }
234
4819ff03 235 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
1124fe6f 236 log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
6cf6bbc2
LP		 237 return -EINVAL;
238 }
239
4f2d528d
LP		 240 return 0;
241}
242
6e2ef85b
LP		 243static bool socket_needs_mount(Socket *s, const char *prefix) {
244 SocketPort *p;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249
250 if (p->type == SOCKET_SOCKET) {
251 if (socket_address_needs_mount(&p->address, prefix))
252 return true;
916abb21 253 } else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL) {
6e2ef85b
LP		 254 if (path_startswith(p->path, prefix))
255 return true;
256 }
257 }
258
259 return false;
260}
261
262int socket_add_one_mount_link(Socket *s, Mount *m) {
263 int r;
264
265 assert(s);
266 assert(m);
267
1124fe6f
MS		 268 if (UNIT(s)->load_state != UNIT_LOADED ||
269 UNIT(m)->load_state != UNIT_LOADED)
6e2ef85b
LP		 270 return 0;
271
272 if (!socket_needs_mount(s, m->where))
273 return 0;
274
b87705cd
LP		 275 r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true);
276 if (r < 0)
6e2ef85b
LP		 277 return r;
278
279 return 0;
280}
281
282static int socket_add_mount_links(Socket *s) {
ac155bb8 283 Unit *other;
6e2ef85b
LP		 284 int r;
285
286 assert(s);
287
b87705cd
LP		 288 LIST_FOREACH(units_by_type, other, UNIT(s)->manager->units_by_type[UNIT_MOUNT]) {
289 r = socket_add_one_mount_link(s, MOUNT(other));
290 if (r < 0)
6e2ef85b 291 return r;
b87705cd 292 }
6e2ef85b
LP		 293
294 return 0;
295}
296
297static int socket_add_device_link(Socket *s) {
298 char *t;
299 int r;
300
301 assert(s);
302
303 if (!s->bind_to_device)
304 return 0;
305
306 if (asprintf(&t, "/sys/subsystem/net/devices/%s", s->bind_to_device) < 0)
307 return -ENOMEM;
308
309 r = unit_add_node_link(UNIT(s), t, false);
310 free(t);
311
312 return r;
313}
314
a40eb732
LP		 315static int socket_add_default_dependencies(Socket *s) {
316 int r;
317 assert(s);
318
67445f4e 319 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
2a77d31d
LP		 320 if ((r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true)) < 0)
321 return r;
322
a40eb732
LP		 323 if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0)
324 return r;
2a77d31d 325 }
a40eb732 326
ead8e478 327 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 328}
329
4cfc6dbe
LP		 330static bool socket_has_exec(Socket *s) {
331 unsigned i;
332 assert(s);
333
334 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
335 if (s->exec_command[i])
336 return true;
337
338 return false;
339}
340
e537352b
LP		 341static int socket_load(Unit *u) {
342 Socket *s = SOCKET(u);
343 int r;
44d8db9e 344
e537352b 345 assert(u);
ac155bb8 346 assert(u->load_state == UNIT_STUB);
44d8db9e 347
e537352b 348 if ((r = unit_load_fragment_and_dropin(u)) < 0)
23a177ef 349 return r;
44d8db9e 350
23a177ef 351 /* This is a new unit? Then let's add in some extras */
ac155bb8 352 if (u->load_state == UNIT_LOADED) {
44d8db9e 353
4f2d528d 354 if (have_non_accept_socket(s)) {
d9ff321a 355
57020a3a
LP		 356 if (!UNIT_DEREF(s->service)) {
357 Unit *x;
358
359 r = unit_load_related_unit(u, ".service", &x);
360 if (r < 0)
d9ff321a 361 return r;
23a177ef 362
57020a3a
LP		 363 unit_ref_set(&s->service, x);
364 }
365
366 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
367 if (r < 0)
4f2d528d
LP		 368 return r;
369 }
44d8db9e 370
6e2ef85b
LP		 371 if ((r = socket_add_mount_links(s)) < 0)
372 return r;
373
374 if ((r = socket_add_device_link(s)) < 0)
375 return r;
376
4cfc6dbe
LP		 377 if (socket_has_exec(s))
378 if ((r = unit_add_exec_dependencies(u, &s->exec_context)) < 0)
379 return r;
23a177ef 380
d686d8a9 381 if ((r = unit_add_default_cgroups(u)) < 0)
23a177ef 382 return r;
a40eb732 383
1124fe6f 384 if (UNIT(s)->default_dependencies)
a40eb732
LP		 385 if ((r = socket_add_default_dependencies(s)) < 0)
386 return r;
e06c73cc 387
cba6e062 388 r = unit_exec_context_defaults(u, &s->exec_context);
e06c73cc
LP		 389 if (r < 0)
390 return r;
23a177ef
LP		 391 }
392
4f2d528d 393 return socket_verify(s);
44d8db9e
LP		 394}
395
7a22745a
LP		 396static const char* listen_lookup(int family, int type) {
397
398 if (family == AF_NETLINK)
399 return "ListenNetlink";
542563ba
LP		 400
401 if (type == SOCK_STREAM)
402 return "ListenStream";
403 else if (type == SOCK_DGRAM)
404 return "ListenDatagram";
405 else if (type == SOCK_SEQPACKET)
406 return "ListenSequentialPacket";
407
034c6ed7 408 assert_not_reached("Unknown socket type");
542563ba
LP		 409 return NULL;
410}
411
87f0e418 412static void socket_dump(Unit *u, FILE *f, const char *prefix) {
5cb5a6ff 413
5cb5a6ff 414 SocketExecCommand c;
87f0e418 415 Socket *s = SOCKET(u);
542563ba 416 SocketPort *p;
82ba9f08
LP		 417 const char *prefix2;
418 char *p2;
5cb5a6ff
LP		 419
420 assert(s);
fa068367 421 assert(f);
5cb5a6ff 422
82ba9f08
LP		 423 p2 = strappend(prefix, "\t");
424 prefix2 = p2 ? p2 : prefix;
c43d20a0 425
5cb5a6ff
LP		 426 fprintf(f,
427 "%sSocket State: %s\n"
81a5c6d0 428 "%sResult: %s\n"
542563ba 429 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 430 "%sBacklog: %u\n"
431 "%sSocketMode: %04o\n"
4fd5948e
LP		 432 "%sDirectoryMode: %04o\n"
433 "%sKeepAlive: %s\n"
cebf8b20 434 "%sFreeBind: %s\n"
6b6d2dee 435 "%sTransparent: %s\n"
ec6370a2 436 "%sBroadcast: %s\n"
ede3deb4 437 "%sPassCredentials: %s\n"
54ecda32 438 "%sPassSecurity: %s\n"
cebf8b20 439 "%sTCPCongestion: %s\n",
a16e1123 440 prefix, socket_state_to_string(s->state),
81a5c6d0 441 prefix, socket_result_to_string(s->result),
c0120d99 442 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 443 prefix, s->backlog,
444 prefix, s->socket_mode,
4fd5948e
LP		 445 prefix, s->directory_mode,
446 prefix, yes_no(s->keep_alive),
cebf8b20 447 prefix, yes_no(s->free_bind),
6b6d2dee 448 prefix, yes_no(s->transparent),
ec6370a2 449 prefix, yes_no(s->broadcast),
d68af586 450 prefix, yes_no(s->pass_cred),
54ecda32 451 prefix, yes_no(s->pass_sec),
83a95334 452 prefix, strna(s->tcp_congestion));
542563ba 453
70123e68
LP		 454 if (s->control_pid > 0)
455 fprintf(f,
bb00e604
LP		 456 "%sControl PID: %lu\n",
457 prefix, (unsigned long) s->control_pid);
70123e68 458
acbb0225
LP		 459 if (s->bind_to_device)
460 fprintf(f,
461 "%sBindToDevice: %s\n",
462 prefix, s->bind_to_device);
463
4f2d528d
LP		 464 if (s->accept)
465 fprintf(f,
6cf6bbc2
LP		 466 "%sAccepted: %u\n"
467 "%sNConnections: %u\n"
468 "%sMaxConnections: %u\n",
469 prefix, s->n_accepted,
470 prefix, s->n_connections,
471 prefix, s->max_connections);
4f2d528d 472
4fd5948e
LP		 473 if (s->priority >= 0)
474 fprintf(f,
475 "%sPriority: %i\n",
476 prefix, s->priority);
477
478 if (s->receive_buffer > 0)
479 fprintf(f,
480 "%sReceiveBuffer: %zu\n",
481 prefix, s->receive_buffer);
482
483 if (s->send_buffer > 0)
484 fprintf(f,
485 "%sSendBuffer: %zu\n",
486 prefix, s->send_buffer);
487
488 if (s->ip_tos >= 0)
489 fprintf(f,
490 "%sIPTOS: %i\n",
491 prefix, s->ip_tos);
492
493 if (s->ip_ttl >= 0)
494 fprintf(f,
495 "%sIPTTL: %i\n",
496 prefix, s->ip_ttl);
497
498 if (s->pipe_size > 0)
499 fprintf(f,
500 "%sPipeSize: %zu\n",
501 prefix, s->pipe_size);
502
503 if (s->mark >= 0)
504 fprintf(f,
505 "%sMark: %i\n",
506 prefix, s->mark);
507
916abb21
LP		 508 if (s->mq_maxmsg > 0)
509 fprintf(f,
510 "%sMessageQueueMaxMessages: %li\n",
511 prefix, s->mq_maxmsg);
512
513 if (s->mq_msgsize > 0)
514 fprintf(f,
515 "%sMessageQueueMessageSize: %li\n",
516 prefix, s->mq_msgsize);
517
0eb59ccf
AK		 518 if (s->smack)
519 fprintf(f,
520 "%sSmackLabel: %s\n",
521 prefix, s->smack);
522
523 if (s->smack_ip_in)
524 fprintf(f,
525 "%sSmackLabelIPIn: %s\n",
526 prefix, s->smack_ip_in);
527
528 if (s->smack_ip_out)
529 fprintf(f,
530 "%sSmackLabelIPOut: %s\n",
531 prefix, s->smack_ip_out);
532
034c6ed7 533 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 534
542563ba
LP		 535 if (p->type == SOCKET_SOCKET) {
536 const char *t;
537 int r;
e364ad06 538 char *k = NULL;
542563ba
LP		 539
540 if ((r = socket_address_print(&p->address, &k)) < 0)
541 t = strerror(-r);
542 else
543 t = k;
544
7a22745a 545 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 546 free(k);
b0a3f2bc
LP		 547 } else if (p->type == SOCKET_SPECIAL)
548 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 549 else if (p->type == SOCKET_MQUEUE)
550 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 551 else
542563ba
LP		 552 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
553 }
5cb5a6ff
LP		 554
555 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 556 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 557
e537352b 558 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 559 if (!s->exec_command[c])
560 continue;
5cb5a6ff 561
40d50879 562 fprintf(f, "%s-> %s:\n",
a16e1123 563 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 564
565 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff 566 }
c43d20a0 567
82ba9f08 568 free(p2);
5cb5a6ff
LP		 569}
570
4f2d528d
LP		 571static int instance_from_socket(int fd, unsigned nr, char **instance) {
572 socklen_t l;
573 char *r;
574 union {
575 struct sockaddr sa;
576 struct sockaddr_un un;
577 struct sockaddr_in in;
578 struct sockaddr_in6 in6;
579 struct sockaddr_storage storage;
580 } local, remote;
581
582 assert(fd >= 0);
583 assert(instance);
584
585 l = sizeof(local);
586 if (getsockname(fd, &local.sa, &l) < 0)
587 return -errno;
588
589 l = sizeof(remote);
590 if (getpeername(fd, &remote.sa, &l) < 0)
591 return -errno;
592
593 switch (local.sa.sa_family) {
594
595 case AF_INET: {
596 uint32_t
597 a = ntohl(local.in.sin_addr.s_addr),
598 b = ntohl(remote.in.sin_addr.s_addr);
599
600 if (asprintf(&r,
77b088c2
LP		 601 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
602 nr,
4f2d528d
LP		 603 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
604 ntohs(local.in.sin_port),
605 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
606 ntohs(remote.in.sin_port)) < 0)
607 return -ENOMEM;
608
609 break;
610 }
611
612 case AF_INET6: {
c65a0b14 613 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 614 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
615 };
616
617 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
618 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
619 const uint8_t
620 *a = local.in6.sin6_addr.s6_addr+12,
621 *b = remote.in6.sin6_addr.s6_addr+12;
622
623 if (asprintf(&r,
77b088c2
LP		 624 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
625 nr,
2b061f5a
LP		 626 a[0], a[1], a[2], a[3],
627 ntohs(local.in6.sin6_port),
628 b[0], b[1], b[2], b[3],
629 ntohs(remote.in6.sin6_port)) < 0)
630 return -ENOMEM;
631 } else {
632 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
633
634 if (asprintf(&r,
77b088c2
LP		 635 "%u-%s:%u-%s:%u",
636 nr,
2b061f5a
LP		 637 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
638 ntohs(local.in6.sin6_port),
639 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
640 ntohs(remote.in6.sin6_port)) < 0)
641 return -ENOMEM;
642 }
4f2d528d
LP		 643
644 break;
645 }
646
647 case AF_UNIX: {
648 struct ucred ucred;
649
650 l = sizeof(ucred);
651 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
652 return -errno;
653
654 if (asprintf(&r,
bb00e604 655 "%u-%lu-%lu",
4f2d528d 656 nr,
bb00e604
LP		 657 (unsigned long) ucred.pid,
658 (unsigned long) ucred.uid) < 0)
4f2d528d
LP		 659 return -ENOMEM;
660
661 break;
662 }
663
664 default:
665 assert_not_reached("Unhandled socket type.");
666 }
667
668 *instance = r;
669 return 0;
670}
671
034c6ed7 672static void socket_close_fds(Socket *s) {
83c60c9f
LP		 673 SocketPort *p;
674
675 assert(s);
676
034c6ed7 677 LIST_FOREACH(port, p, s->ports) {
83c60c9f
LP		 678 if (p->fd < 0)
679 continue;
680
acbb0225 681 unit_unwatch_fd(UNIT(s), &p->fd_watch);
a16e1123
LP		 682 close_nointr_nofail(p->fd);
683
684 /* One little note: we should never delete any sockets
685 * in the file system here! After all some other
686 * process we spawned might still have a reference of
687 * this fd and wants to continue to use it. Therefore
688 * we delete sockets in the file system before we
689 * create a new one, not after we stopped using
690 * one! */
9152c765 691
83c60c9f
LP		 692 p->fd = -1;
693 }
694}
695
4fd5948e
LP		 696static void socket_apply_socket_options(Socket *s, int fd) {
697 assert(s);
698 assert(fd >= 0);
699
700 if (s->keep_alive) {
701 int b = s->keep_alive;
702 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
703 log_warning("SO_KEEPALIVE failed: %m");
704 }
705
ec6370a2
LP		 706 if (s->broadcast) {
707 int one = 1;
708 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
709 log_warning("SO_BROADCAST failed: %m");
710 }
711
d68af586
MS		 712 if (s->pass_cred) {
713 int one = 1;
714 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
715 log_warning("SO_PASSCRED failed: %m");
716 }
717
54ecda32
LP		 718 if (s->pass_sec) {
719 int one = 1;
720 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
721 log_warning("SO_PASSSEC failed: %m");
722 }
723
4fd5948e
LP		 724 if (s->priority >= 0)
725 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
726 log_warning("SO_PRIORITY failed: %m");
727
728 if (s->receive_buffer > 0) {
729 int value = (int) s->receive_buffer;
7d9eaa84
LP		 730
731 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
732
b8cef44e 733 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84
LP		 734 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
735 log_warning("SO_RCVBUF failed: %m");
4fd5948e
LP		 736 }
737
738 if (s->send_buffer > 0) {
739 int value = (int) s->send_buffer;
b8cef44e 740 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84
LP		 741 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
742 log_warning("SO_SNDBUF failed: %m");
4fd5948e
LP		 743 }
744
745 if (s->mark >= 0)
746 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
747 log_warning("SO_MARK failed: %m");
748
749 if (s->ip_tos >= 0)
750 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
751 log_warning("IP_TOS failed: %m");
752
46925ac5
LP		 753 if (s->ip_ttl >= 0) {
754 int r, x;
755
756 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 757
758 if (socket_ipv6_is_supported())
759 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
760 else {
761 x = -1;
762 errno = EAFNOSUPPORT;
763 }
46925ac5
LP		 764
765 if (r < 0 && x < 0)
766 log_warning("IP_TTL/IPV6_UNICAST_HOPS failed: %m");
767 }
cebf8b20
TT		 768
769 if (s->tcp_congestion)
770 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
771 log_warning("TCP_CONGESTION failed: %m");
0eb59ccf 772
cf37cd2f 773#ifdef HAVE_ATTR_XATTR_H
0eb59ccf
AK		 774 if (s->smack_ip_in)
775 if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
776 log_error("fsetxattr(\"security.SMACK64IPIN\"): %m");
777
778 if (s->smack_ip_out)
779 if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
780 log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m");
cf37cd2f 781#endif
4fd5948e
LP		 782}
783
b15bdda8 784static void socket_apply_fifo_options(Socket *s, int fd) {
4fd5948e
LP		 785 assert(s);
786 assert(fd >= 0);
787
788 if (s->pipe_size > 0)
789 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
790 log_warning("F_SETPIPE_SZ: %m");
0eb59ccf 791
cf37cd2f 792#ifdef HAVE_ATTR_XATTR_H
0eb59ccf
AK		 793 if (s->smack)
794 if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
795 log_error("fsetxattr(\"security.SMACK64\"): %m");
cf37cd2f 796#endif
4fd5948e
LP		 797}
798
b15bdda8
LP		 799static int fifo_address_create(
800 const char *path,
801 mode_t directory_mode,
802 mode_t socket_mode,
b15bdda8
LP		 803 int *_fd) {
804
7a58bfa4 805 int fd = -1, r = 0;
b15bdda8
LP		 806 struct stat st;
807 mode_t old_mask;
808
809 assert(path);
810 assert(_fd);
811
d2e54fae 812 mkdir_parents_label(path, directory_mode);
b15bdda8 813
e9a5ef7c
KS		 814 r = label_context_set(path, S_IFIFO);
815 if (r < 0)
56cf987f 816 goto fail;
b15bdda8
LP		 817
818 /* Enforce the right access mode for the fifo */
819 old_mask = umask(~ socket_mode);
820
821 /* Include the original umask in our mask */
822 umask(~socket_mode | old_mask);
823
824 r = mkfifo(path, socket_mode);
825 umask(old_mask);
826
94bc2731 827 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 828 r = -errno;
829 goto fail;
830 }
831
e4f44e73 832 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 833 r = -errno;
834 goto fail;
835 }
836
e9a5ef7c 837 label_context_clear();
7a58bfa4 838
b15bdda8
LP		 839 if (fstat(fd, &st) < 0) {
840 r = -errno;
841 goto fail;
842 }
843
844 if (!S_ISFIFO(st.st_mode) ||
de0200fc 845 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 846 st.st_uid != getuid() ||
847 st.st_gid != getgid()) {
b15bdda8
LP		 848
849 r = -EEXIST;
850 goto fail;
851 }
852
853 *_fd = fd;
854 return 0;
855
856fail:
e9a5ef7c 857 label_context_clear();
56cf987f 858
b15bdda8
LP		 859 if (fd >= 0)
860 close_nointr_nofail(fd);
861
862 return r;
863}
864
b0a3f2bc
LP		 865static int special_address_create(
866 const char *path,
867 int *_fd) {
868
869 int fd = -1, r = 0;
870 struct stat st;
871
872 assert(path);
873 assert(_fd);
874
875 if ((fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
876 r = -errno;
877 goto fail;
878 }
879
880 if (fstat(fd, &st) < 0) {
881 r = -errno;
882 goto fail;
883 }
884
885 /* Check whether this is a /proc, /sys or /dev file or char device */
886 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
887 r = -EEXIST;
888 goto fail;
889 }
890
891 *_fd = fd;
892 return 0;
893
894fail:
895 if (fd >= 0)
896 close_nointr_nofail(fd);
897
898 return r;
899}
900
916abb21
LP		 901static int mq_address_create(
902 const char *path,
903 mode_t mq_mode,
904 long maxmsg,
905 long msgsize,
906 int *_fd) {
907
908 int fd = -1, r = 0;
909 struct stat st;
910 mode_t old_mask;
911 struct mq_attr _attr, *attr = NULL;
912
913 assert(path);
914 assert(_fd);
915
916 if (maxmsg > 0 && msgsize > 0) {
917 zero(_attr);
918 _attr.mq_flags = O_NONBLOCK;
919 _attr.mq_maxmsg = maxmsg;
920 _attr.mq_msgsize = msgsize;
921 attr = &_attr;
922 }
923
924 /* Enforce the right access mode for the mq */
925 old_mask = umask(~ mq_mode);
926
927 /* Include the original umask in our mask */
928 umask(~mq_mode | old_mask);
929
930 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
931 umask(old_mask);
932
8ea913b2 933 if (fd < 0) {
916abb21
LP		 934 r = -errno;
935 goto fail;
936 }
937
938 if (fstat(fd, &st) < 0) {
939 r = -errno;
940 goto fail;
941 }
942
943 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
944 st.st_uid != getuid() ||
945 st.st_gid != getgid()) {
946
947 r = -EEXIST;
948 goto fail;
949 }
950
951 *_fd = fd;
952 return 0;
953
954fail:
955 if (fd >= 0)
956 close_nointr_nofail(fd);
957
958 return r;
959}
960
034c6ed7 961static int socket_open_fds(Socket *s) {
83c60c9f
LP		 962 SocketPort *p;
963 int r;
56cf987f 964 char *label = NULL;
049f8642 965 bool know_label = false;
83c60c9f
LP		 966
967 assert(s);
968
034c6ed7 969 LIST_FOREACH(port, p, s->ports) {
83c60c9f 970
034c6ed7
LP		 971 if (p->fd >= 0)
972 continue;
83c60c9f
LP		 973
974 if (p->type == SOCKET_SOCKET) {
975
049f8642
LP		 976 if (!know_label) {
977
978 if ((r = socket_instantiate_service(s)) < 0)
979 return r;
980
57020a3a
LP		 981 if (UNIT_DEREF(s->service) &&
982 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
983 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
189583d7
LP		 984
985 if (r < 0) {
a7444eda
LP		 986 if (r != -EPERM)
987 return r;
988 }
189583d7 989 }
049f8642
LP		 990
991 know_label = true;
992 }
993
b5a0699f
LP		 994 if ((r = socket_address_listen(
995 &p->address,
996 s->backlog,
997 s->bind_ipv6_only,
998 s->bind_to_device,
4fd5948e 999 s->free_bind,
6b6d2dee 1000 s->transparent,
b5a0699f
LP		 1001 s->directory_mode,
1002 s->socket_mode,
56cf987f 1003 label,
b5a0699f 1004 &p->fd)) < 0)
83c60c9f
LP		 1005 goto rollback;
1006
4fd5948e
LP		 1007 socket_apply_socket_options(s, p->fd);
1008
b0a3f2bc
LP		 1009 } else if (p->type == SOCKET_SPECIAL) {
1010
1011 if ((r = special_address_create(
1012 p->path,
1013 &p->fd)) < 0)
1014 goto rollback;
1015
b15bdda8 1016 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1017
b15bdda8
LP		 1018 if ((r = fifo_address_create(
1019 p->path,
1020 s->directory_mode,
1021 s->socket_mode,
b15bdda8 1022 &p->fd)) < 0)
83c60c9f 1023 goto rollback;
83c60c9f 1024
b15bdda8 1025 socket_apply_fifo_options(s, p->fd);
916abb21 1026 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1027
916abb21
LP		 1028 if ((r = mq_address_create(
1029 p->path,
1030 s->socket_mode,
1031 s->mq_maxmsg,
1032 s->mq_msgsize,
1033 &p->fd)) < 0)
1034 goto rollback;
b15bdda8
LP		 1035 } else
1036 assert_not_reached("Unknown port type");
034c6ed7
LP		 1037 }
1038
56cf987f 1039 label_free(label);
034c6ed7
LP		 1040 return 0;
1041
1042rollback:
1043 socket_close_fds(s);
56cf987f 1044 label_free(label);
034c6ed7
LP		 1045 return r;
1046}
1047
1048static void socket_unwatch_fds(Socket *s) {
1049 SocketPort *p;
9152c765 1050
034c6ed7
LP		 1051 assert(s);
1052
1053 LIST_FOREACH(port, p, s->ports) {
1054 if (p->fd < 0)
1055 continue;
1056
acbb0225 1057 unit_unwatch_fd(UNIT(s), &p->fd_watch);
83c60c9f 1058 }
034c6ed7
LP		 1059}
1060
1061static int socket_watch_fds(Socket *s) {
1062 SocketPort *p;
1063 int r;
1064
1065 assert(s);
83c60c9f 1066
034c6ed7
LP		 1067 LIST_FOREACH(port, p, s->ports) {
1068 if (p->fd < 0)
1069 continue;
1070
cabab516 1071 p->fd_watch.socket_accept =
4f2d528d 1072 s->accept &&
dd5ad9d4 1073 p->type == SOCKET_SOCKET &&
4f2d528d
LP		 1074 socket_address_can_accept(&p->address);
1075
f94ea366 1076 if ((r = unit_watch_fd(UNIT(s), p->fd, EPOLLIN, &p->fd_watch)) < 0)
034c6ed7
LP		 1077 goto fail;
1078 }
83c60c9f 1079
542563ba 1080 return 0;
83c60c9f 1081
034c6ed7
LP		 1082fail:
1083 socket_unwatch_fds(s);
1084 return r;
1085}
1086
1087static void socket_set_state(Socket *s, SocketState state) {
1088 SocketState old_state;
1089 assert(s);
1090
1091 old_state = s->state;
1092 s->state = state;
1093
1094 if (state != SOCKET_START_PRE &&
1095 state != SOCKET_START_POST &&
1096 state != SOCKET_STOP_PRE &&
1097 state != SOCKET_STOP_PRE_SIGTERM &&
1098 state != SOCKET_STOP_PRE_SIGKILL &&
1099 state != SOCKET_STOP_POST &&
80876c20
LP		 1100 state != SOCKET_FINAL_SIGTERM &&
1101 state != SOCKET_FINAL_SIGKILL) {
acbb0225 1102 unit_unwatch_timer(UNIT(s), &s->timer_watch);
5e94833f 1103 socket_unwatch_control_pid(s);
034c6ed7 1104 s->control_command = NULL;
a16e1123 1105 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1106 }
034c6ed7 1107
a16e1123
LP		 1108 if (state != SOCKET_LISTENING)
1109 socket_unwatch_fds(s);
1110
034c6ed7
LP		 1111 if (state != SOCKET_START_POST &&
1112 state != SOCKET_LISTENING &&
1113 state != SOCKET_RUNNING &&
1114 state != SOCKET_STOP_PRE &&
1115 state != SOCKET_STOP_PRE_SIGTERM &&
1116 state != SOCKET_STOP_PRE_SIGKILL)
1117 socket_close_fds(s);
1118
e537352b 1119 if (state != old_state)
40d50879 1120 log_debug("%s changed %s -> %s",
1124fe6f 1121 UNIT(s)->id,
a16e1123
LP		 1122 socket_state_to_string(old_state),
1123 socket_state_to_string(state));
acbb0225 1124
e2f3b44c 1125 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1126}
1127
a16e1123
LP		 1128static int socket_coldplug(Unit *u) {
1129 Socket *s = SOCKET(u);
1130 int r;
1131
1132 assert(s);
1133 assert(s->state == SOCKET_DEAD);
1134
1135 if (s->deserialized_state != s->state) {
1136
1137 if (s->deserialized_state == SOCKET_START_PRE ||
1138 s->deserialized_state == SOCKET_START_POST ||
1139 s->deserialized_state == SOCKET_STOP_PRE ||
1140 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1141 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL ||
1142 s->deserialized_state == SOCKET_STOP_POST ||
1143 s->deserialized_state == SOCKET_FINAL_SIGTERM ||
1144 s->deserialized_state == SOCKET_FINAL_SIGKILL) {
1145
1146 if (s->control_pid <= 0)
1147 return -EBADMSG;
1148
1149 if ((r = unit_watch_pid(UNIT(s), s->control_pid)) < 0)
1150 return r;
1151
1152 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1153 return r;
1154 }
1155
1156 if (s->deserialized_state == SOCKET_START_POST ||
1157 s->deserialized_state == SOCKET_LISTENING ||
1158 s->deserialized_state == SOCKET_RUNNING ||
1159 s->deserialized_state == SOCKET_STOP_PRE ||
1160 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1161 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL)
1162 if ((r = socket_open_fds(s)) < 0)
1163 return r;
1164
1165 if (s->deserialized_state == SOCKET_LISTENING)
1166 if ((r = socket_watch_fds(s)) < 0)
1167 return r;
1168
1169 socket_set_state(s, s->deserialized_state);
1170 }
1171
1172 return 0;
1173}
1174
e537352b 1175static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
034c6ed7
LP		 1176 pid_t pid;
1177 int r;
9e2f7c11 1178 char **argv;
034c6ed7
LP		 1179
1180 assert(s);
1181 assert(c);
1182 assert(_pid);
1183
e537352b
LP		 1184 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1185 goto fail;
034c6ed7 1186
9e2f7c11
LP		 1187 if (!(argv = unit_full_printf_strv(UNIT(s), c->argv))) {
1188 r = -ENOMEM;
1189 goto fail;
1190 }
1191
1192 r = exec_spawn(c,
1193 argv,
1194 &s->exec_context,
1195 NULL, 0,
1124fe6f 1196 UNIT(s)->manager->environment,
9e2f7c11
LP		 1197 true,
1198 true,
1e3ad081 1199 true,
1124fe6f
MS		 1200 UNIT(s)->manager->confirm_spawn,
1201 UNIT(s)->cgroup_bondings,
1202 UNIT(s)->cgroup_attributes,
ecedd90f 1203 NULL,
62bca2c6 1204 UNIT(s)->id,
f2b68789 1205 NULL,
9e2f7c11
LP		 1206 &pid);
1207
1208 strv_free(argv);
1209 if (r < 0)
034c6ed7
LP		 1210 goto fail;
1211
87f0e418 1212 if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
034c6ed7
LP		 1213 /* FIXME: we need to do something here */
1214 goto fail;
83c60c9f 1215
034c6ed7
LP		 1216 *_pid = pid;
1217
1218 return 0;
1219
1220fail:
e537352b 1221 unit_unwatch_timer(UNIT(s), &s->timer_watch);
83c60c9f
LP		 1222
1223 return r;
542563ba
LP		 1224}
1225
cfc4eb4c 1226static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1227 assert(s);
1228
cfc4eb4c
LP		 1229 if (f != SOCKET_SUCCESS)
1230 s->result = f;
034c6ed7 1231
cfc4eb4c 1232 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1233}
1234
cfc4eb4c 1235static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1236
cfc4eb4c 1237static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1238 int r;
1239 assert(s);
1240
cfc4eb4c
LP		 1241 if (f != SOCKET_SUCCESS)
1242 s->result = f;
034c6ed7 1243
5e94833f
LP		 1244 socket_unwatch_control_pid(s);
1245
a16e1123
LP		 1246 s->control_command_id = SOCKET_EXEC_STOP_POST;
1247
80876c20 1248 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
e537352b 1249 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1250 goto fail;
1251
80876c20
LP		 1252 socket_set_state(s, SOCKET_STOP_POST);
1253 } else
cfc4eb4c 1254 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1255
1256 return;
1257
1258fail:
1124fe6f 1259 log_warning("%s failed to run 'stop-post' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1260 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1261}
1262
cfc4eb4c 1263static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7 1264 int r;
ca949c9d
LP		 1265 Set *pid_set = NULL;
1266 bool wait_for_exit = false;
034c6ed7
LP		 1267
1268 assert(s);
1269
cfc4eb4c
LP		 1270 if (f != SOCKET_SUCCESS)
1271 s->result = f;
034c6ed7 1272
4819ff03
LP		 1273 if (s->kill_context.kill_mode != KILL_NONE) {
1274 int sig = (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_FINAL_SIGTERM) ? s->kill_context.kill_signal : SIGKILL;
034c6ed7 1275
ca949c9d 1276 if (s->control_pid > 0) {
cd25cce9 1277 if (kill_and_sigcont(s->control_pid, sig) < 0 && errno != ESRCH)
50159e6a 1278
ca949c9d
LP		 1279 log_warning("Failed to kill control process %li: %m", (long) s->control_pid);
1280 else
1281 wait_for_exit = true;
034c6ed7 1282 }
50159e6a 1283
4819ff03 1284 if (s->kill_context.kill_mode == KILL_CONTROL_GROUP) {
ca949c9d
LP		 1285
1286 if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func))) {
1287 r = -ENOMEM;
50159e6a
LP		 1288 goto fail;
1289 }
ca949c9d
LP		 1290
1291 /* Exclude the control pid from being killed via the cgroup */
1292 if (s->control_pid > 0)
1293 if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
1294 goto fail;
1295
88f3e0c9 1296 r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, false, pid_set, NULL);
ecedd90f 1297 if (r < 0) {
ca949c9d
LP		 1298 if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
1299 log_warning("Failed to kill control group: %s", strerror(-r));
1300 } else if (r > 0)
1301 wait_for_exit = true;
1302
1303 set_free(pid_set);
da19d5c1 1304 pid_set = NULL;
ca949c9d 1305 }
d6ea93e3 1306 }
034c6ed7 1307
ca949c9d 1308 if (wait_for_exit) {
80876c20
LP		 1309 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1310 goto fail;
d6ea93e3 1311
80876c20
LP		 1312 socket_set_state(s, state);
1313 } else if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1314 socket_enter_stop_post(s, SOCKET_SUCCESS);
80876c20 1315 else
cfc4eb4c 1316 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1317
1318 return;
1319
1320fail:
1124fe6f 1321 log_warning("%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1322
1323 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1324 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1325 else
cfc4eb4c 1326 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
ca949c9d
LP		 1327
1328 if (pid_set)
1329 set_free(pid_set);
034c6ed7
LP		 1330}
1331
cfc4eb4c 1332static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1333 int r;
1334 assert(s);
1335
cfc4eb4c
LP		 1336 if (f != SOCKET_SUCCESS)
1337 s->result = f;
034c6ed7 1338
5e94833f
LP		 1339 socket_unwatch_control_pid(s);
1340
a16e1123
LP		 1341 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1342
80876c20 1343 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
e537352b 1344 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1345 goto fail;
1346
80876c20
LP		 1347 socket_set_state(s, SOCKET_STOP_PRE);
1348 } else
cfc4eb4c 1349 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1350
1351 return;
1352
1353fail:
1124fe6f 1354 log_warning("%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1355 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1356}
1357
e9af15c3
LP		 1358static void socket_enter_listening(Socket *s) {
1359 int r;
1360 assert(s);
1361
cfc4eb4c
LP		 1362 r = socket_watch_fds(s);
1363 if (r < 0) {
1124fe6f 1364 log_warning("%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
e9af15c3
LP		 1365 goto fail;
1366 }
1367
1368 socket_set_state(s, SOCKET_LISTENING);
1369 return;
1370
1371fail:
cfc4eb4c 1372 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1373}
1374
034c6ed7
LP		 1375static void socket_enter_start_post(Socket *s) {
1376 int r;
1377 assert(s);
1378
cfc4eb4c
LP		 1379 r = socket_open_fds(s);
1380 if (r < 0) {
1124fe6f 1381 log_warning("%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1382 goto fail;
1383 }
1384
5e94833f
LP		 1385 socket_unwatch_control_pid(s);
1386
a16e1123
LP		 1387 s->control_command_id = SOCKET_EXEC_START_POST;
1388
80876c20 1389 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
cfc4eb4c
LP		 1390 r = socket_spawn(s, s->control_command, &s->control_pid);
1391 if (r < 0) {
1124fe6f 1392 log_warning("%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1393 goto fail;
1394 }
1395
80876c20
LP		 1396 socket_set_state(s, SOCKET_START_POST);
1397 } else
e9af15c3 1398 socket_enter_listening(s);
034c6ed7
LP		 1399
1400 return;
1401
1402fail:
cfc4eb4c 1403 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1404}
1405
1406static void socket_enter_start_pre(Socket *s) {
1407 int r;
1408 assert(s);
1409
5e94833f
LP		 1410 socket_unwatch_control_pid(s);
1411
a16e1123
LP		 1412 s->control_command_id = SOCKET_EXEC_START_PRE;
1413
80876c20 1414 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
e537352b 1415 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1416 goto fail;
1417
80876c20
LP		 1418 socket_set_state(s, SOCKET_START_PRE);
1419 } else
034c6ed7
LP		 1420 socket_enter_start_post(s);
1421
1422 return;
1423
1424fail:
1124fe6f 1425 log_warning("%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1426 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1427}
1428
4f2d528d 1429static void socket_enter_running(Socket *s, int cfd) {
034c6ed7 1430 int r;
398ef8ba 1431 DBusError error;
034c6ed7
LP		 1432
1433 assert(s);
398ef8ba 1434 dbus_error_init(&error);
034c6ed7 1435
ba3e67a7
LP		 1436 /* We don't take connections anymore if we are supposed to
1437 * shut down anyway */
18ffdfda 1438 if (unit_pending_inactive(UNIT(s))) {
1124fe6f 1439 log_debug("Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1440
7c610628
LP		 1441 if (cfd >= 0)
1442 close_nointr_nofail(cfd);
1443 else {
1444 /* Flush all sockets by closing and reopening them */
1445 socket_close_fds(s);
1446
1a710b43
MS		 1447 r = socket_watch_fds(s);
1448 if (r < 0) {
1124fe6f 1449 log_warning("%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1450 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1451 }
1452 }
1453
ba3e67a7
LP		 1454 return;
1455 }
1456
4f2d528d 1457 if (cfd < 0) {
57020a3a
LP		 1458 Iterator i;
1459 Unit *u;
f976f3f6 1460 bool pending = false;
f976f3f6
LP		 1461
1462 /* If there's already a start pending don't bother to
1463 * do anything */
1124fe6f 1464 SET_FOREACH(u, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
57020a3a
LP		 1465 if (unit_pending_active(u)) {
1466 pending = true;
1467 break;
1468 }
f976f3f6 1469
1a710b43
MS		 1470 if (!pending) {
1471 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1472 if (r < 0)
f976f3f6 1473 goto fail;
1a710b43 1474 }
4f2d528d
LP		 1475
1476 socket_set_state(s, SOCKET_RUNNING);
1477 } else {
b4f10a5e 1478 char *prefix, *instance = NULL, *name;
b15bdda8 1479 Service *service;
4f2d528d 1480
6cf6bbc2
LP		 1481 if (s->n_connections >= s->max_connections) {
1482 log_warning("Too many incoming connections (%u)", s->n_connections);
1483 close_nointr_nofail(cfd);
1484 return;
1485 }
1486
1a710b43
MS		 1487 r = socket_instantiate_service(s);
1488 if (r < 0)
b15bdda8
LP		 1489 goto fail;
1490
1a710b43
MS		 1491 r = instance_from_socket(cfd, s->n_accepted, &instance);
1492 if (r < 0) {
1493 if (r != -ENOTCONN)
1494 goto fail;
1495
1496 /* ENOTCONN is legitimate if TCP RST was received.
1497 * This connection is over, but the socket unit lives on. */
1498 close_nointr_nofail(cfd);
1499 return;
1500 }
4f2d528d 1501
1a710b43
MS		 1502 prefix = unit_name_to_prefix(UNIT(s)->id);
1503 if (!prefix) {
4f2d528d
LP		 1504 free(instance);
1505 r = -ENOMEM;
1506 goto fail;
1507 }
1508
1509 name = unit_name_build(prefix, instance, ".service");
1510 free(prefix);
1511 free(instance);
1512
b6dbbe1c 1513 if (!name) {
4f2d528d 1514 r = -ENOMEM;
b6dbbe1c
LP		 1515 goto fail;
1516 }
4f2d528d 1517
1a710b43
MS		 1518 r = unit_add_name(UNIT_DEREF(s->service), name);
1519 if (r < 0) {
b15bdda8 1520 free(name);
4f2d528d 1521 goto fail;
b15bdda8
LP		 1522 }
1523
57020a3a
LP		 1524 service = SERVICE(UNIT_DEREF(s->service));
1525 unit_ref_unset(&s->service);
b15bdda8 1526 s->n_accepted ++;
4f2d528d 1527
1124fe6f 1528 UNIT(service)->no_gc = false;
6c073082 1529
b15bdda8
LP		 1530 unit_choose_id(UNIT(service), name);
1531 free(name);
1532
1a710b43
MS		 1533 r = service_set_socket_fd(service, cfd, s);
1534 if (r < 0)
4f2d528d
LP		 1535 goto fail;
1536
1537 cfd = -1;
6cf6bbc2
LP		 1538 s->n_connections ++;
1539
1a710b43
MS		 1540 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1541 if (r < 0)
4f2d528d 1542 goto fail;
c4e2ceae
LP		 1543
1544 /* Notify clients about changed counters */
1545 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1546 }
034c6ed7 1547
034c6ed7
LP		 1548 return;
1549
1550fail:
10f70492 1551 log_warning("%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s", UNIT(s)->id, cfd >= 0 ? "template" : "non-template", bus_error(&error, r));
60089004 1552 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
4f2d528d
LP		 1553
1554 if (cfd >= 0)
1555 close_nointr_nofail(cfd);
398ef8ba
LP		 1556
1557 dbus_error_free(&error);
034c6ed7
LP		 1558}
1559
cfc4eb4c 1560static void socket_run_next(Socket *s) {
034c6ed7
LP		 1561 int r;
1562
1563 assert(s);
1564 assert(s->control_command);
1565 assert(s->control_command->command_next);
1566
5e94833f
LP		 1567 socket_unwatch_control_pid(s);
1568
034c6ed7
LP		 1569 s->control_command = s->control_command->command_next;
1570
e537352b 1571 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1572 goto fail;
1573
1574 return;
1575
1576fail:
1124fe6f 1577 log_warning("%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
80876c20
LP		 1578
1579 if (s->state == SOCKET_START_POST)
cfc4eb4c 1580 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1581 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1582 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1583 else
cfc4eb4c 1584 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1585}
1586
87f0e418
LP		 1587static int socket_start(Unit *u) {
1588 Socket *s = SOCKET(u);
83c60c9f
LP		 1589
1590 assert(s);
1591
034c6ed7
LP		 1592 /* We cannot fulfill this request right now, try again later
1593 * please! */
1594 if (s->state == SOCKET_STOP_PRE ||
1595 s->state == SOCKET_STOP_PRE_SIGKILL ||
1596 s->state == SOCKET_STOP_PRE_SIGTERM ||
1597 s->state == SOCKET_STOP_POST ||
80876c20
LP		 1598 s->state == SOCKET_FINAL_SIGTERM ||
1599 s->state == SOCKET_FINAL_SIGKILL)
034c6ed7
LP		 1600 return -EAGAIN;
1601
83c60c9f
LP		 1602 if (s->state == SOCKET_START_PRE ||
1603 s->state == SOCKET_START_POST)
034c6ed7 1604 return 0;
83c60c9f 1605
034c6ed7 1606 /* Cannot run this without the service being around */
57020a3a
LP		 1607 if (UNIT_DEREF(s->service)) {
1608 Service *service;
1609
1610 service = SERVICE(UNIT_DEREF(s->service));
1611
1124fe6f
MS		 1612 if (UNIT(service)->load_state != UNIT_LOADED) {
1613 log_error("Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1614 return -ENOENT;
4ac9236f 1615 }
4f2d528d 1616
35b8ca3a 1617 /* If the service is already active we cannot start the
4f2d528d 1618 * socket */
57020a3a
LP		 1619 if (service->state != SERVICE_DEAD &&
1620 service->state != SERVICE_FAILED &&
1621 service->state != SERVICE_AUTO_RESTART) {
1124fe6f 1622 log_error("Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1623 return -EBUSY;
4ac9236f 1624 }
7b4bf06b
LP		 1625
1626#ifdef HAVE_SYSV_COMPAT
1b64d026 1627 if (service->is_sysv) {
7b4bf06b
LP		 1628 log_error("Using SysV services for socket activation is not supported. Refusing.");
1629 return -ENOENT;
1630 }
1631#endif
4f2d528d 1632 }
e537352b 1633
fdf20a31 1634 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1635
cfc4eb4c 1636 s->result = SOCKET_SUCCESS;
034c6ed7
LP		 1637 socket_enter_start_pre(s);
1638 return 0;
1639}
83c60c9f 1640
87f0e418
LP		 1641static int socket_stop(Unit *u) {
1642 Socket *s = SOCKET(u);
034c6ed7
LP		 1643
1644 assert(s);
1645
e537352b
LP		 1646 /* Already on it */
1647 if (s->state == SOCKET_STOP_PRE ||
1648 s->state == SOCKET_STOP_PRE_SIGTERM ||
1649 s->state == SOCKET_STOP_PRE_SIGKILL ||
1650 s->state == SOCKET_STOP_POST ||
80876c20 1651 s->state == SOCKET_FINAL_SIGTERM ||
3f6c78dc 1652 s->state == SOCKET_FINAL_SIGKILL)
e537352b
LP		 1653 return 0;
1654
3f6c78dc
LP		 1655 /* If there's already something running we go directly into
1656 * kill mode. */
1657 if (s->state == SOCKET_START_PRE ||
1658 s->state == SOCKET_START_POST) {
cfc4eb4c 1659 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1660 return -EAGAIN;
1661 }
1662
034c6ed7 1663 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1664
cfc4eb4c 1665 socket_enter_stop_pre(s, SOCKET_SUCCESS);
542563ba
LP		 1666 return 0;
1667}
1668
a16e1123
LP		 1669static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1670 Socket *s = SOCKET(u);
1671 SocketPort *p;
1672 int r;
1673
1674 assert(u);
1675 assert(f);
1676 assert(fds);
1677
1678 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 1679 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 1680 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1681
1682 if (s->control_pid > 0)
5925dd3c 1683 unit_serialize_item_format(u, f, "control-pid", "%lu", (unsigned long) s->control_pid);
a16e1123
LP		 1684
1685 if (s->control_command_id >= 0)
1686 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1687
1688 LIST_FOREACH(port, p, s->ports) {
1689 int copy;
1690
1691 if (p->fd < 0)
1692 continue;
1693
1694 if ((copy = fdset_put_dup(fds, p->fd)) < 0)
1695 return copy;
1696
1697 if (p->type == SOCKET_SOCKET) {
1698 char *t;
1699
1700 if ((r = socket_address_print(&p->address, &t)) < 0)
1701 return r;
1702
7a22745a
LP		 1703 if (socket_address_family(&p->address) == AF_NETLINK)
1704 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1705 else
1706 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
a16e1123 1707 free(t);
b0a3f2bc
LP		 1708 } else if (p->type == SOCKET_SPECIAL)
1709 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1710 else {
a16e1123
LP		 1711 assert(p->type == SOCKET_FIFO);
1712 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1713 }
1714 }
1715
1716 return 0;
1717}
1718
1719static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1720 Socket *s = SOCKET(u);
a16e1123
LP		 1721
1722 assert(u);
1723 assert(key);
1724 assert(value);
1725 assert(fds);
1726
1727 if (streq(key, "state")) {
1728 SocketState state;
1729
1730 if ((state = socket_state_from_string(value)) < 0)
1731 log_debug("Failed to parse state value %s", value);
1732 else
1733 s->deserialized_state = state;
cfc4eb4c
LP		 1734 } else if (streq(key, "result")) {
1735 SocketResult f;
a16e1123 1736
cfc4eb4c
LP		 1737 f = socket_result_from_string(value);
1738 if (f < 0)
1739 log_debug("Failed to parse result value %s", value);
1740 else if (f != SOCKET_SUCCESS)
1741 s->result = f;
a16e1123
LP		 1742
1743 } else if (streq(key, "n-accepted")) {
1744 unsigned k;
1745
e364ad06 1746 if (safe_atou(value, &k) < 0)
a16e1123
LP		 1747 log_debug("Failed to parse n-accepted value %s", value);
1748 else
1749 s->n_accepted += k;
1750 } else if (streq(key, "control-pid")) {
5925dd3c 1751 pid_t pid;
a16e1123 1752
e364ad06 1753 if (parse_pid(value, &pid) < 0)
a16e1123
LP		 1754 log_debug("Failed to parse control-pid value %s", value);
1755 else
5925dd3c 1756 s->control_pid = pid;
a16e1123
LP		 1757 } else if (streq(key, "control-command")) {
1758 SocketExecCommand id;
1759
1760 if ((id = socket_exec_command_from_string(value)) < 0)
1761 log_debug("Failed to parse exec-command value %s", value);
1762 else {
1763 s->control_command_id = id;
1764 s->control_command = s->exec_command[id];
1765 }
1766 } else if (streq(key, "fifo")) {
1767 int fd, skip = 0;
1768 SocketPort *p;
1769
1770 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1771 log_debug("Failed to parse fifo value %s", value);
1772 else {
1773
1774 LIST_FOREACH(port, p, s->ports)
b0a3f2bc
LP		 1775 if (p->type == SOCKET_FIFO &&
1776 streq_ptr(p->path, value+skip))
1777 break;
1778
1779 if (p) {
1780 if (p->fd >= 0)
1781 close_nointr_nofail(p->fd);
1782 p->fd = fdset_remove(fds, fd);
1783 }
1784 }
1785
1786 } else if (streq(key, "special")) {
1787 int fd, skip = 0;
1788 SocketPort *p;
1789
1790 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1791 log_debug("Failed to parse special value %s", value);
1792 else {
1793
1794 LIST_FOREACH(port, p, s->ports)
1795 if (p->type == SOCKET_SPECIAL &&
1796 streq_ptr(p->path, value+skip))
a16e1123
LP		 1797 break;
1798
1799 if (p) {
1800 if (p->fd >= 0)
1801 close_nointr_nofail(p->fd);
1802 p->fd = fdset_remove(fds, fd);
1803 }
1804 }
1805
1806 } else if (streq(key, "socket")) {
27ca8d7a 1807 int fd, type, skip = 0;
a16e1123
LP		 1808 SocketPort *p;
1809
27ca8d7a 1810 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
a16e1123
LP		 1811 log_debug("Failed to parse socket value %s", value);
1812 else {
1813
1814 LIST_FOREACH(port, p, s->ports)
27ca8d7a 1815 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 1816 break;
1817
1818 if (p) {
1819 if (p->fd >= 0)
1820 close_nointr_nofail(p->fd);
1821 p->fd = fdset_remove(fds, fd);
1822 }
1823 }
1824
7a22745a
LP		 1825 } else if (streq(key, "netlink")) {
1826 int fd, skip = 0;
1827 SocketPort *p;
1828
1829 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1830 log_debug("Failed to parse socket value %s", value);
1831 else {
1832
1833 LIST_FOREACH(port, p, s->ports)
1834 if (socket_address_is_netlink(&p->address, value+skip))
1835 break;
1836
1837 if (p) {
1838 if (p->fd >= 0)
1839 close_nointr_nofail(p->fd);
1840 p->fd = fdset_remove(fds, fd);
1841 }
1842 }
1843
a16e1123
LP		 1844 } else
1845 log_debug("Unknown serialization key '%s'", key);
1846
1847 return 0;
1848}
1849
87f0e418
LP		 1850static UnitActiveState socket_active_state(Unit *u) {
1851 assert(u);
5cb5a6ff 1852
acbb0225 1853 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 1854}
1855
10a94420
LP		 1856static const char *socket_sub_state_to_string(Unit *u) {
1857 assert(u);
1858
a16e1123 1859 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 1860}
1861
6cf6bbc2
LP		 1862static bool socket_check_gc(Unit *u) {
1863 Socket *s = SOCKET(u);
1864
1865 assert(u);
1866
1867 return s->n_connections > 0;
1868}
1869
acbb0225 1870static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
87f0e418 1871 Socket *s = SOCKET(u);
4f2d528d 1872 int cfd = -1;
9152c765 1873
034c6ed7 1874 assert(s);
8d567588 1875 assert(fd >= 0);
9152c765 1876
871d7de4
LP		 1877 if (s->state != SOCKET_LISTENING)
1878 return;
1879
ac155bb8 1880 log_debug("Incoming traffic on %s", u->id);
9152c765 1881
4f2d528d 1882 if (events != EPOLLIN) {
641e01dc
LP		 1883
1884 if (events & EPOLLHUP)
ac155bb8 1885 log_error("%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.", u->id);
641e01dc 1886 else
ac155bb8 1887 log_error("%s: Got unexpected poll event (0x%x) on socket.", u->id, events);
641e01dc 1888
8d567588 1889 goto fail;
4f2d528d
LP		 1890 }
1891
cabab516 1892 if (w->socket_accept) {
4f2d528d
LP		 1893 for (;;) {
1894
b14eda96
LP		 1895 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
1896 if (cfd < 0) {
4f2d528d
LP		 1897
1898 if (errno == EINTR)
1899 continue;
1900
1901 log_error("Failed to accept socket: %m");
8d567588 1902 goto fail;
4f2d528d
LP		 1903 }
1904
1905 break;
1906 }
4fd5948e
LP		 1907
1908 socket_apply_socket_options(s, cfd);
4f2d528d 1909 }
9152c765 1910
4f2d528d 1911 socket_enter_running(s, cfd);
8d567588
LP		 1912 return;
1913
1914fail:
cfc4eb4c 1915 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
9152c765
LP		 1916}
1917
87f0e418
LP		 1918static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
1919 Socket *s = SOCKET(u);
cfc4eb4c 1920 SocketResult f;
5cb5a6ff
LP		 1921
1922 assert(s);
034c6ed7 1923 assert(pid >= 0);
5cb5a6ff 1924
8c47c732
LP		 1925 if (pid != s->control_pid)
1926 return;
542563ba 1927
034c6ed7
LP		 1928 s->control_pid = 0;
1929
96342de6 1930 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 1931 f = SOCKET_SUCCESS;
1932 else if (code == CLD_EXITED)
1933 f = SOCKET_FAILURE_EXIT_CODE;
1934 else if (code == CLD_KILLED)
1935 f = SOCKET_FAILURE_SIGNAL;
1936 else if (code == CLD_DUMPED)
1937 f = SOCKET_FAILURE_CORE_DUMP;
1938 else
1939 assert_not_reached("Unknown code");
8c47c732 1940
b708e7ce 1941 if (s->control_command) {
6ea832a2 1942 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 1943
b708e7ce 1944 if (s->control_command->ignore)
cfc4eb4c 1945 f = SOCKET_SUCCESS;
b708e7ce
LP		 1946 }
1947
cfc4eb4c 1948 log_full(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
ac155bb8 1949 "%s control process exited, code=%s status=%i", u->id, sigchld_code_to_string(code), status);
034c6ed7 1950
cfc4eb4c
LP		 1951 if (f != SOCKET_SUCCESS)
1952 s->result = f;
1953
1954 if (s->control_command &&
1955 s->control_command->command_next &&
1956 f == SOCKET_SUCCESS) {
1957
ac155bb8 1958 log_debug("%s running next command for state %s", u->id, socket_state_to_string(s->state));
cfc4eb4c 1959 socket_run_next(s);
acbb0225 1960 } else {
a16e1123
LP		 1961 s->control_command = NULL;
1962 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1963
034c6ed7
LP		 1964 /* No further commands for this step, so let's figure
1965 * out what to do next */
5cb5a6ff 1966
ac155bb8 1967 log_debug("%s got final SIGCHLD for state %s", u->id, socket_state_to_string(s->state));
acbb0225 1968
034c6ed7
LP		 1969 switch (s->state) {
1970
1971 case SOCKET_START_PRE:
cfc4eb4c 1972 if (f == SOCKET_SUCCESS)
acbb0225 1973 socket_enter_start_post(s);
034c6ed7 1974 else
cfc4eb4c 1975 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 1976 break;
1977
1978 case SOCKET_START_POST:
cfc4eb4c 1979 if (f == SOCKET_SUCCESS)
e9af15c3 1980 socket_enter_listening(s);
034c6ed7 1981 else
cfc4eb4c 1982 socket_enter_stop_pre(s, f);
034c6ed7
LP		 1983 break;
1984
1985 case SOCKET_STOP_PRE:
1986 case SOCKET_STOP_PRE_SIGTERM:
1987 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 1988 socket_enter_stop_post(s, f);
034c6ed7
LP		 1989 break;
1990
1991 case SOCKET_STOP_POST:
80876c20
LP		 1992 case SOCKET_FINAL_SIGTERM:
1993 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 1994 socket_enter_dead(s, f);
034c6ed7
LP		 1995 break;
1996
1997 default:
1998 assert_not_reached("Uh, control process died at wrong time.");
1999 }
2000 }
c4e2ceae
LP		 2001
2002 /* Notify clients about changed exit status */
2003 unit_add_to_dbus_queue(u);
034c6ed7 2004}
5cb5a6ff 2005
acbb0225 2006static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
87f0e418 2007 Socket *s = SOCKET(u);
5cb5a6ff 2008
034c6ed7
LP		 2009 assert(s);
2010 assert(elapsed == 1);
acbb0225 2011 assert(w == &s->timer_watch);
034c6ed7
LP		 2012
2013 switch (s->state) {
2014
2015 case SOCKET_START_PRE:
ac155bb8 2016 log_warning("%s starting timed out. Terminating.", u->id);
cfc4eb4c 2017 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2018 break;
80876c20 2019
034c6ed7 2020 case SOCKET_START_POST:
ac155bb8 2021 log_warning("%s starting timed out. Stopping.", u->id);
cfc4eb4c 2022 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2023 break;
2024
2025 case SOCKET_STOP_PRE:
ac155bb8 2026 log_warning("%s stopping timed out. Terminating.", u->id);
cfc4eb4c 2027 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2028 break;
2029
2030 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2031 if (s->kill_context.send_sigkill) {
ac155bb8 2032 log_warning("%s stopping timed out. Killing.", u->id);
cfc4eb4c 2033 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2034 } else {
ac155bb8 2035 log_warning("%s stopping timed out. Skipping SIGKILL. Ignoring.", u->id);
cfc4eb4c 2036 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2037 }
034c6ed7
LP		 2038 break;
2039
2040 case SOCKET_STOP_PRE_SIGKILL:
ac155bb8 2041 log_warning("%s still around after SIGKILL. Ignoring.", u->id);
cfc4eb4c 2042 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2043 break;
2044
2045 case SOCKET_STOP_POST:
ac155bb8 2046 log_warning("%s stopping timed out (2). Terminating.", u->id);
cfc4eb4c 2047 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2048 break;
2049
80876c20 2050 case SOCKET_FINAL_SIGTERM:
4819ff03 2051 if (s->kill_context.send_sigkill) {
ac155bb8 2052 log_warning("%s stopping timed out (2). Killing.", u->id);
cfc4eb4c 2053 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2054 } else {
ac155bb8 2055 log_warning("%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->id);
cfc4eb4c 2056 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2057 }
034c6ed7
LP		 2058 break;
2059
80876c20 2060 case SOCKET_FINAL_SIGKILL:
ac155bb8 2061 log_warning("%s still around after SIGKILL (2). Entering failed mode.", u->id);
cfc4eb4c 2062 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2063 break;
2064
2065 default:
2066 assert_not_reached("Timeout at wrong time.");
2067 }
5cb5a6ff
LP		 2068}
2069
44d8db9e
LP		 2070int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2071 int *rfds;
2072 unsigned rn_fds, k;
2073 SocketPort *p;
2074
2075 assert(s);
2076 assert(fds);
2077 assert(n_fds);
2078
2079 /* Called from the service code for requesting our fds */
2080
2081 rn_fds = 0;
2082 LIST_FOREACH(port, p, s->ports)
2083 if (p->fd >= 0)
2084 rn_fds++;
2085
de3756ab
LP		 2086 if (rn_fds <= 0) {
2087 *fds = NULL;
2088 *n_fds = 0;
2089 return 0;
2090 }
2091
e364ad06 2092 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2093 return -ENOMEM;
2094
2095 k = 0;
2096 LIST_FOREACH(port, p, s->ports)
2097 if (p->fd >= 0)
2098 rfds[k++] = p->fd;
2099
2100 assert(k == rn_fds);
2101
2102 *fds = rfds;
2103 *n_fds = rn_fds;
2104
2105 return 0;
2106}
2107
6bda96a0 2108void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2109 assert(s);
2110
6cf6bbc2
LP		 2111 /* The service is dead. Dang!
2112 *
2113 * This is strictly for one-instance-for-all-connections
2114 * services. */
ceee3d82
LP		 2115
2116 if (s->state == SOCKET_RUNNING) {
6bda96a0
LP		 2117 log_debug("%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2118 if (failed_permanent)
2119 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2120 else
2121 socket_enter_listening(s);
ceee3d82
LP		 2122 }
2123}
2124
6cf6bbc2
LP		 2125void socket_connection_unref(Socket *s) {
2126 assert(s);
2127
2128 /* The service is dead. Yay!
2129 *
35b8ca3a 2130 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2131 * services. */
2132
2133 assert(s->n_connections > 0);
2134 s->n_connections--;
2135
1124fe6f 2136 log_debug("%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
6cf6bbc2
LP		 2137}
2138
fdf20a31 2139static void socket_reset_failed(Unit *u) {
5632e374
LP		 2140 Socket *s = SOCKET(u);
2141
2142 assert(s);
2143
fdf20a31 2144 if (s->state == SOCKET_FAILED)
5632e374
LP		 2145 socket_set_state(s, SOCKET_DEAD);
2146
cfc4eb4c 2147 s->result = SOCKET_SUCCESS;
5632e374
LP		 2148}
2149
c74f17d9 2150static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
8a0867d6
LP		 2151 Socket *s = SOCKET(u);
2152 int r = 0;
2153 Set *pid_set = NULL;
2154
2155 assert(s);
2156
2157 if (who == KILL_MAIN) {
2158 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "Socket units have no main processes");
a17204af 2159 return -ESRCH;
8a0867d6
LP		 2160 }
2161
2162 if (s->control_pid <= 0 && who == KILL_CONTROL) {
2163 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
a17204af 2164 return -ESRCH;
8a0867d6
LP		 2165 }
2166
3611581e
LP		 2167 if (who == KILL_CONTROL || who == KILL_ALL)
2168 if (s->control_pid > 0)
2169 if (kill(s->control_pid, signo) < 0)
2170 r = -errno;
8a0867d6 2171
c74f17d9 2172 if (who == KILL_ALL) {
8a0867d6
LP		 2173 int q;
2174
c74f17d9
LP		 2175 pid_set = set_new(trivial_hash_func, trivial_compare_func);
2176 if (!pid_set)
8a0867d6
LP		 2177 return -ENOMEM;
2178
2179 /* Exclude the control pid from being killed via the cgroup */
c74f17d9
LP		 2180 if (s->control_pid > 0) {
2181 q = set_put(pid_set, LONG_TO_PTR(s->control_pid));
2182 if (q < 0) {
8a0867d6
LP		 2183 r = q;
2184 goto finish;
2185 }
c74f17d9 2186 }
8a0867d6 2187
88f3e0c9 2188 q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, false, pid_set, NULL);
c74f17d9
LP		 2189 if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
2190 r = q;
8a0867d6
LP		 2191 }
2192
2193finish:
2194 if (pid_set)
2195 set_free(pid_set);
2196
2197 return r;
2198}
2199
a16e1123
LP		 2200static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2201 [SOCKET_DEAD] = "dead",
2202 [SOCKET_START_PRE] = "start-pre",
2203 [SOCKET_START_POST] = "start-post",
2204 [SOCKET_LISTENING] = "listening",
2205 [SOCKET_RUNNING] = "running",
2206 [SOCKET_STOP_PRE] = "stop-pre",
2207 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2208 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2209 [SOCKET_STOP_POST] = "stop-post",
2210 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2211 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2212 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2213};
2214
2215DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2216
2217static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2218 [SOCKET_EXEC_START_PRE] = "StartPre",
2219 [SOCKET_EXEC_START_POST] = "StartPost",
2220 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2221 [SOCKET_EXEC_STOP_POST] = "StopPost"
2222};
2223
2224DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2225
cfc4eb4c
LP		 2226static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2227 [SOCKET_SUCCESS] = "success",
2228 [SOCKET_FAILURE_RESOURCES] = "resources",
2229 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2230 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2231 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2232 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2233 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2234};
2235
2236DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2237
87f0e418 2238const UnitVTable socket_vtable = {
7d17cfbc 2239 .object_size = sizeof(Socket),
3ef63c31
LP		 2240 .exec_context_offset = offsetof(Socket, exec_context),
2241
f975e971
LP		 2242 .sections =
2243 "Unit\0"
2244 "Socket\0"
2245 "Install\0",
5cb5a6ff 2246
034c6ed7
LP		 2247 .init = socket_init,
2248 .done = socket_done,
a16e1123
LP		 2249 .load = socket_load,
2250
8a0867d6
LP		 2251 .kill = socket_kill,
2252
a16e1123 2253 .coldplug = socket_coldplug,
034c6ed7 2254
5cb5a6ff
LP		 2255 .dump = socket_dump,
2256
542563ba
LP		 2257 .start = socket_start,
2258 .stop = socket_stop,
5cb5a6ff 2259
a16e1123
LP		 2260 .serialize = socket_serialize,
2261 .deserialize_item = socket_deserialize_item,
2262
5cb5a6ff 2263 .active_state = socket_active_state,
10a94420 2264 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2265
6cf6bbc2
LP		 2266 .check_gc = socket_check_gc,
2267
9152c765 2268 .fd_event = socket_fd_event,
034c6ed7 2269 .sigchld_event = socket_sigchld_event,
4139c1b2
LP		 2270 .timer_event = socket_timer_event,
2271
fdf20a31 2272 .reset_failed = socket_reset_failed,
5632e374 2273
c4e2ceae
LP		 2274 .bus_interface = "org.freedesktop.systemd1.Socket",
2275 .bus_message_handler = bus_socket_message_handler,
c6918296
MS		 2276 .bus_invalidating_properties = bus_socket_invalidating_properties,
2277
2278 .status_message_formats = {
2279 /*.starting_stopping = {
2280 [0] = "Starting socket %s...",
2281 [1] = "Stopping socket %s...",
2282 },*/
2283 .finished_start_job = {
2284 [JOB_DONE] = "Listening on %s.",
2285 [JOB_FAILED] = "Failed to listen on %s.",
2286 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2287 [JOB_TIMEOUT] = "Timed out starting %s.",
2288 },
2289 .finished_stop_job = {
2290 [JOB_DONE] = "Closed %s.",
2291 [JOB_FAILED] = "Failed stopping %s.",
2292 [JOB_TIMEOUT] = "Timed out stopping %s.",
2293 },
2294 },
5cb5a6ff 2295};
Unnamed repository; edit this file 'description' to name the repository.