1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
54 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
55 [SOCKET_DEAD
] = UNIT_INACTIVE
,
56 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
57 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
58 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
59 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
60 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
61 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
64 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
66 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
67 [SOCKET_FAILED
] = UNIT_FAILED
70 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
71 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
73 static void socket_init(Unit
*u
) {
74 Socket
*s
= SOCKET(u
);
77 assert(u
->load_state
== UNIT_STUB
);
79 s
->backlog
= SOMAXCONN
;
80 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
81 s
->directory_mode
= 0755;
82 s
->socket_mode
= 0666;
84 s
->max_connections
= 64;
91 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
92 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
94 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
97 static void socket_unwatch_control_pid(Socket
*s
) {
100 if (s
->control_pid
<= 0)
103 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
107 void socket_free_ports(Socket
*s
) {
112 while ((p
= s
->ports
)) {
113 LIST_REMOVE(port
, s
->ports
, p
);
115 sd_event_source_unref(p
->event_source
);
123 static void socket_done(Unit
*u
) {
124 Socket
*s
= SOCKET(u
);
128 socket_free_ports(s
);
130 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
131 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
132 s
->control_command
= NULL
;
134 socket_unwatch_control_pid(s
);
136 unit_ref_unset(&s
->service
);
138 free(s
->tcp_congestion
);
139 s
->tcp_congestion
= NULL
;
141 free(s
->bind_to_device
);
142 s
->bind_to_device
= NULL
;
145 free(s
->smack_ip_in
);
146 free(s
->smack_ip_out
);
148 strv_free(s
->symlinks
);
153 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
156 static int socket_arm_timer(Socket
*s
) {
161 if (s
->timeout_usec
<= 0) {
162 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
166 if (s
->timer_event_source
) {
167 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
171 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
174 r
= sd_event_add_time(
175 UNIT(s
)->manager
->event
,
176 &s
->timer_event_source
,
178 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
179 socket_dispatch_timer
, s
);
183 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
188 int socket_instantiate_service(Socket
*s
) {
189 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
200 if (UNIT_DEREF(s
->service
))
206 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
210 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
213 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
218 unit_ref_set(&s
->service
, u
);
220 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
223 static bool have_non_accept_socket(Socket
*s
) {
231 LIST_FOREACH(port
, p
, s
->ports
) {
233 if (p
->type
!= SOCKET_SOCKET
)
236 if (!socket_address_can_accept(&p
->address
))
243 static int socket_add_mount_links(Socket
*s
) {
249 LIST_FOREACH(port
, p
, s
->ports
) {
250 const char *path
= NULL
;
252 if (p
->type
== SOCKET_SOCKET
)
253 path
= socket_address_get_path(&p
->address
);
254 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
260 r
= unit_require_mounts_for(UNIT(s
), path
);
268 static int socket_add_device_link(Socket
*s
) {
273 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
276 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
277 return unit_add_node_link(UNIT(s
), t
, false);
280 static int socket_add_default_dependencies(Socket
*s
) {
284 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
288 if (UNIT(s
)->manager
->running_as
== MANAGER_SYSTEM
) {
289 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
294 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
297 _pure_
static bool socket_has_exec(Socket
*s
) {
301 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
302 if (s
->exec_command
[i
])
308 static int socket_add_extras(Socket
*s
) {
314 if (have_non_accept_socket(s
)) {
316 if (!UNIT_DEREF(s
->service
)) {
319 r
= unit_load_related_unit(u
, ".service", &x
);
323 unit_ref_set(&s
->service
, x
);
326 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
331 r
= socket_add_mount_links(s
);
335 r
= socket_add_device_link(s
);
339 r
= unit_patch_contexts(u
);
343 if (socket_has_exec(s
)) {
344 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
348 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
353 if (u
->default_dependencies
) {
354 r
= socket_add_default_dependencies(s
);
362 static const char *socket_find_symlink_target(Socket
*s
) {
363 const char *found
= NULL
;
366 LIST_FOREACH(port
, p
, s
->ports
) {
367 const char *f
= NULL
;
376 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
377 f
= p
->address
.sockaddr
.un
.sun_path
;
395 static int socket_verify(Socket
*s
) {
398 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
402 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
406 if (s
->accept
&& have_non_accept_socket(s
)) {
407 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
411 if (s
->accept
&& s
->max_connections
<= 0) {
412 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
416 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
417 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
421 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
422 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
426 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
427 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
434 static int socket_load(Unit
*u
) {
435 Socket
*s
= SOCKET(u
);
439 assert(u
->load_state
== UNIT_STUB
);
441 r
= unit_load_fragment_and_dropin(u
);
445 if (u
->load_state
== UNIT_LOADED
) {
446 /* This is a new unit? Then let's add in some extras */
447 r
= socket_add_extras(s
);
452 return socket_verify(s
);
455 _const_
static const char* listen_lookup(int family
, int type
) {
457 if (family
== AF_NETLINK
)
458 return "ListenNetlink";
460 if (type
== SOCK_STREAM
)
461 return "ListenStream";
462 else if (type
== SOCK_DGRAM
)
463 return "ListenDatagram";
464 else if (type
== SOCK_SEQPACKET
)
465 return "ListenSequentialPacket";
467 assert_not_reached("Unknown socket type");
471 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
472 char time_string
[FORMAT_TIMESPAN_MAX
];
474 Socket
*s
= SOCKET(u
);
481 prefix
= strempty(prefix
);
482 prefix2
= strjoina(prefix
, "\t");
485 "%sSocket State: %s\n"
487 "%sBindIPv6Only: %s\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
494 "%sTransparent: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix
, socket_state_to_string(s
->state
),
502 prefix
, socket_result_to_string(s
->result
),
503 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
505 prefix
, s
->socket_mode
,
506 prefix
, s
->directory_mode
,
507 prefix
, yes_no(s
->keep_alive
),
508 prefix
, yes_no(s
->no_delay
),
509 prefix
, yes_no(s
->free_bind
),
510 prefix
, yes_no(s
->transparent
),
511 prefix
, yes_no(s
->broadcast
),
512 prefix
, yes_no(s
->pass_cred
),
513 prefix
, yes_no(s
->pass_sec
),
514 prefix
, strna(s
->tcp_congestion
),
515 prefix
, yes_no(s
->remove_on_stop
),
516 prefix
, yes_no(s
->selinux_context_from_net
));
518 if (s
->control_pid
> 0)
520 "%sControl PID: "PID_FMT
"\n",
521 prefix
, s
->control_pid
);
523 if (s
->bind_to_device
)
525 "%sBindToDevice: %s\n",
526 prefix
, s
->bind_to_device
);
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix
, s
->n_accepted
,
534 prefix
, s
->n_connections
,
535 prefix
, s
->max_connections
);
537 if (s
->priority
>= 0)
540 prefix
, s
->priority
);
542 if (s
->receive_buffer
> 0)
544 "%sReceiveBuffer: %zu\n",
545 prefix
, s
->receive_buffer
);
547 if (s
->send_buffer
> 0)
549 "%sSendBuffer: %zu\n",
550 prefix
, s
->send_buffer
);
562 if (s
->pipe_size
> 0)
565 prefix
, s
->pipe_size
);
572 if (s
->mq_maxmsg
> 0)
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix
, s
->mq_maxmsg
);
577 if (s
->mq_msgsize
> 0)
579 "%sMessageQueueMessageSize: %li\n",
580 prefix
, s
->mq_msgsize
);
585 prefix
, yes_no(s
->reuse_port
));
589 "%sSmackLabel: %s\n",
594 "%sSmackLabelIPIn: %s\n",
595 prefix
, s
->smack_ip_in
);
599 "%sSmackLabelIPOut: %s\n",
600 prefix
, s
->smack_ip_out
);
602 if (!isempty(s
->user
) || !isempty(s
->group
))
605 "%sOwnerGroup: %s\n",
606 prefix
, strna(s
->user
),
607 prefix
, strna(s
->group
));
609 if (s
->keep_alive_time
> 0)
611 "%sKeepAliveTimeSec: %s\n",
612 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
614 if (s
->keep_alive_interval
)
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
619 if (s
->keep_alive_cnt
)
621 "%sKeepAliveProbes: %u\n",
622 prefix
, s
->keep_alive_cnt
);
626 "%sDeferAcceptSec: %s\n",
627 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
629 LIST_FOREACH(port
, p
, s
->ports
) {
631 if (p
->type
== SOCKET_SOCKET
) {
636 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
641 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
643 } else if (p
->type
== SOCKET_SPECIAL
)
644 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
645 else if (p
->type
== SOCKET_MQUEUE
)
646 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
648 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
651 exec_context_dump(&s
->exec_context
, f
, prefix
);
652 kill_context_dump(&s
->kill_context
, f
, prefix
);
654 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
655 if (!s
->exec_command
[c
])
658 fprintf(f
, "%s-> %s:\n",
659 prefix
, socket_exec_command_to_string(c
));
661 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
665 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
668 union sockaddr_union local
, remote
;
674 if (getsockname(fd
, &local
.sa
, &l
) < 0)
678 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
681 switch (local
.sa
.sa_family
) {
685 a
= ntohl(local
.in
.sin_addr
.s_addr
),
686 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
691 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
692 ntohs(local
.in
.sin_port
),
693 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
694 ntohs(remote
.in
.sin_port
)) < 0)
701 static const unsigned char ipv4_prefix
[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
705 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
706 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
708 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
709 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
714 a
[0], a
[1], a
[2], a
[3],
715 ntohs(local
.in6
.sin6_port
),
716 b
[0], b
[1], b
[2], b
[3],
717 ntohs(remote
.in6
.sin6_port
)) < 0)
720 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
725 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
726 ntohs(local
.in6
.sin6_port
),
727 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
728 ntohs(remote
.in6
.sin6_port
)) < 0)
739 k
= getpeercred(fd
, &ucred
);
742 "%u-"PID_FMT
"-"UID_FMT
,
743 nr
, ucred
.pid
, ucred
.uid
) < 0)
745 } else if (k
== -ENODATA
) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
760 assert_not_reached("Unhandled socket type.");
767 static void socket_close_fds(Socket
*s
) {
773 LIST_FOREACH(port
, p
, s
->ports
) {
775 p
->event_source
= sd_event_source_unref(p
->event_source
);
780 p
->fd
= safe_close(p
->fd
);
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
790 if (s
->remove_on_stop
) {
802 socket_address_unlink(&p
->address
);
811 if (s
->remove_on_stop
)
812 STRV_FOREACH(i
, s
->symlinks
)
816 static void socket_apply_socket_options(Socket
*s
, int fd
) {
823 int b
= s
->keep_alive
;
824 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
825 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
828 if (s
->keep_alive_time
) {
829 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
830 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
831 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
834 if (s
->keep_alive_interval
) {
835 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
836 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
837 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
840 if (s
->keep_alive_cnt
) {
841 int value
= s
->keep_alive_cnt
;
842 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
843 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
846 if (s
->defer_accept
) {
847 int value
= s
->defer_accept
/ USEC_PER_SEC
;
848 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
849 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
854 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
855 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
860 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
861 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
866 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
867 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
872 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
873 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
876 if (s
->priority
>= 0)
877 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
878 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
880 if (s
->receive_buffer
> 0) {
881 int value
= (int) s
->receive_buffer
;
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
885 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
886 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
887 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
890 if (s
->send_buffer
> 0) {
891 int value
= (int) s
->send_buffer
;
892 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
893 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
894 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
898 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
899 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
902 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
903 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
905 if (s
->ip_ttl
>= 0) {
908 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
910 if (socket_ipv6_is_supported())
911 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
914 errno
= EAFNOSUPPORT
;
918 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
921 if (s
->tcp_congestion
)
922 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
923 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
925 if (s
->smack_ip_in
) {
926 r
= mac_smack_apply_ip_in_fd(fd
, s
->smack_ip_in
);
928 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
931 if (s
->smack_ip_out
) {
932 r
= mac_smack_apply_ip_out_fd(fd
, s
->smack_ip_out
);
934 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
938 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
944 if (s
->pipe_size
> 0)
945 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
946 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
949 r
= mac_smack_apply_fd(fd
, s
->smack
);
951 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
955 static int fifo_address_create(
957 mode_t directory_mode
,
968 mkdir_parents_label(path
, directory_mode
);
970 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
974 /* Enforce the right access mode for the fifo */
975 old_mask
= umask(~ socket_mode
);
977 /* Include the original umask in our mask */
978 umask(~socket_mode
| old_mask
);
980 r
= mkfifo(path
, socket_mode
);
983 if (r
< 0 && errno
!= EEXIST
) {
988 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
993 mac_selinux_create_file_clear();
995 if (fstat(fd
, &st
) < 0) {
1000 if (!S_ISFIFO(st
.st_mode
) ||
1001 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1002 st
.st_uid
!= getuid() ||
1003 st
.st_gid
!= getgid()) {
1013 mac_selinux_create_file_clear();
1019 static int special_address_create(
1029 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1035 if (fstat(fd
, &st
) < 0) {
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1055 static int mq_address_create(
1065 struct mq_attr _attr
, *attr
= NULL
;
1070 if (maxmsg
> 0 && msgsize
> 0) {
1072 _attr
.mq_flags
= O_NONBLOCK
;
1073 _attr
.mq_maxmsg
= maxmsg
;
1074 _attr
.mq_msgsize
= msgsize
;
1078 /* Enforce the right access mode for the mq */
1079 old_mask
= umask(~ mq_mode
);
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode
| old_mask
);
1083 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1091 if (fstat(fd
, &st
) < 0) {
1096 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1097 st
.st_uid
!= getuid() ||
1098 st
.st_gid
!= getgid()) {
1112 static int socket_symlink(Socket
*s
) {
1118 p
= socket_find_symlink_target(s
);
1122 STRV_FOREACH(i
, s
->symlinks
)
1123 symlink_label(p
, *i
);
1128 static int socket_open_fds(Socket
*s
) {
1132 bool know_label
= false;
1136 LIST_FOREACH(port
, p
, s
->ports
) {
1141 if (p
->type
== SOCKET_SOCKET
) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1149 if (s
->selinux_context_from_net
) {
1150 /* Get it from the network label */
1152 r
= mac_selinux_get_our_label(&label
);
1153 if (r
< 0 && r
!= -EOPNOTSUPP
)
1157 /* Get it from the executable we are about to start */
1159 r
= socket_instantiate_service(s
);
1163 if (UNIT_ISSET(s
->service
) &&
1164 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1165 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1166 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1174 r
= socket_address_listen(
1176 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1190 socket_apply_socket_options(s
, p
->fd
);
1193 } else if (p
->type
== SOCKET_SPECIAL
) {
1195 r
= special_address_create(
1201 } else if (p
->type
== SOCKET_FIFO
) {
1203 r
= fifo_address_create(
1211 socket_apply_fifo_options(s
, p
->fd
);
1214 } else if (p
->type
== SOCKET_MQUEUE
) {
1216 r
= mq_address_create(
1225 assert_not_reached("Unknown port type");
1228 mac_selinux_free(label
);
1232 socket_close_fds(s
);
1233 mac_selinux_free(label
);
1238 static void socket_unwatch_fds(Socket
*s
) {
1244 LIST_FOREACH(port
, p
, s
->ports
) {
1248 if (!p
->event_source
)
1251 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1253 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1257 static int socket_watch_fds(Socket
*s
) {
1263 LIST_FOREACH(port
, p
, s
->ports
) {
1267 if (p
->event_source
) {
1268 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1272 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1276 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1283 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1284 socket_unwatch_fds(s
);
1288 static void socket_set_state(Socket
*s
, SocketState state
) {
1289 SocketState old_state
;
1292 old_state
= s
->state
;
1300 SOCKET_STOP_PRE_SIGTERM
,
1301 SOCKET_STOP_PRE_SIGKILL
,
1303 SOCKET_FINAL_SIGTERM
,
1304 SOCKET_FINAL_SIGKILL
)) {
1306 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1307 socket_unwatch_control_pid(s
);
1308 s
->control_command
= NULL
;
1309 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1312 if (state
!= SOCKET_LISTENING
)
1313 socket_unwatch_fds(s
);
1321 SOCKET_STOP_PRE_SIGTERM
,
1322 SOCKET_STOP_PRE_SIGKILL
))
1323 socket_close_fds(s
);
1325 if (state
!= old_state
)
1326 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1328 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1331 static int socket_coldplug(Unit
*u
) {
1332 Socket
*s
= SOCKET(u
);
1336 assert(s
->state
== SOCKET_DEAD
);
1338 if (s
->deserialized_state
== s
->state
)
1341 if (IN_SET(s
->deserialized_state
,
1346 SOCKET_STOP_PRE_SIGTERM
,
1347 SOCKET_STOP_PRE_SIGKILL
,
1349 SOCKET_FINAL_SIGTERM
,
1350 SOCKET_FINAL_SIGKILL
)) {
1352 if (s
->control_pid
<= 0)
1355 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1359 r
= socket_arm_timer(s
);
1364 if (IN_SET(s
->deserialized_state
,
1370 SOCKET_STOP_PRE_SIGTERM
,
1371 SOCKET_STOP_PRE_SIGKILL
)) {
1372 r
= socket_open_fds(s
);
1377 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1378 r
= socket_watch_fds(s
);
1383 socket_set_state(s
, s
->deserialized_state
);
1387 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1388 _cleanup_free_
char **argv
= NULL
;
1391 ExecParameters exec_params
= {
1392 .apply_permissions
= true,
1393 .apply_chroot
= true,
1394 .apply_tty_stdin
= true,
1395 .bus_endpoint_fd
= -1,
1402 (void) unit_realize_cgroup(UNIT(s
));
1403 if (s
->reset_cpu_usage
) {
1404 (void) unit_reset_cpu_usage(UNIT(s
));
1405 s
->reset_cpu_usage
= false;
1408 r
= unit_setup_exec_runtime(UNIT(s
));
1412 r
= socket_arm_timer(s
);
1416 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1420 exec_params
.argv
= argv
;
1421 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1422 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1423 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1424 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1425 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1426 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1428 r
= exec_spawn(UNIT(s
),
1437 r
= unit_watch_pid(UNIT(s
), pid
);
1439 /* FIXME: we need to do something here */
1446 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1450 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1454 r
= socket_arm_timer(s
);
1458 /* We have to resolve the user names out-of-process, hence
1459 * let's fork here. It's messy, but well, what can we do? */
1467 uid_t uid
= UID_INVALID
;
1468 gid_t gid
= GID_INVALID
;
1471 (void) default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1472 (void) ignore_signals(SIGPIPE
, -1);
1475 if (!isempty(s
->user
)) {
1476 const char *user
= s
->user
;
1478 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1485 if (!isempty(s
->group
)) {
1486 const char *group
= s
->group
;
1488 r
= get_group_creds(&group
, &gid
);
1495 LIST_FOREACH(port
, p
, s
->ports
) {
1496 const char *path
= NULL
;
1498 if (p
->type
== SOCKET_SOCKET
)
1499 path
= socket_address_get_path(&p
->address
);
1500 else if (p
->type
== SOCKET_FIFO
)
1506 if (chown(path
, uid
, gid
) < 0) {
1517 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1522 r
= unit_watch_pid(UNIT(s
), pid
);
1530 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1534 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1537 if (f
!= SOCKET_SUCCESS
)
1540 exec_runtime_destroy(s
->exec_runtime
);
1541 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1543 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1545 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1548 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1550 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1554 if (f
!= SOCKET_SUCCESS
)
1557 socket_unwatch_control_pid(s
);
1558 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1559 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1561 if (s
->control_command
) {
1562 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1566 socket_set_state(s
, SOCKET_STOP_POST
);
1568 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1573 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1574 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1577 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1582 if (f
!= SOCKET_SUCCESS
)
1585 r
= unit_kill_context(
1588 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1589 KILL_KILL
: KILL_TERMINATE
,
1597 r
= socket_arm_timer(s
);
1601 socket_set_state(s
, state
);
1602 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1603 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1604 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1605 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1606 else if (state
== SOCKET_FINAL_SIGTERM
)
1607 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1609 socket_enter_dead(s
, SOCKET_SUCCESS
);
1614 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1616 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1617 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1619 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1622 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1626 if (f
!= SOCKET_SUCCESS
)
1629 socket_unwatch_control_pid(s
);
1630 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1631 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1633 if (s
->control_command
) {
1634 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1638 socket_set_state(s
, SOCKET_STOP_PRE
);
1640 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1645 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1646 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1649 static void socket_enter_listening(Socket
*s
) {
1653 r
= socket_watch_fds(s
);
1655 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1659 socket_set_state(s
, SOCKET_LISTENING
);
1663 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1666 static void socket_enter_start_post(Socket
*s
) {
1670 socket_unwatch_control_pid(s
);
1671 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1672 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1674 if (s
->control_command
) {
1675 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1677 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1681 socket_set_state(s
, SOCKET_START_POST
);
1683 socket_enter_listening(s
);
1688 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1691 static void socket_enter_start_chown(Socket
*s
) {
1696 r
= socket_open_fds(s
);
1698 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1702 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1704 socket_unwatch_control_pid(s
);
1705 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1706 s
->control_command
= NULL
;
1708 r
= socket_chown(s
, &s
->control_pid
);
1710 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1714 socket_set_state(s
, SOCKET_START_CHOWN
);
1716 socket_enter_start_post(s
);
1721 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1724 static void socket_enter_start_pre(Socket
*s
) {
1728 socket_unwatch_control_pid(s
);
1729 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1730 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1732 if (s
->control_command
) {
1733 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1735 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1739 socket_set_state(s
, SOCKET_START_PRE
);
1741 socket_enter_start_chown(s
);
1746 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1749 static void socket_enter_running(Socket
*s
, int cfd
) {
1750 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1755 /* We don't take connections anymore if we are supposed to
1756 * shut down anyway */
1757 if (unit_stop_pending(UNIT(s
))) {
1759 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1764 /* Flush all sockets by closing and reopening them */
1765 socket_close_fds(s
);
1767 r
= socket_open_fds(s
);
1769 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1770 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1774 r
= socket_watch_fds(s
);
1776 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1777 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1787 bool pending
= false;
1789 /* If there's already a start pending don't bother to
1791 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1792 if (unit_active_or_pending(other
)) {
1798 if (!UNIT_ISSET(s
->service
)) {
1799 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1804 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1809 socket_set_state(s
, SOCKET_RUNNING
);
1811 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1814 if (s
->n_connections
>= s
->max_connections
) {
1815 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1820 r
= socket_instantiate_service(s
);
1824 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1829 /* ENOTCONN is legitimate if TCP RST was received.
1830 * This connection is over, but the socket unit lives on. */
1835 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1839 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1843 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1847 service
= SERVICE(UNIT_DEREF(s
->service
));
1848 unit_ref_unset(&s
->service
);
1851 UNIT(service
)->no_gc
= false;
1853 unit_choose_id(UNIT(service
), name
);
1855 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1860 s
->n_connections
++;
1862 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1866 /* Notify clients about changed counters */
1867 unit_add_to_dbus_queue(UNIT(s
));
1873 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1874 cfd
>= 0 ? "template" : "non-template",
1875 bus_error_message(&error
, r
));
1877 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1881 static void socket_run_next(Socket
*s
) {
1885 assert(s
->control_command
);
1886 assert(s
->control_command
->command_next
);
1888 socket_unwatch_control_pid(s
);
1890 s
->control_command
= s
->control_command
->command_next
;
1892 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1899 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1901 if (s
->state
== SOCKET_START_POST
)
1902 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1903 else if (s
->state
== SOCKET_STOP_POST
)
1904 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1906 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1909 static int socket_start(Unit
*u
) {
1910 Socket
*s
= SOCKET(u
);
1914 /* We cannot fulfill this request right now, try again later
1916 if (IN_SET(s
->state
,
1918 SOCKET_STOP_PRE_SIGKILL
,
1919 SOCKET_STOP_PRE_SIGTERM
,
1921 SOCKET_FINAL_SIGTERM
,
1922 SOCKET_FINAL_SIGKILL
))
1925 /* Already on it! */
1926 if (IN_SET(s
->state
,
1932 /* Cannot run this without the service being around */
1933 if (UNIT_ISSET(s
->service
)) {
1936 service
= SERVICE(UNIT_DEREF(s
->service
));
1938 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1939 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1943 /* If the service is already active we cannot start the
1945 if (service
->state
!= SERVICE_DEAD
&&
1946 service
->state
!= SERVICE_FAILED
&&
1947 service
->state
!= SERVICE_AUTO_RESTART
) {
1948 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1953 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1955 s
->result
= SOCKET_SUCCESS
;
1956 s
->reset_cpu_usage
= true;
1958 socket_enter_start_pre(s
);
1963 static int socket_stop(Unit
*u
) {
1964 Socket
*s
= SOCKET(u
);
1969 if (IN_SET(s
->state
,
1971 SOCKET_STOP_PRE_SIGTERM
,
1972 SOCKET_STOP_PRE_SIGKILL
,
1974 SOCKET_FINAL_SIGTERM
,
1975 SOCKET_FINAL_SIGKILL
))
1978 /* If there's already something running we go directly into
1980 if (IN_SET(s
->state
,
1983 SOCKET_START_POST
)) {
1984 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1988 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1990 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1994 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1995 Socket
*s
= SOCKET(u
);
2003 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2004 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2005 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2007 if (s
->control_pid
> 0)
2008 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2010 if (s
->control_command_id
>= 0)
2011 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2013 LIST_FOREACH(port
, p
, s
->ports
) {
2019 copy
= fdset_put_dup(fds
, p
->fd
);
2023 if (p
->type
== SOCKET_SOCKET
) {
2024 _cleanup_free_
char *t
= NULL
;
2026 r
= socket_address_print(&p
->address
, &t
);
2030 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2031 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2033 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2035 } else if (p
->type
== SOCKET_SPECIAL
)
2036 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2037 else if (p
->type
== SOCKET_MQUEUE
)
2038 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2040 assert(p
->type
== SOCKET_FIFO
);
2041 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2048 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2049 Socket
*s
= SOCKET(u
);
2055 if (streq(key
, "state")) {
2058 state
= socket_state_from_string(value
);
2060 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2062 s
->deserialized_state
= state
;
2063 } else if (streq(key
, "result")) {
2066 f
= socket_result_from_string(value
);
2068 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2069 else if (f
!= SOCKET_SUCCESS
)
2072 } else if (streq(key
, "n-accepted")) {
2075 if (safe_atou(value
, &k
) < 0)
2076 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2079 } else if (streq(key
, "control-pid")) {
2082 if (parse_pid(value
, &pid
) < 0)
2083 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2085 s
->control_pid
= pid
;
2086 } else if (streq(key
, "control-command")) {
2087 SocketExecCommand id
;
2089 id
= socket_exec_command_from_string(value
);
2091 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2093 s
->control_command_id
= id
;
2094 s
->control_command
= s
->exec_command
[id
];
2096 } else if (streq(key
, "fifo")) {
2100 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2101 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2104 LIST_FOREACH(port
, p
, s
->ports
)
2105 if (p
->type
== SOCKET_FIFO
&&
2106 path_equal_or_files_same(p
->path
, value
+skip
))
2111 p
->fd
= fdset_remove(fds
, fd
);
2115 } else if (streq(key
, "special")) {
2119 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2120 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2123 LIST_FOREACH(port
, p
, s
->ports
)
2124 if (p
->type
== SOCKET_SPECIAL
&&
2125 path_equal_or_files_same(p
->path
, value
+skip
))
2130 p
->fd
= fdset_remove(fds
, fd
);
2134 } else if (streq(key
, "mqueue")) {
2138 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2139 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2142 LIST_FOREACH(port
, p
, s
->ports
)
2143 if (p
->type
== SOCKET_MQUEUE
&&
2144 streq(p
->path
, value
+skip
))
2149 p
->fd
= fdset_remove(fds
, fd
);
2153 } else if (streq(key
, "socket")) {
2154 int fd
, type
, skip
= 0;
2157 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2158 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2161 LIST_FOREACH(port
, p
, s
->ports
)
2162 if (socket_address_is(&p
->address
, value
+skip
, type
))
2167 p
->fd
= fdset_remove(fds
, fd
);
2171 } else if (streq(key
, "netlink")) {
2175 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2176 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2179 LIST_FOREACH(port
, p
, s
->ports
)
2180 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2185 p
->fd
= fdset_remove(fds
, fd
);
2189 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2194 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2195 Socket
*s
= SOCKET(u
);
2200 LIST_FOREACH(port
, p
, s
->ports
) {
2204 if (p
->type
!= SOCKET_SOCKET
)
2210 FDSET_FOREACH(fd
, fds
, i
) {
2211 if (socket_address_matches_fd(&p
->address
, fd
)) {
2212 p
->fd
= fdset_remove(fds
, fd
);
2213 s
->deserialized_state
= SOCKET_LISTENING
;
2222 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2225 return state_translation_table
[SOCKET(u
)->state
];
2228 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2231 return socket_state_to_string(SOCKET(u
)->state
);
2234 const char* socket_port_type_to_string(SocketPort
*p
) {
2242 switch (p
->address
.type
) {
2250 case SOCK_SEQPACKET
:
2251 return "SequentialPacket";
2254 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2261 case SOCKET_SPECIAL
:
2265 return "MessageQueue";
2275 _pure_
static bool socket_check_gc(Unit
*u
) {
2276 Socket
*s
= SOCKET(u
);
2280 return s
->n_connections
> 0;
2283 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2284 SocketPort
*p
= userdata
;
2290 if (p
->socket
->state
!= SOCKET_LISTENING
)
2293 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2295 if (revents
!= EPOLLIN
) {
2297 if (revents
& EPOLLHUP
)
2298 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2300 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2305 if (p
->socket
->accept
&&
2306 p
->type
== SOCKET_SOCKET
&&
2307 socket_address_can_accept(&p
->address
)) {
2311 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2317 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2324 socket_apply_socket_options(p
->socket
, cfd
);
2327 socket_enter_running(p
->socket
, cfd
);
2331 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2335 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2336 Socket
*s
= SOCKET(u
);
2342 if (pid
!= s
->control_pid
)
2347 if (is_clean_exit(code
, status
, NULL
))
2349 else if (code
== CLD_EXITED
)
2350 f
= SOCKET_FAILURE_EXIT_CODE
;
2351 else if (code
== CLD_KILLED
)
2352 f
= SOCKET_FAILURE_SIGNAL
;
2353 else if (code
== CLD_DUMPED
)
2354 f
= SOCKET_FAILURE_CORE_DUMP
;
2356 assert_not_reached("Unknown sigchld code");
2358 if (s
->control_command
) {
2359 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2361 if (s
->control_command
->ignore
)
2365 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2366 "Control process exited, code=%s status=%i",
2367 sigchld_code_to_string(code
), status
);
2369 if (f
!= SOCKET_SUCCESS
)
2372 if (s
->control_command
&&
2373 s
->control_command
->command_next
&&
2374 f
== SOCKET_SUCCESS
) {
2376 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2379 s
->control_command
= NULL
;
2380 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2382 /* No further commands for this step, so let's figure
2383 * out what to do next */
2385 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2389 case SOCKET_START_PRE
:
2390 if (f
== SOCKET_SUCCESS
)
2391 socket_enter_start_chown(s
);
2393 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2396 case SOCKET_START_CHOWN
:
2397 if (f
== SOCKET_SUCCESS
)
2398 socket_enter_start_post(s
);
2400 socket_enter_stop_pre(s
, f
);
2403 case SOCKET_START_POST
:
2404 if (f
== SOCKET_SUCCESS
)
2405 socket_enter_listening(s
);
2407 socket_enter_stop_pre(s
, f
);
2410 case SOCKET_STOP_PRE
:
2411 case SOCKET_STOP_PRE_SIGTERM
:
2412 case SOCKET_STOP_PRE_SIGKILL
:
2413 socket_enter_stop_post(s
, f
);
2416 case SOCKET_STOP_POST
:
2417 case SOCKET_FINAL_SIGTERM
:
2418 case SOCKET_FINAL_SIGKILL
:
2419 socket_enter_dead(s
, f
);
2423 assert_not_reached("Uh, control process died at wrong time.");
2427 /* Notify clients about changed exit status */
2428 unit_add_to_dbus_queue(u
);
2431 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2432 Socket
*s
= SOCKET(userdata
);
2435 assert(s
->timer_event_source
== source
);
2439 case SOCKET_START_PRE
:
2440 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2441 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2444 case SOCKET_START_CHOWN
:
2445 case SOCKET_START_POST
:
2446 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2447 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2450 case SOCKET_STOP_PRE
:
2451 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2452 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2455 case SOCKET_STOP_PRE_SIGTERM
:
2456 if (s
->kill_context
.send_sigkill
) {
2457 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2458 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2460 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2461 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2465 case SOCKET_STOP_PRE_SIGKILL
:
2466 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2467 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2470 case SOCKET_STOP_POST
:
2471 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2472 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2475 case SOCKET_FINAL_SIGTERM
:
2476 if (s
->kill_context
.send_sigkill
) {
2477 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2478 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2480 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2481 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2485 case SOCKET_FINAL_SIGKILL
:
2486 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2487 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2491 assert_not_reached("Timeout at wrong time.");
2497 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2506 /* Called from the service code for requesting our fds */
2509 LIST_FOREACH(port
, p
, s
->ports
)
2519 rfds
= new(int, rn_fds
);
2524 LIST_FOREACH(port
, p
, s
->ports
)
2528 assert(k
== rn_fds
);
2536 static void socket_reset_failed(Unit
*u
) {
2537 Socket
*s
= SOCKET(u
);
2541 if (s
->state
== SOCKET_FAILED
)
2542 socket_set_state(s
, SOCKET_DEAD
);
2544 s
->result
= SOCKET_SUCCESS
;
2547 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2550 /* The service is dead. Dang!
2552 * This is strictly for one-instance-for-all-connections
2555 if (s
->state
== SOCKET_RUNNING
) {
2556 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2557 if (failed_permanent
)
2558 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2560 socket_enter_listening(s
);
2564 void socket_connection_unref(Socket
*s
) {
2567 /* The service is dead. Yay!
2569 * This is strictly for one-instance-per-connection
2572 assert(s
->n_connections
> 0);
2575 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2578 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2579 Socket
*s
= SOCKET(u
);
2585 /* Don't propagate state changes from the service if we are
2586 already down or accepting connections */
2587 if ((s
->state
!= SOCKET_RUNNING
&&
2588 s
->state
!= SOCKET_LISTENING
) ||
2592 if (other
->load_state
!= UNIT_LOADED
||
2593 other
->type
!= UNIT_SERVICE
)
2596 se
= SERVICE(other
);
2598 if (se
->state
== SERVICE_FAILED
)
2599 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2601 if (se
->state
== SERVICE_DEAD
||
2602 se
->state
== SERVICE_FINAL_SIGTERM
||
2603 se
->state
== SERVICE_FINAL_SIGKILL
||
2604 se
->state
== SERVICE_AUTO_RESTART
)
2605 socket_notify_service_dead(s
, false);
2607 if (se
->state
== SERVICE_RUNNING
)
2608 socket_set_state(s
, SOCKET_RUNNING
);
2611 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2612 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2615 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2616 Socket
*s
= SOCKET(u
);
2619 if (!s
->timer_event_source
)
2622 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2629 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2630 [SOCKET_DEAD
] = "dead",
2631 [SOCKET_START_PRE
] = "start-pre",
2632 [SOCKET_START_CHOWN
] = "start-chown",
2633 [SOCKET_START_POST
] = "start-post",
2634 [SOCKET_LISTENING
] = "listening",
2635 [SOCKET_RUNNING
] = "running",
2636 [SOCKET_STOP_PRE
] = "stop-pre",
2637 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2638 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2639 [SOCKET_STOP_POST
] = "stop-post",
2640 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2641 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2642 [SOCKET_FAILED
] = "failed"
2645 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2647 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2648 [SOCKET_EXEC_START_PRE
] = "StartPre",
2649 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2650 [SOCKET_EXEC_START_POST
] = "StartPost",
2651 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2652 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2655 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2657 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2658 [SOCKET_SUCCESS
] = "success",
2659 [SOCKET_FAILURE_RESOURCES
] = "resources",
2660 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2661 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2662 [SOCKET_FAILURE_SIGNAL
] = "signal",
2663 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2664 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2667 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2669 const UnitVTable socket_vtable
= {
2670 .object_size
= sizeof(Socket
),
2671 .exec_context_offset
= offsetof(Socket
, exec_context
),
2672 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2673 .kill_context_offset
= offsetof(Socket
, kill_context
),
2674 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2680 .private_section
= "Socket",
2682 .init
= socket_init
,
2683 .done
= socket_done
,
2684 .load
= socket_load
,
2686 .coldplug
= socket_coldplug
,
2688 .dump
= socket_dump
,
2690 .start
= socket_start
,
2691 .stop
= socket_stop
,
2693 .kill
= socket_kill
,
2695 .get_timeout
= socket_get_timeout
,
2697 .serialize
= socket_serialize
,
2698 .deserialize_item
= socket_deserialize_item
,
2699 .distribute_fds
= socket_distribute_fds
,
2701 .active_state
= socket_active_state
,
2702 .sub_state_to_string
= socket_sub_state_to_string
,
2704 .check_gc
= socket_check_gc
,
2706 .sigchld_event
= socket_sigchld_event
,
2708 .trigger_notify
= socket_trigger_notify
,
2710 .reset_failed
= socket_reset_failed
,
2712 .bus_interface
= "org.freedesktop.systemd1.Socket",
2713 .bus_vtable
= bus_socket_vtable
,
2714 .bus_set_property
= bus_socket_set_property
,
2715 .bus_commit_properties
= bus_socket_commit_properties
,
2717 .status_message_formats
= {
2718 /*.starting_stopping = {
2719 [0] = "Starting socket %s...",
2720 [1] = "Stopping socket %s...",
2722 .finished_start_job
= {
2723 [JOB_DONE
] = "Listening on %s.",
2724 [JOB_FAILED
] = "Failed to listen on %s.",
2725 [JOB_DEPENDENCY
] = "Dependency failed for %s.",
2726 [JOB_TIMEOUT
] = "Timed out starting %s.",
2728 .finished_stop_job
= {
2729 [JOB_DONE
] = "Closed %s.",
2730 [JOB_FAILED
] = "Failed stopping %s.",
2731 [JOB_TIMEOUT
] = "Timed out stopping %s.",