]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
When warning about unsupported options, be more detailed
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
718db961 30#include <netinet/tcp.h>
916abb21 31#include <mqueue.h>
d2edfae0 32#include <sys/xattr.h>
83c60c9f 33
718db961 34#include "sd-event.h"
83c60c9f 35#include "log.h"
23a177ef
LP		 36#include "load-dropin.h"
37#include "load-fragment.h"
9e2f7c11 38#include "strv.h"
49e942b2 39#include "mkdir.h"
9eb977db 40#include "path-util.h"
4f2d528d 41#include "unit-name.h"
41f9172f 42#include "unit-printf.h"
4fd5948e 43#include "missing.h"
a40eb732 44#include "special.h"
e51bc1a2 45#include "label.h"
9a57c629 46#include "exit-status.h"
f6a6225e 47#include "def.h"
5a045dad 48#include "smack-util.h"
718db961
LP		 49#include "bus-util.h"
50#include "bus-error.h"
e821075a
LP		 51#include "dbus-socket.h"
52#include "unit.h"
53#include "socket.h"
83c60c9f 54
acbb0225 55static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 68 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 69};
5cb5a6ff 70
718db961
LP		 71static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
a16e1123
LP		 74static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
ac155bb8 78 assert(u->load_state == UNIT_STUB);
a16e1123 79
a16e1123 80 s->backlog = SOMAXCONN;
1f19a534 81 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 82 s->directory_mode = 0755;
9131f660 83 s->socket_mode = 0666;
a16e1123 84
6cf6bbc2
LP		 85 s->max_connections = 64;
86
4fd5948e 87 s->priority = -1;
4fd5948e
LP		 88 s->ip_tos = -1;
89 s->ip_ttl = -1;
4fd5948e 90 s->mark = -1;
4fd5948e 91
ac155bb8
MS		 92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
085afe36 94
a16e1123
LP		 95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96}
acbb0225 97
5e94833f
LP		 98static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106}
107
74051b9b 108void socket_free_ports(Socket *s) {
034c6ed7
LP		 109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
71fda00f 114 LIST_REMOVE(port, s->ports, p);
034c6ed7 115
718db961
LP		 116 sd_event_source_unref(p->event_source);
117
03e334a1 118 safe_close(p->fd);
034c6ed7
LP		 119 free(p->path);
120 free(p);
121 }
74051b9b
LP		 122}
123
124static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
034c6ed7 130
613b411c 131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 133 s->control_command = NULL;
134
5e94833f 135 socket_unwatch_control_pid(s);
034c6ed7 136
57020a3a 137 unit_ref_unset(&s->service);
034c6ed7 138
cebf8b20
TT		 139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
acbb0225 142 free(s->bind_to_device);
e537352b 143 s->bind_to_device = NULL;
acbb0225 144
0eb59ccf
AK		 145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
811ba7a0
LP		 149 strv_free(s->symlinks);
150
3900e5fd
LP		 151 free(s->user);
152 free(s->group);
153
718db961
LP		 154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155}
156
157static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
6a0f1f6d
LP		 175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
5cb5a6ff
LP		 181}
182
8b835fcc
ZJS		 183int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
8b835fcc 195 if (UNIT_DEREF(s->service) || !s->accept)
b15bdda8
LP		 196 return 0;
197
315db1a8
ZJS		 198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
b15bdda8
LP		 200 return -ENOMEM;
201
315db1a8 202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 203 return -ENOMEM;
204
1124fe6f 205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 206 if (r < 0)
207 return r;
208
ac155bb8 209 u->no_gc = true;
57020a3a
LP		 210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 213}
214
4f2d528d
LP		 215static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
dd5ad9d4
LP		 223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
4f2d528d
LP		 228 if (!socket_address_can_accept(&p->address))
229 return true;
dd5ad9d4 230 }
4f2d528d
LP		 231
232 return false;
233}
234
a57f7e2c 235static int socket_add_mount_links(Socket *s) {
6e2ef85b 236 SocketPort *p;
6e2ef85b
LP		 237 int r;
238
239 assert(s);
6e2ef85b 240
a57f7e2c
LP		 241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
6e2ef85b 243
a57f7e2c
LP		 244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
6e2ef85b 248
a57f7e2c
LP		 249 if (!path)
250 continue;
6e2ef85b 251
a57f7e2c 252 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 253 if (r < 0)
6e2ef85b 254 return r;
b87705cd 255 }
6e2ef85b
LP		 256
257 return 0;
258}
259
260static int socket_add_device_link(Socket *s) {
261 char *t;
6e2ef85b
LP		 262
263 assert(s);
264
7d0c710d 265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 266 return 0;
267
e821075a
LP		 268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 270}
271
a40eb732
LP		 272static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
e3d84721
LP		 276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
2a77d31d 279
e3d84721
LP		 280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
a40eb732 283 return r;
2a77d31d 284 }
a40eb732 285
ead8e478 286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 287}
288
44a6b1b6 289_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298}
299
e821075a
LP		 300static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
e537352b 302 int r;
44d8db9e 303
e821075a 304 assert(s);
57020a3a 305
e821075a 306 if (have_non_accept_socket(s)) {
23a177ef 307
e821075a
LP		 308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
57020a3a 310
e821075a 311 r = unit_load_related_unit(u, ".service", &x);
57020a3a 312 if (r < 0)
4f2d528d 313 return r;
e821075a
LP		 314
315 unit_ref_set(&s->service, x);
4f2d528d 316 }
44d8db9e 317
e821075a
LP		 318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
6e2ef85b 320 return r;
e821075a 321 }
6e2ef85b 322
e821075a
LP		 323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
6e2ef85b 326
e821075a
LP		 327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
598459ce 331 r = unit_patch_contexts(u);
e821075a
LP		 332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
23a177ef 339
598459ce 340 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 341 if (r < 0)
342 return r;
e821075a 343 }
a016b922 344
e821075a
LP		 345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352}
353
811ba7a0
LP		 354static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385}
386
e821075a
LP		 387static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
79008bdd 394 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
e821075a
LP		 395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
79008bdd 399 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
e821075a
LP		 400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
79008bdd 405 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
e821075a
LP		 406 return -EINVAL;
407 }
e06c73cc 408
e821075a 409 if (s->accept && UNIT_DEREF(s->service)) {
79008bdd 410 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
e821075a
LP		 411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
79008bdd 415 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
e821075a
LP		 416 return -EINVAL;
417 }
418
811ba7a0 419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
79008bdd 420 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
811ba7a0
LP		 421 return -EINVAL;
422 }
423
e821075a
LP		 424 return 0;
425}
426
427static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
e06c73cc
LP		 441 if (r < 0)
442 return r;
23a177ef
LP		 443 }
444
4f2d528d 445 return socket_verify(s);
44d8db9e
LP		 446}
447
44a6b1b6 448_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
542563ba
LP		 452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
034c6ed7 460 assert_not_reached("Unknown socket type");
542563ba
LP		 461 return NULL;
462}
463
87f0e418 464static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 465 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 466 SocketExecCommand c;
87f0e418 467 Socket *s = SOCKET(u);
542563ba 468 SocketPort *p;
82ba9f08 469 const char *prefix2;
5cb5a6ff
LP		 470
471 assert(s);
fa068367 472 assert(f);
5cb5a6ff 473
4c940960 474 prefix = strempty(prefix);
e821075a 475 prefix2 = strappenda(prefix, "\t");
c43d20a0 476
5cb5a6ff
LP		 477 fprintf(f,
478 "%sSocket State: %s\n"
81a5c6d0 479 "%sResult: %s\n"
542563ba 480 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
4fd5948e
LP		 483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
4427c3f4 485 "%sNoDelay: %s\n"
cebf8b20 486 "%sFreeBind: %s\n"
6b6d2dee 487 "%sTransparent: %s\n"
ec6370a2 488 "%sBroadcast: %s\n"
ede3deb4 489 "%sPassCredentials: %s\n"
54ecda32 490 "%sPassSecurity: %s\n"
bd1fe7c7 491 "%sTCPCongestion: %s\n"
16115b0a
MS		 492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
a16e1123 494 prefix, socket_state_to_string(s->state),
81a5c6d0 495 prefix, socket_result_to_string(s->result),
c0120d99 496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 497 prefix, s->backlog,
498 prefix, s->socket_mode,
4fd5948e
LP		 499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
4427c3f4 501 prefix, yes_no(s->no_delay),
cebf8b20 502 prefix, yes_no(s->free_bind),
6b6d2dee 503 prefix, yes_no(s->transparent),
ec6370a2 504 prefix, yes_no(s->broadcast),
d68af586 505 prefix, yes_no(s->pass_cred),
54ecda32 506 prefix, yes_no(s->pass_sec),
bd1fe7c7 507 prefix, strna(s->tcp_congestion),
16115b0a
MS		 508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
542563ba 510
70123e68
LP		 511 if (s->control_pid > 0)
512 fprintf(f,
de0671ee
ZJS		 513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
70123e68 515
acbb0225
LP		 516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
4f2d528d
LP		 521 if (s->accept)
522 fprintf(f,
6cf6bbc2
LP		 523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
4f2d528d 529
4fd5948e
LP		 530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
916abb21
LP		 565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
718db961 575 if (s->reuse_port)
f7db7a69
SL		 576 fprintf(f,
577 "%sReusePort: %s\n",
718db961 578 prefix, yes_no(s->reuse_port));
f7db7a69 579
0eb59ccf
AK		 580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
3900e5fd
LP		 595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
3cd761e4 602 if (s->keep_alive_time > 0)
209e9dcd 603 fprintf(f,
3cd761e4
LP		 604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 606
3cd761e4 607 if (s->keep_alive_interval)
209e9dcd 608 fprintf(f,
3cd761e4
LP		 609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 611
3cd761e4 612 if (s->keep_alive_cnt)
209e9dcd
SS		 613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
3cd761e4 617 if (s->defer_accept)
cc567c9b 618 fprintf(f,
3cd761e4
LP		 619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 621
034c6ed7 622 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 623
542563ba
LP		 624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
e364ad06 627 char *k = NULL;
542563ba
LP		 628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
7a22745a 634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 635 free(k);
b0a3f2bc
LP		 636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 640 else
542563ba
LP		 641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
5cb5a6ff
LP		 643
644 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 645 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 646
e537352b 647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 648 if (!s->exec_command[c])
649 continue;
5cb5a6ff 650
40d50879 651 fprintf(f, "%s-> %s:\n",
a16e1123 652 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 655 }
656}
657
4f2d528d
LP		 658static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
9d16d0c7 661 union sockaddr_union local, remote;
4f2d528d
LP		 662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
77b088c2
LP		 682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
4f2d528d
LP		 684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
c65a0b14 694 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
77b088c2
LP		 705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
2b061f5a
LP		 707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
77b088c2
LP		 716 "%u-%s:%u-%s:%u",
717 nr,
2b061f5a
LP		 718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
4f2d528d
LP		 724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
eff05270 730 int k;
4f2d528d 731
eff05270 732 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
eff05270 747 return k;
2f20a8eb 748
2f20a8eb 749 break;
4f2d528d
LP		 750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758}
759
034c6ed7 760static void socket_close_fds(Socket *s) {
83c60c9f 761 SocketPort *p;
811ba7a0 762 char **i;
83c60c9f
LP		 763
764 assert(s);
765
034c6ed7 766 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 767
768 p->event_source = sd_event_source_unref(p->event_source);
769
83c60c9f
LP		 770 if (p->fd < 0)
771 continue;
772
03e334a1 773 p->fd = safe_close(p->fd);
a16e1123 774
bd1fe7c7
LP		 775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
83c60c9f 802 }
811ba7a0
LP		 803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
83c60c9f
LP		 807}
808
4fd5948e 809static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 810 int r;
811
4fd5948e
LP		 812 assert(s);
813 assert(fd >= 0);
814
815 if (s->keep_alive) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
79008bdd 818 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 819 }
820
209e9dcd
SS		 821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
79008bdd 824 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 825 }
826
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
79008bdd 830 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 831 }
832
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
79008bdd 836 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 837 }
838
cc567c9b
SS		 839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
79008bdd 842 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 843 }
844
4427c3f4
SS		 845 if (s->no_delay) {
846 int b = s->no_delay;
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
79008bdd 848 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
4427c3f4
SS		 849 }
850
ec6370a2
LP		 851 if (s->broadcast) {
852 int one = 1;
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
79008bdd 854 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
ec6370a2
LP		 855 }
856
d68af586
MS		 857 if (s->pass_cred) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
79008bdd 860 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
d68af586
MS		 861 }
862
54ecda32
LP		 863 if (s->pass_sec) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
79008bdd 866 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
54ecda32
LP		 867 }
868
4fd5948e
LP		 869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
79008bdd 871 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
4fd5948e
LP		 872
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
7d9eaa84
LP		 875
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
877
b8cef44e 878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
79008bdd 880 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
4fd5948e
LP		 881 }
882
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
b8cef44e 885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
79008bdd 887 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
4fd5948e
LP		 888 }
889
890 if (s->mark >= 0)
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
79008bdd 892 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
4fd5948e
LP		 893
894 if (s->ip_tos >= 0)
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
79008bdd 896 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
4fd5948e 897
46925ac5 898 if (s->ip_ttl >= 0) {
d53e386d 899 int x;
46925ac5
LP		 900
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 902
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 else {
906 x = -1;
907 errno = EAFNOSUPPORT;
908 }
46925ac5
LP		 909
910 if (r < 0 && x < 0)
79008bdd 911 log_unit_warning(UNIT(s)->id,
66870f90 912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 913 }
cebf8b20
TT		 914
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
79008bdd 917 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
0eb59ccf 918
718db961
LP		 919 if (s->reuse_port) {
920 int b = s->reuse_port;
f0511bd7 921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
79008bdd 922 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
f7db7a69
SL		 923 }
924
d53e386d
LP		 925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 if (r < 0)
31938a85 928 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 929 }
9a4e038c 930
d53e386d
LP		 931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 if (r < 0)
31938a85 934 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 935 }
4fd5948e
LP		 936}
937
b15bdda8 938static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 939 int r;
940
4fd5948e
LP		 941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
79008bdd 946 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
0eb59ccf 947
d53e386d
LP		 948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, s->smack);
950 if (r < 0)
31938a85 951 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
d53e386d 952 }
4fd5948e
LP		 953}
954
b15bdda8
LP		 955static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
b15bdda8
LP		 959 int *_fd) {
960
7a58bfa4 961 int fd = -1, r = 0;
b15bdda8
LP		 962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
d2e54fae 968 mkdir_parents_label(path, directory_mode);
b15bdda8 969
ecabcf8b 970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 971 if (r < 0)
56cf987f 972 goto fail;
b15bdda8
LP		 973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
94bc2731 983 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 984 r = -errno;
985 goto fail;
986 }
987
e4f44e73 988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 989 r = -errno;
990 goto fail;
991 }
992
ecabcf8b 993 mac_selinux_create_file_clear();
7a58bfa4 994
b15bdda8
LP		 995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
b15bdda8
LP		 1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012fail:
ecabcf8b 1013 mac_selinux_create_file_clear();
03e334a1 1014 safe_close(fd);
b15bdda8
LP		 1015
1016 return r;
1017}
1018
b0a3f2bc
LP		 1019static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
811ba7a0
LP		 1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
b0a3f2bc
LP		 1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049fail:
03e334a1 1050 safe_close(fd);
b0a3f2bc
LP		 1051
1052 return r;
1053}
1054
916abb21
LP		 1055static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
916abb21
LP		 1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
8ea913b2 1086 if (fd < 0) {
916abb21
LP		 1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107fail:
03e334a1 1108 safe_close(fd);
916abb21
LP		 1109 return r;
1110}
1111
811ba7a0
LP		 1112static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
43b133b4 1123 symlink_label(p, *i);
811ba7a0
LP		 1124
1125 return 0;
1126}
1127
034c6ed7 1128static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1129 SocketPort *p;
1130 int r;
56cf987f 1131 char *label = NULL;
049f8642 1132 bool know_label = false;
83c60c9f
LP		 1133
1134 assert(s);
1135
034c6ed7 1136 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1137
034c6ed7
LP		 1138 if (p->fd >= 0)
1139 continue;
83c60c9f
LP		 1140
1141 if (p->type == SOCKET_SOCKET) {
049f8642 1142
7f416dae
LP		 1143 if (!know_label) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1148
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1151
1152 r = mac_selinux_get_our_label(&label);
75514a70 1153 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1154 goto rollback;
049f8642 1155
7f416dae
LP		 1156 } else {
1157 /* Get it from the executable we are about to start */
1158
1159 r = socket_instantiate_service(s);
1160 if (r < 0)
1161 goto rollback;
1162
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1166 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1167 goto rollback;
1168 }
189583d7 1169 }
049f8642
LP		 1170
1171 know_label = true;
1172 }
1173
175a3d25
LP		 1174 r = socket_address_listen(
1175 &p->address,
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 s->backlog,
1178 s->bind_ipv6_only,
1179 s->bind_to_device,
1180 s->free_bind,
1181 s->transparent,
1182 s->directory_mode,
1183 s->socket_mode,
1184 label);
1185 if (r < 0)
83c60c9f
LP		 1186 goto rollback;
1187
175a3d25 1188 p->fd = r;
4fd5948e 1189 socket_apply_socket_options(s, p->fd);
811ba7a0 1190 socket_symlink(s);
4fd5948e 1191
b0a3f2bc
LP		 1192 } else if (p->type == SOCKET_SPECIAL) {
1193
175a3d25
LP		 1194 r = special_address_create(
1195 p->path,
1196 &p->fd);
1197 if (r < 0)
b0a3f2bc
LP		 1198 goto rollback;
1199
b15bdda8 1200 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1201
175a3d25
LP		 1202 r = fifo_address_create(
1203 p->path,
1204 s->directory_mode,
1205 s->socket_mode,
1206 &p->fd);
1207 if (r < 0)
83c60c9f 1208 goto rollback;
83c60c9f 1209
b15bdda8 1210 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1211 socket_symlink(s);
1212
916abb21 1213 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1214
175a3d25
LP		 1215 r = mq_address_create(
1216 p->path,
1217 s->socket_mode,
1218 s->mq_maxmsg,
1219 s->mq_msgsize,
1220 &p->fd);
1221 if (r < 0)
916abb21 1222 goto rollback;
b15bdda8
LP		 1223 } else
1224 assert_not_reached("Unknown port type");
034c6ed7
LP		 1225 }
1226
cc56fafe 1227 mac_selinux_free(label);
034c6ed7
LP		 1228 return 0;
1229
1230rollback:
1231 socket_close_fds(s);
cc56fafe 1232 mac_selinux_free(label);
7f416dae 1233
034c6ed7
LP		 1234 return r;
1235}
1236
1237static void socket_unwatch_fds(Socket *s) {
1238 SocketPort *p;
718db961 1239 int r;
9152c765 1240
034c6ed7
LP		 1241 assert(s);
1242
1243 LIST_FOREACH(port, p, s->ports) {
1244 if (p->fd < 0)
1245 continue;
1246
a4152e3f
LP		 1247 if (!p->event_source)
1248 continue;
1249
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1251 if (r < 0)
79008bdd 1252 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
83c60c9f 1253 }
034c6ed7
LP		 1254}
1255
1256static int socket_watch_fds(Socket *s) {
1257 SocketPort *p;
1258 int r;
1259
1260 assert(s);
83c60c9f 1261
034c6ed7
LP		 1262 LIST_FOREACH(port, p, s->ports) {
1263 if (p->fd < 0)
1264 continue;
1265
718db961
LP		 1266 if (p->event_source)
1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1268 else
151b9b96 1269 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1270
718db961 1271 if (r < 0) {
31938a85 1272 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
034c6ed7 1273 goto fail;
718db961 1274 }
034c6ed7 1275 }
83c60c9f 1276
542563ba 1277 return 0;
83c60c9f 1278
034c6ed7
LP		 1279fail:
1280 socket_unwatch_fds(s);
1281 return r;
1282}
1283
1284static void socket_set_state(Socket *s, SocketState state) {
1285 SocketState old_state;
1286 assert(s);
1287
1288 old_state = s->state;
1289 s->state = state;
1290
bd1fe7c7
LP		 1291 if (!IN_SET(state,
1292 SOCKET_START_PRE,
3900e5fd 1293 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1294 SOCKET_START_POST,
1295 SOCKET_STOP_PRE,
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL,
1298 SOCKET_STOP_POST,
1299 SOCKET_FINAL_SIGTERM,
1300 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1301
1302 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1303 socket_unwatch_control_pid(s);
034c6ed7 1304 s->control_command = NULL;
a16e1123 1305 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1306 }
034c6ed7 1307
a16e1123
LP		 1308 if (state != SOCKET_LISTENING)
1309 socket_unwatch_fds(s);
1310
bd1fe7c7 1311 if (!IN_SET(state,
3900e5fd 1312 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1313 SOCKET_START_POST,
1314 SOCKET_LISTENING,
1315 SOCKET_RUNNING,
1316 SOCKET_STOP_PRE,
1317 SOCKET_STOP_PRE_SIGTERM,
1318 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1319 socket_close_fds(s);
1320
e537352b 1321 if (state != old_state)
79008bdd 1322 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
e821075a 1323 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1324
e2f3b44c 1325 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1326}
1327
a16e1123
LP		 1328static int socket_coldplug(Unit *u) {
1329 Socket *s = SOCKET(u);
1330 int r;
1331
1332 assert(s);
1333 assert(s->state == SOCKET_DEAD);
1334
e821075a
LP		 1335 if (s->deserialized_state == s->state)
1336 return 0;
a16e1123 1337
3900e5fd
LP		 1338 if (IN_SET(s->deserialized_state,
1339 SOCKET_START_PRE,
1340 SOCKET_START_CHOWN,
1341 SOCKET_START_POST,
1342 SOCKET_STOP_PRE,
1343 SOCKET_STOP_PRE_SIGTERM,
1344 SOCKET_STOP_PRE_SIGKILL,
1345 SOCKET_STOP_POST,
1346 SOCKET_FINAL_SIGTERM,
1347 SOCKET_FINAL_SIGKILL)) {
a16e1123 1348
e821075a
LP		 1349 if (s->control_pid <= 0)
1350 return -EBADMSG;
a16e1123 1351
e821075a
LP		 1352 r = unit_watch_pid(UNIT(s), s->control_pid);
1353 if (r < 0)
1354 return r;
a16e1123 1355
e821075a
LP		 1356 r = socket_arm_timer(s);
1357 if (r < 0)
1358 return r;
1359 }
a16e1123 1360
3900e5fd
LP		 1361 if (IN_SET(s->deserialized_state,
1362 SOCKET_START_CHOWN,
1363 SOCKET_START_POST,
1364 SOCKET_LISTENING,
1365 SOCKET_RUNNING,
1366 SOCKET_STOP_PRE,
1367 SOCKET_STOP_PRE_SIGTERM,
1368 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1369 r = socket_open_fds(s);
1370 if (r < 0)
1371 return r;
1372 }
a16e1123 1373
e821075a
LP		 1374 if (s->deserialized_state == SOCKET_LISTENING) {
1375 r = socket_watch_fds(s);
1376 if (r < 0)
1377 return r;
a16e1123
LP		 1378 }
1379
e821075a 1380 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1381 return 0;
1382}
1383
e537352b 1384static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1385 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1386 pid_t pid;
1387 int r;
9fa95f85
DM		 1388 ExecParameters exec_params = {
1389 .apply_permissions = true,
1390 .apply_chroot = true,
1391 .apply_tty_stdin = true,
1392 };
034c6ed7
LP		 1393
1394 assert(s);
1395 assert(c);
1396 assert(_pid);
1397
4ad49000
LP		 1398 unit_realize_cgroup(UNIT(s));
1399
613b411c
LP		 1400 r = unit_setup_exec_runtime(UNIT(s));
1401 if (r < 0)
1402 goto fail;
1403
718db961 1404 r = socket_arm_timer(s);
36697dc0 1405 if (r < 0)
e537352b 1406 goto fail;
034c6ed7 1407
19f6d710
LP		 1408 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1409 if (r < 0)
9e2f7c11 1410 goto fail;
9e2f7c11 1411
9fa95f85
DM		 1412 exec_params.argv = argv;
1413 exec_params.environment = UNIT(s)->manager->environment;
1414 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1415 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1416 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1417 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85
DM		 1418 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1419 exec_params.unit_id = UNIT(s)->id;
1420
9e2f7c11 1421 r = exec_spawn(c,
9e2f7c11 1422 &s->exec_context,
9fa95f85 1423 &exec_params,
613b411c 1424 s->exec_runtime,
9e2f7c11 1425 &pid);
cee288ad
TA		 1426 if (r < 0)
1427 goto fail;
9e2f7c11 1428
3900e5fd 1429 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1430 if (r < 0)
3900e5fd 1431 /* FIXME: we need to do something here */
034c6ed7
LP		 1432 goto fail;
1433
3900e5fd
LP		 1434 *_pid = pid;
1435 return 0;
1436
1437fail:
1438 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1439 return r;
1440}
1441
1442static int socket_chown(Socket *s, pid_t *_pid) {
1443 pid_t pid;
1444 int r;
1445
1446 r = socket_arm_timer(s);
1447 if (r < 0)
1448 goto fail;
1449
1450 /* We have to resolve the user names out-of-process, hence
1451 * let's fork here. It's messy, but well, what can we do? */
1452
1453 pid = fork();
1454 if (pid < 0)
1455 return -errno;
1456
1457 if (pid == 0) {
1458 SocketPort *p;
fed1e721
LP		 1459 uid_t uid = UID_INVALID;
1460 gid_t gid = GID_INVALID;
3900e5fd
LP		 1461 int ret;
1462
1463 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1464 ignore_signals(SIGPIPE, -1);
1465 log_forget_fds();
1466
1467 if (!isempty(s->user)) {
1468 const char *user = s->user;
1469
1470 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1471 if (r < 0) {
1472 ret = EXIT_USER;
1473 goto fail_child;
1474 }
1475 }
1476
1477 if (!isempty(s->group)) {
1478 const char *group = s->group;
1479
1480 r = get_group_creds(&group, &gid);
1481 if (r < 0) {
1482 ret = EXIT_GROUP;
1483 goto fail_child;
1484 }
1485 }
1486
1487 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1488 const char *path = NULL;
3900e5fd
LP		 1489
1490 if (p->type == SOCKET_SOCKET)
1491 path = socket_address_get_path(&p->address);
1492 else if (p->type == SOCKET_FIFO)
1493 path = p->path;
1494
1495 if (!path)
1496 continue;
1497
1498 if (chown(path, uid, gid) < 0) {
1499 r = -errno;
1500 ret = EXIT_CHOWN;
1501 goto fail_child;
1502 }
1503 }
1504
1505 _exit(0);
1506
1507 fail_child:
1508 log_open();
da927ba9 1509 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1510
1511 _exit(ret);
1512 }
1513
718db961
LP		 1514 r = unit_watch_pid(UNIT(s), pid);
1515 if (r < 0)
034c6ed7 1516 goto fail;
83c60c9f 1517
034c6ed7 1518 *_pid = pid;
034c6ed7
LP		 1519 return 0;
1520
1521fail:
718db961 1522 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1523 return r;
542563ba
LP		 1524}
1525
cfc4eb4c 1526static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1527 assert(s);
1528
cfc4eb4c
LP		 1529 if (f != SOCKET_SUCCESS)
1530 s->result = f;
034c6ed7 1531
613b411c
LP		 1532 exec_runtime_destroy(s->exec_runtime);
1533 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1534
e66cf1a3
LP		 1535 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1536
cfc4eb4c 1537 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1538}
1539
cfc4eb4c 1540static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1541
cfc4eb4c 1542static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1543 int r;
1544 assert(s);
1545
cfc4eb4c
LP		 1546 if (f != SOCKET_SUCCESS)
1547 s->result = f;
034c6ed7 1548
5e94833f 1549 socket_unwatch_control_pid(s);
a16e1123 1550 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1551 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1552
3900e5fd
LP		 1553 if (s->control_command) {
1554 r = socket_spawn(s, s->control_command, &s->control_pid);
1555 if (r < 0)
034c6ed7
LP		 1556 goto fail;
1557
80876c20
LP		 1558 socket_set_state(s, SOCKET_STOP_POST);
1559 } else
cfc4eb4c 1560 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1561
1562 return;
1563
1564fail:
79008bdd 1565 log_unit_warning(UNIT(s)->id,
66870f90
ZJS		 1566 "%s failed to run 'stop-post' task: %s",
1567 UNIT(s)->id, strerror(-r));
cfc4eb4c 1568 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1569}
1570
cfc4eb4c 1571static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1572 int r;
1573
1574 assert(s);
1575
cfc4eb4c
LP		 1576 if (f != SOCKET_SUCCESS)
1577 s->result = f;
034c6ed7 1578
cd2086fe
LP		 1579 r = unit_kill_context(
1580 UNIT(s),
1581 &s->kill_context,
db2cb23b
UTL		 1582 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1583 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1584 -1,
1585 s->control_pid,
1586 false);
1587 if (r < 0)
1588 goto fail;
034c6ed7 1589
cd2086fe 1590 if (r > 0) {
718db961 1591 r = socket_arm_timer(s);
36697dc0 1592 if (r < 0)
80876c20 1593 goto fail;
d6ea93e3 1594
80876c20 1595 socket_set_state(s, state);
ac84d1fb
LP		 1596 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1597 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1598 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1599 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1600 else if (state == SOCKET_FINAL_SIGTERM)
1601 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1602 else
cfc4eb4c 1603 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1604
1605 return;
1606
1607fail:
31938a85 1608 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
034c6ed7
LP		 1609
1610 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1611 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1612 else
cfc4eb4c 1613 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1614}
1615
cfc4eb4c 1616static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1617 int r;
1618 assert(s);
1619
cfc4eb4c
LP		 1620 if (f != SOCKET_SUCCESS)
1621 s->result = f;
034c6ed7 1622
5e94833f 1623 socket_unwatch_control_pid(s);
a16e1123 1624 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1625 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1626
3900e5fd
LP		 1627 if (s->control_command) {
1628 r = socket_spawn(s, s->control_command, &s->control_pid);
1629 if (r < 0)
034c6ed7
LP		 1630 goto fail;
1631
80876c20
LP		 1632 socket_set_state(s, SOCKET_STOP_PRE);
1633 } else
cfc4eb4c 1634 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1635
1636 return;
1637
1638fail:
31938a85 1639 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
cfc4eb4c 1640 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1641}
1642
e9af15c3
LP		 1643static void socket_enter_listening(Socket *s) {
1644 int r;
1645 assert(s);
1646
cfc4eb4c
LP		 1647 r = socket_watch_fds(s);
1648 if (r < 0) {
31938a85 1649 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
e9af15c3
LP		 1650 goto fail;
1651 }
1652
1653 socket_set_state(s, SOCKET_LISTENING);
1654 return;
1655
1656fail:
cfc4eb4c 1657 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1658}
1659
034c6ed7
LP		 1660static void socket_enter_start_post(Socket *s) {
1661 int r;
1662 assert(s);
1663
3900e5fd
LP		 1664 socket_unwatch_control_pid(s);
1665 s->control_command_id = SOCKET_EXEC_START_POST;
1666 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1667
1668 if (s->control_command) {
1669 r = socket_spawn(s, s->control_command, &s->control_pid);
1670 if (r < 0) {
31938a85 1671 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
3900e5fd
LP		 1672 goto fail;
1673 }
1674
1675 socket_set_state(s, SOCKET_START_POST);
1676 } else
1677 socket_enter_listening(s);
1678
1679 return;
1680
1681fail:
1682 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1683}
1684
1685static void socket_enter_start_chown(Socket *s) {
1686 int r;
1687
1688 assert(s);
1689
cfc4eb4c
LP		 1690 r = socket_open_fds(s);
1691 if (r < 0) {
31938a85 1692 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
034c6ed7
LP		 1693 goto fail;
1694 }
1695
3900e5fd 1696 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1697
3900e5fd
LP		 1698 socket_unwatch_control_pid(s);
1699 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1700 s->control_command = NULL;
a16e1123 1701
3900e5fd 1702 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1703 if (r < 0) {
31938a85 1704 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
034c6ed7
LP		 1705 goto fail;
1706 }
1707
3900e5fd 1708 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1709 } else
3900e5fd 1710 socket_enter_start_post(s);
034c6ed7
LP		 1711
1712 return;
1713
1714fail:
cfc4eb4c 1715 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1716}
1717
1718static void socket_enter_start_pre(Socket *s) {
1719 int r;
1720 assert(s);
1721
5e94833f 1722 socket_unwatch_control_pid(s);
a16e1123 1723 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1724 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1725
3900e5fd 1726 if (s->control_command) {
e821075a 1727 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1728 if (r < 0) {
31938a85 1729 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
034c6ed7 1730 goto fail;
3900e5fd 1731 }
034c6ed7 1732
80876c20
LP		 1733 socket_set_state(s, SOCKET_START_PRE);
1734 } else
3900e5fd 1735 socket_enter_start_chown(s);
034c6ed7
LP		 1736
1737 return;
1738
1739fail:
cfc4eb4c 1740 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1741}
1742
4f2d528d 1743static void socket_enter_running(Socket *s, int cfd) {
718db961 1744 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1745 int r;
1746
1747 assert(s);
1748
ba3e67a7
LP		 1749 /* We don't take connections anymore if we are supposed to
1750 * shut down anyway */
31afa0a4 1751 if (unit_stop_pending(UNIT(s))) {
e821075a 1752
79008bdd 1753 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1754
7c610628 1755 if (cfd >= 0)
03e334a1 1756 safe_close(cfd);
7c610628
LP		 1757 else {
1758 /* Flush all sockets by closing and reopening them */
1759 socket_close_fds(s);
1760
16ac4014
LP		 1761 r = socket_open_fds(s);
1762 if (r < 0) {
31938a85 1763 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
16ac4014
LP		 1764 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1765 return;
1766 }
1767
1a710b43
MS		 1768 r = socket_watch_fds(s);
1769 if (r < 0) {
31938a85 1770 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
cfc4eb4c 1771 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1772 }
1773 }
1774
ba3e67a7
LP		 1775 return;
1776 }
1777
4f2d528d 1778 if (cfd < 0) {
57020a3a 1779 Iterator i;
e821075a 1780 Unit *other;
f976f3f6 1781 bool pending = false;
f976f3f6
LP		 1782
1783 /* If there's already a start pending don't bother to
1784 * do anything */
e821075a
LP		 1785 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1786 if (unit_active_or_pending(other)) {
57020a3a
LP		 1787 pending = true;
1788 break;
1789 }
f976f3f6 1790
1a710b43 1791 if (!pending) {
640ace4a 1792 if (!UNIT_ISSET(s->service)) {
79008bdd 1793 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
640ace4a
LP		 1794 r = -ENOENT;
1795 goto fail;
1796 }
1797
1a710b43
MS		 1798 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1799 if (r < 0)
f976f3f6 1800 goto fail;
1a710b43 1801 }
4f2d528d
LP		 1802
1803 socket_set_state(s, SOCKET_RUNNING);
1804 } else {
e55001eb 1805 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1806 Service *service;
4f2d528d 1807
6cf6bbc2 1808 if (s->n_connections >= s->max_connections) {
79008bdd 1809 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
03e334a1 1810 safe_close(cfd);
6cf6bbc2
LP		 1811 return;
1812 }
1813
1a710b43
MS		 1814 r = socket_instantiate_service(s);
1815 if (r < 0)
b15bdda8
LP		 1816 goto fail;
1817
1a710b43
MS		 1818 r = instance_from_socket(cfd, s->n_accepted, &instance);
1819 if (r < 0) {
1820 if (r != -ENOTCONN)
1821 goto fail;
1822
1823 /* ENOTCONN is legitimate if TCP RST was received.
1824 * This connection is over, but the socket unit lives on. */
03e334a1 1825 safe_close(cfd);
1a710b43
MS		 1826 return;
1827 }
4f2d528d 1828
1a710b43
MS		 1829 prefix = unit_name_to_prefix(UNIT(s)->id);
1830 if (!prefix) {
4f2d528d
LP		 1831 r = -ENOMEM;
1832 goto fail;
1833 }
1834
1835 name = unit_name_build(prefix, instance, ".service");
b6dbbe1c 1836 if (!name) {
4f2d528d 1837 r = -ENOMEM;
b6dbbe1c
LP		 1838 goto fail;
1839 }
4f2d528d 1840
1a710b43 1841 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1842 if (r < 0)
4f2d528d 1843 goto fail;
b15bdda8 1844
57020a3a
LP		 1845 service = SERVICE(UNIT_DEREF(s->service));
1846 unit_ref_unset(&s->service);
b15bdda8 1847 s->n_accepted ++;
4f2d528d 1848
1124fe6f 1849 UNIT(service)->no_gc = false;
6c073082 1850
b15bdda8 1851 unit_choose_id(UNIT(service), name);
b15bdda8 1852
16115b0a 1853 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1854 if (r < 0)
4f2d528d
LP		 1855 goto fail;
1856
1857 cfd = -1;
6cf6bbc2
LP		 1858 s->n_connections ++;
1859
1a710b43
MS		 1860 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1861 if (r < 0)
4f2d528d 1862 goto fail;
c4e2ceae
LP		 1863
1864 /* Notify clients about changed counters */
1865 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1866 }
034c6ed7 1867
034c6ed7
LP		 1868 return;
1869
1870fail:
79008bdd 1871 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
e821075a 1872 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
718db961 1873 bus_error_message(&error, r));
e821075a 1874
60089004 1875 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1876 safe_close(cfd);
034c6ed7
LP		 1877}
1878
cfc4eb4c 1879static void socket_run_next(Socket *s) {
034c6ed7
LP		 1880 int r;
1881
1882 assert(s);
1883 assert(s->control_command);
1884 assert(s->control_command->command_next);
1885
5e94833f
LP		 1886 socket_unwatch_control_pid(s);
1887
034c6ed7
LP		 1888 s->control_command = s->control_command->command_next;
1889
e821075a
LP		 1890 r = socket_spawn(s, s->control_command, &s->control_pid);
1891 if (r < 0)
034c6ed7
LP		 1892 goto fail;
1893
1894 return;
1895
1896fail:
31938a85 1897 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
80876c20
LP		 1898
1899 if (s->state == SOCKET_START_POST)
cfc4eb4c 1900 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1901 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1902 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1903 else
cfc4eb4c 1904 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1905}
1906
87f0e418
LP		 1907static int socket_start(Unit *u) {
1908 Socket *s = SOCKET(u);
83c60c9f
LP		 1909
1910 assert(s);
1911
034c6ed7
LP		 1912 /* We cannot fulfill this request right now, try again later
1913 * please! */
3900e5fd
LP		 1914 if (IN_SET(s->state,
1915 SOCKET_STOP_PRE,
1916 SOCKET_STOP_PRE_SIGKILL,
1917 SOCKET_STOP_PRE_SIGTERM,
1918 SOCKET_STOP_POST,
1919 SOCKET_FINAL_SIGTERM,
1920 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1921 return -EAGAIN;
1922
a4152e3f 1923 /* Already on it! */
3900e5fd
LP		 1924 if (IN_SET(s->state,
1925 SOCKET_START_PRE,
1926 SOCKET_START_CHOWN,
1927 SOCKET_START_POST))
034c6ed7 1928 return 0;
83c60c9f 1929
034c6ed7 1930 /* Cannot run this without the service being around */
9444b1f2 1931 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1932 Service *service;
1933
1934 service = SERVICE(UNIT_DEREF(s->service));
1935
1124fe6f 1936 if (UNIT(service)->load_state != UNIT_LOADED) {
79008bdd 1937 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1938 return -ENOENT;
4ac9236f 1939 }
4f2d528d 1940
35b8ca3a 1941 /* If the service is already active we cannot start the
4f2d528d 1942 * socket */
57020a3a
LP		 1943 if (service->state != SERVICE_DEAD &&
1944 service->state != SERVICE_FAILED &&
1945 service->state != SERVICE_AUTO_RESTART) {
79008bdd 1946 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1947 return -EBUSY;
4ac9236f 1948 }
4f2d528d 1949 }
e537352b 1950
fdf20a31 1951 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1952
cfc4eb4c 1953 s->result = SOCKET_SUCCESS;
034c6ed7 1954 socket_enter_start_pre(s);
e821075a 1955
034c6ed7
LP		 1956 return 0;
1957}
83c60c9f 1958
87f0e418
LP		 1959static int socket_stop(Unit *u) {
1960 Socket *s = SOCKET(u);
034c6ed7
LP		 1961
1962 assert(s);
1963
e537352b 1964 /* Already on it */
3900e5fd
LP		 1965 if (IN_SET(s->state,
1966 SOCKET_STOP_PRE,
1967 SOCKET_STOP_PRE_SIGTERM,
1968 SOCKET_STOP_PRE_SIGKILL,
1969 SOCKET_STOP_POST,
1970 SOCKET_FINAL_SIGTERM,
1971 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1972 return 0;
1973
3f6c78dc
LP		 1974 /* If there's already something running we go directly into
1975 * kill mode. */
3900e5fd
LP		 1976 if (IN_SET(s->state,
1977 SOCKET_START_PRE,
1978 SOCKET_START_CHOWN,
1979 SOCKET_START_POST)) {
cfc4eb4c 1980 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1981 return -EAGAIN;
1982 }
1983
034c6ed7 1984 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1985
cfc4eb4c 1986 socket_enter_stop_pre(s, SOCKET_SUCCESS);
542563ba
LP		 1987 return 0;
1988}
1989
a16e1123
LP		 1990static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1991 Socket *s = SOCKET(u);
1992 SocketPort *p;
1993 int r;
1994
1995 assert(u);
1996 assert(f);
1997 assert(fds);
1998
1999 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2000 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2001 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2002
2003 if (s->control_pid > 0)
de0671ee 2004 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2005
2006 if (s->control_command_id >= 0)
2007 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2008
2009 LIST_FOREACH(port, p, s->ports) {
2010 int copy;
2011
2012 if (p->fd < 0)
2013 continue;
2014
613b411c
LP		 2015 copy = fdset_put_dup(fds, p->fd);
2016 if (copy < 0)
a16e1123
LP		 2017 return copy;
2018
2019 if (p->type == SOCKET_SOCKET) {
613b411c 2020 _cleanup_free_ char *t = NULL;
a16e1123 2021
ee092817
LP		 2022 r = socket_address_print(&p->address, &t);
2023 if (r < 0)
a16e1123
LP		 2024 return r;
2025
7a22745a
LP		 2026 if (socket_address_family(&p->address) == AF_NETLINK)
2027 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2028 else
2029 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2030
b0a3f2bc
LP		 2031 } else if (p->type == SOCKET_SPECIAL)
2032 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2033 else if (p->type == SOCKET_MQUEUE)
2034 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2035 else {
a16e1123
LP		 2036 assert(p->type == SOCKET_FIFO);
2037 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2038 }
2039 }
2040
2041 return 0;
2042}
2043
2044static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2045 Socket *s = SOCKET(u);
a16e1123
LP		 2046
2047 assert(u);
2048 assert(key);
2049 assert(value);
a16e1123
LP		 2050
2051 if (streq(key, "state")) {
2052 SocketState state;
2053
ee092817
LP		 2054 state = socket_state_from_string(value);
2055 if (state < 0)
79008bdd 2056 log_unit_debug(u->id, "Failed to parse state value %s", value);
a16e1123
LP		 2057 else
2058 s->deserialized_state = state;
cfc4eb4c
LP		 2059 } else if (streq(key, "result")) {
2060 SocketResult f;
a16e1123 2061
cfc4eb4c
LP		 2062 f = socket_result_from_string(value);
2063 if (f < 0)
79008bdd 2064 log_unit_debug(u->id, "Failed to parse result value %s", value);
cfc4eb4c
LP		 2065 else if (f != SOCKET_SUCCESS)
2066 s->result = f;
a16e1123
LP		 2067
2068 } else if (streq(key, "n-accepted")) {
2069 unsigned k;
2070
e364ad06 2071 if (safe_atou(value, &k) < 0)
79008bdd 2072 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
a16e1123
LP		 2073 else
2074 s->n_accepted += k;
2075 } else if (streq(key, "control-pid")) {
5925dd3c 2076 pid_t pid;
a16e1123 2077
e364ad06 2078 if (parse_pid(value, &pid) < 0)
79008bdd 2079 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
a16e1123 2080 else
5925dd3c 2081 s->control_pid = pid;
a16e1123
LP		 2082 } else if (streq(key, "control-command")) {
2083 SocketExecCommand id;
2084
66870f90
ZJS		 2085 id = socket_exec_command_from_string(value);
2086 if (id < 0)
79008bdd 2087 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
a16e1123
LP		 2088 else {
2089 s->control_command_id = id;
2090 s->control_command = s->exec_command[id];
2091 }
2092 } else if (streq(key, "fifo")) {
2093 int fd, skip = 0;
2094 SocketPort *p;
2095
2096 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2097 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
a16e1123
LP		 2098 else {
2099
2100 LIST_FOREACH(port, p, s->ports)
b0a3f2bc
LP		 2101 if (p->type == SOCKET_FIFO &&
2102 streq_ptr(p->path, value+skip))
2103 break;
2104
2105 if (p) {
03e334a1 2106 safe_close(p->fd);
b0a3f2bc
LP		 2107 p->fd = fdset_remove(fds, fd);
2108 }
2109 }
2110
2111 } else if (streq(key, "special")) {
2112 int fd, skip = 0;
2113 SocketPort *p;
2114
2115 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2116 log_unit_debug(u->id, "Failed to parse special value %s", value);
b0a3f2bc
LP		 2117 else {
2118
2119 LIST_FOREACH(port, p, s->ports)
2120 if (p->type == SOCKET_SPECIAL &&
2121 streq_ptr(p->path, value+skip))
a16e1123
LP		 2122 break;
2123
2124 if (p) {
03e334a1 2125 safe_close(p->fd);
a16e1123
LP		 2126 p->fd = fdset_remove(fds, fd);
2127 }
2128 }
2129
ee092817
LP		 2130 } else if (streq(key, "mqueue")) {
2131 int fd, skip = 0;
2132 SocketPort *p;
2133
2134 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2135 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
ee092817
LP		 2136 else {
2137
2138 LIST_FOREACH(port, p, s->ports)
2139 if (p->type == SOCKET_MQUEUE &&
2140 streq_ptr(p->path, value+skip))
2141 break;
2142
2143 if (p) {
03e334a1 2144 safe_close(p->fd);
ee092817
LP		 2145 p->fd = fdset_remove(fds, fd);
2146 }
2147 }
2148
a16e1123 2149 } else if (streq(key, "socket")) {
27ca8d7a 2150 int fd, type, skip = 0;
a16e1123
LP		 2151 SocketPort *p;
2152
27ca8d7a 2153 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
79008bdd 2154 log_unit_debug(u->id, "Failed to parse socket value %s", value);
a16e1123
LP		 2155 else {
2156
2157 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2158 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2159 break;
2160
2161 if (p) {
03e334a1 2162 safe_close(p->fd);
a16e1123
LP		 2163 p->fd = fdset_remove(fds, fd);
2164 }
2165 }
2166
7a22745a
LP		 2167 } else if (streq(key, "netlink")) {
2168 int fd, skip = 0;
2169 SocketPort *p;
2170
2171 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2172 log_unit_debug(u->id, "Failed to parse socket value %s", value);
7a22745a
LP		 2173 else {
2174
2175 LIST_FOREACH(port, p, s->ports)
2176 if (socket_address_is_netlink(&p->address, value+skip))
2177 break;
2178
2179 if (p) {
03e334a1 2180 safe_close(p->fd);
7a22745a
LP		 2181 p->fd = fdset_remove(fds, fd);
2182 }
2183 }
a16e1123 2184 } else
79008bdd 2185 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
a16e1123
LP		 2186
2187 return 0;
2188}
2189
01e10de3
LP		 2190static int socket_distribute_fds(Unit *u, FDSet *fds) {
2191 Socket *s = SOCKET(u);
2192 SocketPort *p;
2193
2194 assert(u);
2195
2196 LIST_FOREACH(port, p, s->ports) {
2197 Iterator i;
2198 int fd;
2199
2200 if (p->type != SOCKET_SOCKET)
2201 continue;
2202
2203 if (p->fd >= 0)
2204 continue;
2205
2206 FDSET_FOREACH(fd, fds, i) {
2207 if (socket_address_matches_fd(&p->address, fd)) {
2208 p->fd = fdset_remove(fds, fd);
2209 s->deserialized_state = SOCKET_LISTENING;
2210 break;
2211 }
2212 }
2213 }
2214
2215 return 0;
2216}
2217
44a6b1b6 2218_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2219 assert(u);
5cb5a6ff 2220
acbb0225 2221 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2222}
2223
44a6b1b6 2224_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2225 assert(u);
2226
a16e1123 2227 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2228}
2229
67419600
OS		 2230const char* socket_port_type_to_string(SocketPort *p) {
2231
2232 assert(p);
2233
2234 switch (p->type) {
718db961
LP		 2235
2236 case SOCKET_SOCKET:
2237
2238 switch (p->address.type) {
2239
2240 case SOCK_STREAM:
2241 return "Stream";
2242
2243 case SOCK_DGRAM:
2244 return "Datagram";
2245
2246 case SOCK_SEQPACKET:
2247 return "SequentialPacket";
2248
2249 case SOCK_RAW:
2250 if (socket_address_family(&p->address) == AF_NETLINK)
2251 return "Netlink";
2252
2253 default:
2254 return NULL;
2255 }
2256
2257 case SOCKET_SPECIAL:
2258 return "Special";
2259
2260 case SOCKET_MQUEUE:
2261 return "MessageQueue";
2262
2263 case SOCKET_FIFO:
2264 return "FIFO";
2265
2266 default:
2267 return NULL;
67419600
OS		 2268 }
2269}
2270
44a6b1b6 2271_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2272 Socket *s = SOCKET(u);
2273
2274 assert(u);
2275
2276 return s->n_connections > 0;
2277}
2278
718db961
LP		 2279static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2280 SocketPort *p = userdata;
4f2d528d 2281 int cfd = -1;
9152c765 2282
718db961 2283 assert(p);
8d567588 2284 assert(fd >= 0);
9152c765 2285
718db961
LP		 2286 if (p->socket->state != SOCKET_LISTENING)
2287 return 0;
871d7de4 2288
79008bdd 2289 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
9152c765 2290
718db961 2291 if (revents != EPOLLIN) {
641e01dc 2292
718db961 2293 if (revents & EPOLLHUP)
79008bdd 2294 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
718db961 2295 UNIT(p->socket)->id);
641e01dc 2296 else
79008bdd 2297 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
718db961 2298 UNIT(p->socket)->id, revents);
641e01dc 2299
8d567588 2300 goto fail;
4f2d528d
LP		 2301 }
2302
718db961
LP		 2303 if (p->socket->accept &&
2304 p->type == SOCKET_SOCKET &&
2305 socket_address_can_accept(&p->address)) {
2306
4f2d528d
LP		 2307 for (;;) {
2308
b14eda96
LP		 2309 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2310 if (cfd < 0) {
4f2d528d
LP		 2311
2312 if (errno == EINTR)
2313 continue;
2314
79008bdd 2315 log_unit_error(UNIT(p->socket)->id,
66870f90 2316 "Failed to accept socket: %m");
8d567588 2317 goto fail;
4f2d528d
LP		 2318 }
2319
2320 break;
2321 }
4fd5948e 2322
718db961 2323 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2324 }
9152c765 2325
718db961
LP		 2326 socket_enter_running(p->socket, cfd);
2327 return 0;
8d567588
LP		 2328
2329fail:
718db961
LP		 2330 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2331 return 0;
9152c765
LP		 2332}
2333
87f0e418
LP		 2334static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2335 Socket *s = SOCKET(u);
cfc4eb4c 2336 SocketResult f;
5cb5a6ff
LP		 2337
2338 assert(s);
034c6ed7 2339 assert(pid >= 0);
5cb5a6ff 2340
8c47c732
LP		 2341 if (pid != s->control_pid)
2342 return;
542563ba 2343
034c6ed7
LP		 2344 s->control_pid = 0;
2345
96342de6 2346 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2347 f = SOCKET_SUCCESS;
2348 else if (code == CLD_EXITED)
2349 f = SOCKET_FAILURE_EXIT_CODE;
2350 else if (code == CLD_KILLED)
2351 f = SOCKET_FAILURE_SIGNAL;
2352 else if (code == CLD_DUMPED)
2353 f = SOCKET_FAILURE_CORE_DUMP;
2354 else
a4152e3f 2355 assert_not_reached("Unknown sigchld code");
8c47c732 2356
b708e7ce 2357 if (s->control_command) {
6ea832a2 2358 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2359
b708e7ce 2360 if (s->control_command->ignore)
cfc4eb4c 2361 f = SOCKET_SUCCESS;
b708e7ce
LP		 2362 }
2363
79008bdd
LP		 2364 log_unit_full(u->id,
2365 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
66870f90
ZJS		 2366 "%s control process exited, code=%s status=%i",
2367 u->id, sigchld_code_to_string(code), status);
034c6ed7 2368
cfc4eb4c
LP		 2369 if (f != SOCKET_SUCCESS)
2370 s->result = f;
2371
2372 if (s->control_command &&
2373 s->control_command->command_next &&
2374 f == SOCKET_SUCCESS) {
2375
79008bdd 2376 log_unit_debug(u->id,
66870f90
ZJS		 2377 "%s running next command for state %s",
2378 u->id, socket_state_to_string(s->state));
cfc4eb4c 2379 socket_run_next(s);
acbb0225 2380 } else {
a16e1123
LP		 2381 s->control_command = NULL;
2382 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2383
034c6ed7
LP		 2384 /* No further commands for this step, so let's figure
2385 * out what to do next */
5cb5a6ff 2386
79008bdd 2387 log_unit_debug(u->id,
66870f90
ZJS		 2388 "%s got final SIGCHLD for state %s",
2389 u->id, socket_state_to_string(s->state));
acbb0225 2390
034c6ed7
LP		 2391 switch (s->state) {
2392
2393 case SOCKET_START_PRE:
cfc4eb4c 2394 if (f == SOCKET_SUCCESS)
3900e5fd 2395 socket_enter_start_chown(s);
034c6ed7 2396 else
cfc4eb4c 2397 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2398 break;
2399
3900e5fd
LP		 2400 case SOCKET_START_CHOWN:
2401 if (f == SOCKET_SUCCESS)
2402 socket_enter_start_post(s);
2403 else
2404 socket_enter_stop_pre(s, f);
2405 break;
2406
034c6ed7 2407 case SOCKET_START_POST:
cfc4eb4c 2408 if (f == SOCKET_SUCCESS)
e9af15c3 2409 socket_enter_listening(s);
034c6ed7 2410 else
cfc4eb4c 2411 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2412 break;
2413
2414 case SOCKET_STOP_PRE:
2415 case SOCKET_STOP_PRE_SIGTERM:
2416 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2417 socket_enter_stop_post(s, f);
034c6ed7
LP		 2418 break;
2419
2420 case SOCKET_STOP_POST:
80876c20
LP		 2421 case SOCKET_FINAL_SIGTERM:
2422 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2423 socket_enter_dead(s, f);
034c6ed7
LP		 2424 break;
2425
2426 default:
2427 assert_not_reached("Uh, control process died at wrong time.");
2428 }
2429 }
c4e2ceae
LP		 2430
2431 /* Notify clients about changed exit status */
2432 unit_add_to_dbus_queue(u);
034c6ed7 2433}
5cb5a6ff 2434
718db961
LP		 2435static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2436 Socket *s = SOCKET(userdata);
5cb5a6ff 2437
034c6ed7 2438 assert(s);
718db961 2439 assert(s->timer_event_source == source);
034c6ed7
LP		 2440
2441 switch (s->state) {
2442
2443 case SOCKET_START_PRE:
79008bdd 2444 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2445 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2446 break;
80876c20 2447
3900e5fd 2448 case SOCKET_START_CHOWN:
034c6ed7 2449 case SOCKET_START_POST:
79008bdd 2450 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
cfc4eb4c 2451 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2452 break;
2453
2454 case SOCKET_STOP_PRE:
79008bdd 2455 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2456 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2457 break;
2458
2459 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2460 if (s->kill_context.send_sigkill) {
79008bdd 2461 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
cfc4eb4c 2462 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2463 } else {
79008bdd 2464 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2465 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2466 }
034c6ed7
LP		 2467 break;
2468
2469 case SOCKET_STOP_PRE_SIGKILL:
79008bdd 2470 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2471 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2472 break;
2473
2474 case SOCKET_STOP_POST:
79008bdd 2475 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
cfc4eb4c 2476 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2477 break;
2478
80876c20 2479 case SOCKET_FINAL_SIGTERM:
4819ff03 2480 if (s->kill_context.send_sigkill) {
79008bdd 2481 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
cfc4eb4c 2482 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2483 } else {
79008bdd 2484 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2485 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2486 }
034c6ed7
LP		 2487 break;
2488
80876c20 2489 case SOCKET_FINAL_SIGKILL:
79008bdd 2490 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
cfc4eb4c 2491 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2492 break;
2493
2494 default:
2495 assert_not_reached("Timeout at wrong time.");
2496 }
718db961
LP		 2497
2498 return 0;
5cb5a6ff
LP		 2499}
2500
44d8db9e
LP		 2501int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2502 int *rfds;
2503 unsigned rn_fds, k;
2504 SocketPort *p;
2505
2506 assert(s);
2507 assert(fds);
2508 assert(n_fds);
2509
2510 /* Called from the service code for requesting our fds */
2511
2512 rn_fds = 0;
2513 LIST_FOREACH(port, p, s->ports)
2514 if (p->fd >= 0)
2515 rn_fds++;
2516
de3756ab
LP		 2517 if (rn_fds <= 0) {
2518 *fds = NULL;
2519 *n_fds = 0;
2520 return 0;
2521 }
2522
e364ad06 2523 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2524 return -ENOMEM;
2525
2526 k = 0;
2527 LIST_FOREACH(port, p, s->ports)
2528 if (p->fd >= 0)
2529 rfds[k++] = p->fd;
2530
2531 assert(k == rn_fds);
2532
2533 *fds = rfds;
2534 *n_fds = rn_fds;
2535
2536 return 0;
2537}
2538
e821075a
LP		 2539static void socket_reset_failed(Unit *u) {
2540 Socket *s = SOCKET(u);
2541
2542 assert(s);
2543
2544 if (s->state == SOCKET_FAILED)
2545 socket_set_state(s, SOCKET_DEAD);
2546
2547 s->result = SOCKET_SUCCESS;
2548}
2549
d137a488 2550static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2551 assert(s);
2552
6cf6bbc2
LP		 2553 /* The service is dead. Dang!
2554 *
2555 * This is strictly for one-instance-for-all-connections
2556 * services. */
ceee3d82
LP		 2557
2558 if (s->state == SOCKET_RUNNING) {
79008bdd 2559 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
6bda96a0
LP		 2560 if (failed_permanent)
2561 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2562 else
2563 socket_enter_listening(s);
ceee3d82
LP		 2564 }
2565}
2566
6cf6bbc2
LP		 2567void socket_connection_unref(Socket *s) {
2568 assert(s);
2569
2570 /* The service is dead. Yay!
2571 *
35b8ca3a 2572 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2573 * services. */
2574
2575 assert(s->n_connections > 0);
2576 s->n_connections--;
2577
79008bdd 2578 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
5632e374
LP		 2579}
2580
d137a488
UTL		 2581static void socket_trigger_notify(Unit *u, Unit *other) {
2582 Socket *s = SOCKET(u);
e821075a 2583 Service *se;
d137a488
UTL		 2584
2585 assert(u);
2586 assert(other);
2587
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s->state != SOCKET_RUNNING &&
2591 s->state != SOCKET_LISTENING) ||
2592 s->accept)
2593 return;
2594
2595 if (other->load_state != UNIT_LOADED ||
2596 other->type != UNIT_SERVICE)
2597 return;
2598
e821075a
LP		 2599 se = SERVICE(other);
2600
d137a488
UTL		 2601 if (se->state == SERVICE_FAILED)
2602 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2603
2604 if (se->state == SERVICE_DEAD ||
2605 se->state == SERVICE_STOP ||
2606 se->state == SERVICE_STOP_SIGTERM ||
2607 se->state == SERVICE_STOP_SIGKILL ||
2608 se->state == SERVICE_STOP_POST ||
2609 se->state == SERVICE_FINAL_SIGTERM ||
2610 se->state == SERVICE_FINAL_SIGKILL ||
2611 se->state == SERVICE_AUTO_RESTART)
2612 socket_notify_service_dead(s, false);
2613
2614 if (se->state == SERVICE_RUNNING)
2615 socket_set_state(s, SOCKET_RUNNING);
2616}
2617
718db961 2618static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2619 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2620}
2621
68db7a3b
ZJS		 2622static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2623 Socket *s = SOCKET(u);
2624 int r;
2625
2626 if (!s->timer_event_source)
2627 return 0;
2628
2629 r = sd_event_source_get_time(s->timer_event_source, timeout);
2630 if (r < 0)
2631 return r;
2632
2633 return 1;
2634}
2635
a16e1123
LP		 2636static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2637 [SOCKET_DEAD] = "dead",
2638 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2639 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2640 [SOCKET_START_POST] = "start-post",
2641 [SOCKET_LISTENING] = "listening",
2642 [SOCKET_RUNNING] = "running",
2643 [SOCKET_STOP_PRE] = "stop-pre",
2644 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2645 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2646 [SOCKET_STOP_POST] = "stop-post",
2647 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2648 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2649 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2650};
2651
2652DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2653
2654static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2655 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2656 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2657 [SOCKET_EXEC_START_POST] = "StartPost",
2658 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2659 [SOCKET_EXEC_STOP_POST] = "StopPost"
2660};
2661
2662DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2663
cfc4eb4c
LP		 2664static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2665 [SOCKET_SUCCESS] = "success",
2666 [SOCKET_FAILURE_RESOURCES] = "resources",
2667 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2668 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2669 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2670 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2671 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2672};
2673
2674DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2675
87f0e418 2676const UnitVTable socket_vtable = {
7d17cfbc 2677 .object_size = sizeof(Socket),
718db961
LP		 2678 .exec_context_offset = offsetof(Socket, exec_context),
2679 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2680 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2681 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2682
f975e971
LP		 2683 .sections =
2684 "Unit\0"
2685 "Socket\0"
2686 "Install\0",
4ad49000 2687 .private_section = "Socket",
71645aca 2688
034c6ed7
LP		 2689 .init = socket_init,
2690 .done = socket_done,
a16e1123
LP		 2691 .load = socket_load,
2692
2693 .coldplug = socket_coldplug,
034c6ed7 2694
5cb5a6ff
LP		 2695 .dump = socket_dump,
2696
542563ba
LP		 2697 .start = socket_start,
2698 .stop = socket_stop,
5cb5a6ff 2699
718db961
LP		 2700 .kill = socket_kill,
2701
68db7a3b
ZJS		 2702 .get_timeout = socket_get_timeout,
2703
a16e1123
LP		 2704 .serialize = socket_serialize,
2705 .deserialize_item = socket_deserialize_item,
01e10de3 2706 .distribute_fds = socket_distribute_fds,
a16e1123 2707
5cb5a6ff 2708 .active_state = socket_active_state,
10a94420 2709 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2710
6cf6bbc2
LP		 2711 .check_gc = socket_check_gc,
2712
034c6ed7 2713 .sigchld_event = socket_sigchld_event,
4139c1b2 2714
d137a488
UTL		 2715 .trigger_notify = socket_trigger_notify,
2716
fdf20a31 2717 .reset_failed = socket_reset_failed,
5632e374 2718
c4e2ceae 2719 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2720 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2721 .bus_set_property = bus_socket_set_property,
2722 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2723
2724 .status_message_formats = {
2725 /*.starting_stopping = {
2726 [0] = "Starting socket %s...",
2727 [1] = "Stopping socket %s...",
2728 },*/
2729 .finished_start_job = {
2730 [JOB_DONE] = "Listening on %s.",
2731 [JOB_FAILED] = "Failed to listen on %s.",
2732 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2733 [JOB_TIMEOUT] = "Timed out starting %s.",
2734 },
2735 .finished_stop_job = {
2736 [JOB_DONE] = "Closed %s.",
2737 [JOB_FAILED] = "Failed stopping %s.",
2738 [JOB_TIMEOUT] = "Timed out stopping %s.",
2739 },
2740 },
5cb5a6ff 2741};
Unnamed repository; edit this file 'description' to name the repository.