1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
52 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
53 [SOCKET_DEAD
] = UNIT_INACTIVE
,
54 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
55 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
56 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
57 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
58 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
59 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
60 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
61 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
63 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
64 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
65 [SOCKET_FAILED
] = UNIT_FAILED
68 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
69 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
71 static void socket_init(Unit
*u
) {
72 Socket
*s
= SOCKET(u
);
75 assert(u
->load_state
== UNIT_STUB
);
77 s
->backlog
= SOMAXCONN
;
78 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
79 s
->directory_mode
= 0755;
80 s
->socket_mode
= 0666;
82 s
->max_connections
= 64;
89 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
90 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
92 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
95 static void socket_unwatch_control_pid(Socket
*s
) {
98 if (s
->control_pid
<= 0)
101 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
105 void socket_free_ports(Socket
*s
) {
110 while ((p
= s
->ports
)) {
111 LIST_REMOVE(port
, s
->ports
, p
);
113 sd_event_source_unref(p
->event_source
);
121 static void socket_done(Unit
*u
) {
122 Socket
*s
= SOCKET(u
);
126 socket_free_ports(s
);
128 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
129 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
130 s
->control_command
= NULL
;
132 socket_unwatch_control_pid(s
);
134 unit_ref_unset(&s
->service
);
136 free(s
->tcp_congestion
);
137 s
->tcp_congestion
= NULL
;
139 free(s
->bind_to_device
);
140 s
->bind_to_device
= NULL
;
143 free(s
->smack_ip_in
);
144 free(s
->smack_ip_out
);
146 strv_free(s
->symlinks
);
151 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
154 static int socket_arm_timer(Socket
*s
) {
159 if (s
->timeout_usec
<= 0) {
160 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
164 if (s
->timer_event_source
) {
165 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
169 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
172 return sd_event_add_time(
173 UNIT(s
)->manager
->event
,
174 &s
->timer_event_source
,
176 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
177 socket_dispatch_timer
, s
);
180 int socket_instantiate_service(Socket
*s
) {
181 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
187 /* This fills in s->service if it isn't filled in yet. For
188 * Accept=yes sockets we create the next connection service
189 * here. For Accept=no this is mostly a NOP since the service
190 * is figured out at load time anyway. */
192 if (UNIT_DEREF(s
->service
) || !s
->accept
)
195 prefix
= unit_name_to_prefix(UNIT(s
)->id
);
199 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
202 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
207 unit_ref_set(&s
->service
, u
);
209 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
212 static bool have_non_accept_socket(Socket
*s
) {
220 LIST_FOREACH(port
, p
, s
->ports
) {
222 if (p
->type
!= SOCKET_SOCKET
)
225 if (!socket_address_can_accept(&p
->address
))
232 static int socket_add_mount_links(Socket
*s
) {
238 LIST_FOREACH(port
, p
, s
->ports
) {
239 const char *path
= NULL
;
241 if (p
->type
== SOCKET_SOCKET
)
242 path
= socket_address_get_path(&p
->address
);
243 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
249 r
= unit_require_mounts_for(UNIT(s
), path
);
257 static int socket_add_device_link(Socket
*s
) {
262 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
265 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
266 return unit_add_node_link(UNIT(s
), t
, false);
269 static int socket_add_default_dependencies(Socket
*s
) {
273 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
277 if (UNIT(s
)->manager
->running_as
== SYSTEMD_SYSTEM
) {
278 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
283 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
286 _pure_
static bool socket_has_exec(Socket
*s
) {
290 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
291 if (s
->exec_command
[i
])
297 static int socket_add_extras(Socket
*s
) {
303 if (have_non_accept_socket(s
)) {
305 if (!UNIT_DEREF(s
->service
)) {
308 r
= unit_load_related_unit(u
, ".service", &x
);
312 unit_ref_set(&s
->service
, x
);
315 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
320 r
= socket_add_mount_links(s
);
324 r
= socket_add_device_link(s
);
328 r
= unit_patch_contexts(u
);
332 if (socket_has_exec(s
)) {
333 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
337 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
342 if (u
->default_dependencies
) {
343 r
= socket_add_default_dependencies(s
);
351 static const char *socket_find_symlink_target(Socket
*s
) {
352 const char *found
= NULL
;
355 LIST_FOREACH(port
, p
, s
->ports
) {
356 const char *f
= NULL
;
365 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
366 f
= p
->address
.sockaddr
.un
.sun_path
;
384 static int socket_verify(Socket
*s
) {
387 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
391 log_unit_error(UNIT(s
)->id
, "%s lacks Listen setting. Refusing.", UNIT(s
)->id
);
395 if (s
->accept
&& have_non_accept_socket(s
)) {
396 log_unit_error(UNIT(s
)->id
, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
401 if (s
->accept
&& s
->max_connections
<= 0) {
402 log_unit_error(UNIT(s
)->id
, "%s's MaxConnection setting too small. Refusing.", UNIT(s
)->id
);
406 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
407 log_unit_error(UNIT(s
)->id
, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s
)->id
);
411 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
412 log_unit_error(UNIT(s
)->id
, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s
)->id
);
416 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
417 log_unit_error(UNIT(s
)->id
, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s
)->id
);
424 static int socket_load(Unit
*u
) {
425 Socket
*s
= SOCKET(u
);
429 assert(u
->load_state
== UNIT_STUB
);
431 r
= unit_load_fragment_and_dropin(u
);
435 if (u
->load_state
== UNIT_LOADED
) {
436 /* This is a new unit? Then let's add in some extras */
437 r
= socket_add_extras(s
);
442 return socket_verify(s
);
445 _const_
static const char* listen_lookup(int family
, int type
) {
447 if (family
== AF_NETLINK
)
448 return "ListenNetlink";
450 if (type
== SOCK_STREAM
)
451 return "ListenStream";
452 else if (type
== SOCK_DGRAM
)
453 return "ListenDatagram";
454 else if (type
== SOCK_SEQPACKET
)
455 return "ListenSequentialPacket";
457 assert_not_reached("Unknown socket type");
461 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
462 char time_string
[FORMAT_TIMESPAN_MAX
];
464 Socket
*s
= SOCKET(u
);
471 prefix
= strempty(prefix
);
472 prefix2
= strjoina(prefix
, "\t");
475 "%sSocket State: %s\n"
477 "%sBindIPv6Only: %s\n"
479 "%sSocketMode: %04o\n"
480 "%sDirectoryMode: %04o\n"
484 "%sTransparent: %s\n"
486 "%sPassCredentials: %s\n"
487 "%sPassSecurity: %s\n"
488 "%sTCPCongestion: %s\n"
489 "%sRemoveOnStop: %s\n"
490 "%sSELinuxContextFromNet: %s\n",
491 prefix
, socket_state_to_string(s
->state
),
492 prefix
, socket_result_to_string(s
->result
),
493 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
495 prefix
, s
->socket_mode
,
496 prefix
, s
->directory_mode
,
497 prefix
, yes_no(s
->keep_alive
),
498 prefix
, yes_no(s
->no_delay
),
499 prefix
, yes_no(s
->free_bind
),
500 prefix
, yes_no(s
->transparent
),
501 prefix
, yes_no(s
->broadcast
),
502 prefix
, yes_no(s
->pass_cred
),
503 prefix
, yes_no(s
->pass_sec
),
504 prefix
, strna(s
->tcp_congestion
),
505 prefix
, yes_no(s
->remove_on_stop
),
506 prefix
, yes_no(s
->selinux_context_from_net
));
508 if (s
->control_pid
> 0)
510 "%sControl PID: "PID_FMT
"\n",
511 prefix
, s
->control_pid
);
513 if (s
->bind_to_device
)
515 "%sBindToDevice: %s\n",
516 prefix
, s
->bind_to_device
);
521 "%sNConnections: %u\n"
522 "%sMaxConnections: %u\n",
523 prefix
, s
->n_accepted
,
524 prefix
, s
->n_connections
,
525 prefix
, s
->max_connections
);
527 if (s
->priority
>= 0)
530 prefix
, s
->priority
);
532 if (s
->receive_buffer
> 0)
534 "%sReceiveBuffer: %zu\n",
535 prefix
, s
->receive_buffer
);
537 if (s
->send_buffer
> 0)
539 "%sSendBuffer: %zu\n",
540 prefix
, s
->send_buffer
);
552 if (s
->pipe_size
> 0)
555 prefix
, s
->pipe_size
);
562 if (s
->mq_maxmsg
> 0)
564 "%sMessageQueueMaxMessages: %li\n",
565 prefix
, s
->mq_maxmsg
);
567 if (s
->mq_msgsize
> 0)
569 "%sMessageQueueMessageSize: %li\n",
570 prefix
, s
->mq_msgsize
);
575 prefix
, yes_no(s
->reuse_port
));
579 "%sSmackLabel: %s\n",
584 "%sSmackLabelIPIn: %s\n",
585 prefix
, s
->smack_ip_in
);
589 "%sSmackLabelIPOut: %s\n",
590 prefix
, s
->smack_ip_out
);
592 if (!isempty(s
->user
) || !isempty(s
->group
))
595 "%sOwnerGroup: %s\n",
596 prefix
, strna(s
->user
),
597 prefix
, strna(s
->group
));
599 if (s
->keep_alive_time
> 0)
601 "%sKeepAliveTimeSec: %s\n",
602 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
604 if (s
->keep_alive_interval
)
606 "%sKeepAliveIntervalSec: %s\n",
607 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
609 if (s
->keep_alive_cnt
)
611 "%sKeepAliveProbes: %u\n",
612 prefix
, s
->keep_alive_cnt
);
616 "%sDeferAcceptSec: %s\n",
617 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
619 LIST_FOREACH(port
, p
, s
->ports
) {
621 if (p
->type
== SOCKET_SOCKET
) {
626 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
631 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
633 } else if (p
->type
== SOCKET_SPECIAL
)
634 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
635 else if (p
->type
== SOCKET_MQUEUE
)
636 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
638 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
641 exec_context_dump(&s
->exec_context
, f
, prefix
);
642 kill_context_dump(&s
->kill_context
, f
, prefix
);
644 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
645 if (!s
->exec_command
[c
])
648 fprintf(f
, "%s-> %s:\n",
649 prefix
, socket_exec_command_to_string(c
));
651 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
655 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
658 union sockaddr_union local
, remote
;
664 if (getsockname(fd
, &local
.sa
, &l
) < 0)
668 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
671 switch (local
.sa
.sa_family
) {
675 a
= ntohl(local
.in
.sin_addr
.s_addr
),
676 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
679 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
681 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
682 ntohs(local
.in
.sin_port
),
683 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
684 ntohs(remote
.in
.sin_port
)) < 0)
691 static const unsigned char ipv4_prefix
[] = {
692 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
695 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
696 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
698 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
699 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
702 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
704 a
[0], a
[1], a
[2], a
[3],
705 ntohs(local
.in6
.sin6_port
),
706 b
[0], b
[1], b
[2], b
[3],
707 ntohs(remote
.in6
.sin6_port
)) < 0)
710 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
715 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
716 ntohs(local
.in6
.sin6_port
),
717 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
718 ntohs(remote
.in6
.sin6_port
)) < 0)
729 k
= getpeercred(fd
, &ucred
);
732 "%u-"PID_FMT
"-"UID_FMT
,
733 nr
, ucred
.pid
, ucred
.uid
) < 0)
735 } else if (k
== -ENODATA
) {
736 /* This handles the case where somebody is
737 * connecting from another pid/uid namespace
738 * (e.g. from outside of our container). */
750 assert_not_reached("Unhandled socket type.");
757 static void socket_close_fds(Socket
*s
) {
763 LIST_FOREACH(port
, p
, s
->ports
) {
765 p
->event_source
= sd_event_source_unref(p
->event_source
);
770 p
->fd
= safe_close(p
->fd
);
772 /* One little note: we should normally not delete any
773 * sockets in the file system here! After all some
774 * other process we spawned might still have a
775 * reference of this fd and wants to continue to use
776 * it. Therefore we delete sockets in the file system
777 * before we create a new one, not after we stopped
780 if (s
->remove_on_stop
) {
792 socket_address_unlink(&p
->address
);
801 if (s
->remove_on_stop
)
802 STRV_FOREACH(i
, s
->symlinks
)
806 static void socket_apply_socket_options(Socket
*s
, int fd
) {
813 int b
= s
->keep_alive
;
814 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
815 log_unit_warning(UNIT(s
)->id
, "SO_KEEPALIVE failed: %m");
818 if (s
->keep_alive_time
) {
819 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
820 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
821 log_unit_warning(UNIT(s
)->id
, "TCP_KEEPIDLE failed: %m");
824 if (s
->keep_alive_interval
) {
825 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
826 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
827 log_unit_warning(UNIT(s
)->id
, "TCP_KEEPINTVL failed: %m");
830 if (s
->keep_alive_cnt
) {
831 int value
= s
->keep_alive_cnt
;
832 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
833 log_unit_warning(UNIT(s
)->id
, "TCP_KEEPCNT failed: %m");
836 if (s
->defer_accept
) {
837 int value
= s
->defer_accept
/ USEC_PER_SEC
;
838 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
839 log_unit_warning(UNIT(s
)->id
, "TCP_DEFER_ACCEPT failed: %m");
844 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
845 log_unit_warning(UNIT(s
)->id
, "TCP_NODELAY failed: %m");
850 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
851 log_unit_warning(UNIT(s
)->id
, "SO_BROADCAST failed: %m");
856 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
857 log_unit_warning(UNIT(s
)->id
, "SO_PASSCRED failed: %m");
862 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
863 log_unit_warning(UNIT(s
)->id
, "SO_PASSSEC failed: %m");
866 if (s
->priority
>= 0)
867 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
868 log_unit_warning(UNIT(s
)->id
, "SO_PRIORITY failed: %m");
870 if (s
->receive_buffer
> 0) {
871 int value
= (int) s
->receive_buffer
;
873 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
875 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
876 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
877 log_unit_warning(UNIT(s
)->id
, "SO_RCVBUF failed: %m");
880 if (s
->send_buffer
> 0) {
881 int value
= (int) s
->send_buffer
;
882 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
883 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
884 log_unit_warning(UNIT(s
)->id
, "SO_SNDBUF failed: %m");
888 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
889 log_unit_warning(UNIT(s
)->id
, "SO_MARK failed: %m");
892 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
893 log_unit_warning(UNIT(s
)->id
, "IP_TOS failed: %m");
895 if (s
->ip_ttl
>= 0) {
898 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
900 if (socket_ipv6_is_supported())
901 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
904 errno
= EAFNOSUPPORT
;
908 log_unit_warning(UNIT(s
)->id
,
909 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
912 if (s
->tcp_congestion
)
913 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
914 log_unit_warning(UNIT(s
)->id
, "TCP_CONGESTION failed: %m");
917 int b
= s
->reuse_port
;
918 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEPORT
, &b
, sizeof(b
)) < 0)
919 log_unit_warning(UNIT(s
)->id
, "SO_REUSEPORT failed: %m");
922 if (s
->smack_ip_in
) {
923 r
= mac_smack_apply_ip_in_fd(fd
, s
->smack_ip_in
);
925 log_unit_error_errno(UNIT(s
)->id
, r
, "mac_smack_apply_ip_in_fd: %m");
928 if (s
->smack_ip_out
) {
929 r
= mac_smack_apply_ip_out_fd(fd
, s
->smack_ip_out
);
931 log_unit_error_errno(UNIT(s
)->id
, r
, "mac_smack_apply_ip_out_fd: %m");
935 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
941 if (s
->pipe_size
> 0)
942 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
943 log_unit_warning(UNIT(s
)->id
, "F_SETPIPE_SZ: %m");
946 r
= mac_smack_apply_fd(fd
, s
->smack
);
948 log_unit_error_errno(UNIT(s
)->id
, r
, "mac_smack_apply_fd: %m");
952 static int fifo_address_create(
954 mode_t directory_mode
,
965 mkdir_parents_label(path
, directory_mode
);
967 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
971 /* Enforce the right access mode for the fifo */
972 old_mask
= umask(~ socket_mode
);
974 /* Include the original umask in our mask */
975 umask(~socket_mode
| old_mask
);
977 r
= mkfifo(path
, socket_mode
);
980 if (r
< 0 && errno
!= EEXIST
) {
985 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
990 mac_selinux_create_file_clear();
992 if (fstat(fd
, &st
) < 0) {
997 if (!S_ISFIFO(st
.st_mode
) ||
998 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
999 st
.st_uid
!= getuid() ||
1000 st
.st_gid
!= getgid()) {
1010 mac_selinux_create_file_clear();
1016 static int special_address_create(
1026 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1032 if (fstat(fd
, &st
) < 0) {
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1052 static int mq_address_create(
1062 struct mq_attr _attr
, *attr
= NULL
;
1067 if (maxmsg
> 0 && msgsize
> 0) {
1069 _attr
.mq_flags
= O_NONBLOCK
;
1070 _attr
.mq_maxmsg
= maxmsg
;
1071 _attr
.mq_msgsize
= msgsize
;
1075 /* Enforce the right access mode for the mq */
1076 old_mask
= umask(~ mq_mode
);
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode
| old_mask
);
1080 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1088 if (fstat(fd
, &st
) < 0) {
1093 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1094 st
.st_uid
!= getuid() ||
1095 st
.st_gid
!= getgid()) {
1109 static int socket_symlink(Socket
*s
) {
1115 p
= socket_find_symlink_target(s
);
1119 STRV_FOREACH(i
, s
->symlinks
)
1120 symlink_label(p
, *i
);
1125 static int socket_open_fds(Socket
*s
) {
1129 bool know_label
= false;
1133 LIST_FOREACH(port
, p
, s
->ports
) {
1138 if (p
->type
== SOCKET_SOCKET
) {
1141 /* Figure out label, if we don't it know
1142 * yet. We do it once, for the first
1143 * socket where we need this and
1144 * remember it for the rest. */
1146 if (s
->selinux_context_from_net
) {
1147 /* Get it from the network label */
1149 r
= mac_selinux_get_our_label(&label
);
1150 if (r
< 0 && r
!= -EOPNOTSUPP
)
1154 /* Get it from the executable we are about to start */
1156 r
= socket_instantiate_service(s
);
1160 if (UNIT_ISSET(s
->service
) &&
1161 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1162 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1163 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1171 r
= socket_address_listen(
1173 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1186 socket_apply_socket_options(s
, p
->fd
);
1189 } else if (p
->type
== SOCKET_SPECIAL
) {
1191 r
= special_address_create(
1197 } else if (p
->type
== SOCKET_FIFO
) {
1199 r
= fifo_address_create(
1207 socket_apply_fifo_options(s
, p
->fd
);
1210 } else if (p
->type
== SOCKET_MQUEUE
) {
1212 r
= mq_address_create(
1221 assert_not_reached("Unknown port type");
1224 mac_selinux_free(label
);
1228 socket_close_fds(s
);
1229 mac_selinux_free(label
);
1234 static void socket_unwatch_fds(Socket
*s
) {
1240 LIST_FOREACH(port
, p
, s
->ports
) {
1244 if (!p
->event_source
)
1247 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1249 log_unit_debug(UNIT(s
)->id
, "Failed to disable event source.");
1253 static int socket_watch_fds(Socket
*s
) {
1259 LIST_FOREACH(port
, p
, s
->ports
) {
1263 if (p
->event_source
)
1264 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1266 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1269 log_unit_warning_errno(UNIT(s
)->id
, r
, "Failed to watch listening fds: %m");
1277 socket_unwatch_fds(s
);
1281 static void socket_set_state(Socket
*s
, SocketState state
) {
1282 SocketState old_state
;
1285 old_state
= s
->state
;
1293 SOCKET_STOP_PRE_SIGTERM
,
1294 SOCKET_STOP_PRE_SIGKILL
,
1296 SOCKET_FINAL_SIGTERM
,
1297 SOCKET_FINAL_SIGKILL
)) {
1299 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1300 socket_unwatch_control_pid(s
);
1301 s
->control_command
= NULL
;
1302 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1305 if (state
!= SOCKET_LISTENING
)
1306 socket_unwatch_fds(s
);
1314 SOCKET_STOP_PRE_SIGTERM
,
1315 SOCKET_STOP_PRE_SIGKILL
))
1316 socket_close_fds(s
);
1318 if (state
!= old_state
)
1319 log_unit_debug(UNIT(s
)->id
, "%s changed %s -> %s",
1320 UNIT(s
)->id
, socket_state_to_string(old_state
), socket_state_to_string(state
));
1322 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1325 static int socket_coldplug(Unit
*u
) {
1326 Socket
*s
= SOCKET(u
);
1330 assert(s
->state
== SOCKET_DEAD
);
1332 if (s
->deserialized_state
== s
->state
)
1335 if (IN_SET(s
->deserialized_state
,
1340 SOCKET_STOP_PRE_SIGTERM
,
1341 SOCKET_STOP_PRE_SIGKILL
,
1343 SOCKET_FINAL_SIGTERM
,
1344 SOCKET_FINAL_SIGKILL
)) {
1346 if (s
->control_pid
<= 0)
1349 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1353 r
= socket_arm_timer(s
);
1358 if (IN_SET(s
->deserialized_state
,
1364 SOCKET_STOP_PRE_SIGTERM
,
1365 SOCKET_STOP_PRE_SIGKILL
)) {
1366 r
= socket_open_fds(s
);
1371 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1372 r
= socket_watch_fds(s
);
1377 socket_set_state(s
, s
->deserialized_state
);
1381 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1382 _cleanup_free_
char **argv
= NULL
;
1385 ExecParameters exec_params
= {
1386 .apply_permissions
= true,
1387 .apply_chroot
= true,
1388 .apply_tty_stdin
= true,
1395 unit_realize_cgroup(UNIT(s
));
1397 r
= unit_setup_exec_runtime(UNIT(s
));
1401 r
= socket_arm_timer(s
);
1405 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1409 exec_params
.argv
= argv
;
1410 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1411 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1412 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1413 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1414 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1415 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1416 exec_params
.unit_id
= UNIT(s
)->id
;
1426 r
= unit_watch_pid(UNIT(s
), pid
);
1428 /* FIXME: we need to do something here */
1435 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1439 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1443 r
= socket_arm_timer(s
);
1447 /* We have to resolve the user names out-of-process, hence
1448 * let's fork here. It's messy, but well, what can we do? */
1456 uid_t uid
= UID_INVALID
;
1457 gid_t gid
= GID_INVALID
;
1460 default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1461 ignore_signals(SIGPIPE
, -1);
1464 if (!isempty(s
->user
)) {
1465 const char *user
= s
->user
;
1467 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1474 if (!isempty(s
->group
)) {
1475 const char *group
= s
->group
;
1477 r
= get_group_creds(&group
, &gid
);
1484 LIST_FOREACH(port
, p
, s
->ports
) {
1485 const char *path
= NULL
;
1487 if (p
->type
== SOCKET_SOCKET
)
1488 path
= socket_address_get_path(&p
->address
);
1489 else if (p
->type
== SOCKET_FIFO
)
1495 if (chown(path
, uid
, gid
) < 0) {
1506 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1511 r
= unit_watch_pid(UNIT(s
), pid
);
1519 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1523 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1526 if (f
!= SOCKET_SUCCESS
)
1529 exec_runtime_destroy(s
->exec_runtime
);
1530 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1532 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1534 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1537 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1539 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1543 if (f
!= SOCKET_SUCCESS
)
1546 socket_unwatch_control_pid(s
);
1547 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1548 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1550 if (s
->control_command
) {
1551 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1555 socket_set_state(s
, SOCKET_STOP_POST
);
1557 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1562 log_unit_warning(UNIT(s
)->id
,
1563 "%s failed to run 'stop-post' task: %s",
1564 UNIT(s
)->id
, strerror(-r
));
1565 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1568 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1573 if (f
!= SOCKET_SUCCESS
)
1576 r
= unit_kill_context(
1579 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1580 KILL_KILL
: KILL_TERMINATE
,
1588 r
= socket_arm_timer(s
);
1592 socket_set_state(s
, state
);
1593 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1594 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1595 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1596 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1597 else if (state
== SOCKET_FINAL_SIGTERM
)
1598 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1600 socket_enter_dead(s
, SOCKET_SUCCESS
);
1605 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to kill processes: %m", UNIT(s
)->id
);
1607 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1608 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1610 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1613 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1617 if (f
!= SOCKET_SUCCESS
)
1620 socket_unwatch_control_pid(s
);
1621 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1622 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1624 if (s
->control_command
) {
1625 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1629 socket_set_state(s
, SOCKET_STOP_PRE
);
1631 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1636 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to run 'stop-pre' task: %m", UNIT(s
)->id
);
1637 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1640 static void socket_enter_listening(Socket
*s
) {
1644 r
= socket_watch_fds(s
);
1646 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to watch sockets: %m", UNIT(s
)->id
);
1650 socket_set_state(s
, SOCKET_LISTENING
);
1654 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1657 static void socket_enter_start_post(Socket
*s
) {
1661 socket_unwatch_control_pid(s
);
1662 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1663 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1665 if (s
->control_command
) {
1666 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1668 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to run 'start-post' task: %m", UNIT(s
)->id
);
1672 socket_set_state(s
, SOCKET_START_POST
);
1674 socket_enter_listening(s
);
1679 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1682 static void socket_enter_start_chown(Socket
*s
) {
1687 r
= socket_open_fds(s
);
1689 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to listen on sockets: %m", UNIT(s
)->id
);
1693 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1695 socket_unwatch_control_pid(s
);
1696 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1697 s
->control_command
= NULL
;
1699 r
= socket_chown(s
, &s
->control_pid
);
1701 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to fork 'start-chown' task: %m", UNIT(s
)->id
);
1705 socket_set_state(s
, SOCKET_START_CHOWN
);
1707 socket_enter_start_post(s
);
1712 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1715 static void socket_enter_start_pre(Socket
*s
) {
1719 socket_unwatch_control_pid(s
);
1720 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1721 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1723 if (s
->control_command
) {
1724 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1726 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to run 'start-pre' task: %m", UNIT(s
)->id
);
1730 socket_set_state(s
, SOCKET_START_PRE
);
1732 socket_enter_start_chown(s
);
1737 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1740 static void socket_enter_running(Socket
*s
, int cfd
) {
1741 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1746 /* We don't take connections anymore if we are supposed to
1747 * shut down anyway */
1748 if (unit_stop_pending(UNIT(s
))) {
1750 log_unit_debug(UNIT(s
)->id
, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s
)->id
);
1755 /* Flush all sockets by closing and reopening them */
1756 socket_close_fds(s
);
1758 r
= socket_open_fds(s
);
1760 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to listen on sockets: %m", UNIT(s
)->id
);
1761 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1765 r
= socket_watch_fds(s
);
1767 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to watch sockets: %m", UNIT(s
)->id
);
1768 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1778 bool pending
= false;
1780 /* If there's already a start pending don't bother to
1782 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1783 if (unit_active_or_pending(other
)) {
1789 if (!UNIT_ISSET(s
->service
)) {
1790 log_unit_error(UNIT(s
)->id
, "%s: service to activate vanished, refusing activation.", UNIT(s
)->id
);
1795 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1800 socket_set_state(s
, SOCKET_RUNNING
);
1802 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1805 if (s
->n_connections
>= s
->max_connections
) {
1806 log_unit_warning(UNIT(s
)->id
, "%s: Too many incoming connections (%u)", UNIT(s
)->id
, s
->n_connections
);
1811 r
= socket_instantiate_service(s
);
1815 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1820 /* ENOTCONN is legitimate if TCP RST was received.
1821 * This connection is over, but the socket unit lives on. */
1826 prefix
= unit_name_to_prefix(UNIT(s
)->id
);
1832 name
= unit_name_build(prefix
, instance
, ".service");
1838 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1842 service
= SERVICE(UNIT_DEREF(s
->service
));
1843 unit_ref_unset(&s
->service
);
1846 UNIT(service
)->no_gc
= false;
1848 unit_choose_id(UNIT(service
), name
);
1850 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1855 s
->n_connections
++;
1857 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1861 /* Notify clients about changed counters */
1862 unit_add_to_dbus_queue(UNIT(s
));
1868 log_unit_warning(UNIT(s
)->id
, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1869 UNIT(s
)->id
, cfd
>= 0 ? "template" : "non-template",
1870 bus_error_message(&error
, r
));
1872 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1876 static void socket_run_next(Socket
*s
) {
1880 assert(s
->control_command
);
1881 assert(s
->control_command
->command_next
);
1883 socket_unwatch_control_pid(s
);
1885 s
->control_command
= s
->control_command
->command_next
;
1887 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1894 log_unit_warning_errno(UNIT(s
)->id
, r
, "%s failed to run next task: %m", UNIT(s
)->id
);
1896 if (s
->state
== SOCKET_START_POST
)
1897 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1898 else if (s
->state
== SOCKET_STOP_POST
)
1899 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1901 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1904 static int socket_start(Unit
*u
) {
1905 Socket
*s
= SOCKET(u
);
1909 /* We cannot fulfill this request right now, try again later
1911 if (IN_SET(s
->state
,
1913 SOCKET_STOP_PRE_SIGKILL
,
1914 SOCKET_STOP_PRE_SIGTERM
,
1916 SOCKET_FINAL_SIGTERM
,
1917 SOCKET_FINAL_SIGKILL
))
1920 /* Already on it! */
1921 if (IN_SET(s
->state
,
1927 /* Cannot run this without the service being around */
1928 if (UNIT_ISSET(s
->service
)) {
1931 service
= SERVICE(UNIT_DEREF(s
->service
));
1933 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1934 log_unit_error(u
->id
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1938 /* If the service is already active we cannot start the
1940 if (service
->state
!= SERVICE_DEAD
&&
1941 service
->state
!= SERVICE_FAILED
&&
1942 service
->state
!= SERVICE_AUTO_RESTART
) {
1943 log_unit_error(u
->id
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1948 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1950 s
->result
= SOCKET_SUCCESS
;
1951 socket_enter_start_pre(s
);
1956 static int socket_stop(Unit
*u
) {
1957 Socket
*s
= SOCKET(u
);
1962 if (IN_SET(s
->state
,
1964 SOCKET_STOP_PRE_SIGTERM
,
1965 SOCKET_STOP_PRE_SIGKILL
,
1967 SOCKET_FINAL_SIGTERM
,
1968 SOCKET_FINAL_SIGKILL
))
1971 /* If there's already something running we go directly into
1973 if (IN_SET(s
->state
,
1976 SOCKET_START_POST
)) {
1977 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1981 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1983 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1987 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1988 Socket
*s
= SOCKET(u
);
1996 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
1997 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
1998 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2000 if (s
->control_pid
> 0)
2001 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2003 if (s
->control_command_id
>= 0)
2004 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2006 LIST_FOREACH(port
, p
, s
->ports
) {
2012 copy
= fdset_put_dup(fds
, p
->fd
);
2016 if (p
->type
== SOCKET_SOCKET
) {
2017 _cleanup_free_
char *t
= NULL
;
2019 r
= socket_address_print(&p
->address
, &t
);
2023 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2024 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2026 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2028 } else if (p
->type
== SOCKET_SPECIAL
)
2029 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2030 else if (p
->type
== SOCKET_MQUEUE
)
2031 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2033 assert(p
->type
== SOCKET_FIFO
);
2034 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2041 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2042 Socket
*s
= SOCKET(u
);
2048 if (streq(key
, "state")) {
2051 state
= socket_state_from_string(value
);
2053 log_unit_debug(u
->id
, "Failed to parse state value %s", value
);
2055 s
->deserialized_state
= state
;
2056 } else if (streq(key
, "result")) {
2059 f
= socket_result_from_string(value
);
2061 log_unit_debug(u
->id
, "Failed to parse result value %s", value
);
2062 else if (f
!= SOCKET_SUCCESS
)
2065 } else if (streq(key
, "n-accepted")) {
2068 if (safe_atou(value
, &k
) < 0)
2069 log_unit_debug(u
->id
, "Failed to parse n-accepted value %s", value
);
2072 } else if (streq(key
, "control-pid")) {
2075 if (parse_pid(value
, &pid
) < 0)
2076 log_unit_debug(u
->id
, "Failed to parse control-pid value %s", value
);
2078 s
->control_pid
= pid
;
2079 } else if (streq(key
, "control-command")) {
2080 SocketExecCommand id
;
2082 id
= socket_exec_command_from_string(value
);
2084 log_unit_debug(u
->id
, "Failed to parse exec-command value %s", value
);
2086 s
->control_command_id
= id
;
2087 s
->control_command
= s
->exec_command
[id
];
2089 } else if (streq(key
, "fifo")) {
2093 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2094 log_unit_debug(u
->id
, "Failed to parse fifo value %s", value
);
2097 LIST_FOREACH(port
, p
, s
->ports
)
2098 if (p
->type
== SOCKET_FIFO
&&
2099 path_equal_or_files_same(p
->path
, value
+skip
))
2104 p
->fd
= fdset_remove(fds
, fd
);
2108 } else if (streq(key
, "special")) {
2112 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2113 log_unit_debug(u
->id
, "Failed to parse special value %s", value
);
2116 LIST_FOREACH(port
, p
, s
->ports
)
2117 if (p
->type
== SOCKET_SPECIAL
&&
2118 path_equal_or_files_same(p
->path
, value
+skip
))
2123 p
->fd
= fdset_remove(fds
, fd
);
2127 } else if (streq(key
, "mqueue")) {
2131 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2132 log_unit_debug(u
->id
, "Failed to parse mqueue value %s", value
);
2135 LIST_FOREACH(port
, p
, s
->ports
)
2136 if (p
->type
== SOCKET_MQUEUE
&&
2137 streq(p
->path
, value
+skip
))
2142 p
->fd
= fdset_remove(fds
, fd
);
2146 } else if (streq(key
, "socket")) {
2147 int fd
, type
, skip
= 0;
2150 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2151 log_unit_debug(u
->id
, "Failed to parse socket value %s", value
);
2154 LIST_FOREACH(port
, p
, s
->ports
)
2155 if (socket_address_is(&p
->address
, value
+skip
, type
))
2160 p
->fd
= fdset_remove(fds
, fd
);
2164 } else if (streq(key
, "netlink")) {
2168 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2169 log_unit_debug(u
->id
, "Failed to parse socket value %s", value
);
2172 LIST_FOREACH(port
, p
, s
->ports
)
2173 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2178 p
->fd
= fdset_remove(fds
, fd
);
2182 log_unit_debug(UNIT(s
)->id
, "Unknown serialization key '%s'", key
);
2187 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2188 Socket
*s
= SOCKET(u
);
2193 LIST_FOREACH(port
, p
, s
->ports
) {
2197 if (p
->type
!= SOCKET_SOCKET
)
2203 FDSET_FOREACH(fd
, fds
, i
) {
2204 if (socket_address_matches_fd(&p
->address
, fd
)) {
2205 p
->fd
= fdset_remove(fds
, fd
);
2206 s
->deserialized_state
= SOCKET_LISTENING
;
2215 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2218 return state_translation_table
[SOCKET(u
)->state
];
2221 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2224 return socket_state_to_string(SOCKET(u
)->state
);
2227 const char* socket_port_type_to_string(SocketPort
*p
) {
2235 switch (p
->address
.type
) {
2243 case SOCK_SEQPACKET
:
2244 return "SequentialPacket";
2247 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2254 case SOCKET_SPECIAL
:
2258 return "MessageQueue";
2268 _pure_
static bool socket_check_gc(Unit
*u
) {
2269 Socket
*s
= SOCKET(u
);
2273 return s
->n_connections
> 0;
2276 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2277 SocketPort
*p
= userdata
;
2283 if (p
->socket
->state
!= SOCKET_LISTENING
)
2286 log_unit_debug(UNIT(p
->socket
)->id
, "Incoming traffic on %s", UNIT(p
->socket
)->id
);
2288 if (revents
!= EPOLLIN
) {
2290 if (revents
& EPOLLHUP
)
2291 log_unit_error(UNIT(p
->socket
)->id
, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2292 UNIT(p
->socket
)->id
);
2294 log_unit_error(UNIT(p
->socket
)->id
, "%s: Got unexpected poll event (0x%x) on socket.",
2295 UNIT(p
->socket
)->id
, revents
);
2300 if (p
->socket
->accept
&&
2301 p
->type
== SOCKET_SOCKET
&&
2302 socket_address_can_accept(&p
->address
)) {
2306 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2312 log_unit_error(UNIT(p
->socket
)->id
,
2313 "Failed to accept socket: %m");
2320 socket_apply_socket_options(p
->socket
, cfd
);
2323 socket_enter_running(p
->socket
, cfd
);
2327 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2331 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2332 Socket
*s
= SOCKET(u
);
2338 if (pid
!= s
->control_pid
)
2343 if (is_clean_exit(code
, status
, NULL
))
2345 else if (code
== CLD_EXITED
)
2346 f
= SOCKET_FAILURE_EXIT_CODE
;
2347 else if (code
== CLD_KILLED
)
2348 f
= SOCKET_FAILURE_SIGNAL
;
2349 else if (code
== CLD_DUMPED
)
2350 f
= SOCKET_FAILURE_CORE_DUMP
;
2352 assert_not_reached("Unknown sigchld code");
2354 if (s
->control_command
) {
2355 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2357 if (s
->control_command
->ignore
)
2361 log_unit_full(u
->id
,
2362 f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
,
2363 "%s control process exited, code=%s status=%i",
2364 u
->id
, sigchld_code_to_string(code
), status
);
2366 if (f
!= SOCKET_SUCCESS
)
2369 if (s
->control_command
&&
2370 s
->control_command
->command_next
&&
2371 f
== SOCKET_SUCCESS
) {
2373 log_unit_debug(u
->id
,
2374 "%s running next command for state %s",
2375 u
->id
, socket_state_to_string(s
->state
));
2378 s
->control_command
= NULL
;
2379 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2381 /* No further commands for this step, so let's figure
2382 * out what to do next */
2384 log_unit_debug(u
->id
,
2385 "%s got final SIGCHLD for state %s",
2386 u
->id
, socket_state_to_string(s
->state
));
2390 case SOCKET_START_PRE
:
2391 if (f
== SOCKET_SUCCESS
)
2392 socket_enter_start_chown(s
);
2394 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2397 case SOCKET_START_CHOWN
:
2398 if (f
== SOCKET_SUCCESS
)
2399 socket_enter_start_post(s
);
2401 socket_enter_stop_pre(s
, f
);
2404 case SOCKET_START_POST
:
2405 if (f
== SOCKET_SUCCESS
)
2406 socket_enter_listening(s
);
2408 socket_enter_stop_pre(s
, f
);
2411 case SOCKET_STOP_PRE
:
2412 case SOCKET_STOP_PRE_SIGTERM
:
2413 case SOCKET_STOP_PRE_SIGKILL
:
2414 socket_enter_stop_post(s
, f
);
2417 case SOCKET_STOP_POST
:
2418 case SOCKET_FINAL_SIGTERM
:
2419 case SOCKET_FINAL_SIGKILL
:
2420 socket_enter_dead(s
, f
);
2424 assert_not_reached("Uh, control process died at wrong time.");
2428 /* Notify clients about changed exit status */
2429 unit_add_to_dbus_queue(u
);
2432 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2433 Socket
*s
= SOCKET(userdata
);
2436 assert(s
->timer_event_source
== source
);
2440 case SOCKET_START_PRE
:
2441 log_unit_warning(UNIT(s
)->id
, "%s starting timed out. Terminating.", UNIT(s
)->id
);
2442 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2445 case SOCKET_START_CHOWN
:
2446 case SOCKET_START_POST
:
2447 log_unit_warning(UNIT(s
)->id
, "%s starting timed out. Stopping.", UNIT(s
)->id
);
2448 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2451 case SOCKET_STOP_PRE
:
2452 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out. Terminating.", UNIT(s
)->id
);
2453 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2456 case SOCKET_STOP_PRE_SIGTERM
:
2457 if (s
->kill_context
.send_sigkill
) {
2458 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out. Killing.", UNIT(s
)->id
);
2459 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2461 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s
)->id
);
2462 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2466 case SOCKET_STOP_PRE_SIGKILL
:
2467 log_unit_warning(UNIT(s
)->id
, "%s still around after SIGKILL. Ignoring.", UNIT(s
)->id
);
2468 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2471 case SOCKET_STOP_POST
:
2472 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out (2). Terminating.", UNIT(s
)->id
);
2473 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2476 case SOCKET_FINAL_SIGTERM
:
2477 if (s
->kill_context
.send_sigkill
) {
2478 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out (2). Killing.", UNIT(s
)->id
);
2479 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2481 log_unit_warning(UNIT(s
)->id
, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s
)->id
);
2482 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2486 case SOCKET_FINAL_SIGKILL
:
2487 log_unit_warning(UNIT(s
)->id
, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s
)->id
);
2488 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2492 assert_not_reached("Timeout at wrong time.");
2498 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2507 /* Called from the service code for requesting our fds */
2510 LIST_FOREACH(port
, p
, s
->ports
)
2520 if (!(rfds
= new(int, rn_fds
)))
2524 LIST_FOREACH(port
, p
, s
->ports
)
2528 assert(k
== rn_fds
);
2536 static void socket_reset_failed(Unit
*u
) {
2537 Socket
*s
= SOCKET(u
);
2541 if (s
->state
== SOCKET_FAILED
)
2542 socket_set_state(s
, SOCKET_DEAD
);
2544 s
->result
= SOCKET_SUCCESS
;
2547 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2550 /* The service is dead. Dang!
2552 * This is strictly for one-instance-for-all-connections
2555 if (s
->state
== SOCKET_RUNNING
) {
2556 log_unit_debug(UNIT(s
)->id
, "%s got notified about service death (failed permanently: %s)", UNIT(s
)->id
, yes_no(failed_permanent
));
2557 if (failed_permanent
)
2558 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2560 socket_enter_listening(s
);
2564 void socket_connection_unref(Socket
*s
) {
2567 /* The service is dead. Yay!
2569 * This is strictly for one-instance-per-connection
2572 assert(s
->n_connections
> 0);
2575 log_unit_debug(UNIT(s
)->id
, "%s: One connection closed, %u left.", UNIT(s
)->id
, s
->n_connections
);
2578 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2579 Socket
*s
= SOCKET(u
);
2585 /* Don't propagate state changes from the service if we are
2586 already down or accepting connections */
2587 if ((s
->state
!= SOCKET_RUNNING
&&
2588 s
->state
!= SOCKET_LISTENING
) ||
2592 if (other
->load_state
!= UNIT_LOADED
||
2593 other
->type
!= UNIT_SERVICE
)
2596 se
= SERVICE(other
);
2598 if (se
->state
== SERVICE_FAILED
)
2599 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2601 if (se
->state
== SERVICE_DEAD
||
2602 se
->state
== SERVICE_FINAL_SIGTERM
||
2603 se
->state
== SERVICE_FINAL_SIGKILL
||
2604 se
->state
== SERVICE_AUTO_RESTART
)
2605 socket_notify_service_dead(s
, false);
2607 if (se
->state
== SERVICE_RUNNING
)
2608 socket_set_state(s
, SOCKET_RUNNING
);
2611 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2612 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2615 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2616 Socket
*s
= SOCKET(u
);
2619 if (!s
->timer_event_source
)
2622 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2629 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2630 [SOCKET_DEAD
] = "dead",
2631 [SOCKET_START_PRE
] = "start-pre",
2632 [SOCKET_START_CHOWN
] = "start-chown",
2633 [SOCKET_START_POST
] = "start-post",
2634 [SOCKET_LISTENING
] = "listening",
2635 [SOCKET_RUNNING
] = "running",
2636 [SOCKET_STOP_PRE
] = "stop-pre",
2637 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2638 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2639 [SOCKET_STOP_POST
] = "stop-post",
2640 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2641 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2642 [SOCKET_FAILED
] = "failed"
2645 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2647 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2648 [SOCKET_EXEC_START_PRE
] = "StartPre",
2649 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2650 [SOCKET_EXEC_START_POST
] = "StartPost",
2651 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2652 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2655 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2657 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2658 [SOCKET_SUCCESS
] = "success",
2659 [SOCKET_FAILURE_RESOURCES
] = "resources",
2660 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2661 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2662 [SOCKET_FAILURE_SIGNAL
] = "signal",
2663 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2664 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2667 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2669 const UnitVTable socket_vtable
= {
2670 .object_size
= sizeof(Socket
),
2671 .exec_context_offset
= offsetof(Socket
, exec_context
),
2672 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2673 .kill_context_offset
= offsetof(Socket
, kill_context
),
2674 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2680 .private_section
= "Socket",
2682 .init
= socket_init
,
2683 .done
= socket_done
,
2684 .load
= socket_load
,
2686 .coldplug
= socket_coldplug
,
2688 .dump
= socket_dump
,
2690 .start
= socket_start
,
2691 .stop
= socket_stop
,
2693 .kill
= socket_kill
,
2695 .get_timeout
= socket_get_timeout
,
2697 .serialize
= socket_serialize
,
2698 .deserialize_item
= socket_deserialize_item
,
2699 .distribute_fds
= socket_distribute_fds
,
2701 .active_state
= socket_active_state
,
2702 .sub_state_to_string
= socket_sub_state_to_string
,
2704 .check_gc
= socket_check_gc
,
2706 .sigchld_event
= socket_sigchld_event
,
2708 .trigger_notify
= socket_trigger_notify
,
2710 .reset_failed
= socket_reset_failed
,
2712 .bus_interface
= "org.freedesktop.systemd1.Socket",
2713 .bus_vtable
= bus_socket_vtable
,
2714 .bus_set_property
= bus_socket_set_property
,
2715 .bus_commit_properties
= bus_socket_commit_properties
,
2717 .status_message_formats
= {
2718 /*.starting_stopping = {
2719 [0] = "Starting socket %s...",
2720 [1] = "Stopping socket %s...",
2722 .finished_start_job
= {
2723 [JOB_DONE
] = "Listening on %s.",
2724 [JOB_FAILED
] = "Failed to listen on %s.",
2725 [JOB_DEPENDENCY
] = "Dependency failed for %s.",
2726 [JOB_TIMEOUT
] = "Timed out starting %s.",
2728 .finished_stop_job
= {
2729 [JOB_DONE
] = "Closed %s.",
2730 [JOB_FAILED
] = "Failed stopping %s.",
2731 [JOB_TIMEOUT
] = "Timed out stopping %s.",