1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include <netinet/tcp.h>
11 #include <linux/sctp.h>
13 #include "alloc-util.h"
14 #include "bpf-firewall.h"
15 #include "bus-error.h"
18 #include "dbus-socket.h"
19 #include "dbus-unit.h"
21 #include "errno-list.h"
22 #include "exit-status.h"
24 #include "format-util.h"
26 #include "in-addr-util.h"
28 #include "ip-protocol-list.h"
32 #include "parse-util.h"
33 #include "path-util.h"
34 #include "process-util.h"
35 #include "selinux-util.h"
36 #include "serialize.h"
37 #include "signal-util.h"
38 #include "smack-util.h"
40 #include "socket-netlink.h"
42 #include "string-table.h"
43 #include "string-util.h"
45 #include "unit-name.h"
47 #include "user-util.h"
53 union sockaddr_union peer
;
57 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
58 [SOCKET_DEAD
] = UNIT_INACTIVE
,
59 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
60 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
61 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
62 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
63 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
64 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
65 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
66 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
67 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
68 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
69 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
70 [SOCKET_FAILED
] = UNIT_FAILED
,
71 [SOCKET_CLEANING
] = UNIT_MAINTENANCE
,
74 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
75 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
76 static void flush_ports(Socket
*s
);
78 static void socket_init(Unit
*u
) {
79 Socket
*s
= SOCKET(u
);
82 assert(u
->load_state
== UNIT_STUB
);
84 s
->backlog
= SOMAXCONN
;
85 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
86 s
->directory_mode
= 0755;
87 s
->socket_mode
= 0666;
89 s
->max_connections
= 64;
96 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
97 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
99 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
101 s
->trigger_limit
.interval
= USEC_INFINITY
;
102 s
->trigger_limit
.burst
= (unsigned) -1;
105 static void socket_unwatch_control_pid(Socket
*s
) {
108 if (s
->control_pid
<= 0)
111 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
115 static void socket_cleanup_fd_list(SocketPort
*p
) {
118 close_many(p
->auxiliary_fds
, p
->n_auxiliary_fds
);
119 p
->auxiliary_fds
= mfree(p
->auxiliary_fds
);
120 p
->n_auxiliary_fds
= 0;
123 void socket_free_ports(Socket
*s
) {
128 while ((p
= s
->ports
)) {
129 LIST_REMOVE(port
, s
->ports
, p
);
131 sd_event_source_unref(p
->event_source
);
133 socket_cleanup_fd_list(p
);
140 static void socket_done(Unit
*u
) {
141 Socket
*s
= SOCKET(u
);
146 socket_free_ports(s
);
148 while ((p
= set_steal_first(s
->peers_by_address
)))
151 s
->peers_by_address
= set_free(s
->peers_by_address
);
153 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
, false);
154 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
155 s
->control_command
= NULL
;
157 dynamic_creds_unref(&s
->dynamic_creds
);
159 socket_unwatch_control_pid(s
);
161 unit_ref_unset(&s
->service
);
163 s
->tcp_congestion
= mfree(s
->tcp_congestion
);
164 s
->bind_to_device
= mfree(s
->bind_to_device
);
166 s
->smack
= mfree(s
->smack
);
167 s
->smack_ip_in
= mfree(s
->smack_ip_in
);
168 s
->smack_ip_out
= mfree(s
->smack_ip_out
);
170 strv_free(s
->symlinks
);
172 s
->user
= mfree(s
->user
);
173 s
->group
= mfree(s
->group
);
175 s
->fdname
= mfree(s
->fdname
);
177 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
180 static int socket_arm_timer(Socket
*s
, usec_t usec
) {
185 if (s
->timer_event_source
) {
186 r
= sd_event_source_set_time(s
->timer_event_source
, usec
);
190 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
193 if (usec
== USEC_INFINITY
)
196 r
= sd_event_add_time(
197 UNIT(s
)->manager
->event
,
198 &s
->timer_event_source
,
201 socket_dispatch_timer
, s
);
205 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
210 static bool have_non_accept_socket(Socket
*s
) {
218 LIST_FOREACH(port
, p
, s
->ports
) {
220 if (p
->type
!= SOCKET_SOCKET
)
223 if (!socket_address_can_accept(&p
->address
))
230 static int socket_add_mount_dependencies(Socket
*s
) {
236 LIST_FOREACH(port
, p
, s
->ports
) {
237 const char *path
= NULL
;
239 if (p
->type
== SOCKET_SOCKET
)
240 path
= socket_address_get_path(&p
->address
);
241 else if (IN_SET(p
->type
, SOCKET_FIFO
, SOCKET_SPECIAL
, SOCKET_USB_FUNCTION
))
247 r
= unit_require_mounts_for(UNIT(s
), path
, UNIT_DEPENDENCY_FILE
);
255 static int socket_add_device_dependencies(Socket
*s
) {
260 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
263 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
264 return unit_add_node_dependency(UNIT(s
), t
, UNIT_BINDS_TO
, UNIT_DEPENDENCY_FILE
);
267 static int socket_add_default_dependencies(Socket
*s
) {
271 if (!UNIT(s
)->default_dependencies
)
274 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, true, UNIT_DEPENDENCY_DEFAULT
);
278 if (MANAGER_IS_SYSTEM(UNIT(s
)->manager
)) {
279 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, true, UNIT_DEPENDENCY_DEFAULT
);
284 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, true, UNIT_DEPENDENCY_DEFAULT
);
287 _pure_
static bool socket_has_exec(Socket
*s
) {
291 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
292 if (s
->exec_command
[i
])
298 static int socket_add_extras(Socket
*s
) {
304 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
305 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
306 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
307 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
308 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
309 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
310 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
311 * service starts are typical. */
313 if (s
->trigger_limit
.interval
== USEC_INFINITY
)
314 s
->trigger_limit
.interval
= 2 * USEC_PER_SEC
;
316 if (s
->trigger_limit
.burst
== (unsigned) -1) {
318 s
->trigger_limit
.burst
= 200;
320 s
->trigger_limit
.burst
= 20;
323 if (have_non_accept_socket(s
)) {
325 if (!UNIT_DEREF(s
->service
)) {
328 r
= unit_load_related_unit(u
, ".service", &x
);
332 unit_ref_set(&s
->service
, u
, x
);
335 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true, UNIT_DEPENDENCY_IMPLICIT
);
340 r
= socket_add_mount_dependencies(s
);
344 r
= socket_add_device_dependencies(s
);
348 r
= unit_patch_contexts(u
);
352 if (socket_has_exec(s
)) {
353 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
358 r
= unit_set_default_slice(u
);
362 r
= socket_add_default_dependencies(s
);
369 static const char *socket_find_symlink_target(Socket
*s
) {
370 const char *found
= NULL
;
373 LIST_FOREACH(port
, p
, s
->ports
) {
374 const char *f
= NULL
;
383 f
= socket_address_get_path(&p
->address
);
401 static int socket_verify(Socket
*s
) {
403 assert(UNIT(s
)->load_state
== UNIT_LOADED
);
406 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.");
408 if (s
->accept
&& have_non_accept_socket(s
))
409 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
411 if (s
->accept
&& s
->max_connections
<= 0)
412 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "MaxConnection= setting too small. Refusing.");
414 if (s
->accept
&& UNIT_DEREF(s
->service
))
415 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "Explicit service configuration for accepting socket units not supported. Refusing.");
417 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
)
418 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
420 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
))
421 return log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOEXEC
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
426 static void peer_address_hash_func(const SocketPeer
*s
, struct siphash
*state
) {
429 if (s
->peer
.sa
.sa_family
== AF_INET
)
430 siphash24_compress(&s
->peer
.in
.sin_addr
, sizeof(s
->peer
.in
.sin_addr
), state
);
431 else if (s
->peer
.sa
.sa_family
== AF_INET6
)
432 siphash24_compress(&s
->peer
.in6
.sin6_addr
, sizeof(s
->peer
.in6
.sin6_addr
), state
);
433 else if (s
->peer
.sa
.sa_family
== AF_VSOCK
)
434 siphash24_compress(&s
->peer
.vm
.svm_cid
, sizeof(s
->peer
.vm
.svm_cid
), state
);
436 assert_not_reached("Unknown address family.");
439 static int peer_address_compare_func(const SocketPeer
*x
, const SocketPeer
*y
) {
442 r
= CMP(x
->peer
.sa
.sa_family
, y
->peer
.sa
.sa_family
);
446 switch(x
->peer
.sa
.sa_family
) {
448 return memcmp(&x
->peer
.in
.sin_addr
, &y
->peer
.in
.sin_addr
, sizeof(x
->peer
.in
.sin_addr
));
450 return memcmp(&x
->peer
.in6
.sin6_addr
, &y
->peer
.in6
.sin6_addr
, sizeof(x
->peer
.in6
.sin6_addr
));
452 return CMP(x
->peer
.vm
.svm_cid
, y
->peer
.vm
.svm_cid
);
454 assert_not_reached("Black sheep in the family!");
457 DEFINE_PRIVATE_HASH_OPS(peer_address_hash_ops
, SocketPeer
, peer_address_hash_func
, peer_address_compare_func
);
459 static int socket_load(Unit
*u
) {
460 Socket
*s
= SOCKET(u
);
464 assert(u
->load_state
== UNIT_STUB
);
466 r
= set_ensure_allocated(&s
->peers_by_address
, &peer_address_hash_ops
);
470 r
= unit_load_fragment_and_dropin(u
, true);
474 if (u
->load_state
!= UNIT_LOADED
)
477 /* This is a new unit? Then let's add in some extras */
478 r
= socket_add_extras(s
);
482 return socket_verify(s
);
485 static SocketPeer
*socket_peer_new(void) {
488 p
= new0(SocketPeer
, 1);
497 static SocketPeer
*socket_peer_free(SocketPeer
*p
) {
501 set_remove(p
->socket
->peers_by_address
, p
);
506 DEFINE_TRIVIAL_REF_UNREF_FUNC(SocketPeer
, socket_peer
, socket_peer_free
);
508 int socket_acquire_peer(Socket
*s
, int fd
, SocketPeer
**p
) {
509 _cleanup_(socket_peer_unrefp
) SocketPeer
*remote
= NULL
;
510 SocketPeer sa
= {}, *i
;
511 socklen_t salen
= sizeof(sa
.peer
);
517 if (getpeername(fd
, &sa
.peer
.sa
, &salen
) < 0)
518 return log_unit_error_errno(UNIT(s
), errno
, "getpeername failed: %m");
520 if (!IN_SET(sa
.peer
.sa
.sa_family
, AF_INET
, AF_INET6
, AF_VSOCK
)) {
525 i
= set_get(s
->peers_by_address
, &sa
);
527 *p
= socket_peer_ref(i
);
531 remote
= socket_peer_new();
535 remote
->peer
= sa
.peer
;
536 remote
->peer_salen
= salen
;
538 r
= set_put(s
->peers_by_address
, remote
);
544 *p
= TAKE_PTR(remote
);
549 _const_
static const char* listen_lookup(int family
, int type
) {
551 if (family
== AF_NETLINK
)
552 return "ListenNetlink";
554 if (type
== SOCK_STREAM
)
555 return "ListenStream";
556 else if (type
== SOCK_DGRAM
)
557 return "ListenDatagram";
558 else if (type
== SOCK_SEQPACKET
)
559 return "ListenSequentialPacket";
561 assert_not_reached("Unknown socket type");
565 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
566 char time_string
[FORMAT_TIMESPAN_MAX
];
568 Socket
*s
= SOCKET(u
);
570 const char *prefix2
, *str
;
575 prefix
= strempty(prefix
);
576 prefix2
= strjoina(prefix
, "\t");
579 "%sSocket State: %s\n"
581 "%sClean Result: %s\n"
582 "%sBindIPv6Only: %s\n"
584 "%sSocketMode: %04o\n"
585 "%sDirectoryMode: %04o\n"
589 "%sTransparent: %s\n"
591 "%sPassCredentials: %s\n"
592 "%sPassSecurity: %s\n"
593 "%sPassPacketInfo: %s\n"
594 "%sTCPCongestion: %s\n"
595 "%sRemoveOnStop: %s\n"
597 "%sFileDescriptorName: %s\n"
598 "%sSELinuxContextFromNet: %s\n",
599 prefix
, socket_state_to_string(s
->state
),
600 prefix
, socket_result_to_string(s
->result
),
601 prefix
, socket_result_to_string(s
->clean_result
),
602 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
604 prefix
, s
->socket_mode
,
605 prefix
, s
->directory_mode
,
606 prefix
, yes_no(s
->keep_alive
),
607 prefix
, yes_no(s
->no_delay
),
608 prefix
, yes_no(s
->free_bind
),
609 prefix
, yes_no(s
->transparent
),
610 prefix
, yes_no(s
->broadcast
),
611 prefix
, yes_no(s
->pass_cred
),
612 prefix
, yes_no(s
->pass_sec
),
613 prefix
, yes_no(s
->pass_pktinfo
),
614 prefix
, strna(s
->tcp_congestion
),
615 prefix
, yes_no(s
->remove_on_stop
),
616 prefix
, yes_no(s
->writable
),
617 prefix
, socket_fdname(s
),
618 prefix
, yes_no(s
->selinux_context_from_net
));
620 if (s
->timestamping
!= SOCKET_TIMESTAMPING_OFF
)
622 "%sTimestamping: %s\n",
623 prefix
, socket_timestamping_to_string(s
->timestamping
));
625 if (s
->control_pid
> 0)
627 "%sControl PID: "PID_FMT
"\n",
628 prefix
, s
->control_pid
);
630 if (s
->bind_to_device
)
632 "%sBindToDevice: %s\n",
633 prefix
, s
->bind_to_device
);
638 "%sNConnections: %u\n"
639 "%sMaxConnections: %u\n"
640 "%sMaxConnectionsPerSource: %u\n",
641 prefix
, s
->n_accepted
,
642 prefix
, s
->n_connections
,
643 prefix
, s
->max_connections
,
644 prefix
, s
->max_connections_per_source
);
647 "%sFlushPending: %s\n",
648 prefix
, yes_no(s
->flush_pending
));
651 if (s
->priority
>= 0)
654 prefix
, s
->priority
);
656 if (s
->receive_buffer
> 0)
658 "%sReceiveBuffer: %zu\n",
659 prefix
, s
->receive_buffer
);
661 if (s
->send_buffer
> 0)
663 "%sSendBuffer: %zu\n",
664 prefix
, s
->send_buffer
);
676 if (s
->pipe_size
> 0)
679 prefix
, s
->pipe_size
);
686 if (s
->mq_maxmsg
> 0)
688 "%sMessageQueueMaxMessages: %li\n",
689 prefix
, s
->mq_maxmsg
);
691 if (s
->mq_msgsize
> 0)
693 "%sMessageQueueMessageSize: %li\n",
694 prefix
, s
->mq_msgsize
);
699 prefix
, yes_no(s
->reuse_port
));
703 "%sSmackLabel: %s\n",
708 "%sSmackLabelIPIn: %s\n",
709 prefix
, s
->smack_ip_in
);
713 "%sSmackLabelIPOut: %s\n",
714 prefix
, s
->smack_ip_out
);
716 if (!isempty(s
->user
) || !isempty(s
->group
))
719 "%sSocketGroup: %s\n",
720 prefix
, strna(s
->user
),
721 prefix
, strna(s
->group
));
723 if (s
->keep_alive_time
> 0)
725 "%sKeepAliveTimeSec: %s\n",
726 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
728 if (s
->keep_alive_interval
> 0)
730 "%sKeepAliveIntervalSec: %s\n",
731 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
733 if (s
->keep_alive_cnt
> 0)
735 "%sKeepAliveProbes: %u\n",
736 prefix
, s
->keep_alive_cnt
);
738 if (s
->defer_accept
> 0)
740 "%sDeferAcceptSec: %s\n",
741 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
743 LIST_FOREACH(port
, p
, s
->ports
) {
746 case SOCKET_SOCKET
: {
747 _cleanup_free_
char *k
= NULL
;
751 r
= socket_address_print(&p
->address
, &k
);
753 t
= strerror_safe(r
);
757 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
761 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
763 case SOCKET_USB_FUNCTION
:
764 fprintf(f
, "%sListenUSBFunction: %s\n", prefix
, p
->path
);
767 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
770 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
775 "%sTriggerLimitIntervalSec: %s\n"
776 "%sTriggerLimitBurst: %u\n",
777 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->trigger_limit
.interval
, USEC_PER_SEC
),
778 prefix
, s
->trigger_limit
.burst
);
780 str
= ip_protocol_to_name(s
->socket_protocol
);
782 fprintf(f
, "%sSocketProtocol: %s\n", prefix
, str
);
784 if (!strv_isempty(s
->symlinks
)) {
787 fprintf(f
, "%sSymlinks:", prefix
);
788 STRV_FOREACH(q
, s
->symlinks
)
789 fprintf(f
, " %s", *q
);
795 "%sTimeoutSec: %s\n",
796 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->timeout_usec
, USEC_PER_SEC
));
798 exec_context_dump(&s
->exec_context
, f
, prefix
);
799 kill_context_dump(&s
->kill_context
, f
, prefix
);
801 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
802 if (!s
->exec_command
[c
])
805 fprintf(f
, "%s-> %s:\n",
806 prefix
, socket_exec_command_to_string(c
));
808 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
811 cgroup_context_dump(UNIT(s
), f
, prefix
);
814 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
817 union sockaddr_union local
, remote
;
823 if (getsockname(fd
, &local
.sa
, &l
) < 0)
827 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
830 switch (local
.sa
.sa_family
) {
834 a
= be32toh(local
.in
.sin_addr
.s_addr
),
835 b
= be32toh(remote
.in
.sin_addr
.s_addr
);
838 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
840 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
841 be16toh(local
.in
.sin_port
),
842 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
843 be16toh(remote
.in
.sin_port
)) < 0)
850 static const unsigned char ipv4_prefix
[] = {
851 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
854 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
855 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
857 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
858 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
861 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
863 a
[0], a
[1], a
[2], a
[3],
864 be16toh(local
.in6
.sin6_port
),
865 b
[0], b
[1], b
[2], b
[3],
866 be16toh(remote
.in6
.sin6_port
)) < 0)
869 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
874 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
875 be16toh(local
.in6
.sin6_port
),
876 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
877 be16toh(remote
.in6
.sin6_port
)) < 0)
888 k
= getpeercred(fd
, &ucred
);
891 "%u-"PID_FMT
"-"UID_FMT
,
892 nr
, ucred
.pid
, ucred
.uid
) < 0)
894 } else if (k
== -ENODATA
) {
895 /* This handles the case where somebody is
896 * connecting from another pid/uid namespace
897 * (e.g. from outside of our container). */
912 local
.vm
.svm_cid
, local
.vm
.svm_port
,
913 remote
.vm
.svm_cid
, remote
.vm
.svm_port
) < 0)
919 assert_not_reached("Unhandled socket type.");
926 static void socket_close_fds(Socket
*s
) {
932 LIST_FOREACH(port
, p
, s
->ports
) {
935 was_open
= p
->fd
>= 0;
937 p
->event_source
= sd_event_source_unref(p
->event_source
);
938 p
->fd
= safe_close(p
->fd
);
939 socket_cleanup_fd_list(p
);
941 /* One little note: we should normally not delete any sockets in the file system here! After all some
942 * other process we spawned might still have a reference of this fd and wants to continue to use
943 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
944 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
945 * anyway, but only then. */
947 if (!was_open
|| !s
->remove_on_stop
)
953 (void) unlink(p
->path
);
957 (void) mq_unlink(p
->path
);
961 (void) socket_address_unlink(&p
->address
);
969 if (s
->remove_on_stop
)
970 STRV_FOREACH(i
, s
->symlinks
)
973 /* Note that we don't return NULL here, since s has not been freed. */
976 static void socket_apply_socket_options(Socket
*s
, SocketPort
*p
, int fd
) {
984 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_KEEPALIVE
, true);
986 log_unit_warning_errno(UNIT(s
), r
, "SO_KEEPALIVE failed: %m");
989 if (s
->keep_alive_time
> 0) {
990 r
= setsockopt_int(fd
, SOL_TCP
, TCP_KEEPIDLE
, s
->keep_alive_time
/ USEC_PER_SEC
);
992 log_unit_warning_errno(UNIT(s
), r
, "TCP_KEEPIDLE failed: %m");
995 if (s
->keep_alive_interval
> 0) {
996 r
= setsockopt_int(fd
, SOL_TCP
, TCP_KEEPINTVL
, s
->keep_alive_interval
/ USEC_PER_SEC
);
998 log_unit_warning_errno(UNIT(s
), r
, "TCP_KEEPINTVL failed: %m");
1001 if (s
->keep_alive_cnt
> 0) {
1002 r
= setsockopt_int(fd
, SOL_TCP
, TCP_KEEPCNT
, s
->keep_alive_cnt
);
1004 log_unit_warning_errno(UNIT(s
), r
, "TCP_KEEPCNT failed: %m");
1007 if (s
->defer_accept
> 0) {
1008 r
= setsockopt_int(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, s
->defer_accept
/ USEC_PER_SEC
);
1010 log_unit_warning_errno(UNIT(s
), r
, "TCP_DEFER_ACCEPT failed: %m");
1014 if (s
->socket_protocol
== IPPROTO_SCTP
) {
1015 r
= setsockopt_int(fd
, SOL_SCTP
, SCTP_NODELAY
, true);
1017 log_unit_warning_errno(UNIT(s
), r
, "SCTP_NODELAY failed: %m");
1019 r
= setsockopt_int(fd
, SOL_TCP
, TCP_NODELAY
, true);
1021 log_unit_warning_errno(UNIT(s
), r
, "TCP_NODELAY failed: %m");
1026 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_BROADCAST
, true);
1028 log_unit_warning_errno(UNIT(s
), r
, "SO_BROADCAST failed: %m");
1032 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_PASSCRED
, true);
1034 log_unit_warning_errno(UNIT(s
), r
, "SO_PASSCRED failed: %m");
1038 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_PASSSEC
, true);
1040 log_unit_warning_errno(UNIT(s
), r
, "SO_PASSSEC failed: %m");
1043 if (s
->pass_pktinfo
) {
1044 r
= socket_set_recvpktinfo(fd
, socket_address_family(&p
->address
), true);
1046 log_unit_warning_errno(UNIT(s
), r
, "Failed to enable packet info socket option: %m");
1049 if (s
->timestamping
!= SOCKET_TIMESTAMPING_OFF
) {
1050 r
= setsockopt_int(fd
, SOL_SOCKET
,
1051 s
->timestamping
== SOCKET_TIMESTAMPING_NS
? SO_TIMESTAMPNS
: SO_TIMESTAMP
,
1054 log_unit_warning_errno(UNIT(s
), r
, "Failed to enable timestamping socket option, ignoring: %m");
1057 if (s
->priority
>= 0) {
1058 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_PRIORITY
, s
->priority
);
1060 log_unit_warning_errno(UNIT(s
), r
, "SO_PRIORITY failed: %m");
1063 if (s
->receive_buffer
> 0) {
1064 r
= fd_set_rcvbuf(fd
, s
->receive_buffer
, false);
1066 log_unit_full_errno(UNIT(s
), ERRNO_IS_PRIVILEGE(r
) ? LOG_DEBUG
: LOG_WARNING
, r
,
1067 "SO_RCVBUF/SO_RCVBUFFORCE failed: %m");
1070 if (s
->send_buffer
> 0) {
1071 r
= fd_set_sndbuf(fd
, s
->send_buffer
, false);
1073 log_unit_full_errno(UNIT(s
), ERRNO_IS_PRIVILEGE(r
) ? LOG_DEBUG
: LOG_WARNING
, r
,
1074 "SO_SNDBUF/SO_SNDBUFFORCE failed: %m");
1078 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_MARK
, s
->mark
);
1080 log_unit_warning_errno(UNIT(s
), r
, "SO_MARK failed: %m");
1083 if (s
->ip_tos
>= 0) {
1084 r
= setsockopt_int(fd
, IPPROTO_IP
, IP_TOS
, s
->ip_tos
);
1086 log_unit_warning_errno(UNIT(s
), r
, "IP_TOS failed: %m");
1089 if (s
->ip_ttl
>= 0) {
1090 r
= socket_set_ttl(fd
, socket_address_family(&p
->address
), s
->ip_ttl
);
1092 log_unit_warning_errno(UNIT(s
), r
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
1095 if (s
->tcp_congestion
)
1096 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
1097 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
1099 if (s
->smack_ip_in
) {
1100 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPIN
, s
->smack_ip_in
);
1102 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
1105 if (s
->smack_ip_out
) {
1106 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPOUT
, s
->smack_ip_out
);
1108 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
1112 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
1118 if (s
->pipe_size
> 0)
1119 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
1120 log_unit_warning_errno(UNIT(s
), errno
, "Setting pipe size failed, ignoring: %m");
1123 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_ACCESS
, s
->smack
);
1125 log_unit_error_errno(UNIT(s
), r
, "SMACK relabelling failed, ignoring: %m");
1129 static int fifo_address_create(
1131 mode_t directory_mode
,
1132 mode_t socket_mode
) {
1134 _cleanup_close_
int fd
= -1;
1141 (void) mkdir_parents_label(path
, directory_mode
);
1143 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
1147 /* Enforce the right access mode for the fifo */
1148 old_mask
= umask(~socket_mode
);
1150 /* Include the original umask in our mask */
1151 (void) umask(~socket_mode
| old_mask
);
1153 r
= mkfifo(path
, socket_mode
);
1154 (void) umask(old_mask
);
1156 if (r
< 0 && errno
!= EEXIST
) {
1161 fd
= open(path
, O_RDWR
| O_CLOEXEC
| O_NOCTTY
| O_NONBLOCK
| O_NOFOLLOW
);
1167 mac_selinux_create_file_clear();
1169 if (fstat(fd
, &st
) < 0) {
1174 if (!S_ISFIFO(st
.st_mode
) ||
1175 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1176 st
.st_uid
!= getuid() ||
1177 st
.st_gid
!= getgid()) {
1185 mac_selinux_create_file_clear();
1189 static int special_address_create(const char *path
, bool writable
) {
1190 _cleanup_close_
int fd
= -1;
1195 fd
= open(path
, (writable
? O_RDWR
: O_RDONLY
)|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1199 if (fstat(fd
, &st
) < 0)
1202 /* Check whether this is a /proc, /sys or /dev file or char device */
1203 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
))
1209 static int usbffs_address_create(const char *path
) {
1210 _cleanup_close_
int fd
= -1;
1215 fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1219 if (fstat(fd
, &st
) < 0)
1222 /* Check whether this is a regular file (ffs endpoint) */
1223 if (!S_ISREG(st
.st_mode
))
1229 static int mq_address_create(
1235 _cleanup_close_
int fd
= -1;
1238 struct mq_attr _attr
, *attr
= NULL
;
1242 if (maxmsg
> 0 && msgsize
> 0) {
1243 _attr
= (struct mq_attr
) {
1244 .mq_flags
= O_NONBLOCK
,
1245 .mq_maxmsg
= maxmsg
,
1246 .mq_msgsize
= msgsize
,
1251 /* Enforce the right access mode for the mq */
1252 old_mask
= umask(~mq_mode
);
1254 /* Include the original umask in our mask */
1255 (void) umask(~mq_mode
| old_mask
);
1256 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1257 (void) umask(old_mask
);
1262 if (fstat(fd
, &st
) < 0)
1265 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1266 st
.st_uid
!= getuid() ||
1267 st
.st_gid
!= getgid())
1273 static int socket_symlink(Socket
*s
) {
1280 p
= socket_find_symlink_target(s
);
1284 STRV_FOREACH(i
, s
->symlinks
) {
1285 (void) mkdir_parents_label(*i
, s
->directory_mode
);
1287 r
= symlink_idempotent(p
, *i
, false);
1289 if (r
== -EEXIST
&& s
->remove_on_stop
) {
1290 /* If there's already something where we want to create the symlink, and the destructive
1291 * RemoveOnStop= mode is set, then we might as well try to remove what already exists and try
1294 if (unlink(*i
) >= 0)
1295 r
= symlink_idempotent(p
, *i
, false);
1299 log_unit_warning_errno(UNIT(s
), r
, "Failed to create symlink %s → %s, ignoring: %m", p
, *i
);
1305 static int usbffs_write_descs(int fd
, Service
*s
) {
1308 if (!s
->usb_function_descriptors
|| !s
->usb_function_strings
)
1311 r
= copy_file_fd(s
->usb_function_descriptors
, fd
, 0);
1315 return copy_file_fd(s
->usb_function_strings
, fd
, 0);
1318 static int usbffs_select_ep(const struct dirent
*d
) {
1319 return d
->d_name
[0] != '.' && !streq(d
->d_name
, "ep0");
1322 static int usbffs_dispatch_eps(SocketPort
*p
) {
1323 _cleanup_free_
struct dirent
**ent
= NULL
;
1327 r
= scandir(p
->path
, &ent
, usbffs_select_ep
, alphasort
);
1332 p
->auxiliary_fds
= new(int, n
);
1333 if (!p
->auxiliary_fds
) {
1338 p
->n_auxiliary_fds
= n
;
1341 for (size_t i
= 0; i
< n
; ++i
) {
1342 _cleanup_free_
char *ep
= NULL
;
1344 ep
= path_make_absolute(ent
[i
]->d_name
, p
->path
);
1350 path_simplify(ep
, false);
1352 r
= usbffs_address_create(ep
);
1356 p
->auxiliary_fds
[k
++] = r
;
1363 close_many(p
->auxiliary_fds
, k
);
1364 p
->auxiliary_fds
= mfree(p
->auxiliary_fds
);
1365 p
->n_auxiliary_fds
= 0;
1368 for (size_t i
= 0; i
< n
; ++i
)
1374 int socket_load_service_unit(Socket
*s
, int cfd
, Unit
**ret
) {
1375 /* Figure out what the unit that will be used to handle the connections on the socket looks like.
1377 * If cfd < 0, then we don't have a connection yet. In case of Accept=yes sockets, use a fake
1381 if (UNIT_ISSET(s
->service
)) {
1382 *ret
= UNIT_DEREF(s
->service
);
1389 /* Build the instance name and load the unit */
1390 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1393 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1398 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1399 if (ERRNO_IS_DISCONNECT(r
))
1400 /* ENOTCONN is legitimate if TCP RST was received. Other socket families might return
1401 * different errors. This connection is over, but the socket unit lives on. */
1402 return log_unit_debug_errno(UNIT(s
), r
,
1403 "Got %s on incoming socket, assuming aborted connection attempt, ignoring.",
1409 /* For accepting sockets, we don't know how the instance will be called until we get a connection and
1410 * can figure out what the peer name is. So let's use "internal" as the instance to make it clear
1411 * that this is not an actual peer name. We use "unknown" when we cannot figure out the peer. */
1412 r
= unit_name_build(prefix
, instance
?: "internal", ".service", &name
);
1416 return manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, ret
);
1419 static int socket_determine_selinux_label(Socket
*s
, char **ret
) {
1425 if (s
->selinux_context_from_net
) {
1426 /* If this is requested, get the label from the network label */
1428 r
= mac_selinux_get_our_label(ret
);
1429 if (r
== -EOPNOTSUPP
)
1433 /* Otherwise, get it from the executable we are about to start. */
1437 _cleanup_free_
char *path
= NULL
;
1439 r
= socket_load_service_unit(s
, -1, &service
);
1445 c
= SERVICE(service
)->exec_command
[SERVICE_EXEC_START
];
1449 r
= chase_symlinks(c
->path
, SERVICE(service
)->exec_context
.root_directory
, CHASE_PREFIX_ROOT
, &path
, NULL
);
1453 r
= mac_selinux_get_create_label_from_exe(path
, ret
);
1454 if (IN_SET(r
, -EPERM
, -EOPNOTSUPP
))
1465 static int socket_address_listen_do(
1467 const SocketAddress
*address
,
1468 const char *label
) {
1473 return socket_address_listen(
1475 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1487 #define log_address_error_errno(u, address, error, fmt) \
1489 _cleanup_free_ char *_t = NULL; \
1491 (void) socket_address_print(address, &_t); \
1492 log_unit_error_errno(u, error, fmt, strna(_t)); \
1495 static int fork_needed(const SocketAddress
*address
, const ExecContext
*context
) {
1501 /* Check if we need to do the cgroup or netns stuff. If not we can do things much simpler. */
1503 if (IN_SET(address
->sockaddr
.sa
.sa_family
, AF_INET
, AF_INET6
)) {
1504 r
= bpf_firewall_supported();
1507 if (r
!= BPF_FIREWALL_UNSUPPORTED
) /* If BPF firewalling isn't supported anyway — there's no point in this forking complexity */
1511 return context
->private_network
|| context
->network_namespace_path
;
1514 static int socket_address_listen_in_cgroup(
1516 const SocketAddress
*address
,
1517 const char *label
) {
1519 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
1526 /* This is a wrapper around socket_address_listen(), that forks off a helper process inside the
1527 * socket's cgroup and network namespace in which the socket is actually created. This way we ensure
1528 * the socket is actually properly attached to the unit's cgroup for the purpose of BPF filtering and
1531 r
= fork_needed(address
, &s
->exec_context
);
1535 /* Shortcut things... */
1536 fd
= socket_address_listen_do(s
, address
, label
);
1538 return log_address_error_errno(UNIT(s
), address
, fd
, "Failed to create listening socket (%s): %m");
1543 r
= unit_setup_exec_runtime(UNIT(s
));
1545 return log_unit_error_errno(UNIT(s
), r
, "Failed acquire runtime: %m");
1547 if (s
->exec_context
.network_namespace_path
&&
1549 s
->exec_runtime
->netns_storage_socket
[0] >= 0) {
1550 r
= open_shareable_ns_path(s
->exec_runtime
->netns_storage_socket
, s
->exec_context
.network_namespace_path
, CLONE_NEWNET
);
1552 return log_unit_error_errno(UNIT(s
), r
, "Failed to open network namespace path %s: %m", s
->exec_context
.network_namespace_path
);
1555 if (s
->exec_context
.ipc_namespace_path
&&
1557 s
->exec_runtime
->ipcns_storage_socket
[0] >= 0) {
1558 r
= open_shareable_ns_path(s
->exec_runtime
->netns_storage_socket
, s
->exec_context
.network_namespace_path
, CLONE_NEWIPC
);
1560 return log_unit_error_errno(UNIT(s
), r
, "Failed to open IPC namespace path %s: %m", s
->exec_context
.ipc_namespace_path
);
1563 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
|SOCK_CLOEXEC
, 0, pair
) < 0)
1564 return log_unit_error_errno(UNIT(s
), errno
, "Failed to create communication channel: %m");
1566 r
= unit_fork_helper_process(UNIT(s
), "(sd-listen)", &pid
);
1568 return log_unit_error_errno(UNIT(s
), r
, "Failed to fork off listener stub process: %m");
1572 pair
[0] = safe_close(pair
[0]);
1574 if ((s
->exec_context
.private_network
|| s
->exec_context
.network_namespace_path
) &&
1576 s
->exec_runtime
->netns_storage_socket
[0] >= 0) {
1578 if (ns_type_supported(NAMESPACE_NET
)) {
1579 r
= setup_shareable_ns(s
->exec_runtime
->netns_storage_socket
, CLONE_NEWNET
);
1581 log_unit_error_errno(UNIT(s
), r
, "Failed to join network namespace: %m");
1582 _exit(EXIT_NETWORK
);
1584 } else if (s
->exec_context
.network_namespace_path
) {
1585 log_unit_error(UNIT(s
), "Network namespace path configured but network namespaces not supported.");
1586 _exit(EXIT_NETWORK
);
1588 log_unit_warning(UNIT(s
), "PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.");
1591 fd
= socket_address_listen_do(s
, address
, label
);
1593 log_address_error_errno(UNIT(s
), address
, fd
, "Failed to create listening socket (%s): %m");
1594 _exit(EXIT_FAILURE
);
1597 r
= send_one_fd(pair
[1], fd
, 0);
1599 log_address_error_errno(UNIT(s
), address
, r
, "Failed to send listening socket (%s) to parent: %m");
1600 _exit(EXIT_FAILURE
);
1603 _exit(EXIT_SUCCESS
);
1606 pair
[1] = safe_close(pair
[1]);
1607 fd
= receive_one_fd(pair
[0], 0);
1609 /* We synchronously wait for the helper, as it shouldn't be slow */
1610 r
= wait_for_terminate_and_check("(sd-listen)", pid
, WAIT_LOG_ABNORMAL
);
1617 return log_address_error_errno(UNIT(s
), address
, fd
, "Failed to receive listening socket (%s): %m");
1622 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(Socket
*, socket_close_fds
, NULL
);
1624 static int socket_open_fds(Socket
*orig_s
) {
1625 _cleanup_(socket_close_fdsp
) Socket
*s
= orig_s
;
1626 _cleanup_(mac_selinux_freep
) char *label
= NULL
;
1627 bool know_label
= false;
1633 LIST_FOREACH(port
, p
, s
->ports
) {
1643 /* Figure out the label, if we don't it know yet. We do it once for the first
1644 * socket where we need this and remember it for the rest. */
1646 r
= socket_determine_selinux_label(s
, &label
);
1648 return log_unit_error_errno(UNIT(s
), r
, "Failed to determine SELinux label: %m");
1653 /* Apply the socket protocol */
1654 switch (p
->address
.type
) {
1657 case SOCK_SEQPACKET
:
1658 if (s
->socket_protocol
== IPPROTO_SCTP
)
1659 p
->address
.protocol
= s
->socket_protocol
;
1663 if (s
->socket_protocol
== IPPROTO_UDPLITE
)
1664 p
->address
.protocol
= s
->socket_protocol
;
1668 p
->fd
= socket_address_listen_in_cgroup(s
, &p
->address
, label
);
1672 socket_apply_socket_options(s
, p
, p
->fd
);
1676 case SOCKET_SPECIAL
:
1678 p
->fd
= special_address_create(p
->path
, s
->writable
);
1680 return log_unit_error_errno(UNIT(s
), p
->fd
, "Failed to open special file %s: %m", p
->path
);
1685 p
->fd
= fifo_address_create(
1690 return log_unit_error_errno(UNIT(s
), p
->fd
, "Failed to open FIFO %s: %m", p
->path
);
1692 socket_apply_fifo_options(s
, p
->fd
);
1698 p
->fd
= mq_address_create(
1704 return log_unit_error_errno(UNIT(s
), p
->fd
, "Failed to open message queue %s: %m", p
->path
);
1707 case SOCKET_USB_FUNCTION
: {
1708 _cleanup_free_
char *ep
= NULL
;
1710 ep
= path_make_absolute("ep0", p
->path
);
1714 p
->fd
= usbffs_address_create(ep
);
1718 r
= usbffs_write_descs(p
->fd
, SERVICE(UNIT_DEREF(s
->service
)));
1722 r
= usbffs_dispatch_eps(p
);
1729 assert_not_reached("Unknown port type");
1737 static void socket_unwatch_fds(Socket
*s
) {
1743 LIST_FOREACH(port
, p
, s
->ports
) {
1747 if (!p
->event_source
)
1750 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1752 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1756 static int socket_watch_fds(Socket
*s
) {
1762 LIST_FOREACH(port
, p
, s
->ports
) {
1766 if (p
->event_source
) {
1767 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1771 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1775 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1782 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1783 socket_unwatch_fds(s
);
1793 static int socket_check_open(Socket
*s
) {
1794 bool have_open
= false, have_closed
= false;
1799 LIST_FOREACH(port
, p
, s
->ports
) {
1805 if (have_open
&& have_closed
)
1806 return SOCKET_OPEN_SOME
;
1810 return SOCKET_OPEN_ALL
;
1812 return SOCKET_OPEN_NONE
;
1815 static void socket_set_state(Socket
*s
, SocketState state
) {
1816 SocketState old_state
;
1819 if (s
->state
!= state
)
1820 bus_unit_send_pending_change_signal(UNIT(s
), false);
1822 old_state
= s
->state
;
1830 SOCKET_STOP_PRE_SIGTERM
,
1831 SOCKET_STOP_PRE_SIGKILL
,
1833 SOCKET_FINAL_SIGTERM
,
1834 SOCKET_FINAL_SIGKILL
,
1837 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1838 socket_unwatch_control_pid(s
);
1839 s
->control_command
= NULL
;
1840 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1843 if (state
!= SOCKET_LISTENING
)
1844 socket_unwatch_fds(s
);
1852 SOCKET_STOP_PRE_SIGTERM
,
1853 SOCKET_STOP_PRE_SIGKILL
,
1855 socket_close_fds(s
);
1857 if (state
!= old_state
)
1858 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1860 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], 0);
1863 static int socket_coldplug(Unit
*u
) {
1864 Socket
*s
= SOCKET(u
);
1868 assert(s
->state
== SOCKET_DEAD
);
1870 if (s
->deserialized_state
== s
->state
)
1873 if (s
->control_pid
> 0 &&
1874 pid_is_unwaited(s
->control_pid
) &&
1875 IN_SET(s
->deserialized_state
,
1880 SOCKET_STOP_PRE_SIGTERM
,
1881 SOCKET_STOP_PRE_SIGKILL
,
1883 SOCKET_FINAL_SIGTERM
,
1884 SOCKET_FINAL_SIGKILL
,
1887 r
= unit_watch_pid(UNIT(s
), s
->control_pid
, false);
1891 r
= socket_arm_timer(s
, usec_add(u
->state_change_timestamp
.monotonic
, s
->timeout_usec
));
1896 if (IN_SET(s
->deserialized_state
,
1902 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1903 * for. However, this is problematic, as we won't traverse through the SOCKET_START_CHOWN state for
1904 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1905 * and if there's a mismatch, warn loudly. */
1907 r
= socket_check_open(s
);
1908 if (r
== SOCKET_OPEN_NONE
)
1909 log_unit_warning(UNIT(s
),
1910 "Socket unit configuration has changed while unit has been running, "
1911 "no open socket file descriptor left. "
1912 "The socket unit is not functional until restarted.");
1913 else if (r
== SOCKET_OPEN_SOME
)
1914 log_unit_warning(UNIT(s
),
1915 "Socket unit configuration has changed while unit has been running, "
1916 "and some socket file descriptors have not been opened yet. "
1917 "The socket unit is not fully functional until restarted.");
1920 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1921 r
= socket_watch_fds(s
);
1926 if (!IN_SET(s
->deserialized_state
, SOCKET_DEAD
, SOCKET_FAILED
, SOCKET_CLEANING
)) {
1927 (void) unit_setup_dynamic_creds(u
);
1928 (void) unit_setup_exec_runtime(u
);
1931 socket_set_state(s
, s
->deserialized_state
);
1935 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1937 _cleanup_(exec_params_clear
) ExecParameters exec_params
= {
1938 .flags
= EXEC_APPLY_SANDBOXING
|EXEC_APPLY_CHROOT
|EXEC_APPLY_TTY_STDIN
,
1951 r
= unit_prepare_exec(UNIT(s
));
1955 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
1959 r
= unit_set_exec_params(UNIT(s
), &exec_params
);
1963 r
= exec_spawn(UNIT(s
),
1973 r
= unit_watch_pid(UNIT(s
), pid
, true);
1982 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1986 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
1990 /* We have to resolve the user names out-of-process, hence
1991 * let's fork here. It's messy, but well, what can we do? */
1993 r
= unit_fork_helper_process(UNIT(s
), "(sd-chown)", &pid
);
1997 uid_t uid
= UID_INVALID
;
1998 gid_t gid
= GID_INVALID
;
2003 if (!isempty(s
->user
)) {
2004 const char *user
= s
->user
;
2006 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
, 0);
2008 log_unit_error_errno(UNIT(s
), r
, "Failed to resolve user %s: %m", user
);
2013 if (!isempty(s
->group
)) {
2014 const char *group
= s
->group
;
2016 r
= get_group_creds(&group
, &gid
, 0);
2018 log_unit_error_errno(UNIT(s
), r
, "Failed to resolve group %s: %m", group
);
2023 LIST_FOREACH(port
, p
, s
->ports
) {
2024 const char *path
= NULL
;
2026 if (p
->type
== SOCKET_SOCKET
)
2027 path
= socket_address_get_path(&p
->address
);
2028 else if (p
->type
== SOCKET_FIFO
)
2034 if (chown(path
, uid
, gid
) < 0) {
2035 log_unit_error_errno(UNIT(s
), errno
, "Failed to chown(): %m");
2040 _exit(EXIT_SUCCESS
);
2043 r
= unit_watch_pid(UNIT(s
), pid
, true);
2051 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
2055 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
2058 if (s
->result
== SOCKET_SUCCESS
)
2061 if (s
->result
== SOCKET_SUCCESS
)
2062 unit_log_success(UNIT(s
));
2064 unit_log_failure(UNIT(s
), socket_result_to_string(s
->result
));
2066 unit_warn_leftover_processes(UNIT(s
), unit_log_leftover_process_stop
);
2068 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
2070 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
, true);
2072 unit_destroy_runtime_data(UNIT(s
), &s
->exec_context
);
2074 unit_unref_uid_gid(UNIT(s
), true);
2076 dynamic_creds_destroy(&s
->dynamic_creds
);
2079 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
2081 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
2085 if (s
->result
== SOCKET_SUCCESS
)
2088 socket_unwatch_control_pid(s
);
2089 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
2090 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
2092 if (s
->control_command
) {
2093 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2097 socket_set_state(s
, SOCKET_STOP_POST
);
2099 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
2104 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
2105 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
2108 static int state_to_kill_operation(Socket
*s
, SocketState state
) {
2109 if (state
== SOCKET_STOP_PRE_SIGTERM
&& unit_has_job_type(UNIT(s
), JOB_RESTART
))
2110 return KILL_RESTART
;
2112 if (state
== SOCKET_FINAL_SIGTERM
)
2113 return KILL_TERMINATE
;
2118 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
2123 if (s
->result
== SOCKET_SUCCESS
)
2126 r
= unit_kill_context(
2129 state_to_kill_operation(s
, state
),
2137 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
2141 socket_set_state(s
, state
);
2142 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
2143 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
2144 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
2145 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
2146 else if (state
== SOCKET_FINAL_SIGTERM
)
2147 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
2149 socket_enter_dead(s
, SOCKET_SUCCESS
);
2154 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
2156 if (IN_SET(state
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_STOP_PRE_SIGKILL
))
2157 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
2159 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
2162 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
2166 if (s
->result
== SOCKET_SUCCESS
)
2169 socket_unwatch_control_pid(s
);
2170 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
2171 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
2173 if (s
->control_command
) {
2174 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2178 socket_set_state(s
, SOCKET_STOP_PRE
);
2180 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
2185 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
2186 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
2189 static void socket_enter_listening(Socket
*s
) {
2193 if (!s
->accept
&& s
->flush_pending
) {
2194 log_unit_debug(UNIT(s
), "Flushing socket before listening.");
2198 r
= socket_watch_fds(s
);
2200 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
2204 socket_set_state(s
, SOCKET_LISTENING
);
2208 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2211 static void socket_enter_start_post(Socket
*s
) {
2215 socket_unwatch_control_pid(s
);
2216 s
->control_command_id
= SOCKET_EXEC_START_POST
;
2217 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
2219 if (s
->control_command
) {
2220 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2222 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
2226 socket_set_state(s
, SOCKET_START_POST
);
2228 socket_enter_listening(s
);
2233 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2236 static void socket_enter_start_chown(Socket
*s
) {
2241 r
= socket_open_fds(s
);
2243 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
2247 if (!isempty(s
->user
) || !isempty(s
->group
)) {
2249 socket_unwatch_control_pid(s
);
2250 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
2251 s
->control_command
= NULL
;
2253 r
= socket_chown(s
, &s
->control_pid
);
2255 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
2259 socket_set_state(s
, SOCKET_START_CHOWN
);
2261 socket_enter_start_post(s
);
2266 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2269 static void socket_enter_start_pre(Socket
*s
) {
2273 socket_unwatch_control_pid(s
);
2275 unit_warn_leftover_processes(UNIT(s
), unit_log_leftover_process_start
);
2277 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
2278 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
2280 if (s
->control_command
) {
2281 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2283 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
2287 socket_set_state(s
, SOCKET_START_PRE
);
2289 socket_enter_start_chown(s
);
2294 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
2297 static void flush_ports(Socket
*s
) {
2300 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
2303 LIST_FOREACH(port
, p
, s
->ports
) {
2307 (void) flush_accept(p
->fd
);
2308 (void) flush_fd(p
->fd
);
2312 static void socket_enter_running(Socket
*s
, int cfd_in
) {
2313 /* Note that this call takes possession of the connection fd passed. It either has to assign it
2314 * somewhere or close it. */
2315 _cleanup_close_
int cfd
= cfd_in
;
2317 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2322 /* We don't take connections anymore if we are supposed to shut down anyway */
2323 if (unit_stop_pending(UNIT(s
))) {
2325 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
2334 if (!ratelimit_below(&s
->trigger_limit
)) {
2335 log_unit_warning(UNIT(s
), "Trigger limit hit, refusing further activation.");
2336 socket_enter_stop_pre(s
, SOCKET_FAILURE_TRIGGER_LIMIT_HIT
);
2341 bool pending
= false;
2345 /* If there's already a start pending don't bother to
2347 HASHMAP_FOREACH_KEY(v
, other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
])
2348 if (unit_active_or_pending(other
)) {
2354 if (!UNIT_ISSET(s
->service
)) {
2355 r
= log_unit_error_errno(UNIT(s
), SYNTHETIC_ERRNO(ENOENT
),
2356 "Service to activate vanished, refusing activation.");
2360 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, NULL
, &error
, NULL
);
2365 socket_set_state(s
, SOCKET_RUNNING
);
2367 _cleanup_(socket_peer_unrefp
) SocketPeer
*p
= NULL
;
2370 if (s
->n_connections
>= s
->max_connections
) {
2371 log_unit_warning(UNIT(s
), "Too many incoming connections (%u), dropping connection.",
2376 if (s
->max_connections_per_source
> 0) {
2377 r
= socket_acquire_peer(s
, cfd
, &p
);
2378 if (ERRNO_IS_DISCONNECT(r
))
2380 if (r
< 0) /* We didn't have enough resources to acquire peer information, let's fail. */
2382 if (r
> 0 && p
->n_ref
> s
->max_connections_per_source
) {
2383 _cleanup_free_
char *t
= NULL
;
2385 (void) sockaddr_pretty(&p
->peer
.sa
, p
->peer_salen
, true, false, &t
);
2387 log_unit_warning(UNIT(s
),
2388 "Too many incoming connections (%u) from source %s, dropping connection.",
2389 p
->n_ref
, strnull(t
));
2394 r
= socket_load_service_unit(s
, cfd
, &service
);
2395 if (ERRNO_IS_DISCONNECT(r
))
2400 r
= unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, service
,
2401 false, UNIT_DEPENDENCY_IMPLICIT
);
2407 r
= service_set_socket_fd(SERVICE(service
), cfd
, s
, s
->selinux_context_from_net
);
2408 if (ERRNO_IS_DISCONNECT(r
))
2413 TAKE_FD(cfd
); /* We passed ownership of the fd to the service now. Forget it here. */
2416 SERVICE(service
)->peer
= TAKE_PTR(p
); /* Pass ownership of the peer reference */
2418 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, service
, JOB_REPLACE
, NULL
, &error
, NULL
);
2420 /* We failed to activate the new service, but it still exists. Let's make sure the
2421 * service closes and forgets the connection fd again, immediately. */
2422 service_close_socket_fd(SERVICE(service
));
2426 /* Notify clients about changed counters */
2427 unit_add_to_dbus_queue(UNIT(s
));
2438 if (ERRNO_IS_RESOURCE(r
))
2439 log_unit_warning(UNIT(s
), "Failed to queue service startup job: %s",
2440 bus_error_message(&error
, r
));
2442 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2443 cfd
>= 0 ? "template" : "non-template",
2444 bus_error_message(&error
, r
));
2446 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2449 static void socket_run_next(Socket
*s
) {
2453 assert(s
->control_command
);
2454 assert(s
->control_command
->command_next
);
2456 socket_unwatch_control_pid(s
);
2458 s
->control_command
= s
->control_command
->command_next
;
2460 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2467 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
2469 if (s
->state
== SOCKET_START_POST
)
2470 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2471 else if (s
->state
== SOCKET_STOP_POST
)
2472 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
2474 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
2477 static int socket_start(Unit
*u
) {
2478 Socket
*s
= SOCKET(u
);
2483 /* We cannot fulfill this request right now, try again later
2485 if (IN_SET(s
->state
,
2487 SOCKET_STOP_PRE_SIGKILL
,
2488 SOCKET_STOP_PRE_SIGTERM
,
2490 SOCKET_FINAL_SIGTERM
,
2491 SOCKET_FINAL_SIGKILL
,
2495 /* Already on it! */
2496 if (IN_SET(s
->state
,
2502 /* Cannot run this without the service being around */
2503 if (UNIT_ISSET(s
->service
)) {
2506 service
= SERVICE(UNIT_DEREF(s
->service
));
2508 if (UNIT(service
)->load_state
!= UNIT_LOADED
)
2509 return log_unit_error_errno(u
, SYNTHETIC_ERRNO(ENOENT
), "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
2511 /* If the service is already active we cannot start the
2513 if (!IN_SET(service
->state
, SERVICE_DEAD
, SERVICE_FAILED
, SERVICE_AUTO_RESTART
))
2514 return log_unit_error_errno(u
, SYNTHETIC_ERRNO(EBUSY
), "Socket service %s already active, refusing.", UNIT(service
)->id
);
2517 assert(IN_SET(s
->state
, SOCKET_DEAD
, SOCKET_FAILED
));
2519 r
= unit_test_start_limit(u
);
2521 socket_enter_dead(s
, SOCKET_FAILURE_START_LIMIT_HIT
);
2525 r
= unit_acquire_invocation_id(u
);
2529 s
->result
= SOCKET_SUCCESS
;
2530 exec_command_reset_status_list_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
2532 u
->reset_accounting
= true;
2534 socket_enter_start_pre(s
);
2538 static int socket_stop(Unit
*u
) {
2539 Socket
*s
= SOCKET(u
);
2544 if (IN_SET(s
->state
,
2546 SOCKET_STOP_PRE_SIGTERM
,
2547 SOCKET_STOP_PRE_SIGKILL
,
2549 SOCKET_FINAL_SIGTERM
,
2550 SOCKET_FINAL_SIGKILL
))
2553 /* If there's already something running we go directly into
2555 if (IN_SET(s
->state
,
2558 SOCKET_START_POST
)) {
2559 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
2563 /* If we are currently cleaning, then abort it, brutally. */
2564 if (s
->state
== SOCKET_CLEANING
) {
2565 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
2569 assert(IN_SET(s
->state
, SOCKET_LISTENING
, SOCKET_RUNNING
));
2571 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
2575 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
2576 Socket
*s
= SOCKET(u
);
2584 (void) serialize_item(f
, "state", socket_state_to_string(s
->state
));
2585 (void) serialize_item(f
, "result", socket_result_to_string(s
->result
));
2586 (void) serialize_item_format(f
, "n-accepted", "%u", s
->n_accepted
);
2587 (void) serialize_item_format(f
, "n-refused", "%u", s
->n_refused
);
2589 if (s
->control_pid
> 0)
2590 (void) serialize_item_format(f
, "control-pid", PID_FMT
, s
->control_pid
);
2592 if (s
->control_command_id
>= 0)
2593 (void) serialize_item(f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2595 LIST_FOREACH(port
, p
, s
->ports
) {
2601 copy
= fdset_put_dup(fds
, p
->fd
);
2603 return log_unit_warning_errno(u
, copy
, "Failed to serialize socket fd: %m");
2605 if (p
->type
== SOCKET_SOCKET
) {
2606 _cleanup_free_
char *t
= NULL
;
2608 r
= socket_address_print(&p
->address
, &t
);
2610 return log_unit_error_errno(u
, r
, "Failed to format socket address: %m");
2612 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2613 (void) serialize_item_format(f
, "netlink", "%i %s", copy
, t
);
2615 (void) serialize_item_format(f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2616 } else if (p
->type
== SOCKET_SPECIAL
)
2617 (void) serialize_item_format(f
, "special", "%i %s", copy
, p
->path
);
2618 else if (p
->type
== SOCKET_MQUEUE
)
2619 (void) serialize_item_format(f
, "mqueue", "%i %s", copy
, p
->path
);
2620 else if (p
->type
== SOCKET_USB_FUNCTION
)
2621 (void) serialize_item_format(f
, "ffs", "%i %s", copy
, p
->path
);
2623 assert(p
->type
== SOCKET_FIFO
);
2624 (void) serialize_item_format(f
, "fifo", "%i %s", copy
, p
->path
);
2631 static void socket_port_take_fd(SocketPort
*p
, FDSet
*fds
, int fd
) {
2635 p
->fd
= fdset_remove(fds
, fd
);
2638 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2639 Socket
*s
= SOCKET(u
);
2645 if (streq(key
, "state")) {
2648 state
= socket_state_from_string(value
);
2650 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2652 s
->deserialized_state
= state
;
2653 } else if (streq(key
, "result")) {
2656 f
= socket_result_from_string(value
);
2658 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2659 else if (f
!= SOCKET_SUCCESS
)
2662 } else if (streq(key
, "n-accepted")) {
2665 if (safe_atou(value
, &k
) < 0)
2666 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2669 } else if (streq(key
, "n-refused")) {
2672 if (safe_atou(value
, &k
) < 0)
2673 log_unit_debug(u
, "Failed to parse n-refused value: %s", value
);
2676 } else if (streq(key
, "control-pid")) {
2679 if (parse_pid(value
, &pid
) < 0)
2680 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2682 s
->control_pid
= pid
;
2683 } else if (streq(key
, "control-command")) {
2684 SocketExecCommand id
;
2686 id
= socket_exec_command_from_string(value
);
2688 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2690 s
->control_command_id
= id
;
2691 s
->control_command
= s
->exec_command
[id
];
2693 } else if (streq(key
, "fifo")) {
2697 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2698 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2700 LIST_FOREACH(port
, p
, s
->ports
)
2701 if (p
->type
== SOCKET_FIFO
&&
2702 path_equal_or_files_same(p
->path
, value
+skip
, 0)) {
2703 socket_port_take_fd(p
, fds
, fd
);
2707 } else if (streq(key
, "special")) {
2711 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2712 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2714 LIST_FOREACH(port
, p
, s
->ports
)
2715 if (p
->type
== SOCKET_SPECIAL
&&
2716 path_equal_or_files_same(p
->path
, value
+skip
, 0)) {
2717 socket_port_take_fd(p
, fds
, fd
);
2721 } else if (streq(key
, "mqueue")) {
2725 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2726 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2728 LIST_FOREACH(port
, p
, s
->ports
)
2729 if (p
->type
== SOCKET_MQUEUE
&&
2730 streq(p
->path
, value
+skip
)) {
2731 socket_port_take_fd(p
, fds
, fd
);
2735 } else if (streq(key
, "socket")) {
2736 int fd
, type
, skip
= 0;
2739 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2740 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2742 LIST_FOREACH(port
, p
, s
->ports
)
2743 if (socket_address_is(&p
->address
, value
+skip
, type
)) {
2744 socket_port_take_fd(p
, fds
, fd
);
2748 } else if (streq(key
, "netlink")) {
2752 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2753 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2755 LIST_FOREACH(port
, p
, s
->ports
)
2756 if (socket_address_is_netlink(&p
->address
, value
+skip
)) {
2757 socket_port_take_fd(p
, fds
, fd
);
2761 } else if (streq(key
, "ffs")) {
2765 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2766 log_unit_debug(u
, "Failed to parse ffs value: %s", value
);
2768 LIST_FOREACH(port
, p
, s
->ports
)
2769 if (p
->type
== SOCKET_USB_FUNCTION
&&
2770 path_equal_or_files_same(p
->path
, value
+skip
, 0)) {
2771 socket_port_take_fd(p
, fds
, fd
);
2776 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2781 static void socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2782 Socket
*s
= SOCKET(u
);
2787 LIST_FOREACH(port
, p
, s
->ports
) {
2790 if (p
->type
!= SOCKET_SOCKET
)
2796 FDSET_FOREACH(fd
, fds
) {
2797 if (socket_address_matches_fd(&p
->address
, fd
)) {
2798 p
->fd
= fdset_remove(fds
, fd
);
2799 s
->deserialized_state
= SOCKET_LISTENING
;
2806 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2809 return state_translation_table
[SOCKET(u
)->state
];
2812 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2815 return socket_state_to_string(SOCKET(u
)->state
);
2818 const char* socket_port_type_to_string(SocketPort
*p
) {
2826 switch (p
->address
.type
) {
2834 case SOCK_SEQPACKET
:
2835 return "SequentialPacket";
2838 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2846 case SOCKET_SPECIAL
:
2850 return "MessageQueue";
2855 case SOCKET_USB_FUNCTION
:
2856 return "USBFunction";
2863 SocketType
socket_port_type_from_string(const char *s
) {
2866 if (STR_IN_SET(s
, "Stream", "Datagram", "SequentialPacket", "Netlink"))
2867 return SOCKET_SOCKET
;
2868 else if (streq(s
, "Special"))
2869 return SOCKET_SPECIAL
;
2870 else if (streq(s
, "MessageQueue"))
2871 return SOCKET_MQUEUE
;
2872 else if (streq(s
, "FIFO"))
2874 else if (streq(s
, "USBFunction"))
2875 return SOCKET_USB_FUNCTION
;
2877 return _SOCKET_TYPE_INVALID
;
2880 _pure_
static bool socket_may_gc(Unit
*u
) {
2881 Socket
*s
= SOCKET(u
);
2885 return s
->n_connections
== 0;
2888 static int socket_accept_do(Socket
*s
, int fd
) {
2894 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
|SOCK_CLOEXEC
);
2896 /* Convert transient network errors into clean and well-defined EAGAIN */
2897 return ERRNO_IS_ACCEPT_AGAIN(errno
) ? -EAGAIN
: -errno
;
2902 static int socket_accept_in_cgroup(Socket
*s
, SocketPort
*p
, int fd
) {
2903 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
2911 /* Similar to socket_address_listen_in_cgroup(), but for accept() rather than socket(): make sure that any
2912 * connection socket is also properly associated with the cgroup. */
2914 if (!IN_SET(p
->address
.sockaddr
.sa
.sa_family
, AF_INET
, AF_INET6
))
2917 r
= bpf_firewall_supported();
2920 if (r
== BPF_FIREWALL_UNSUPPORTED
)
2923 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
|SOCK_CLOEXEC
, 0, pair
) < 0)
2924 return log_unit_error_errno(UNIT(s
), errno
, "Failed to create communication channel: %m");
2926 r
= unit_fork_helper_process(UNIT(s
), "(sd-accept)", &pid
);
2928 return log_unit_error_errno(UNIT(s
), r
, "Failed to fork off accept stub process: %m");
2932 pair
[0] = safe_close(pair
[0]);
2934 cfd
= socket_accept_do(s
, fd
);
2935 if (cfd
== -EAGAIN
) /* spurious accept() */
2936 _exit(EXIT_SUCCESS
);
2938 log_unit_error_errno(UNIT(s
), cfd
, "Failed to accept connection socket: %m");
2939 _exit(EXIT_FAILURE
);
2942 r
= send_one_fd(pair
[1], cfd
, 0);
2944 log_unit_error_errno(UNIT(s
), r
, "Failed to send connection socket to parent: %m");
2945 _exit(EXIT_FAILURE
);
2948 _exit(EXIT_SUCCESS
);
2951 pair
[1] = safe_close(pair
[1]);
2952 cfd
= receive_one_fd(pair
[0], 0);
2954 /* We synchronously wait for the helper, as it shouldn't be slow */
2955 r
= wait_for_terminate_and_check("(sd-accept)", pid
, WAIT_LOG_ABNORMAL
);
2961 /* If we received no fd, we got EIO here. If this happens with a process exit code of EXIT_SUCCESS
2962 * this is a spurious accept(), let's convert that back to EAGAIN here. */
2966 return log_unit_error_errno(UNIT(s
), cfd
, "Failed to receive connection socket: %m");
2971 cfd
= socket_accept_do(s
, fd
);
2972 if (cfd
== -EAGAIN
) /* spurious accept(), skip it silently */
2975 return log_unit_error_errno(UNIT(s
), cfd
, "Failed to accept connection socket: %m");
2980 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2981 SocketPort
*p
= userdata
;
2987 if (p
->socket
->state
!= SOCKET_LISTENING
)
2990 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2992 if (revents
!= EPOLLIN
) {
2993 if (revents
& EPOLLHUP
)
2994 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2996 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
3000 if (p
->socket
->accept
&&
3001 p
->type
== SOCKET_SOCKET
&&
3002 socket_address_can_accept(&p
->address
)) {
3004 cfd
= socket_accept_in_cgroup(p
->socket
, p
, fd
);
3005 if (cfd
== -EAGAIN
) /* Spurious accept() */
3010 socket_apply_socket_options(p
->socket
, p
, cfd
);
3013 socket_enter_running(p
->socket
, cfd
);
3017 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
3021 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
3022 Socket
*s
= SOCKET(u
);
3028 if (pid
!= s
->control_pid
)
3033 if (is_clean_exit(code
, status
, EXIT_CLEAN_COMMAND
, NULL
))
3035 else if (code
== CLD_EXITED
)
3036 f
= SOCKET_FAILURE_EXIT_CODE
;
3037 else if (code
== CLD_KILLED
)
3038 f
= SOCKET_FAILURE_SIGNAL
;
3039 else if (code
== CLD_DUMPED
)
3040 f
= SOCKET_FAILURE_CORE_DUMP
;
3042 assert_not_reached("Unknown sigchld code");
3044 if (s
->control_command
) {
3045 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
3047 if (s
->control_command
->flags
& EXEC_COMMAND_IGNORE_FAILURE
)
3051 unit_log_process_exit(
3054 socket_exec_command_to_string(s
->control_command_id
),
3055 f
== SOCKET_SUCCESS
,
3058 if (s
->result
== SOCKET_SUCCESS
)
3061 if (s
->control_command
&&
3062 s
->control_command
->command_next
&&
3063 f
== SOCKET_SUCCESS
) {
3065 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
3068 s
->control_command
= NULL
;
3069 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
3071 /* No further commands for this step, so let's figure
3072 * out what to do next */
3074 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
3078 case SOCKET_START_PRE
:
3079 if (f
== SOCKET_SUCCESS
)
3080 socket_enter_start_chown(s
);
3082 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
3085 case SOCKET_START_CHOWN
:
3086 if (f
== SOCKET_SUCCESS
)
3087 socket_enter_start_post(s
);
3089 socket_enter_stop_pre(s
, f
);
3092 case SOCKET_START_POST
:
3093 if (f
== SOCKET_SUCCESS
)
3094 socket_enter_listening(s
);
3096 socket_enter_stop_pre(s
, f
);
3099 case SOCKET_STOP_PRE
:
3100 case SOCKET_STOP_PRE_SIGTERM
:
3101 case SOCKET_STOP_PRE_SIGKILL
:
3102 socket_enter_stop_post(s
, f
);
3105 case SOCKET_STOP_POST
:
3106 case SOCKET_FINAL_SIGTERM
:
3107 case SOCKET_FINAL_SIGKILL
:
3108 socket_enter_dead(s
, f
);
3111 case SOCKET_CLEANING
:
3113 if (s
->clean_result
== SOCKET_SUCCESS
)
3114 s
->clean_result
= f
;
3116 socket_enter_dead(s
, SOCKET_SUCCESS
);
3120 assert_not_reached("Uh, control process died at wrong time.");
3124 /* Notify clients about changed exit status */
3125 unit_add_to_dbus_queue(u
);
3128 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
3129 Socket
*s
= SOCKET(userdata
);
3132 assert(s
->timer_event_source
== source
);
3136 case SOCKET_START_PRE
:
3137 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
3138 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
3141 case SOCKET_START_CHOWN
:
3142 case SOCKET_START_POST
:
3143 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
3144 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
3147 case SOCKET_STOP_PRE
:
3148 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
3149 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
3152 case SOCKET_STOP_PRE_SIGTERM
:
3153 if (s
->kill_context
.send_sigkill
) {
3154 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
3155 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
3157 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
3158 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
3162 case SOCKET_STOP_PRE_SIGKILL
:
3163 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
3164 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
3167 case SOCKET_STOP_POST
:
3168 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
3169 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
3172 case SOCKET_FINAL_SIGTERM
:
3173 if (s
->kill_context
.send_sigkill
) {
3174 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
3175 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
3177 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
3178 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
3182 case SOCKET_FINAL_SIGKILL
:
3183 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
3184 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
3187 case SOCKET_CLEANING
:
3188 log_unit_warning(UNIT(s
), "Cleaning timed out. killing.");
3190 if (s
->clean_result
== SOCKET_SUCCESS
)
3191 s
->clean_result
= SOCKET_FAILURE_TIMEOUT
;
3193 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, 0);
3197 assert_not_reached("Timeout at wrong time.");
3203 int socket_collect_fds(Socket
*s
, int **fds
) {
3204 size_t k
= 0, n
= 0;
3211 /* Called from the service code for requesting our fds */
3213 LIST_FOREACH(port
, p
, s
->ports
) {
3216 n
+= p
->n_auxiliary_fds
;
3228 LIST_FOREACH(port
, p
, s
->ports
) {
3233 for (i
= 0; i
< p
->n_auxiliary_fds
; ++i
)
3234 rfds
[k
++] = p
->auxiliary_fds
[i
];
3243 static void socket_reset_failed(Unit
*u
) {
3244 Socket
*s
= SOCKET(u
);
3248 if (s
->state
== SOCKET_FAILED
)
3249 socket_set_state(s
, SOCKET_DEAD
);
3251 s
->result
= SOCKET_SUCCESS
;
3252 s
->clean_result
= SOCKET_SUCCESS
;
3255 void socket_connection_unref(Socket
*s
) {
3258 /* The service is dead. Yay!
3260 * This is strictly for one-instance-per-connection
3263 assert(s
->n_connections
> 0);
3266 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
3269 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
3270 Socket
*s
= SOCKET(u
);
3275 /* Filter out invocations with bogus state */
3276 assert(UNIT_IS_LOAD_COMPLETE(other
->load_state
));
3277 assert(other
->type
== UNIT_SERVICE
);
3279 /* Don't propagate state changes from the service if we are already down */
3280 if (!IN_SET(s
->state
, SOCKET_RUNNING
, SOCKET_LISTENING
))
3283 /* We don't care for the service state if we are in Accept=yes mode */
3287 /* Propagate start limit hit state */
3288 if (other
->start_limit_hit
) {
3289 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT
);
3293 /* Don't propagate anything if there's still a job queued */
3297 if (IN_SET(SERVICE(other
)->state
,
3298 SERVICE_DEAD
, SERVICE_FAILED
,
3299 SERVICE_FINAL_SIGTERM
, SERVICE_FINAL_SIGKILL
,
3300 SERVICE_AUTO_RESTART
))
3301 socket_enter_listening(s
);
3303 if (SERVICE(other
)->state
== SERVICE_RUNNING
)
3304 socket_set_state(s
, SOCKET_RUNNING
);
3307 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
3308 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
3311 static int socket_get_timeout(Unit
*u
, usec_t
*timeout
) {
3312 Socket
*s
= SOCKET(u
);
3316 if (!s
->timer_event_source
)
3319 r
= sd_event_source_get_time(s
->timer_event_source
, &t
);
3322 if (t
== USEC_INFINITY
)
3329 char *socket_fdname(Socket
*s
) {
3332 /* Returns the name to use for $LISTEN_NAMES. If the user
3333 * didn't specify anything specifically, use the socket unit's
3334 * name as fallback. */
3336 return s
->fdname
?: UNIT(s
)->id
;
3339 static int socket_control_pid(Unit
*u
) {
3340 Socket
*s
= SOCKET(u
);
3344 return s
->control_pid
;
3347 static int socket_clean(Unit
*u
, ExecCleanMask mask
) {
3348 _cleanup_strv_free_
char **l
= NULL
;
3349 Socket
*s
= SOCKET(u
);
3355 if (s
->state
!= SOCKET_DEAD
)
3358 r
= exec_context_get_clean_directories(&s
->exec_context
, u
->manager
->prefix
, mask
, &l
);
3362 if (strv_isempty(l
))
3365 socket_unwatch_control_pid(s
);
3366 s
->clean_result
= SOCKET_SUCCESS
;
3367 s
->control_command
= NULL
;
3368 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
3370 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->exec_context
.timeout_clean_usec
));
3374 r
= unit_fork_and_watch_rm_rf(u
, l
, &s
->control_pid
);
3378 socket_set_state(s
, SOCKET_CLEANING
);
3383 log_unit_warning_errno(u
, r
, "Failed to initiate cleaning: %m");
3384 s
->clean_result
= SOCKET_FAILURE_RESOURCES
;
3385 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
3389 static int socket_can_clean(Unit
*u
, ExecCleanMask
*ret
) {
3390 Socket
*s
= SOCKET(u
);
3394 return exec_context_get_clean_mask(&s
->exec_context
, ret
);
3397 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
3398 [SOCKET_EXEC_START_PRE
] = "ExecStartPre",
3399 [SOCKET_EXEC_START_CHOWN
] = "ExecStartChown",
3400 [SOCKET_EXEC_START_POST
] = "ExecStartPost",
3401 [SOCKET_EXEC_STOP_PRE
] = "ExecStopPre",
3402 [SOCKET_EXEC_STOP_POST
] = "ExecStopPost"
3405 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
3407 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
3408 [SOCKET_SUCCESS
] = "success",
3409 [SOCKET_FAILURE_RESOURCES
] = "resources",
3410 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
3411 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
3412 [SOCKET_FAILURE_SIGNAL
] = "signal",
3413 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
3414 [SOCKET_FAILURE_START_LIMIT_HIT
] = "start-limit-hit",
3415 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT
] = "trigger-limit-hit",
3416 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT
] = "service-start-limit-hit"
3419 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
3421 static const char* const socket_timestamping_table
[_SOCKET_TIMESTAMPING_MAX
] = {
3422 [SOCKET_TIMESTAMPING_OFF
] = "off",
3423 [SOCKET_TIMESTAMPING_US
] = "us",
3424 [SOCKET_TIMESTAMPING_NS
] = "ns",
3427 DEFINE_STRING_TABLE_LOOKUP(socket_timestamping
, SocketTimestamping
);
3429 SocketTimestamping
socket_timestamping_from_string_harder(const char *p
) {
3430 SocketTimestamping t
;
3434 return _SOCKET_TIMESTAMPING_INVALID
;
3436 t
= socket_timestamping_from_string(p
);
3440 /* Let's alternatively support the various other aliases parse_time() accepts for ns and µs here,
3442 if (streq(p
, "nsec"))
3443 return SOCKET_TIMESTAMPING_NS
;
3444 if (STR_IN_SET(p
, "usec", "µs"))
3445 return SOCKET_TIMESTAMPING_US
;
3447 r
= parse_boolean(p
);
3449 return _SOCKET_TIMESTAMPING_INVALID
;
3451 return r
? SOCKET_TIMESTAMPING_NS
: SOCKET_TIMESTAMPING_OFF
; /* If boolean yes, default to ns accuracy */
3454 const UnitVTable socket_vtable
= {
3455 .object_size
= sizeof(Socket
),
3456 .exec_context_offset
= offsetof(Socket
, exec_context
),
3457 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
3458 .kill_context_offset
= offsetof(Socket
, kill_context
),
3459 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
3460 .dynamic_creds_offset
= offsetof(Socket
, dynamic_creds
),
3466 .private_section
= "Socket",
3468 .can_transient
= true,
3469 .can_trigger
= true,
3472 .init
= socket_init
,
3473 .done
= socket_done
,
3474 .load
= socket_load
,
3476 .coldplug
= socket_coldplug
,
3478 .dump
= socket_dump
,
3480 .start
= socket_start
,
3481 .stop
= socket_stop
,
3483 .kill
= socket_kill
,
3484 .clean
= socket_clean
,
3485 .can_clean
= socket_can_clean
,
3487 .get_timeout
= socket_get_timeout
,
3489 .serialize
= socket_serialize
,
3490 .deserialize_item
= socket_deserialize_item
,
3491 .distribute_fds
= socket_distribute_fds
,
3493 .active_state
= socket_active_state
,
3494 .sub_state_to_string
= socket_sub_state_to_string
,
3496 .will_restart
= unit_will_restart_default
,
3498 .may_gc
= socket_may_gc
,
3500 .sigchld_event
= socket_sigchld_event
,
3502 .trigger_notify
= socket_trigger_notify
,
3504 .reset_failed
= socket_reset_failed
,
3506 .control_pid
= socket_control_pid
,
3508 .bus_set_property
= bus_socket_set_property
,
3509 .bus_commit_properties
= bus_socket_commit_properties
,
3511 .status_message_formats
= {
3512 /*.starting_stopping = {
3513 [0] = "Starting socket %s...",
3514 [1] = "Stopping socket %s...",
3516 .finished_start_job
= {
3517 [JOB_DONE
] = "Listening on %s.",
3518 [JOB_FAILED
] = "Failed to listen on %s.",
3519 [JOB_TIMEOUT
] = "Timed out starting %s.",
3521 .finished_stop_job
= {
3522 [JOB_DONE
] = "Closed %s.",
3523 [JOB_FAILED
] = "Failed stopping %s.",
3524 [JOB_TIMEOUT
] = "Timed out stopping %s.",