]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
table: drop last SIZE_MAX from table_set_sort() and table_set_display()
[thirdparty/systemd.git] / src / core / socket.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <arpa/inet.h>
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <mqueue.h>
7 #include <netinet/tcp.h>
8 #include <sys/epoll.h>
9 #include <sys/stat.h>
10 #include <unistd.h>
11 #include <linux/sctp.h>
12
13 #include "alloc-util.h"
14 #include "bpf-firewall.h"
15 #include "bus-error.h"
16 #include "bus-util.h"
17 #include "copy.h"
18 #include "dbus-socket.h"
19 #include "dbus-unit.h"
20 #include "def.h"
21 #include "errno-list.h"
22 #include "exit-status.h"
23 #include "fd-util.h"
24 #include "format-util.h"
25 #include "fs-util.h"
26 #include "in-addr-util.h"
27 #include "io-util.h"
28 #include "ip-protocol-list.h"
29 #include "label.h"
30 #include "log.h"
31 #include "mkdir.h"
32 #include "parse-util.h"
33 #include "path-util.h"
34 #include "process-util.h"
35 #include "selinux-util.h"
36 #include "serialize.h"
37 #include "signal-util.h"
38 #include "smack-util.h"
39 #include "socket.h"
40 #include "socket-netlink.h"
41 #include "special.h"
42 #include "string-table.h"
43 #include "string-util.h"
44 #include "strv.h"
45 #include "unit-name.h"
46 #include "unit.h"
47 #include "user-util.h"
48
49 struct SocketPeer {
50 unsigned n_ref;
51
52 Socket *socket;
53 union sockaddr_union peer;
54 socklen_t peer_salen;
55 };
56
57 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
58 [SOCKET_DEAD] = UNIT_INACTIVE,
59 [SOCKET_START_PRE] = UNIT_ACTIVATING,
60 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
61 [SOCKET_START_POST] = UNIT_ACTIVATING,
62 [SOCKET_LISTENING] = UNIT_ACTIVE,
63 [SOCKET_RUNNING] = UNIT_ACTIVE,
64 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
69 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
70 [SOCKET_FAILED] = UNIT_FAILED,
71 [SOCKET_CLEANING] = UNIT_MAINTENANCE,
72 };
73
74 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
75 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
76 static void flush_ports(Socket *s);
77
78 static void socket_init(Unit *u) {
79 Socket *s = SOCKET(u);
80
81 assert(u);
82 assert(u->load_state == UNIT_STUB);
83
84 s->backlog = SOMAXCONN;
85 s->timeout_usec = u->manager->default_timeout_start_usec;
86 s->directory_mode = 0755;
87 s->socket_mode = 0666;
88
89 s->max_connections = 64;
90
91 s->priority = -1;
92 s->ip_tos = -1;
93 s->ip_ttl = -1;
94 s->mark = -1;
95
96 s->exec_context.std_output = u->manager->default_std_output;
97 s->exec_context.std_error = u->manager->default_std_error;
98
99 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
100
101 s->trigger_limit.interval = USEC_INFINITY;
102 s->trigger_limit.burst = (unsigned) -1;
103 }
104
105 static void socket_unwatch_control_pid(Socket *s) {
106 assert(s);
107
108 if (s->control_pid <= 0)
109 return;
110
111 unit_unwatch_pid(UNIT(s), s->control_pid);
112 s->control_pid = 0;
113 }
114
115 static void socket_cleanup_fd_list(SocketPort *p) {
116 assert(p);
117
118 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
119 p->auxiliary_fds = mfree(p->auxiliary_fds);
120 p->n_auxiliary_fds = 0;
121 }
122
123 void socket_free_ports(Socket *s) {
124 SocketPort *p;
125
126 assert(s);
127
128 while ((p = s->ports)) {
129 LIST_REMOVE(port, s->ports, p);
130
131 sd_event_source_unref(p->event_source);
132
133 socket_cleanup_fd_list(p);
134 safe_close(p->fd);
135 free(p->path);
136 free(p);
137 }
138 }
139
140 static void socket_done(Unit *u) {
141 Socket *s = SOCKET(u);
142 SocketPeer *p;
143
144 assert(s);
145
146 socket_free_ports(s);
147
148 while ((p = set_steal_first(s->peers_by_address)))
149 p->socket = NULL;
150
151 s->peers_by_address = set_free(s->peers_by_address);
152
153 s->exec_runtime = exec_runtime_unref(s->exec_runtime, false);
154 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
155 s->control_command = NULL;
156
157 dynamic_creds_unref(&s->dynamic_creds);
158
159 socket_unwatch_control_pid(s);
160
161 unit_ref_unset(&s->service);
162
163 s->tcp_congestion = mfree(s->tcp_congestion);
164 s->bind_to_device = mfree(s->bind_to_device);
165
166 s->smack = mfree(s->smack);
167 s->smack_ip_in = mfree(s->smack_ip_in);
168 s->smack_ip_out = mfree(s->smack_ip_out);
169
170 strv_free(s->symlinks);
171
172 s->user = mfree(s->user);
173 s->group = mfree(s->group);
174
175 s->fdname = mfree(s->fdname);
176
177 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
178 }
179
180 static int socket_arm_timer(Socket *s, usec_t usec) {
181 int r;
182
183 assert(s);
184
185 if (s->timer_event_source) {
186 r = sd_event_source_set_time(s->timer_event_source, usec);
187 if (r < 0)
188 return r;
189
190 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
191 }
192
193 if (usec == USEC_INFINITY)
194 return 0;
195
196 r = sd_event_add_time(
197 UNIT(s)->manager->event,
198 &s->timer_event_source,
199 CLOCK_MONOTONIC,
200 usec, 0,
201 socket_dispatch_timer, s);
202 if (r < 0)
203 return r;
204
205 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
206
207 return 0;
208 }
209
210 static bool have_non_accept_socket(Socket *s) {
211 SocketPort *p;
212
213 assert(s);
214
215 if (!s->accept)
216 return true;
217
218 LIST_FOREACH(port, p, s->ports) {
219
220 if (p->type != SOCKET_SOCKET)
221 return true;
222
223 if (!socket_address_can_accept(&p->address))
224 return true;
225 }
226
227 return false;
228 }
229
230 static int socket_add_mount_dependencies(Socket *s) {
231 SocketPort *p;
232 int r;
233
234 assert(s);
235
236 LIST_FOREACH(port, p, s->ports) {
237 const char *path = NULL;
238
239 if (p->type == SOCKET_SOCKET)
240 path = socket_address_get_path(&p->address);
241 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
242 path = p->path;
243
244 if (!path)
245 continue;
246
247 r = unit_require_mounts_for(UNIT(s), path, UNIT_DEPENDENCY_FILE);
248 if (r < 0)
249 return r;
250 }
251
252 return 0;
253 }
254
255 static int socket_add_device_dependencies(Socket *s) {
256 char *t;
257
258 assert(s);
259
260 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
261 return 0;
262
263 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
264 return unit_add_node_dependency(UNIT(s), t, UNIT_BINDS_TO, UNIT_DEPENDENCY_FILE);
265 }
266
267 static int socket_add_default_dependencies(Socket *s) {
268 int r;
269 assert(s);
270
271 if (!UNIT(s)->default_dependencies)
272 return 0;
273
274 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
275 if (r < 0)
276 return r;
277
278 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
279 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
280 if (r < 0)
281 return r;
282 }
283
284 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
285 }
286
287 _pure_ static bool socket_has_exec(Socket *s) {
288 unsigned i;
289 assert(s);
290
291 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
292 if (s->exec_command[i])
293 return true;
294
295 return false;
296 }
297
298 static int socket_add_extras(Socket *s) {
299 Unit *u = UNIT(s);
300 int r;
301
302 assert(s);
303
304 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
305 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
306 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
307 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
308 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
309 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
310 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
311 * service starts are typical. */
312
313 if (s->trigger_limit.interval == USEC_INFINITY)
314 s->trigger_limit.interval = 2 * USEC_PER_SEC;
315
316 if (s->trigger_limit.burst == (unsigned) -1) {
317 if (s->accept)
318 s->trigger_limit.burst = 200;
319 else
320 s->trigger_limit.burst = 20;
321 }
322
323 if (have_non_accept_socket(s)) {
324
325 if (!UNIT_DEREF(s->service)) {
326 Unit *x;
327
328 r = unit_load_related_unit(u, ".service", &x);
329 if (r < 0)
330 return r;
331
332 unit_ref_set(&s->service, u, x);
333 }
334
335 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true, UNIT_DEPENDENCY_IMPLICIT);
336 if (r < 0)
337 return r;
338 }
339
340 r = socket_add_mount_dependencies(s);
341 if (r < 0)
342 return r;
343
344 r = socket_add_device_dependencies(s);
345 if (r < 0)
346 return r;
347
348 r = unit_patch_contexts(u);
349 if (r < 0)
350 return r;
351
352 if (socket_has_exec(s)) {
353 r = unit_add_exec_dependencies(u, &s->exec_context);
354 if (r < 0)
355 return r;
356 }
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361
362 r = socket_add_default_dependencies(s);
363 if (r < 0)
364 return r;
365
366 return 0;
367 }
368
369 static const char *socket_find_symlink_target(Socket *s) {
370 const char *found = NULL;
371 SocketPort *p;
372
373 LIST_FOREACH(port, p, s->ports) {
374 const char *f = NULL;
375
376 switch (p->type) {
377
378 case SOCKET_FIFO:
379 f = p->path;
380 break;
381
382 case SOCKET_SOCKET:
383 f = socket_address_get_path(&p->address);
384 break;
385
386 default:
387 break;
388 }
389
390 if (f) {
391 if (found)
392 return NULL;
393
394 found = f;
395 }
396 }
397
398 return found;
399 }
400
401 static int socket_verify(Socket *s) {
402 assert(s);
403 assert(UNIT(s)->load_state == UNIT_LOADED);
404
405 if (!s->ports)
406 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.");
407
408 if (s->accept && have_non_accept_socket(s))
409 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
410
411 if (s->accept && s->max_connections <= 0)
412 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "MaxConnection= setting too small. Refusing.");
413
414 if (s->accept && UNIT_DEREF(s->service))
415 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Explicit service configuration for accepting socket units not supported. Refusing.");
416
417 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP)
418 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
419
420 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s))
421 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
422
423 return 0;
424 }
425
426 static void peer_address_hash_func(const SocketPeer *s, struct siphash *state) {
427 assert(s);
428
429 if (s->peer.sa.sa_family == AF_INET)
430 siphash24_compress(&s->peer.in.sin_addr, sizeof(s->peer.in.sin_addr), state);
431 else if (s->peer.sa.sa_family == AF_INET6)
432 siphash24_compress(&s->peer.in6.sin6_addr, sizeof(s->peer.in6.sin6_addr), state);
433 else if (s->peer.sa.sa_family == AF_VSOCK)
434 siphash24_compress(&s->peer.vm.svm_cid, sizeof(s->peer.vm.svm_cid), state);
435 else
436 assert_not_reached("Unknown address family.");
437 }
438
439 static int peer_address_compare_func(const SocketPeer *x, const SocketPeer *y) {
440 int r;
441
442 r = CMP(x->peer.sa.sa_family, y->peer.sa.sa_family);
443 if (r != 0)
444 return r;
445
446 switch(x->peer.sa.sa_family) {
447 case AF_INET:
448 return memcmp(&x->peer.in.sin_addr, &y->peer.in.sin_addr, sizeof(x->peer.in.sin_addr));
449 case AF_INET6:
450 return memcmp(&x->peer.in6.sin6_addr, &y->peer.in6.sin6_addr, sizeof(x->peer.in6.sin6_addr));
451 case AF_VSOCK:
452 return CMP(x->peer.vm.svm_cid, y->peer.vm.svm_cid);
453 }
454 assert_not_reached("Black sheep in the family!");
455 }
456
457 DEFINE_PRIVATE_HASH_OPS(peer_address_hash_ops, SocketPeer, peer_address_hash_func, peer_address_compare_func);
458
459 static int socket_load(Unit *u) {
460 Socket *s = SOCKET(u);
461 int r;
462
463 assert(u);
464 assert(u->load_state == UNIT_STUB);
465
466 r = set_ensure_allocated(&s->peers_by_address, &peer_address_hash_ops);
467 if (r < 0)
468 return r;
469
470 r = unit_load_fragment_and_dropin(u, true);
471 if (r < 0)
472 return r;
473
474 if (u->load_state != UNIT_LOADED)
475 return 0;
476
477 /* This is a new unit? Then let's add in some extras */
478 r = socket_add_extras(s);
479 if (r < 0)
480 return r;
481
482 return socket_verify(s);
483 }
484
485 static SocketPeer *socket_peer_new(void) {
486 SocketPeer *p;
487
488 p = new0(SocketPeer, 1);
489 if (!p)
490 return NULL;
491
492 p->n_ref = 1;
493
494 return p;
495 }
496
497 static SocketPeer *socket_peer_free(SocketPeer *p) {
498 assert(p);
499
500 if (p->socket)
501 set_remove(p->socket->peers_by_address, p);
502
503 return mfree(p);
504 }
505
506 DEFINE_TRIVIAL_REF_UNREF_FUNC(SocketPeer, socket_peer, socket_peer_free);
507
508 int socket_acquire_peer(Socket *s, int fd, SocketPeer **p) {
509 _cleanup_(socket_peer_unrefp) SocketPeer *remote = NULL;
510 SocketPeer sa = {}, *i;
511 socklen_t salen = sizeof(sa.peer);
512 int r;
513
514 assert(fd >= 0);
515 assert(s);
516
517 if (getpeername(fd, &sa.peer.sa, &salen) < 0)
518 return log_unit_error_errno(UNIT(s), errno, "getpeername failed: %m");
519
520 if (!IN_SET(sa.peer.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK)) {
521 *p = NULL;
522 return 0;
523 }
524
525 i = set_get(s->peers_by_address, &sa);
526 if (i) {
527 *p = socket_peer_ref(i);
528 return 1;
529 }
530
531 remote = socket_peer_new();
532 if (!remote)
533 return log_oom();
534
535 remote->peer = sa.peer;
536 remote->peer_salen = salen;
537
538 r = set_put(s->peers_by_address, remote);
539 if (r < 0)
540 return r;
541
542 remote->socket = s;
543
544 *p = TAKE_PTR(remote);
545
546 return 1;
547 }
548
549 _const_ static const char* listen_lookup(int family, int type) {
550
551 if (family == AF_NETLINK)
552 return "ListenNetlink";
553
554 if (type == SOCK_STREAM)
555 return "ListenStream";
556 else if (type == SOCK_DGRAM)
557 return "ListenDatagram";
558 else if (type == SOCK_SEQPACKET)
559 return "ListenSequentialPacket";
560
561 assert_not_reached("Unknown socket type");
562 return NULL;
563 }
564
565 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
566 char time_string[FORMAT_TIMESPAN_MAX];
567 SocketExecCommand c;
568 Socket *s = SOCKET(u);
569 SocketPort *p;
570 const char *prefix2, *str;
571
572 assert(s);
573 assert(f);
574
575 prefix = strempty(prefix);
576 prefix2 = strjoina(prefix, "\t");
577
578 fprintf(f,
579 "%sSocket State: %s\n"
580 "%sResult: %s\n"
581 "%sClean Result: %s\n"
582 "%sBindIPv6Only: %s\n"
583 "%sBacklog: %u\n"
584 "%sSocketMode: %04o\n"
585 "%sDirectoryMode: %04o\n"
586 "%sKeepAlive: %s\n"
587 "%sNoDelay: %s\n"
588 "%sFreeBind: %s\n"
589 "%sTransparent: %s\n"
590 "%sBroadcast: %s\n"
591 "%sPassCredentials: %s\n"
592 "%sPassSecurity: %s\n"
593 "%sPassPacketInfo: %s\n"
594 "%sTCPCongestion: %s\n"
595 "%sRemoveOnStop: %s\n"
596 "%sWritable: %s\n"
597 "%sFileDescriptorName: %s\n"
598 "%sSELinuxContextFromNet: %s\n",
599 prefix, socket_state_to_string(s->state),
600 prefix, socket_result_to_string(s->result),
601 prefix, socket_result_to_string(s->clean_result),
602 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
603 prefix, s->backlog,
604 prefix, s->socket_mode,
605 prefix, s->directory_mode,
606 prefix, yes_no(s->keep_alive),
607 prefix, yes_no(s->no_delay),
608 prefix, yes_no(s->free_bind),
609 prefix, yes_no(s->transparent),
610 prefix, yes_no(s->broadcast),
611 prefix, yes_no(s->pass_cred),
612 prefix, yes_no(s->pass_sec),
613 prefix, yes_no(s->pass_pktinfo),
614 prefix, strna(s->tcp_congestion),
615 prefix, yes_no(s->remove_on_stop),
616 prefix, yes_no(s->writable),
617 prefix, socket_fdname(s),
618 prefix, yes_no(s->selinux_context_from_net));
619
620 if (s->timestamping != SOCKET_TIMESTAMPING_OFF)
621 fprintf(f,
622 "%sTimestamping: %s\n",
623 prefix, socket_timestamping_to_string(s->timestamping));
624
625 if (s->control_pid > 0)
626 fprintf(f,
627 "%sControl PID: "PID_FMT"\n",
628 prefix, s->control_pid);
629
630 if (s->bind_to_device)
631 fprintf(f,
632 "%sBindToDevice: %s\n",
633 prefix, s->bind_to_device);
634
635 if (s->accept)
636 fprintf(f,
637 "%sAccepted: %u\n"
638 "%sNConnections: %u\n"
639 "%sMaxConnections: %u\n"
640 "%sMaxConnectionsPerSource: %u\n",
641 prefix, s->n_accepted,
642 prefix, s->n_connections,
643 prefix, s->max_connections,
644 prefix, s->max_connections_per_source);
645 else
646 fprintf(f,
647 "%sFlushPending: %s\n",
648 prefix, yes_no(s->flush_pending));
649
650
651 if (s->priority >= 0)
652 fprintf(f,
653 "%sPriority: %i\n",
654 prefix, s->priority);
655
656 if (s->receive_buffer > 0)
657 fprintf(f,
658 "%sReceiveBuffer: %zu\n",
659 prefix, s->receive_buffer);
660
661 if (s->send_buffer > 0)
662 fprintf(f,
663 "%sSendBuffer: %zu\n",
664 prefix, s->send_buffer);
665
666 if (s->ip_tos >= 0)
667 fprintf(f,
668 "%sIPTOS: %i\n",
669 prefix, s->ip_tos);
670
671 if (s->ip_ttl >= 0)
672 fprintf(f,
673 "%sIPTTL: %i\n",
674 prefix, s->ip_ttl);
675
676 if (s->pipe_size > 0)
677 fprintf(f,
678 "%sPipeSize: %zu\n",
679 prefix, s->pipe_size);
680
681 if (s->mark >= 0)
682 fprintf(f,
683 "%sMark: %i\n",
684 prefix, s->mark);
685
686 if (s->mq_maxmsg > 0)
687 fprintf(f,
688 "%sMessageQueueMaxMessages: %li\n",
689 prefix, s->mq_maxmsg);
690
691 if (s->mq_msgsize > 0)
692 fprintf(f,
693 "%sMessageQueueMessageSize: %li\n",
694 prefix, s->mq_msgsize);
695
696 if (s->reuse_port)
697 fprintf(f,
698 "%sReusePort: %s\n",
699 prefix, yes_no(s->reuse_port));
700
701 if (s->smack)
702 fprintf(f,
703 "%sSmackLabel: %s\n",
704 prefix, s->smack);
705
706 if (s->smack_ip_in)
707 fprintf(f,
708 "%sSmackLabelIPIn: %s\n",
709 prefix, s->smack_ip_in);
710
711 if (s->smack_ip_out)
712 fprintf(f,
713 "%sSmackLabelIPOut: %s\n",
714 prefix, s->smack_ip_out);
715
716 if (!isempty(s->user) || !isempty(s->group))
717 fprintf(f,
718 "%sSocketUser: %s\n"
719 "%sSocketGroup: %s\n",
720 prefix, strna(s->user),
721 prefix, strna(s->group));
722
723 if (s->keep_alive_time > 0)
724 fprintf(f,
725 "%sKeepAliveTimeSec: %s\n",
726 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
727
728 if (s->keep_alive_interval > 0)
729 fprintf(f,
730 "%sKeepAliveIntervalSec: %s\n",
731 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
732
733 if (s->keep_alive_cnt > 0)
734 fprintf(f,
735 "%sKeepAliveProbes: %u\n",
736 prefix, s->keep_alive_cnt);
737
738 if (s->defer_accept > 0)
739 fprintf(f,
740 "%sDeferAcceptSec: %s\n",
741 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
742
743 LIST_FOREACH(port, p, s->ports) {
744
745 switch (p->type) {
746 case SOCKET_SOCKET: {
747 _cleanup_free_ char *k = NULL;
748 const char *t;
749 int r;
750
751 r = socket_address_print(&p->address, &k);
752 if (r < 0)
753 t = strerror_safe(r);
754 else
755 t = k;
756
757 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
758 break;
759 }
760 case SOCKET_SPECIAL:
761 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
762 break;
763 case SOCKET_USB_FUNCTION:
764 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
765 break;
766 case SOCKET_MQUEUE:
767 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
768 break;
769 default:
770 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
771 }
772 }
773
774 fprintf(f,
775 "%sTriggerLimitIntervalSec: %s\n"
776 "%sTriggerLimitBurst: %u\n",
777 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
778 prefix, s->trigger_limit.burst);
779
780 str = ip_protocol_to_name(s->socket_protocol);
781 if (str)
782 fprintf(f, "%sSocketProtocol: %s\n", prefix, str);
783
784 if (!strv_isempty(s->symlinks)) {
785 char **q;
786
787 fprintf(f, "%sSymlinks:", prefix);
788 STRV_FOREACH(q, s->symlinks)
789 fprintf(f, " %s", *q);
790
791 fprintf(f, "\n");
792 }
793
794 fprintf(f,
795 "%sTimeoutSec: %s\n",
796 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->timeout_usec, USEC_PER_SEC));
797
798 exec_context_dump(&s->exec_context, f, prefix);
799 kill_context_dump(&s->kill_context, f, prefix);
800
801 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
802 if (!s->exec_command[c])
803 continue;
804
805 fprintf(f, "%s-> %s:\n",
806 prefix, socket_exec_command_to_string(c));
807
808 exec_command_dump_list(s->exec_command[c], f, prefix2);
809 }
810
811 cgroup_context_dump(UNIT(s), f, prefix);
812 }
813
814 static int instance_from_socket(int fd, unsigned nr, char **instance) {
815 socklen_t l;
816 char *r;
817 union sockaddr_union local, remote;
818
819 assert(fd >= 0);
820 assert(instance);
821
822 l = sizeof(local);
823 if (getsockname(fd, &local.sa, &l) < 0)
824 return -errno;
825
826 l = sizeof(remote);
827 if (getpeername(fd, &remote.sa, &l) < 0)
828 return -errno;
829
830 switch (local.sa.sa_family) {
831
832 case AF_INET: {
833 uint32_t
834 a = be32toh(local.in.sin_addr.s_addr),
835 b = be32toh(remote.in.sin_addr.s_addr);
836
837 if (asprintf(&r,
838 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
839 nr,
840 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
841 be16toh(local.in.sin_port),
842 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
843 be16toh(remote.in.sin_port)) < 0)
844 return -ENOMEM;
845
846 break;
847 }
848
849 case AF_INET6: {
850 static const unsigned char ipv4_prefix[] = {
851 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
852 };
853
854 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
855 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
856 const uint8_t
857 *a = local.in6.sin6_addr.s6_addr+12,
858 *b = remote.in6.sin6_addr.s6_addr+12;
859
860 if (asprintf(&r,
861 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
862 nr,
863 a[0], a[1], a[2], a[3],
864 be16toh(local.in6.sin6_port),
865 b[0], b[1], b[2], b[3],
866 be16toh(remote.in6.sin6_port)) < 0)
867 return -ENOMEM;
868 } else {
869 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
870
871 if (asprintf(&r,
872 "%u-%s:%u-%s:%u",
873 nr,
874 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
875 be16toh(local.in6.sin6_port),
876 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
877 be16toh(remote.in6.sin6_port)) < 0)
878 return -ENOMEM;
879 }
880
881 break;
882 }
883
884 case AF_UNIX: {
885 struct ucred ucred;
886 int k;
887
888 k = getpeercred(fd, &ucred);
889 if (k >= 0) {
890 if (asprintf(&r,
891 "%u-"PID_FMT"-"UID_FMT,
892 nr, ucred.pid, ucred.uid) < 0)
893 return -ENOMEM;
894 } else if (k == -ENODATA) {
895 /* This handles the case where somebody is
896 * connecting from another pid/uid namespace
897 * (e.g. from outside of our container). */
898 if (asprintf(&r,
899 "%u-unknown",
900 nr) < 0)
901 return -ENOMEM;
902 } else
903 return k;
904
905 break;
906 }
907
908 case AF_VSOCK:
909 if (asprintf(&r,
910 "%u-%u:%u-%u:%u",
911 nr,
912 local.vm.svm_cid, local.vm.svm_port,
913 remote.vm.svm_cid, remote.vm.svm_port) < 0)
914 return -ENOMEM;
915
916 break;
917
918 default:
919 assert_not_reached("Unhandled socket type.");
920 }
921
922 *instance = r;
923 return 0;
924 }
925
926 static void socket_close_fds(Socket *s) {
927 SocketPort *p;
928 char **i;
929
930 assert(s);
931
932 LIST_FOREACH(port, p, s->ports) {
933 bool was_open;
934
935 was_open = p->fd >= 0;
936
937 p->event_source = sd_event_source_unref(p->event_source);
938 p->fd = safe_close(p->fd);
939 socket_cleanup_fd_list(p);
940
941 /* One little note: we should normally not delete any sockets in the file system here! After all some
942 * other process we spawned might still have a reference of this fd and wants to continue to use
943 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
944 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
945 * anyway, but only then. */
946
947 if (!was_open || !s->remove_on_stop)
948 continue;
949
950 switch (p->type) {
951
952 case SOCKET_FIFO:
953 (void) unlink(p->path);
954 break;
955
956 case SOCKET_MQUEUE:
957 (void) mq_unlink(p->path);
958 break;
959
960 case SOCKET_SOCKET:
961 (void) socket_address_unlink(&p->address);
962 break;
963
964 default:
965 break;
966 }
967 }
968
969 if (s->remove_on_stop)
970 STRV_FOREACH(i, s->symlinks)
971 (void) unlink(*i);
972
973 /* Note that we don't return NULL here, since s has not been freed. */
974 }
975
976 static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
977 int r;
978
979 assert(s);
980 assert(p);
981 assert(fd >= 0);
982
983 if (s->keep_alive) {
984 r = setsockopt_int(fd, SOL_SOCKET, SO_KEEPALIVE, true);
985 if (r < 0)
986 log_unit_warning_errno(UNIT(s), r, "SO_KEEPALIVE failed: %m");
987 }
988
989 if (s->keep_alive_time > 0) {
990 r = setsockopt_int(fd, SOL_TCP, TCP_KEEPIDLE, s->keep_alive_time / USEC_PER_SEC);
991 if (r < 0)
992 log_unit_warning_errno(UNIT(s), r, "TCP_KEEPIDLE failed: %m");
993 }
994
995 if (s->keep_alive_interval > 0) {
996 r = setsockopt_int(fd, SOL_TCP, TCP_KEEPINTVL, s->keep_alive_interval / USEC_PER_SEC);
997 if (r < 0)
998 log_unit_warning_errno(UNIT(s), r, "TCP_KEEPINTVL failed: %m");
999 }
1000
1001 if (s->keep_alive_cnt > 0) {
1002 r = setsockopt_int(fd, SOL_TCP, TCP_KEEPCNT, s->keep_alive_cnt);
1003 if (r < 0)
1004 log_unit_warning_errno(UNIT(s), r, "TCP_KEEPCNT failed: %m");
1005 }
1006
1007 if (s->defer_accept > 0) {
1008 r = setsockopt_int(fd, SOL_TCP, TCP_DEFER_ACCEPT, s->defer_accept / USEC_PER_SEC);
1009 if (r < 0)
1010 log_unit_warning_errno(UNIT(s), r, "TCP_DEFER_ACCEPT failed: %m");
1011 }
1012
1013 if (s->no_delay) {
1014 if (s->socket_protocol == IPPROTO_SCTP) {
1015 r = setsockopt_int(fd, SOL_SCTP, SCTP_NODELAY, true);
1016 if (r < 0)
1017 log_unit_warning_errno(UNIT(s), r, "SCTP_NODELAY failed: %m");
1018 } else {
1019 r = setsockopt_int(fd, SOL_TCP, TCP_NODELAY, true);
1020 if (r < 0)
1021 log_unit_warning_errno(UNIT(s), r, "TCP_NODELAY failed: %m");
1022 }
1023 }
1024
1025 if (s->broadcast) {
1026 r = setsockopt_int(fd, SOL_SOCKET, SO_BROADCAST, true);
1027 if (r < 0)
1028 log_unit_warning_errno(UNIT(s), r, "SO_BROADCAST failed: %m");
1029 }
1030
1031 if (s->pass_cred) {
1032 r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
1033 if (r < 0)
1034 log_unit_warning_errno(UNIT(s), r, "SO_PASSCRED failed: %m");
1035 }
1036
1037 if (s->pass_sec) {
1038 r = setsockopt_int(fd, SOL_SOCKET, SO_PASSSEC, true);
1039 if (r < 0)
1040 log_unit_warning_errno(UNIT(s), r, "SO_PASSSEC failed: %m");
1041 }
1042
1043 if (s->pass_pktinfo) {
1044 r = socket_set_recvpktinfo(fd, socket_address_family(&p->address), true);
1045 if (r < 0)
1046 log_unit_warning_errno(UNIT(s), r, "Failed to enable packet info socket option: %m");
1047 }
1048
1049 if (s->timestamping != SOCKET_TIMESTAMPING_OFF) {
1050 r = setsockopt_int(fd, SOL_SOCKET,
1051 s->timestamping == SOCKET_TIMESTAMPING_NS ? SO_TIMESTAMPNS : SO_TIMESTAMP,
1052 true);
1053 if (r < 0)
1054 log_unit_warning_errno(UNIT(s), r, "Failed to enable timestamping socket option, ignoring: %m");
1055 }
1056
1057 if (s->priority >= 0) {
1058 r = setsockopt_int(fd, SOL_SOCKET, SO_PRIORITY, s->priority);
1059 if (r < 0)
1060 log_unit_warning_errno(UNIT(s), r, "SO_PRIORITY failed: %m");
1061 }
1062
1063 if (s->receive_buffer > 0) {
1064 r = fd_set_rcvbuf(fd, s->receive_buffer, false);
1065 if (r < 0)
1066 log_unit_full_errno(UNIT(s), ERRNO_IS_PRIVILEGE(r) ? LOG_DEBUG : LOG_WARNING, r,
1067 "SO_RCVBUF/SO_RCVBUFFORCE failed: %m");
1068 }
1069
1070 if (s->send_buffer > 0) {
1071 r = fd_set_sndbuf(fd, s->send_buffer, false);
1072 if (r < 0)
1073 log_unit_full_errno(UNIT(s), ERRNO_IS_PRIVILEGE(r) ? LOG_DEBUG : LOG_WARNING, r,
1074 "SO_SNDBUF/SO_SNDBUFFORCE failed: %m");
1075 }
1076
1077 if (s->mark >= 0) {
1078 r = setsockopt_int(fd, SOL_SOCKET, SO_MARK, s->mark);
1079 if (r < 0)
1080 log_unit_warning_errno(UNIT(s), r, "SO_MARK failed: %m");
1081 }
1082
1083 if (s->ip_tos >= 0) {
1084 r = setsockopt_int(fd, IPPROTO_IP, IP_TOS, s->ip_tos);
1085 if (r < 0)
1086 log_unit_warning_errno(UNIT(s), r, "IP_TOS failed: %m");
1087 }
1088
1089 if (s->ip_ttl >= 0) {
1090 r = socket_set_ttl(fd, socket_address_family(&p->address), s->ip_ttl);
1091 if (r < 0)
1092 log_unit_warning_errno(UNIT(s), r, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
1093 }
1094
1095 if (s->tcp_congestion)
1096 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
1097 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
1098
1099 if (s->smack_ip_in) {
1100 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
1101 if (r < 0)
1102 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
1103 }
1104
1105 if (s->smack_ip_out) {
1106 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
1107 if (r < 0)
1108 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
1109 }
1110 }
1111
1112 static void socket_apply_fifo_options(Socket *s, int fd) {
1113 int r;
1114
1115 assert(s);
1116 assert(fd >= 0);
1117
1118 if (s->pipe_size > 0)
1119 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
1120 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
1121
1122 if (s->smack) {
1123 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
1124 if (r < 0)
1125 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
1126 }
1127 }
1128
1129 static int fifo_address_create(
1130 const char *path,
1131 mode_t directory_mode,
1132 mode_t socket_mode) {
1133
1134 _cleanup_close_ int fd = -1;
1135 mode_t old_mask;
1136 struct stat st;
1137 int r;
1138
1139 assert(path);
1140
1141 (void) mkdir_parents_label(path, directory_mode);
1142
1143 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1144 if (r < 0)
1145 return r;
1146
1147 /* Enforce the right access mode for the fifo */
1148 old_mask = umask(~socket_mode);
1149
1150 /* Include the original umask in our mask */
1151 (void) umask(~socket_mode | old_mask);
1152
1153 r = mkfifo(path, socket_mode);
1154 (void) umask(old_mask);
1155
1156 if (r < 0 && errno != EEXIST) {
1157 r = -errno;
1158 goto fail;
1159 }
1160
1161 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1162 if (fd < 0) {
1163 r = -errno;
1164 goto fail;
1165 }
1166
1167 mac_selinux_create_file_clear();
1168
1169 if (fstat(fd, &st) < 0) {
1170 r = -errno;
1171 goto fail;
1172 }
1173
1174 if (!S_ISFIFO(st.st_mode) ||
1175 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1176 st.st_uid != getuid() ||
1177 st.st_gid != getgid()) {
1178 r = -EEXIST;
1179 goto fail;
1180 }
1181
1182 return TAKE_FD(fd);
1183
1184 fail:
1185 mac_selinux_create_file_clear();
1186 return r;
1187 }
1188
1189 static int special_address_create(const char *path, bool writable) {
1190 _cleanup_close_ int fd = -1;
1191 struct stat st;
1192
1193 assert(path);
1194
1195 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1196 if (fd < 0)
1197 return -errno;
1198
1199 if (fstat(fd, &st) < 0)
1200 return -errno;
1201
1202 /* Check whether this is a /proc, /sys or /dev file or char device */
1203 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1204 return -EEXIST;
1205
1206 return TAKE_FD(fd);
1207 }
1208
1209 static int usbffs_address_create(const char *path) {
1210 _cleanup_close_ int fd = -1;
1211 struct stat st;
1212
1213 assert(path);
1214
1215 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1216 if (fd < 0)
1217 return -errno;
1218
1219 if (fstat(fd, &st) < 0)
1220 return -errno;
1221
1222 /* Check whether this is a regular file (ffs endpoint) */
1223 if (!S_ISREG(st.st_mode))
1224 return -EEXIST;
1225
1226 return TAKE_FD(fd);
1227 }
1228
1229 static int mq_address_create(
1230 const char *path,
1231 mode_t mq_mode,
1232 long maxmsg,
1233 long msgsize) {
1234
1235 _cleanup_close_ int fd = -1;
1236 struct stat st;
1237 mode_t old_mask;
1238 struct mq_attr _attr, *attr = NULL;
1239
1240 assert(path);
1241
1242 if (maxmsg > 0 && msgsize > 0) {
1243 _attr = (struct mq_attr) {
1244 .mq_flags = O_NONBLOCK,
1245 .mq_maxmsg = maxmsg,
1246 .mq_msgsize = msgsize,
1247 };
1248 attr = &_attr;
1249 }
1250
1251 /* Enforce the right access mode for the mq */
1252 old_mask = umask(~mq_mode);
1253
1254 /* Include the original umask in our mask */
1255 (void) umask(~mq_mode | old_mask);
1256 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1257 (void) umask(old_mask);
1258
1259 if (fd < 0)
1260 return -errno;
1261
1262 if (fstat(fd, &st) < 0)
1263 return -errno;
1264
1265 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1266 st.st_uid != getuid() ||
1267 st.st_gid != getgid())
1268 return -EEXIST;
1269
1270 return TAKE_FD(fd);
1271 }
1272
1273 static int socket_symlink(Socket *s) {
1274 const char *p;
1275 char **i;
1276 int r;
1277
1278 assert(s);
1279
1280 p = socket_find_symlink_target(s);
1281 if (!p)
1282 return 0;
1283
1284 STRV_FOREACH(i, s->symlinks) {
1285 (void) mkdir_parents_label(*i, s->directory_mode);
1286
1287 r = symlink_idempotent(p, *i, false);
1288
1289 if (r == -EEXIST && s->remove_on_stop) {
1290 /* If there's already something where we want to create the symlink, and the destructive
1291 * RemoveOnStop= mode is set, then we might as well try to remove what already exists and try
1292 * again. */
1293
1294 if (unlink(*i) >= 0)
1295 r = symlink_idempotent(p, *i, false);
1296 }
1297
1298 if (r < 0)
1299 log_unit_warning_errno(UNIT(s), r, "Failed to create symlink %s → %s, ignoring: %m", p, *i);
1300 }
1301
1302 return 0;
1303 }
1304
1305 static int usbffs_write_descs(int fd, Service *s) {
1306 int r;
1307
1308 if (!s->usb_function_descriptors || !s->usb_function_strings)
1309 return -EINVAL;
1310
1311 r = copy_file_fd(s->usb_function_descriptors, fd, 0);
1312 if (r < 0)
1313 return r;
1314
1315 return copy_file_fd(s->usb_function_strings, fd, 0);
1316 }
1317
1318 static int usbffs_select_ep(const struct dirent *d) {
1319 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1320 }
1321
1322 static int usbffs_dispatch_eps(SocketPort *p) {
1323 _cleanup_free_ struct dirent **ent = NULL;
1324 size_t n, k;
1325 int r;
1326
1327 r = scandir(p->path, &ent, usbffs_select_ep, alphasort);
1328 if (r < 0)
1329 return -errno;
1330
1331 n = (size_t) r;
1332 p->auxiliary_fds = new(int, n);
1333 if (!p->auxiliary_fds) {
1334 r = -ENOMEM;
1335 goto clear;
1336 }
1337
1338 p->n_auxiliary_fds = n;
1339
1340 k = 0;
1341 for (size_t i = 0; i < n; ++i) {
1342 _cleanup_free_ char *ep = NULL;
1343
1344 ep = path_make_absolute(ent[i]->d_name, p->path);
1345 if (!ep) {
1346 r = -ENOMEM;
1347 goto fail;
1348 }
1349
1350 path_simplify(ep, false);
1351
1352 r = usbffs_address_create(ep);
1353 if (r < 0)
1354 goto fail;
1355
1356 p->auxiliary_fds[k++] = r;
1357 }
1358
1359 r = 0;
1360 goto clear;
1361
1362 fail:
1363 close_many(p->auxiliary_fds, k);
1364 p->auxiliary_fds = mfree(p->auxiliary_fds);
1365 p->n_auxiliary_fds = 0;
1366
1367 clear:
1368 for (size_t i = 0; i < n; ++i)
1369 free(ent[i]);
1370
1371 return r;
1372 }
1373
1374 int socket_load_service_unit(Socket *s, int cfd, Unit **ret) {
1375 /* Figure out what the unit that will be used to handle the connections on the socket looks like.
1376 *
1377 * If cfd < 0, then we don't have a connection yet. In case of Accept=yes sockets, use a fake
1378 * instance name.
1379 */
1380
1381 if (UNIT_ISSET(s->service)) {
1382 *ret = UNIT_DEREF(s->service);
1383 return 0;
1384 }
1385
1386 if (!s->accept)
1387 return -ENODATA;
1388
1389 /* Build the instance name and load the unit */
1390 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1391 int r;
1392
1393 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1394 if (r < 0)
1395 return r;
1396
1397 if (cfd >= 0) {
1398 r = instance_from_socket(cfd, s->n_accepted, &instance);
1399 if (ERRNO_IS_DISCONNECT(r))
1400 /* ENOTCONN is legitimate if TCP RST was received. Other socket families might return
1401 * different errors. This connection is over, but the socket unit lives on. */
1402 return log_unit_debug_errno(UNIT(s), r,
1403 "Got %s on incoming socket, assuming aborted connection attempt, ignoring.",
1404 errno_to_name(r));
1405 if (r < 0)
1406 return r;
1407 }
1408
1409 /* For accepting sockets, we don't know how the instance will be called until we get a connection and
1410 * can figure out what the peer name is. So let's use "internal" as the instance to make it clear
1411 * that this is not an actual peer name. We use "unknown" when we cannot figure out the peer. */
1412 r = unit_name_build(prefix, instance ?: "internal", ".service", &name);
1413 if (r < 0)
1414 return r;
1415
1416 return manager_load_unit(UNIT(s)->manager, name, NULL, NULL, ret);
1417 }
1418
1419 static int socket_determine_selinux_label(Socket *s, char **ret) {
1420 int r;
1421
1422 assert(s);
1423 assert(ret);
1424
1425 if (s->selinux_context_from_net) {
1426 /* If this is requested, get the label from the network label */
1427
1428 r = mac_selinux_get_our_label(ret);
1429 if (r == -EOPNOTSUPP)
1430 goto no_label;
1431
1432 } else {
1433 /* Otherwise, get it from the executable we are about to start. */
1434
1435 Unit *service;
1436 ExecCommand *c;
1437 _cleanup_free_ char *path = NULL;
1438
1439 r = socket_load_service_unit(s, -1, &service);
1440 if (r == -ENODATA)
1441 goto no_label;
1442 if (r < 0)
1443 return r;
1444
1445 c = SERVICE(service)->exec_command[SERVICE_EXEC_START];
1446 if (!c)
1447 goto no_label;
1448
1449 r = chase_symlinks(c->path, SERVICE(service)->exec_context.root_directory, CHASE_PREFIX_ROOT, &path, NULL);
1450 if (r < 0)
1451 goto no_label;
1452
1453 r = mac_selinux_get_create_label_from_exe(path, ret);
1454 if (IN_SET(r, -EPERM, -EOPNOTSUPP))
1455 goto no_label;
1456 }
1457
1458 return r;
1459
1460 no_label:
1461 *ret = NULL;
1462 return 0;
1463 }
1464
1465 static int socket_address_listen_do(
1466 Socket *s,
1467 const SocketAddress *address,
1468 const char *label) {
1469
1470 assert(s);
1471 assert(address);
1472
1473 return socket_address_listen(
1474 address,
1475 SOCK_CLOEXEC|SOCK_NONBLOCK,
1476 s->backlog,
1477 s->bind_ipv6_only,
1478 s->bind_to_device,
1479 s->reuse_port,
1480 s->free_bind,
1481 s->transparent,
1482 s->directory_mode,
1483 s->socket_mode,
1484 label);
1485 }
1486
1487 #define log_address_error_errno(u, address, error, fmt) \
1488 ({ \
1489 _cleanup_free_ char *_t = NULL; \
1490 \
1491 (void) socket_address_print(address, &_t); \
1492 log_unit_error_errno(u, error, fmt, strna(_t)); \
1493 })
1494
1495 static int fork_needed(const SocketAddress *address, const ExecContext *context) {
1496 int r;
1497
1498 assert(address);
1499 assert(context);
1500
1501 /* Check if we need to do the cgroup or netns stuff. If not we can do things much simpler. */
1502
1503 if (IN_SET(address->sockaddr.sa.sa_family, AF_INET, AF_INET6)) {
1504 r = bpf_firewall_supported();
1505 if (r < 0)
1506 return r;
1507 if (r != BPF_FIREWALL_UNSUPPORTED) /* If BPF firewalling isn't supported anyway — there's no point in this forking complexity */
1508 return true;
1509 }
1510
1511 return context->private_network || context->network_namespace_path;
1512 }
1513
1514 static int socket_address_listen_in_cgroup(
1515 Socket *s,
1516 const SocketAddress *address,
1517 const char *label) {
1518
1519 _cleanup_close_pair_ int pair[2] = { -1, -1 };
1520 int fd, r;
1521 pid_t pid;
1522
1523 assert(s);
1524 assert(address);
1525
1526 /* This is a wrapper around socket_address_listen(), that forks off a helper process inside the
1527 * socket's cgroup and network namespace in which the socket is actually created. This way we ensure
1528 * the socket is actually properly attached to the unit's cgroup for the purpose of BPF filtering and
1529 * such. */
1530
1531 r = fork_needed(address, &s->exec_context);
1532 if (r < 0)
1533 return r;
1534 if (r == 0) {
1535 /* Shortcut things... */
1536 fd = socket_address_listen_do(s, address, label);
1537 if (fd < 0)
1538 return log_address_error_errno(UNIT(s), address, fd, "Failed to create listening socket (%s): %m");
1539
1540 return fd;
1541 }
1542
1543 r = unit_setup_exec_runtime(UNIT(s));
1544 if (r < 0)
1545 return log_unit_error_errno(UNIT(s), r, "Failed acquire runtime: %m");
1546
1547 if (s->exec_context.network_namespace_path &&
1548 s->exec_runtime &&
1549 s->exec_runtime->netns_storage_socket[0] >= 0) {
1550 r = open_shareable_ns_path(s->exec_runtime->netns_storage_socket, s->exec_context.network_namespace_path, CLONE_NEWNET);
1551 if (r < 0)
1552 return log_unit_error_errno(UNIT(s), r, "Failed to open network namespace path %s: %m", s->exec_context.network_namespace_path);
1553 }
1554
1555 if (s->exec_context.ipc_namespace_path &&
1556 s->exec_runtime &&
1557 s->exec_runtime->ipcns_storage_socket[0] >= 0) {
1558 r = open_shareable_ns_path(s->exec_runtime->netns_storage_socket, s->exec_context.network_namespace_path, CLONE_NEWIPC);
1559 if (r < 0)
1560 return log_unit_error_errno(UNIT(s), r, "Failed to open IPC namespace path %s: %m", s->exec_context.ipc_namespace_path);
1561 }
1562
1563 if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)
1564 return log_unit_error_errno(UNIT(s), errno, "Failed to create communication channel: %m");
1565
1566 r = unit_fork_helper_process(UNIT(s), "(sd-listen)", &pid);
1567 if (r < 0)
1568 return log_unit_error_errno(UNIT(s), r, "Failed to fork off listener stub process: %m");
1569 if (r == 0) {
1570 /* Child */
1571
1572 pair[0] = safe_close(pair[0]);
1573
1574 if ((s->exec_context.private_network || s->exec_context.network_namespace_path) &&
1575 s->exec_runtime &&
1576 s->exec_runtime->netns_storage_socket[0] >= 0) {
1577
1578 if (ns_type_supported(NAMESPACE_NET)) {
1579 r = setup_shareable_ns(s->exec_runtime->netns_storage_socket, CLONE_NEWNET);
1580 if (r < 0) {
1581 log_unit_error_errno(UNIT(s), r, "Failed to join network namespace: %m");
1582 _exit(EXIT_NETWORK);
1583 }
1584 } else if (s->exec_context.network_namespace_path) {
1585 log_unit_error(UNIT(s), "Network namespace path configured but network namespaces not supported.");
1586 _exit(EXIT_NETWORK);
1587 } else
1588 log_unit_warning(UNIT(s), "PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.");
1589 }
1590
1591 fd = socket_address_listen_do(s, address, label);
1592 if (fd < 0) {
1593 log_address_error_errno(UNIT(s), address, fd, "Failed to create listening socket (%s): %m");
1594 _exit(EXIT_FAILURE);
1595 }
1596
1597 r = send_one_fd(pair[1], fd, 0);
1598 if (r < 0) {
1599 log_address_error_errno(UNIT(s), address, r, "Failed to send listening socket (%s) to parent: %m");
1600 _exit(EXIT_FAILURE);
1601 }
1602
1603 _exit(EXIT_SUCCESS);
1604 }
1605
1606 pair[1] = safe_close(pair[1]);
1607 fd = receive_one_fd(pair[0], 0);
1608
1609 /* We synchronously wait for the helper, as it shouldn't be slow */
1610 r = wait_for_terminate_and_check("(sd-listen)", pid, WAIT_LOG_ABNORMAL);
1611 if (r < 0) {
1612 safe_close(fd);
1613 return r;
1614 }
1615
1616 if (fd < 0)
1617 return log_address_error_errno(UNIT(s), address, fd, "Failed to receive listening socket (%s): %m");
1618
1619 return fd;
1620 }
1621
1622 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(Socket *, socket_close_fds, NULL);
1623
1624 static int socket_open_fds(Socket *orig_s) {
1625 _cleanup_(socket_close_fdsp) Socket *s = orig_s;
1626 _cleanup_(mac_selinux_freep) char *label = NULL;
1627 bool know_label = false;
1628 SocketPort *p;
1629 int r;
1630
1631 assert(s);
1632
1633 LIST_FOREACH(port, p, s->ports) {
1634
1635 if (p->fd >= 0)
1636 continue;
1637
1638 switch (p->type) {
1639
1640 case SOCKET_SOCKET:
1641
1642 if (!know_label) {
1643 /* Figure out the label, if we don't it know yet. We do it once for the first
1644 * socket where we need this and remember it for the rest. */
1645
1646 r = socket_determine_selinux_label(s, &label);
1647 if (r < 0)
1648 return log_unit_error_errno(UNIT(s), r, "Failed to determine SELinux label: %m");
1649
1650 know_label = true;
1651 }
1652
1653 /* Apply the socket protocol */
1654 switch (p->address.type) {
1655
1656 case SOCK_STREAM:
1657 case SOCK_SEQPACKET:
1658 if (s->socket_protocol == IPPROTO_SCTP)
1659 p->address.protocol = s->socket_protocol;
1660 break;
1661
1662 case SOCK_DGRAM:
1663 if (s->socket_protocol == IPPROTO_UDPLITE)
1664 p->address.protocol = s->socket_protocol;
1665 break;
1666 }
1667
1668 p->fd = socket_address_listen_in_cgroup(s, &p->address, label);
1669 if (p->fd < 0)
1670 return p->fd;
1671
1672 socket_apply_socket_options(s, p, p->fd);
1673 socket_symlink(s);
1674 break;
1675
1676 case SOCKET_SPECIAL:
1677
1678 p->fd = special_address_create(p->path, s->writable);
1679 if (p->fd < 0)
1680 return log_unit_error_errno(UNIT(s), p->fd, "Failed to open special file %s: %m", p->path);
1681 break;
1682
1683 case SOCKET_FIFO:
1684
1685 p->fd = fifo_address_create(
1686 p->path,
1687 s->directory_mode,
1688 s->socket_mode);
1689 if (p->fd < 0)
1690 return log_unit_error_errno(UNIT(s), p->fd, "Failed to open FIFO %s: %m", p->path);
1691
1692 socket_apply_fifo_options(s, p->fd);
1693 socket_symlink(s);
1694 break;
1695
1696 case SOCKET_MQUEUE:
1697
1698 p->fd = mq_address_create(
1699 p->path,
1700 s->socket_mode,
1701 s->mq_maxmsg,
1702 s->mq_msgsize);
1703 if (p->fd < 0)
1704 return log_unit_error_errno(UNIT(s), p->fd, "Failed to open message queue %s: %m", p->path);
1705 break;
1706
1707 case SOCKET_USB_FUNCTION: {
1708 _cleanup_free_ char *ep = NULL;
1709
1710 ep = path_make_absolute("ep0", p->path);
1711 if (!ep)
1712 return -ENOMEM;
1713
1714 p->fd = usbffs_address_create(ep);
1715 if (p->fd < 0)
1716 return p->fd;
1717
1718 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1719 if (r < 0)
1720 return r;
1721
1722 r = usbffs_dispatch_eps(p);
1723 if (r < 0)
1724 return r;
1725
1726 break;
1727 }
1728 default:
1729 assert_not_reached("Unknown port type");
1730 }
1731 }
1732
1733 s = NULL;
1734 return 0;
1735 }
1736
1737 static void socket_unwatch_fds(Socket *s) {
1738 SocketPort *p;
1739 int r;
1740
1741 assert(s);
1742
1743 LIST_FOREACH(port, p, s->ports) {
1744 if (p->fd < 0)
1745 continue;
1746
1747 if (!p->event_source)
1748 continue;
1749
1750 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1751 if (r < 0)
1752 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1753 }
1754 }
1755
1756 static int socket_watch_fds(Socket *s) {
1757 SocketPort *p;
1758 int r;
1759
1760 assert(s);
1761
1762 LIST_FOREACH(port, p, s->ports) {
1763 if (p->fd < 0)
1764 continue;
1765
1766 if (p->event_source) {
1767 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1768 if (r < 0)
1769 goto fail;
1770 } else {
1771 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1772 if (r < 0)
1773 goto fail;
1774
1775 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1776 }
1777 }
1778
1779 return 0;
1780
1781 fail:
1782 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1783 socket_unwatch_fds(s);
1784 return r;
1785 }
1786
1787 enum {
1788 SOCKET_OPEN_NONE,
1789 SOCKET_OPEN_SOME,
1790 SOCKET_OPEN_ALL,
1791 };
1792
1793 static int socket_check_open(Socket *s) {
1794 bool have_open = false, have_closed = false;
1795 SocketPort *p;
1796
1797 assert(s);
1798
1799 LIST_FOREACH(port, p, s->ports) {
1800 if (p->fd < 0)
1801 have_closed = true;
1802 else
1803 have_open = true;
1804
1805 if (have_open && have_closed)
1806 return SOCKET_OPEN_SOME;
1807 }
1808
1809 if (have_open)
1810 return SOCKET_OPEN_ALL;
1811
1812 return SOCKET_OPEN_NONE;
1813 }
1814
1815 static void socket_set_state(Socket *s, SocketState state) {
1816 SocketState old_state;
1817 assert(s);
1818
1819 if (s->state != state)
1820 bus_unit_send_pending_change_signal(UNIT(s), false);
1821
1822 old_state = s->state;
1823 s->state = state;
1824
1825 if (!IN_SET(state,
1826 SOCKET_START_PRE,
1827 SOCKET_START_CHOWN,
1828 SOCKET_START_POST,
1829 SOCKET_STOP_PRE,
1830 SOCKET_STOP_PRE_SIGTERM,
1831 SOCKET_STOP_PRE_SIGKILL,
1832 SOCKET_STOP_POST,
1833 SOCKET_FINAL_SIGTERM,
1834 SOCKET_FINAL_SIGKILL,
1835 SOCKET_CLEANING)) {
1836
1837 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1838 socket_unwatch_control_pid(s);
1839 s->control_command = NULL;
1840 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1841 }
1842
1843 if (state != SOCKET_LISTENING)
1844 socket_unwatch_fds(s);
1845
1846 if (!IN_SET(state,
1847 SOCKET_START_CHOWN,
1848 SOCKET_START_POST,
1849 SOCKET_LISTENING,
1850 SOCKET_RUNNING,
1851 SOCKET_STOP_PRE,
1852 SOCKET_STOP_PRE_SIGTERM,
1853 SOCKET_STOP_PRE_SIGKILL,
1854 SOCKET_CLEANING))
1855 socket_close_fds(s);
1856
1857 if (state != old_state)
1858 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1859
1860 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], 0);
1861 }
1862
1863 static int socket_coldplug(Unit *u) {
1864 Socket *s = SOCKET(u);
1865 int r;
1866
1867 assert(s);
1868 assert(s->state == SOCKET_DEAD);
1869
1870 if (s->deserialized_state == s->state)
1871 return 0;
1872
1873 if (s->control_pid > 0 &&
1874 pid_is_unwaited(s->control_pid) &&
1875 IN_SET(s->deserialized_state,
1876 SOCKET_START_PRE,
1877 SOCKET_START_CHOWN,
1878 SOCKET_START_POST,
1879 SOCKET_STOP_PRE,
1880 SOCKET_STOP_PRE_SIGTERM,
1881 SOCKET_STOP_PRE_SIGKILL,
1882 SOCKET_STOP_POST,
1883 SOCKET_FINAL_SIGTERM,
1884 SOCKET_FINAL_SIGKILL,
1885 SOCKET_CLEANING)) {
1886
1887 r = unit_watch_pid(UNIT(s), s->control_pid, false);
1888 if (r < 0)
1889 return r;
1890
1891 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
1892 if (r < 0)
1893 return r;
1894 }
1895
1896 if (IN_SET(s->deserialized_state,
1897 SOCKET_START_CHOWN,
1898 SOCKET_START_POST,
1899 SOCKET_LISTENING,
1900 SOCKET_RUNNING)) {
1901
1902 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1903 * for. However, this is problematic, as we won't traverse through the SOCKET_START_CHOWN state for
1904 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1905 * and if there's a mismatch, warn loudly. */
1906
1907 r = socket_check_open(s);
1908 if (r == SOCKET_OPEN_NONE)
1909 log_unit_warning(UNIT(s),
1910 "Socket unit configuration has changed while unit has been running, "
1911 "no open socket file descriptor left. "
1912 "The socket unit is not functional until restarted.");
1913 else if (r == SOCKET_OPEN_SOME)
1914 log_unit_warning(UNIT(s),
1915 "Socket unit configuration has changed while unit has been running, "
1916 "and some socket file descriptors have not been opened yet. "
1917 "The socket unit is not fully functional until restarted.");
1918 }
1919
1920 if (s->deserialized_state == SOCKET_LISTENING) {
1921 r = socket_watch_fds(s);
1922 if (r < 0)
1923 return r;
1924 }
1925
1926 if (!IN_SET(s->deserialized_state, SOCKET_DEAD, SOCKET_FAILED, SOCKET_CLEANING)) {
1927 (void) unit_setup_dynamic_creds(u);
1928 (void) unit_setup_exec_runtime(u);
1929 }
1930
1931 socket_set_state(s, s->deserialized_state);
1932 return 0;
1933 }
1934
1935 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1936
1937 _cleanup_(exec_params_clear) ExecParameters exec_params = {
1938 .flags = EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
1939 .stdin_fd = -1,
1940 .stdout_fd = -1,
1941 .stderr_fd = -1,
1942 .exec_fd = -1,
1943 };
1944 pid_t pid;
1945 int r;
1946
1947 assert(s);
1948 assert(c);
1949 assert(_pid);
1950
1951 r = unit_prepare_exec(UNIT(s));
1952 if (r < 0)
1953 return r;
1954
1955 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1956 if (r < 0)
1957 return r;
1958
1959 r = unit_set_exec_params(UNIT(s), &exec_params);
1960 if (r < 0)
1961 return r;
1962
1963 r = exec_spawn(UNIT(s),
1964 c,
1965 &s->exec_context,
1966 &exec_params,
1967 s->exec_runtime,
1968 &s->dynamic_creds,
1969 &pid);
1970 if (r < 0)
1971 return r;
1972
1973 r = unit_watch_pid(UNIT(s), pid, true);
1974 if (r < 0)
1975 return r;
1976
1977 *_pid = pid;
1978
1979 return 0;
1980 }
1981
1982 static int socket_chown(Socket *s, pid_t *_pid) {
1983 pid_t pid;
1984 int r;
1985
1986 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1987 if (r < 0)
1988 goto fail;
1989
1990 /* We have to resolve the user names out-of-process, hence
1991 * let's fork here. It's messy, but well, what can we do? */
1992
1993 r = unit_fork_helper_process(UNIT(s), "(sd-chown)", &pid);
1994 if (r < 0)
1995 return r;
1996 if (r == 0) {
1997 uid_t uid = UID_INVALID;
1998 gid_t gid = GID_INVALID;
1999 SocketPort *p;
2000
2001 /* Child */
2002
2003 if (!isempty(s->user)) {
2004 const char *user = s->user;
2005
2006 r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0);
2007 if (r < 0) {
2008 log_unit_error_errno(UNIT(s), r, "Failed to resolve user %s: %m", user);
2009 _exit(EXIT_USER);
2010 }
2011 }
2012
2013 if (!isempty(s->group)) {
2014 const char *group = s->group;
2015
2016 r = get_group_creds(&group, &gid, 0);
2017 if (r < 0) {
2018 log_unit_error_errno(UNIT(s), r, "Failed to resolve group %s: %m", group);
2019 _exit(EXIT_GROUP);
2020 }
2021 }
2022
2023 LIST_FOREACH(port, p, s->ports) {
2024 const char *path = NULL;
2025
2026 if (p->type == SOCKET_SOCKET)
2027 path = socket_address_get_path(&p->address);
2028 else if (p->type == SOCKET_FIFO)
2029 path = p->path;
2030
2031 if (!path)
2032 continue;
2033
2034 if (chown(path, uid, gid) < 0) {
2035 log_unit_error_errno(UNIT(s), errno, "Failed to chown(): %m");
2036 _exit(EXIT_CHOWN);
2037 }
2038 }
2039
2040 _exit(EXIT_SUCCESS);
2041 }
2042
2043 r = unit_watch_pid(UNIT(s), pid, true);
2044 if (r < 0)
2045 goto fail;
2046
2047 *_pid = pid;
2048 return 0;
2049
2050 fail:
2051 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
2052 return r;
2053 }
2054
2055 static void socket_enter_dead(Socket *s, SocketResult f) {
2056 assert(s);
2057
2058 if (s->result == SOCKET_SUCCESS)
2059 s->result = f;
2060
2061 if (s->result == SOCKET_SUCCESS)
2062 unit_log_success(UNIT(s));
2063 else
2064 unit_log_failure(UNIT(s), socket_result_to_string(s->result));
2065
2066 unit_warn_leftover_processes(UNIT(s), unit_log_leftover_process_stop);
2067
2068 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
2069
2070 s->exec_runtime = exec_runtime_unref(s->exec_runtime, true);
2071
2072 unit_destroy_runtime_data(UNIT(s), &s->exec_context);
2073
2074 unit_unref_uid_gid(UNIT(s), true);
2075
2076 dynamic_creds_destroy(&s->dynamic_creds);
2077 }
2078
2079 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
2080
2081 static void socket_enter_stop_post(Socket *s, SocketResult f) {
2082 int r;
2083 assert(s);
2084
2085 if (s->result == SOCKET_SUCCESS)
2086 s->result = f;
2087
2088 socket_unwatch_control_pid(s);
2089 s->control_command_id = SOCKET_EXEC_STOP_POST;
2090 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
2091
2092 if (s->control_command) {
2093 r = socket_spawn(s, s->control_command, &s->control_pid);
2094 if (r < 0)
2095 goto fail;
2096
2097 socket_set_state(s, SOCKET_STOP_POST);
2098 } else
2099 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
2100
2101 return;
2102
2103 fail:
2104 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
2105 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2106 }
2107
2108 static int state_to_kill_operation(Socket *s, SocketState state) {
2109 if (state == SOCKET_STOP_PRE_SIGTERM && unit_has_job_type(UNIT(s), JOB_RESTART))
2110 return KILL_RESTART;
2111
2112 if (state == SOCKET_FINAL_SIGTERM)
2113 return KILL_TERMINATE;
2114
2115 return KILL_KILL;
2116 }
2117
2118 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
2119 int r;
2120
2121 assert(s);
2122
2123 if (s->result == SOCKET_SUCCESS)
2124 s->result = f;
2125
2126 r = unit_kill_context(
2127 UNIT(s),
2128 &s->kill_context,
2129 state_to_kill_operation(s, state),
2130 -1,
2131 s->control_pid,
2132 false);
2133 if (r < 0)
2134 goto fail;
2135
2136 if (r > 0) {
2137 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
2138 if (r < 0)
2139 goto fail;
2140
2141 socket_set_state(s, state);
2142 } else if (state == SOCKET_STOP_PRE_SIGTERM)
2143 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
2144 else if (state == SOCKET_STOP_PRE_SIGKILL)
2145 socket_enter_stop_post(s, SOCKET_SUCCESS);
2146 else if (state == SOCKET_FINAL_SIGTERM)
2147 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
2148 else
2149 socket_enter_dead(s, SOCKET_SUCCESS);
2150
2151 return;
2152
2153 fail:
2154 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
2155
2156 if (IN_SET(state, SOCKET_STOP_PRE_SIGTERM, SOCKET_STOP_PRE_SIGKILL))
2157 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
2158 else
2159 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2160 }
2161
2162 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
2163 int r;
2164 assert(s);
2165
2166 if (s->result == SOCKET_SUCCESS)
2167 s->result = f;
2168
2169 socket_unwatch_control_pid(s);
2170 s->control_command_id = SOCKET_EXEC_STOP_PRE;
2171 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
2172
2173 if (s->control_command) {
2174 r = socket_spawn(s, s->control_command, &s->control_pid);
2175 if (r < 0)
2176 goto fail;
2177
2178 socket_set_state(s, SOCKET_STOP_PRE);
2179 } else
2180 socket_enter_stop_post(s, SOCKET_SUCCESS);
2181
2182 return;
2183
2184 fail:
2185 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
2186 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
2187 }
2188
2189 static void socket_enter_listening(Socket *s) {
2190 int r;
2191 assert(s);
2192
2193 if (!s->accept && s->flush_pending) {
2194 log_unit_debug(UNIT(s), "Flushing socket before listening.");
2195 flush_ports(s);
2196 }
2197
2198 r = socket_watch_fds(s);
2199 if (r < 0) {
2200 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
2201 goto fail;
2202 }
2203
2204 socket_set_state(s, SOCKET_LISTENING);
2205 return;
2206
2207 fail:
2208 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2209 }
2210
2211 static void socket_enter_start_post(Socket *s) {
2212 int r;
2213 assert(s);
2214
2215 socket_unwatch_control_pid(s);
2216 s->control_command_id = SOCKET_EXEC_START_POST;
2217 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
2218
2219 if (s->control_command) {
2220 r = socket_spawn(s, s->control_command, &s->control_pid);
2221 if (r < 0) {
2222 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
2223 goto fail;
2224 }
2225
2226 socket_set_state(s, SOCKET_START_POST);
2227 } else
2228 socket_enter_listening(s);
2229
2230 return;
2231
2232 fail:
2233 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2234 }
2235
2236 static void socket_enter_start_chown(Socket *s) {
2237 int r;
2238
2239 assert(s);
2240
2241 r = socket_open_fds(s);
2242 if (r < 0) {
2243 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
2244 goto fail;
2245 }
2246
2247 if (!isempty(s->user) || !isempty(s->group)) {
2248
2249 socket_unwatch_control_pid(s);
2250 s->control_command_id = SOCKET_EXEC_START_CHOWN;
2251 s->control_command = NULL;
2252
2253 r = socket_chown(s, &s->control_pid);
2254 if (r < 0) {
2255 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
2256 goto fail;
2257 }
2258
2259 socket_set_state(s, SOCKET_START_CHOWN);
2260 } else
2261 socket_enter_start_post(s);
2262
2263 return;
2264
2265 fail:
2266 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2267 }
2268
2269 static void socket_enter_start_pre(Socket *s) {
2270 int r;
2271 assert(s);
2272
2273 socket_unwatch_control_pid(s);
2274
2275 unit_warn_leftover_processes(UNIT(s), unit_log_leftover_process_start);
2276
2277 s->control_command_id = SOCKET_EXEC_START_PRE;
2278 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
2279
2280 if (s->control_command) {
2281 r = socket_spawn(s, s->control_command, &s->control_pid);
2282 if (r < 0) {
2283 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
2284 goto fail;
2285 }
2286
2287 socket_set_state(s, SOCKET_START_PRE);
2288 } else
2289 socket_enter_start_chown(s);
2290
2291 return;
2292
2293 fail:
2294 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2295 }
2296
2297 static void flush_ports(Socket *s) {
2298 SocketPort *p;
2299
2300 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
2301 * anymore */
2302
2303 LIST_FOREACH(port, p, s->ports) {
2304 if (p->fd < 0)
2305 continue;
2306
2307 (void) flush_accept(p->fd);
2308 (void) flush_fd(p->fd);
2309 }
2310 }
2311
2312 static void socket_enter_running(Socket *s, int cfd_in) {
2313 /* Note that this call takes possession of the connection fd passed. It either has to assign it
2314 * somewhere or close it. */
2315 _cleanup_close_ int cfd = cfd_in;
2316
2317 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2318 int r;
2319
2320 assert(s);
2321
2322 /* We don't take connections anymore if we are supposed to shut down anyway */
2323 if (unit_stop_pending(UNIT(s))) {
2324
2325 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
2326
2327 if (cfd >= 0)
2328 goto refuse;
2329
2330 flush_ports(s);
2331 return;
2332 }
2333
2334 if (!ratelimit_below(&s->trigger_limit)) {
2335 log_unit_warning(UNIT(s), "Trigger limit hit, refusing further activation.");
2336 socket_enter_stop_pre(s, SOCKET_FAILURE_TRIGGER_LIMIT_HIT);
2337 goto refuse;
2338 }
2339
2340 if (cfd < 0) {
2341 bool pending = false;
2342 Unit *other;
2343 void *v;
2344
2345 /* If there's already a start pending don't bother to
2346 * do anything */
2347 HASHMAP_FOREACH_KEY(v, other, UNIT(s)->dependencies[UNIT_TRIGGERS])
2348 if (unit_active_or_pending(other)) {
2349 pending = true;
2350 break;
2351 }
2352
2353 if (!pending) {
2354 if (!UNIT_ISSET(s->service)) {
2355 r = log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOENT),
2356 "Service to activate vanished, refusing activation.");
2357 goto fail;
2358 }
2359
2360 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, NULL, &error, NULL);
2361 if (r < 0)
2362 goto fail;
2363 }
2364
2365 socket_set_state(s, SOCKET_RUNNING);
2366 } else {
2367 _cleanup_(socket_peer_unrefp) SocketPeer *p = NULL;
2368 Unit *service;
2369
2370 if (s->n_connections >= s->max_connections) {
2371 log_unit_warning(UNIT(s), "Too many incoming connections (%u), dropping connection.",
2372 s->n_connections);
2373 goto refuse;
2374 }
2375
2376 if (s->max_connections_per_source > 0) {
2377 r = socket_acquire_peer(s, cfd, &p);
2378 if (ERRNO_IS_DISCONNECT(r))
2379 return;
2380 if (r < 0) /* We didn't have enough resources to acquire peer information, let's fail. */
2381 goto fail;
2382 if (r > 0 && p->n_ref > s->max_connections_per_source) {
2383 _cleanup_free_ char *t = NULL;
2384
2385 (void) sockaddr_pretty(&p->peer.sa, p->peer_salen, true, false, &t);
2386
2387 log_unit_warning(UNIT(s),
2388 "Too many incoming connections (%u) from source %s, dropping connection.",
2389 p->n_ref, strnull(t));
2390 goto refuse;
2391 }
2392 }
2393
2394 r = socket_load_service_unit(s, cfd, &service);
2395 if (ERRNO_IS_DISCONNECT(r))
2396 return;
2397 if (r < 0)
2398 goto fail;
2399
2400 r = unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, service,
2401 false, UNIT_DEPENDENCY_IMPLICIT);
2402 if (r < 0)
2403 goto fail;
2404
2405 s->n_accepted++;
2406
2407 r = service_set_socket_fd(SERVICE(service), cfd, s, s->selinux_context_from_net);
2408 if (ERRNO_IS_DISCONNECT(r))
2409 return;
2410 if (r < 0)
2411 goto fail;
2412
2413 TAKE_FD(cfd); /* We passed ownership of the fd to the service now. Forget it here. */
2414 s->n_connections++;
2415
2416 SERVICE(service)->peer = TAKE_PTR(p); /* Pass ownership of the peer reference */
2417
2418 r = manager_add_job(UNIT(s)->manager, JOB_START, service, JOB_REPLACE, NULL, &error, NULL);
2419 if (r < 0) {
2420 /* We failed to activate the new service, but it still exists. Let's make sure the
2421 * service closes and forgets the connection fd again, immediately. */
2422 service_close_socket_fd(SERVICE(service));
2423 goto fail;
2424 }
2425
2426 /* Notify clients about changed counters */
2427 unit_add_to_dbus_queue(UNIT(s));
2428 }
2429
2430 TAKE_FD(cfd);
2431 return;
2432
2433 refuse:
2434 s->n_refused++;
2435 return;
2436
2437 fail:
2438 if (ERRNO_IS_RESOURCE(r))
2439 log_unit_warning(UNIT(s), "Failed to queue service startup job: %s",
2440 bus_error_message(&error, r));
2441 else
2442 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2443 cfd >= 0 ? "template" : "non-template",
2444 bus_error_message(&error, r));
2445
2446 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2447 }
2448
2449 static void socket_run_next(Socket *s) {
2450 int r;
2451
2452 assert(s);
2453 assert(s->control_command);
2454 assert(s->control_command->command_next);
2455
2456 socket_unwatch_control_pid(s);
2457
2458 s->control_command = s->control_command->command_next;
2459
2460 r = socket_spawn(s, s->control_command, &s->control_pid);
2461 if (r < 0)
2462 goto fail;
2463
2464 return;
2465
2466 fail:
2467 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2468
2469 if (s->state == SOCKET_START_POST)
2470 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2471 else if (s->state == SOCKET_STOP_POST)
2472 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2473 else
2474 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2475 }
2476
2477 static int socket_start(Unit *u) {
2478 Socket *s = SOCKET(u);
2479 int r;
2480
2481 assert(s);
2482
2483 /* We cannot fulfill this request right now, try again later
2484 * please! */
2485 if (IN_SET(s->state,
2486 SOCKET_STOP_PRE,
2487 SOCKET_STOP_PRE_SIGKILL,
2488 SOCKET_STOP_PRE_SIGTERM,
2489 SOCKET_STOP_POST,
2490 SOCKET_FINAL_SIGTERM,
2491 SOCKET_FINAL_SIGKILL,
2492 SOCKET_CLEANING))
2493 return -EAGAIN;
2494
2495 /* Already on it! */
2496 if (IN_SET(s->state,
2497 SOCKET_START_PRE,
2498 SOCKET_START_CHOWN,
2499 SOCKET_START_POST))
2500 return 0;
2501
2502 /* Cannot run this without the service being around */
2503 if (UNIT_ISSET(s->service)) {
2504 Service *service;
2505
2506 service = SERVICE(UNIT_DEREF(s->service));
2507
2508 if (UNIT(service)->load_state != UNIT_LOADED)
2509 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT), "Socket service %s not loaded, refusing.", UNIT(service)->id);
2510
2511 /* If the service is already active we cannot start the
2512 * socket */
2513 if (!IN_SET(service->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_AUTO_RESTART))
2514 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EBUSY), "Socket service %s already active, refusing.", UNIT(service)->id);
2515 }
2516
2517 assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED));
2518
2519 r = unit_test_start_limit(u);
2520 if (r < 0) {
2521 socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
2522 return r;
2523 }
2524
2525 r = unit_acquire_invocation_id(u);
2526 if (r < 0)
2527 return r;
2528
2529 s->result = SOCKET_SUCCESS;
2530 exec_command_reset_status_list_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
2531
2532 u->reset_accounting = true;
2533
2534 socket_enter_start_pre(s);
2535 return 1;
2536 }
2537
2538 static int socket_stop(Unit *u) {
2539 Socket *s = SOCKET(u);
2540
2541 assert(s);
2542
2543 /* Already on it */
2544 if (IN_SET(s->state,
2545 SOCKET_STOP_PRE,
2546 SOCKET_STOP_PRE_SIGTERM,
2547 SOCKET_STOP_PRE_SIGKILL,
2548 SOCKET_STOP_POST,
2549 SOCKET_FINAL_SIGTERM,
2550 SOCKET_FINAL_SIGKILL))
2551 return 0;
2552
2553 /* If there's already something running we go directly into
2554 * kill mode. */
2555 if (IN_SET(s->state,
2556 SOCKET_START_PRE,
2557 SOCKET_START_CHOWN,
2558 SOCKET_START_POST)) {
2559 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2560 return -EAGAIN;
2561 }
2562
2563 /* If we are currently cleaning, then abort it, brutally. */
2564 if (s->state == SOCKET_CLEANING) {
2565 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
2566 return 0;
2567 }
2568
2569 assert(IN_SET(s->state, SOCKET_LISTENING, SOCKET_RUNNING));
2570
2571 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2572 return 1;
2573 }
2574
2575 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2576 Socket *s = SOCKET(u);
2577 SocketPort *p;
2578 int r;
2579
2580 assert(u);
2581 assert(f);
2582 assert(fds);
2583
2584 (void) serialize_item(f, "state", socket_state_to_string(s->state));
2585 (void) serialize_item(f, "result", socket_result_to_string(s->result));
2586 (void) serialize_item_format(f, "n-accepted", "%u", s->n_accepted);
2587 (void) serialize_item_format(f, "n-refused", "%u", s->n_refused);
2588
2589 if (s->control_pid > 0)
2590 (void) serialize_item_format(f, "control-pid", PID_FMT, s->control_pid);
2591
2592 if (s->control_command_id >= 0)
2593 (void) serialize_item(f, "control-command", socket_exec_command_to_string(s->control_command_id));
2594
2595 LIST_FOREACH(port, p, s->ports) {
2596 int copy;
2597
2598 if (p->fd < 0)
2599 continue;
2600
2601 copy = fdset_put_dup(fds, p->fd);
2602 if (copy < 0)
2603 return log_unit_warning_errno(u, copy, "Failed to serialize socket fd: %m");
2604
2605 if (p->type == SOCKET_SOCKET) {
2606 _cleanup_free_ char *t = NULL;
2607
2608 r = socket_address_print(&p->address, &t);
2609 if (r < 0)
2610 return log_unit_error_errno(u, r, "Failed to format socket address: %m");
2611
2612 if (socket_address_family(&p->address) == AF_NETLINK)
2613 (void) serialize_item_format(f, "netlink", "%i %s", copy, t);
2614 else
2615 (void) serialize_item_format(f, "socket", "%i %i %s", copy, p->address.type, t);
2616 } else if (p->type == SOCKET_SPECIAL)
2617 (void) serialize_item_format(f, "special", "%i %s", copy, p->path);
2618 else if (p->type == SOCKET_MQUEUE)
2619 (void) serialize_item_format(f, "mqueue", "%i %s", copy, p->path);
2620 else if (p->type == SOCKET_USB_FUNCTION)
2621 (void) serialize_item_format(f, "ffs", "%i %s", copy, p->path);
2622 else {
2623 assert(p->type == SOCKET_FIFO);
2624 (void) serialize_item_format(f, "fifo", "%i %s", copy, p->path);
2625 }
2626 }
2627
2628 return 0;
2629 }
2630
2631 static void socket_port_take_fd(SocketPort *p, FDSet *fds, int fd) {
2632 assert(p);
2633
2634 safe_close(p->fd);
2635 p->fd = fdset_remove(fds, fd);
2636 }
2637
2638 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2639 Socket *s = SOCKET(u);
2640
2641 assert(u);
2642 assert(key);
2643 assert(value);
2644
2645 if (streq(key, "state")) {
2646 SocketState state;
2647
2648 state = socket_state_from_string(value);
2649 if (state < 0)
2650 log_unit_debug(u, "Failed to parse state value: %s", value);
2651 else
2652 s->deserialized_state = state;
2653 } else if (streq(key, "result")) {
2654 SocketResult f;
2655
2656 f = socket_result_from_string(value);
2657 if (f < 0)
2658 log_unit_debug(u, "Failed to parse result value: %s", value);
2659 else if (f != SOCKET_SUCCESS)
2660 s->result = f;
2661
2662 } else if (streq(key, "n-accepted")) {
2663 unsigned k;
2664
2665 if (safe_atou(value, &k) < 0)
2666 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2667 else
2668 s->n_accepted += k;
2669 } else if (streq(key, "n-refused")) {
2670 unsigned k;
2671
2672 if (safe_atou(value, &k) < 0)
2673 log_unit_debug(u, "Failed to parse n-refused value: %s", value);
2674 else
2675 s->n_refused += k;
2676 } else if (streq(key, "control-pid")) {
2677 pid_t pid;
2678
2679 if (parse_pid(value, &pid) < 0)
2680 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2681 else
2682 s->control_pid = pid;
2683 } else if (streq(key, "control-command")) {
2684 SocketExecCommand id;
2685
2686 id = socket_exec_command_from_string(value);
2687 if (id < 0)
2688 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2689 else {
2690 s->control_command_id = id;
2691 s->control_command = s->exec_command[id];
2692 }
2693 } else if (streq(key, "fifo")) {
2694 int fd, skip = 0;
2695 SocketPort *p;
2696
2697 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2698 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2699 else
2700 LIST_FOREACH(port, p, s->ports)
2701 if (p->type == SOCKET_FIFO &&
2702 path_equal_or_files_same(p->path, value+skip, 0)) {
2703 socket_port_take_fd(p, fds, fd);
2704 break;
2705 }
2706
2707 } else if (streq(key, "special")) {
2708 int fd, skip = 0;
2709 SocketPort *p;
2710
2711 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2712 log_unit_debug(u, "Failed to parse special value: %s", value);
2713 else
2714 LIST_FOREACH(port, p, s->ports)
2715 if (p->type == SOCKET_SPECIAL &&
2716 path_equal_or_files_same(p->path, value+skip, 0)) {
2717 socket_port_take_fd(p, fds, fd);
2718 break;
2719 }
2720
2721 } else if (streq(key, "mqueue")) {
2722 int fd, skip = 0;
2723 SocketPort *p;
2724
2725 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2726 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2727 else
2728 LIST_FOREACH(port, p, s->ports)
2729 if (p->type == SOCKET_MQUEUE &&
2730 streq(p->path, value+skip)) {
2731 socket_port_take_fd(p, fds, fd);
2732 break;
2733 }
2734
2735 } else if (streq(key, "socket")) {
2736 int fd, type, skip = 0;
2737 SocketPort *p;
2738
2739 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2740 log_unit_debug(u, "Failed to parse socket value: %s", value);
2741 else
2742 LIST_FOREACH(port, p, s->ports)
2743 if (socket_address_is(&p->address, value+skip, type)) {
2744 socket_port_take_fd(p, fds, fd);
2745 break;
2746 }
2747
2748 } else if (streq(key, "netlink")) {
2749 int fd, skip = 0;
2750 SocketPort *p;
2751
2752 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2753 log_unit_debug(u, "Failed to parse socket value: %s", value);
2754 else
2755 LIST_FOREACH(port, p, s->ports)
2756 if (socket_address_is_netlink(&p->address, value+skip)) {
2757 socket_port_take_fd(p, fds, fd);
2758 break;
2759 }
2760
2761 } else if (streq(key, "ffs")) {
2762 int fd, skip = 0;
2763 SocketPort *p;
2764
2765 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2766 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2767 else
2768 LIST_FOREACH(port, p, s->ports)
2769 if (p->type == SOCKET_USB_FUNCTION &&
2770 path_equal_or_files_same(p->path, value+skip, 0)) {
2771 socket_port_take_fd(p, fds, fd);
2772 break;
2773 }
2774
2775 } else
2776 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2777
2778 return 0;
2779 }
2780
2781 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2782 Socket *s = SOCKET(u);
2783 SocketPort *p;
2784
2785 assert(u);
2786
2787 LIST_FOREACH(port, p, s->ports) {
2788 int fd;
2789
2790 if (p->type != SOCKET_SOCKET)
2791 continue;
2792
2793 if (p->fd >= 0)
2794 continue;
2795
2796 FDSET_FOREACH(fd, fds) {
2797 if (socket_address_matches_fd(&p->address, fd)) {
2798 p->fd = fdset_remove(fds, fd);
2799 s->deserialized_state = SOCKET_LISTENING;
2800 break;
2801 }
2802 }
2803 }
2804 }
2805
2806 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2807 assert(u);
2808
2809 return state_translation_table[SOCKET(u)->state];
2810 }
2811
2812 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2813 assert(u);
2814
2815 return socket_state_to_string(SOCKET(u)->state);
2816 }
2817
2818 const char* socket_port_type_to_string(SocketPort *p) {
2819
2820 assert(p);
2821
2822 switch (p->type) {
2823
2824 case SOCKET_SOCKET:
2825
2826 switch (p->address.type) {
2827
2828 case SOCK_STREAM:
2829 return "Stream";
2830
2831 case SOCK_DGRAM:
2832 return "Datagram";
2833
2834 case SOCK_SEQPACKET:
2835 return "SequentialPacket";
2836
2837 case SOCK_RAW:
2838 if (socket_address_family(&p->address) == AF_NETLINK)
2839 return "Netlink";
2840
2841 _fallthrough_;
2842 default:
2843 return NULL;
2844 }
2845
2846 case SOCKET_SPECIAL:
2847 return "Special";
2848
2849 case SOCKET_MQUEUE:
2850 return "MessageQueue";
2851
2852 case SOCKET_FIFO:
2853 return "FIFO";
2854
2855 case SOCKET_USB_FUNCTION:
2856 return "USBFunction";
2857
2858 default:
2859 return NULL;
2860 }
2861 }
2862
2863 SocketType socket_port_type_from_string(const char *s) {
2864 assert(s);
2865
2866 if (STR_IN_SET(s, "Stream", "Datagram", "SequentialPacket", "Netlink"))
2867 return SOCKET_SOCKET;
2868 else if (streq(s, "Special"))
2869 return SOCKET_SPECIAL;
2870 else if (streq(s, "MessageQueue"))
2871 return SOCKET_MQUEUE;
2872 else if (streq(s, "FIFO"))
2873 return SOCKET_FIFO;
2874 else if (streq(s, "USBFunction"))
2875 return SOCKET_USB_FUNCTION;
2876 else
2877 return _SOCKET_TYPE_INVALID;
2878 }
2879
2880 _pure_ static bool socket_may_gc(Unit *u) {
2881 Socket *s = SOCKET(u);
2882
2883 assert(u);
2884
2885 return s->n_connections == 0;
2886 }
2887
2888 static int socket_accept_do(Socket *s, int fd) {
2889 int cfd;
2890
2891 assert(s);
2892 assert(fd >= 0);
2893
2894 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
2895 if (cfd < 0)
2896 /* Convert transient network errors into clean and well-defined EAGAIN */
2897 return ERRNO_IS_ACCEPT_AGAIN(errno) ? -EAGAIN : -errno;
2898
2899 return cfd;
2900 }
2901
2902 static int socket_accept_in_cgroup(Socket *s, SocketPort *p, int fd) {
2903 _cleanup_close_pair_ int pair[2] = { -1, -1 };
2904 int cfd, r;
2905 pid_t pid;
2906
2907 assert(s);
2908 assert(p);
2909 assert(fd >= 0);
2910
2911 /* Similar to socket_address_listen_in_cgroup(), but for accept() rather than socket(): make sure that any
2912 * connection socket is also properly associated with the cgroup. */
2913
2914 if (!IN_SET(p->address.sockaddr.sa.sa_family, AF_INET, AF_INET6))
2915 goto shortcut;
2916
2917 r = bpf_firewall_supported();
2918 if (r < 0)
2919 return r;
2920 if (r == BPF_FIREWALL_UNSUPPORTED)
2921 goto shortcut;
2922
2923 if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)
2924 return log_unit_error_errno(UNIT(s), errno, "Failed to create communication channel: %m");
2925
2926 r = unit_fork_helper_process(UNIT(s), "(sd-accept)", &pid);
2927 if (r < 0)
2928 return log_unit_error_errno(UNIT(s), r, "Failed to fork off accept stub process: %m");
2929 if (r == 0) {
2930 /* Child */
2931
2932 pair[0] = safe_close(pair[0]);
2933
2934 cfd = socket_accept_do(s, fd);
2935 if (cfd == -EAGAIN) /* spurious accept() */
2936 _exit(EXIT_SUCCESS);
2937 if (cfd < 0) {
2938 log_unit_error_errno(UNIT(s), cfd, "Failed to accept connection socket: %m");
2939 _exit(EXIT_FAILURE);
2940 }
2941
2942 r = send_one_fd(pair[1], cfd, 0);
2943 if (r < 0) {
2944 log_unit_error_errno(UNIT(s), r, "Failed to send connection socket to parent: %m");
2945 _exit(EXIT_FAILURE);
2946 }
2947
2948 _exit(EXIT_SUCCESS);
2949 }
2950
2951 pair[1] = safe_close(pair[1]);
2952 cfd = receive_one_fd(pair[0], 0);
2953
2954 /* We synchronously wait for the helper, as it shouldn't be slow */
2955 r = wait_for_terminate_and_check("(sd-accept)", pid, WAIT_LOG_ABNORMAL);
2956 if (r < 0) {
2957 safe_close(cfd);
2958 return r;
2959 }
2960
2961 /* If we received no fd, we got EIO here. If this happens with a process exit code of EXIT_SUCCESS
2962 * this is a spurious accept(), let's convert that back to EAGAIN here. */
2963 if (cfd == -EIO)
2964 return -EAGAIN;
2965 if (cfd < 0)
2966 return log_unit_error_errno(UNIT(s), cfd, "Failed to receive connection socket: %m");
2967
2968 return cfd;
2969
2970 shortcut:
2971 cfd = socket_accept_do(s, fd);
2972 if (cfd == -EAGAIN) /* spurious accept(), skip it silently */
2973 return -EAGAIN;
2974 if (cfd < 0)
2975 return log_unit_error_errno(UNIT(s), cfd, "Failed to accept connection socket: %m");
2976
2977 return cfd;
2978 }
2979
2980 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2981 SocketPort *p = userdata;
2982 int cfd = -1;
2983
2984 assert(p);
2985 assert(fd >= 0);
2986
2987 if (p->socket->state != SOCKET_LISTENING)
2988 return 0;
2989
2990 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2991
2992 if (revents != EPOLLIN) {
2993 if (revents & EPOLLHUP)
2994 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2995 else
2996 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2997 goto fail;
2998 }
2999
3000 if (p->socket->accept &&
3001 p->type == SOCKET_SOCKET &&
3002 socket_address_can_accept(&p->address)) {
3003
3004 cfd = socket_accept_in_cgroup(p->socket, p, fd);
3005 if (cfd == -EAGAIN) /* Spurious accept() */
3006 return 0;
3007 if (cfd < 0)
3008 goto fail;
3009
3010 socket_apply_socket_options(p->socket, p, cfd);
3011 }
3012
3013 socket_enter_running(p->socket, cfd);
3014 return 0;
3015
3016 fail:
3017 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
3018 return 0;
3019 }
3020
3021 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
3022 Socket *s = SOCKET(u);
3023 SocketResult f;
3024
3025 assert(s);
3026 assert(pid >= 0);
3027
3028 if (pid != s->control_pid)
3029 return;
3030
3031 s->control_pid = 0;
3032
3033 if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
3034 f = SOCKET_SUCCESS;
3035 else if (code == CLD_EXITED)
3036 f = SOCKET_FAILURE_EXIT_CODE;
3037 else if (code == CLD_KILLED)
3038 f = SOCKET_FAILURE_SIGNAL;
3039 else if (code == CLD_DUMPED)
3040 f = SOCKET_FAILURE_CORE_DUMP;
3041 else
3042 assert_not_reached("Unknown sigchld code");
3043
3044 if (s->control_command) {
3045 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
3046
3047 if (s->control_command->flags & EXEC_COMMAND_IGNORE_FAILURE)
3048 f = SOCKET_SUCCESS;
3049 }
3050
3051 unit_log_process_exit(
3052 u,
3053 "Control process",
3054 socket_exec_command_to_string(s->control_command_id),
3055 f == SOCKET_SUCCESS,
3056 code, status);
3057
3058 if (s->result == SOCKET_SUCCESS)
3059 s->result = f;
3060
3061 if (s->control_command &&
3062 s->control_command->command_next &&
3063 f == SOCKET_SUCCESS) {
3064
3065 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
3066 socket_run_next(s);
3067 } else {
3068 s->control_command = NULL;
3069 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
3070
3071 /* No further commands for this step, so let's figure
3072 * out what to do next */
3073
3074 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
3075
3076 switch (s->state) {
3077
3078 case SOCKET_START_PRE:
3079 if (f == SOCKET_SUCCESS)
3080 socket_enter_start_chown(s);
3081 else
3082 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
3083 break;
3084
3085 case SOCKET_START_CHOWN:
3086 if (f == SOCKET_SUCCESS)
3087 socket_enter_start_post(s);
3088 else
3089 socket_enter_stop_pre(s, f);
3090 break;
3091
3092 case SOCKET_START_POST:
3093 if (f == SOCKET_SUCCESS)
3094 socket_enter_listening(s);
3095 else
3096 socket_enter_stop_pre(s, f);
3097 break;
3098
3099 case SOCKET_STOP_PRE:
3100 case SOCKET_STOP_PRE_SIGTERM:
3101 case SOCKET_STOP_PRE_SIGKILL:
3102 socket_enter_stop_post(s, f);
3103 break;
3104
3105 case SOCKET_STOP_POST:
3106 case SOCKET_FINAL_SIGTERM:
3107 case SOCKET_FINAL_SIGKILL:
3108 socket_enter_dead(s, f);
3109 break;
3110
3111 case SOCKET_CLEANING:
3112
3113 if (s->clean_result == SOCKET_SUCCESS)
3114 s->clean_result = f;
3115
3116 socket_enter_dead(s, SOCKET_SUCCESS);
3117 break;
3118
3119 default:
3120 assert_not_reached("Uh, control process died at wrong time.");
3121 }
3122 }
3123
3124 /* Notify clients about changed exit status */
3125 unit_add_to_dbus_queue(u);
3126 }
3127
3128 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
3129 Socket *s = SOCKET(userdata);
3130
3131 assert(s);
3132 assert(s->timer_event_source == source);
3133
3134 switch (s->state) {
3135
3136 case SOCKET_START_PRE:
3137 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
3138 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
3139 break;
3140
3141 case SOCKET_START_CHOWN:
3142 case SOCKET_START_POST:
3143 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
3144 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
3145 break;
3146
3147 case SOCKET_STOP_PRE:
3148 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
3149 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
3150 break;
3151
3152 case SOCKET_STOP_PRE_SIGTERM:
3153 if (s->kill_context.send_sigkill) {
3154 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
3155 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
3156 } else {
3157 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
3158 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
3159 }
3160 break;
3161
3162 case SOCKET_STOP_PRE_SIGKILL:
3163 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
3164 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
3165 break;
3166
3167 case SOCKET_STOP_POST:
3168 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
3169 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
3170 break;
3171
3172 case SOCKET_FINAL_SIGTERM:
3173 if (s->kill_context.send_sigkill) {
3174 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
3175 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
3176 } else {
3177 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
3178 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
3179 }
3180 break;
3181
3182 case SOCKET_FINAL_SIGKILL:
3183 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
3184 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
3185 break;
3186
3187 case SOCKET_CLEANING:
3188 log_unit_warning(UNIT(s), "Cleaning timed out. killing.");
3189
3190 if (s->clean_result == SOCKET_SUCCESS)
3191 s->clean_result = SOCKET_FAILURE_TIMEOUT;
3192
3193 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, 0);
3194 break;
3195
3196 default:
3197 assert_not_reached("Timeout at wrong time.");
3198 }
3199
3200 return 0;
3201 }
3202
3203 int socket_collect_fds(Socket *s, int **fds) {
3204 size_t k = 0, n = 0;
3205 SocketPort *p;
3206 int *rfds;
3207
3208 assert(s);
3209 assert(fds);
3210
3211 /* Called from the service code for requesting our fds */
3212
3213 LIST_FOREACH(port, p, s->ports) {
3214 if (p->fd >= 0)
3215 n++;
3216 n += p->n_auxiliary_fds;
3217 }
3218
3219 if (n <= 0) {
3220 *fds = NULL;
3221 return 0;
3222 }
3223
3224 rfds = new(int, n);
3225 if (!rfds)
3226 return -ENOMEM;
3227
3228 LIST_FOREACH(port, p, s->ports) {
3229 size_t i;
3230
3231 if (p->fd >= 0)
3232 rfds[k++] = p->fd;
3233 for (i = 0; i < p->n_auxiliary_fds; ++i)
3234 rfds[k++] = p->auxiliary_fds[i];
3235 }
3236
3237 assert(k == n);
3238
3239 *fds = rfds;
3240 return (int) n;
3241 }
3242
3243 static void socket_reset_failed(Unit *u) {
3244 Socket *s = SOCKET(u);
3245
3246 assert(s);
3247
3248 if (s->state == SOCKET_FAILED)
3249 socket_set_state(s, SOCKET_DEAD);
3250
3251 s->result = SOCKET_SUCCESS;
3252 s->clean_result = SOCKET_SUCCESS;
3253 }
3254
3255 void socket_connection_unref(Socket *s) {
3256 assert(s);
3257
3258 /* The service is dead. Yay!
3259 *
3260 * This is strictly for one-instance-per-connection
3261 * services. */
3262
3263 assert(s->n_connections > 0);
3264 s->n_connections--;
3265
3266 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
3267 }
3268
3269 static void socket_trigger_notify(Unit *u, Unit *other) {
3270 Socket *s = SOCKET(u);
3271
3272 assert(u);
3273 assert(other);
3274
3275 /* Filter out invocations with bogus state */
3276 assert(UNIT_IS_LOAD_COMPLETE(other->load_state));
3277 assert(other->type == UNIT_SERVICE);
3278
3279 /* Don't propagate state changes from the service if we are already down */
3280 if (!IN_SET(s->state, SOCKET_RUNNING, SOCKET_LISTENING))
3281 return;
3282
3283 /* We don't care for the service state if we are in Accept=yes mode */
3284 if (s->accept)
3285 return;
3286
3287 /* Propagate start limit hit state */
3288 if (other->start_limit_hit) {
3289 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT);
3290 return;
3291 }
3292
3293 /* Don't propagate anything if there's still a job queued */
3294 if (other->job)
3295 return;
3296
3297 if (IN_SET(SERVICE(other)->state,
3298 SERVICE_DEAD, SERVICE_FAILED,
3299 SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
3300 SERVICE_AUTO_RESTART))
3301 socket_enter_listening(s);
3302
3303 if (SERVICE(other)->state == SERVICE_RUNNING)
3304 socket_set_state(s, SOCKET_RUNNING);
3305 }
3306
3307 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
3308 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
3309 }
3310
3311 static int socket_get_timeout(Unit *u, usec_t *timeout) {
3312 Socket *s = SOCKET(u);
3313 usec_t t;
3314 int r;
3315
3316 if (!s->timer_event_source)
3317 return 0;
3318
3319 r = sd_event_source_get_time(s->timer_event_source, &t);
3320 if (r < 0)
3321 return r;
3322 if (t == USEC_INFINITY)
3323 return 0;
3324
3325 *timeout = t;
3326 return 1;
3327 }
3328
3329 char *socket_fdname(Socket *s) {
3330 assert(s);
3331
3332 /* Returns the name to use for $LISTEN_NAMES. If the user
3333 * didn't specify anything specifically, use the socket unit's
3334 * name as fallback. */
3335
3336 return s->fdname ?: UNIT(s)->id;
3337 }
3338
3339 static int socket_control_pid(Unit *u) {
3340 Socket *s = SOCKET(u);
3341
3342 assert(s);
3343
3344 return s->control_pid;
3345 }
3346
3347 static int socket_clean(Unit *u, ExecCleanMask mask) {
3348 _cleanup_strv_free_ char **l = NULL;
3349 Socket *s = SOCKET(u);
3350 int r;
3351
3352 assert(s);
3353 assert(mask != 0);
3354
3355 if (s->state != SOCKET_DEAD)
3356 return -EBUSY;
3357
3358 r = exec_context_get_clean_directories(&s->exec_context, u->manager->prefix, mask, &l);
3359 if (r < 0)
3360 return r;
3361
3362 if (strv_isempty(l))
3363 return -EUNATCH;
3364
3365 socket_unwatch_control_pid(s);
3366 s->clean_result = SOCKET_SUCCESS;
3367 s->control_command = NULL;
3368 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
3369
3370 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->exec_context.timeout_clean_usec));
3371 if (r < 0)
3372 goto fail;
3373
3374 r = unit_fork_and_watch_rm_rf(u, l, &s->control_pid);
3375 if (r < 0)
3376 goto fail;
3377
3378 socket_set_state(s, SOCKET_CLEANING);
3379
3380 return 0;
3381
3382 fail:
3383 log_unit_warning_errno(u, r, "Failed to initiate cleaning: %m");
3384 s->clean_result = SOCKET_FAILURE_RESOURCES;
3385 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
3386 return r;
3387 }
3388
3389 static int socket_can_clean(Unit *u, ExecCleanMask *ret) {
3390 Socket *s = SOCKET(u);
3391
3392 assert(s);
3393
3394 return exec_context_get_clean_mask(&s->exec_context, ret);
3395 }
3396
3397 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
3398 [SOCKET_EXEC_START_PRE] = "ExecStartPre",
3399 [SOCKET_EXEC_START_CHOWN] = "ExecStartChown",
3400 [SOCKET_EXEC_START_POST] = "ExecStartPost",
3401 [SOCKET_EXEC_STOP_PRE] = "ExecStopPre",
3402 [SOCKET_EXEC_STOP_POST] = "ExecStopPost"
3403 };
3404
3405 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
3406
3407 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
3408 [SOCKET_SUCCESS] = "success",
3409 [SOCKET_FAILURE_RESOURCES] = "resources",
3410 [SOCKET_FAILURE_TIMEOUT] = "timeout",
3411 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
3412 [SOCKET_FAILURE_SIGNAL] = "signal",
3413 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
3414 [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
3415 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
3416 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
3417 };
3418
3419 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
3420
3421 static const char* const socket_timestamping_table[_SOCKET_TIMESTAMPING_MAX] = {
3422 [SOCKET_TIMESTAMPING_OFF] = "off",
3423 [SOCKET_TIMESTAMPING_US] = "us",
3424 [SOCKET_TIMESTAMPING_NS] = "ns",
3425 };
3426
3427 DEFINE_STRING_TABLE_LOOKUP(socket_timestamping, SocketTimestamping);
3428
3429 SocketTimestamping socket_timestamping_from_string_harder(const char *p) {
3430 SocketTimestamping t;
3431 int r;
3432
3433 if (!p)
3434 return _SOCKET_TIMESTAMPING_INVALID;
3435
3436 t = socket_timestamping_from_string(p);
3437 if (t >= 0)
3438 return t;
3439
3440 /* Let's alternatively support the various other aliases parse_time() accepts for ns and µs here,
3441 * too. */
3442 if (streq(p, "nsec"))
3443 return SOCKET_TIMESTAMPING_NS;
3444 if (STR_IN_SET(p, "usec", "µs"))
3445 return SOCKET_TIMESTAMPING_US;
3446
3447 r = parse_boolean(p);
3448 if (r < 0)
3449 return _SOCKET_TIMESTAMPING_INVALID;
3450
3451 return r ? SOCKET_TIMESTAMPING_NS : SOCKET_TIMESTAMPING_OFF; /* If boolean yes, default to ns accuracy */
3452 }
3453
3454 const UnitVTable socket_vtable = {
3455 .object_size = sizeof(Socket),
3456 .exec_context_offset = offsetof(Socket, exec_context),
3457 .cgroup_context_offset = offsetof(Socket, cgroup_context),
3458 .kill_context_offset = offsetof(Socket, kill_context),
3459 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3460 .dynamic_creds_offset = offsetof(Socket, dynamic_creds),
3461
3462 .sections =
3463 "Unit\0"
3464 "Socket\0"
3465 "Install\0",
3466 .private_section = "Socket",
3467
3468 .can_transient = true,
3469 .can_trigger = true,
3470 .can_fail = true,
3471
3472 .init = socket_init,
3473 .done = socket_done,
3474 .load = socket_load,
3475
3476 .coldplug = socket_coldplug,
3477
3478 .dump = socket_dump,
3479
3480 .start = socket_start,
3481 .stop = socket_stop,
3482
3483 .kill = socket_kill,
3484 .clean = socket_clean,
3485 .can_clean = socket_can_clean,
3486
3487 .get_timeout = socket_get_timeout,
3488
3489 .serialize = socket_serialize,
3490 .deserialize_item = socket_deserialize_item,
3491 .distribute_fds = socket_distribute_fds,
3492
3493 .active_state = socket_active_state,
3494 .sub_state_to_string = socket_sub_state_to_string,
3495
3496 .will_restart = unit_will_restart_default,
3497
3498 .may_gc = socket_may_gc,
3499
3500 .sigchld_event = socket_sigchld_event,
3501
3502 .trigger_notify = socket_trigger_notify,
3503
3504 .reset_failed = socket_reset_failed,
3505
3506 .control_pid = socket_control_pid,
3507
3508 .bus_set_property = bus_socket_set_property,
3509 .bus_commit_properties = bus_socket_commit_properties,
3510
3511 .status_message_formats = {
3512 /*.starting_stopping = {
3513 [0] = "Starting socket %s...",
3514 [1] = "Stopping socket %s...",
3515 },*/
3516 .finished_start_job = {
3517 [JOB_DONE] = "Listening on %s.",
3518 [JOB_FAILED] = "Failed to listen on %s.",
3519 [JOB_TIMEOUT] = "Timed out starting %s.",
3520 },
3521 .finished_stop_job = {
3522 [JOB_DONE] = "Closed %s.",
3523 [JOB_FAILED] = "Failed stopping %s.",
3524 [JOB_TIMEOUT] = "Timed out stopping %s.",
3525 },
3526 },
3527 };
Unnamed repository; edit this file 'description' to name the repository.