]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
socket: Add support for TCP defer accept
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
115
116 sd_event_source_unref(p->event_source);
117
118 safe_close(p->fd);
119 free(p->path);
120 free(p);
121 }
122 }
123
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
130
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
134
135 socket_unwatch_control_pid(s);
136
137 unit_ref_unset(&s->service);
138
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
144
145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
149 strv_free(s->symlinks);
150
151 free(s->user);
152 free(s->group);
153
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
195 if (UNIT_DEREF(s->service) || !s->accept)
196 return 0;
197
198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
200 return -ENOMEM;
201
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203 return -ENOMEM;
204
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206 if (r < 0)
207 return r;
208
209 u->no_gc = true;
210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
228 if (!socket_address_can_accept(&p->address))
229 return true;
230 }
231
232 return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236 SocketPort *p;
237 int r;
238
239 assert(s);
240
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
243
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
248
249 if (!path)
250 continue;
251
252 r = unit_require_mounts_for(UNIT(s), path);
253 if (r < 0)
254 return r;
255 }
256
257 return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261 char *t;
262
263 assert(s);
264
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266 return 0;
267
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
279
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284 }
285
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
302 int r;
303
304 assert(s);
305
306 if (have_non_accept_socket(s)) {
307
308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
310
311 r = unit_load_related_unit(u, ".service", &x);
312 if (r < 0)
313 return r;
314
315 unit_ref_set(&s->service, x);
316 }
317
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
320 return r;
321 }
322
323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
326
327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
331 r = unit_patch_contexts(u);
332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
339
340 r = unit_add_default_slice(u, &s->cgroup_context);
341 if (r < 0)
342 return r;
343 }
344
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385 }
386
387 static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
408
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
424 return 0;
425 }
426
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
441 if (r < 0)
442 return r;
443 }
444
445 return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
460 assert_not_reached("Unknown socket type");
461 return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
466 SocketExecCommand c;
467 Socket *s = SOCKET(u);
468 SocketPort *p;
469 const char *prefix2;
470
471 assert(s);
472 assert(f);
473
474 prefix2 = strappenda(prefix, "\t");
475
476 fprintf(f,
477 "%sSocket State: %s\n"
478 "%sResult: %s\n"
479 "%sBindIPv6Only: %s\n"
480 "%sBacklog: %u\n"
481 "%sSocketMode: %04o\n"
482 "%sDirectoryMode: %04o\n"
483 "%sKeepAlive: %s\n"
484 "%sNoDelay: %s\n"
485 "%sFreeBind: %s\n"
486 "%sTransparent: %s\n"
487 "%sBroadcast: %s\n"
488 "%sPassCredentials: %s\n"
489 "%sPassSecurity: %s\n"
490 "%sTCPCongestion: %s\n"
491 "%sRemoveOnStop: %s\n",
492 prefix, socket_state_to_string(s->state),
493 prefix, socket_result_to_string(s->result),
494 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
495 prefix, s->backlog,
496 prefix, s->socket_mode,
497 prefix, s->directory_mode,
498 prefix, yes_no(s->keep_alive),
499 prefix, yes_no(s->no_delay),
500 prefix, yes_no(s->free_bind),
501 prefix, yes_no(s->transparent),
502 prefix, yes_no(s->broadcast),
503 prefix, yes_no(s->pass_cred),
504 prefix, yes_no(s->pass_sec),
505 prefix, strna(s->tcp_congestion),
506 prefix, yes_no(s->remove_on_stop));
507
508 if (s->control_pid > 0)
509 fprintf(f,
510 "%sControl PID: "PID_FMT"\n",
511 prefix, s->control_pid);
512
513 if (s->bind_to_device)
514 fprintf(f,
515 "%sBindToDevice: %s\n",
516 prefix, s->bind_to_device);
517
518 if (s->accept)
519 fprintf(f,
520 "%sAccepted: %u\n"
521 "%sNConnections: %u\n"
522 "%sMaxConnections: %u\n",
523 prefix, s->n_accepted,
524 prefix, s->n_connections,
525 prefix, s->max_connections);
526
527 if (s->priority >= 0)
528 fprintf(f,
529 "%sPriority: %i\n",
530 prefix, s->priority);
531
532 if (s->receive_buffer > 0)
533 fprintf(f,
534 "%sReceiveBuffer: %zu\n",
535 prefix, s->receive_buffer);
536
537 if (s->send_buffer > 0)
538 fprintf(f,
539 "%sSendBuffer: %zu\n",
540 prefix, s->send_buffer);
541
542 if (s->ip_tos >= 0)
543 fprintf(f,
544 "%sIPTOS: %i\n",
545 prefix, s->ip_tos);
546
547 if (s->ip_ttl >= 0)
548 fprintf(f,
549 "%sIPTTL: %i\n",
550 prefix, s->ip_ttl);
551
552 if (s->pipe_size > 0)
553 fprintf(f,
554 "%sPipeSize: %zu\n",
555 prefix, s->pipe_size);
556
557 if (s->mark >= 0)
558 fprintf(f,
559 "%sMark: %i\n",
560 prefix, s->mark);
561
562 if (s->mq_maxmsg > 0)
563 fprintf(f,
564 "%sMessageQueueMaxMessages: %li\n",
565 prefix, s->mq_maxmsg);
566
567 if (s->mq_msgsize > 0)
568 fprintf(f,
569 "%sMessageQueueMessageSize: %li\n",
570 prefix, s->mq_msgsize);
571
572 if (s->reuse_port)
573 fprintf(f,
574 "%sReusePort: %s\n",
575 prefix, yes_no(s->reuse_port));
576
577 if (s->smack)
578 fprintf(f,
579 "%sSmackLabel: %s\n",
580 prefix, s->smack);
581
582 if (s->smack_ip_in)
583 fprintf(f,
584 "%sSmackLabelIPIn: %s\n",
585 prefix, s->smack_ip_in);
586
587 if (s->smack_ip_out)
588 fprintf(f,
589 "%sSmackLabelIPOut: %s\n",
590 prefix, s->smack_ip_out);
591
592 if (!isempty(s->user) || !isempty(s->group))
593 fprintf(f,
594 "%sOwnerUser: %s\n"
595 "%sOwnerGroup: %s\n",
596 prefix, strna(s->user),
597 prefix, strna(s->group));
598
599 if(s->keep_alive_time)
600 fprintf(f,
601 "%sKeepAliveTime: %s\n",
602 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
603 s->keep_alive_time, USEC_PER_SEC));
604
605 if(s->keep_alive_interval)
606 fprintf(f,
607 "%sKeepAliveInterval: %s\n",
608 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
609 s->keep_alive_interval, USEC_PER_SEC));
610
611 if(s->keep_alive_cnt)
612 fprintf(f,
613 "%sKeepAliveProbes: %u\n",
614 prefix, s->keep_alive_cnt);
615
616 if(s->defer_accept)
617 fprintf(f,
618 "%sDeferAccept: %s\n",
619 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
620 s->defer_accept, USEC_PER_SEC));
621
622 LIST_FOREACH(port, p, s->ports) {
623
624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
627 char *k = NULL;
628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
635 free(k);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
640 else
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
643
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
646
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
649 continue;
650
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
655 }
656 }
657
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
661 union sockaddr_union local, remote;
662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
716 "%u-%s:%u-%s:%u",
717 nr,
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
730 int k;
731
732 k = getpeercred(fd, &ucred);
733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
747 return k;
748
749 break;
750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758 }
759
760 static void socket_close_fds(Socket *s) {
761 SocketPort *p;
762 char **i;
763
764 assert(s);
765
766 LIST_FOREACH(port, p, s->ports) {
767
768 p->event_source = sd_event_source_unref(p->event_source);
769
770 if (p->fd < 0)
771 continue;
772
773 p->fd = safe_close(p->fd);
774
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
802 }
803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
807 }
808
809 static void socket_apply_socket_options(Socket *s, int fd) {
810 assert(s);
811 assert(fd >= 0);
812
813 if (s->keep_alive) {
814 int b = s->keep_alive;
815 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
816 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
817 }
818
819 if (s->keep_alive_time) {
820 int value = s->keep_alive_time / USEC_PER_SEC;
821 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
823 }
824
825 if (s->keep_alive_interval) {
826 int value = s->keep_alive_interval / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
829 }
830
831 if (s->keep_alive_cnt) {
832 int value = s->keep_alive_cnt;
833 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
835 }
836
837 if (s->defer_accept) {
838 int value = s->defer_accept / USEC_PER_SEC;
839 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
841 }
842
843 if (s->no_delay) {
844 int b = s->no_delay;
845 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
847 }
848
849 if (s->broadcast) {
850 int one = 1;
851 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
852 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
853 }
854
855 if (s->pass_cred) {
856 int one = 1;
857 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
858 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
859 }
860
861 if (s->pass_sec) {
862 int one = 1;
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
865 }
866
867 if (s->priority >= 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
869 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
870
871 if (s->receive_buffer > 0) {
872 int value = (int) s->receive_buffer;
873
874 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
875
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
878 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
879 }
880
881 if (s->send_buffer > 0) {
882 int value = (int) s->send_buffer;
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
884 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
885 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
886 }
887
888 if (s->mark >= 0)
889 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
890 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
891
892 if (s->ip_tos >= 0)
893 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
894 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
895
896 if (s->ip_ttl >= 0) {
897 int r, x;
898
899 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
900
901 if (socket_ipv6_is_supported())
902 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
903 else {
904 x = -1;
905 errno = EAFNOSUPPORT;
906 }
907
908 if (r < 0 && x < 0)
909 log_warning_unit(UNIT(s)->id,
910 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
911 }
912
913 if (s->tcp_congestion)
914 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
915 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
916
917 if (s->reuse_port) {
918 int b = s->reuse_port;
919 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
920 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
921 }
922
923 if (s->smack_ip_in)
924 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
925 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
926
927 if (s->smack_ip_out)
928 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
929 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
930 }
931
932 static void socket_apply_fifo_options(Socket *s, int fd) {
933 assert(s);
934 assert(fd >= 0);
935
936 if (s->pipe_size > 0)
937 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
938 log_warning_unit(UNIT(s)->id,
939 "F_SETPIPE_SZ: %m");
940
941 if (s->smack)
942 if (smack_label_fd(fd, s->smack) < 0)
943 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
944 }
945
946 static int fifo_address_create(
947 const char *path,
948 mode_t directory_mode,
949 mode_t socket_mode,
950 int *_fd) {
951
952 int fd = -1, r = 0;
953 struct stat st;
954 mode_t old_mask;
955
956 assert(path);
957 assert(_fd);
958
959 mkdir_parents_label(path, directory_mode);
960
961 r = label_context_set(path, S_IFIFO);
962 if (r < 0)
963 goto fail;
964
965 /* Enforce the right access mode for the fifo */
966 old_mask = umask(~ socket_mode);
967
968 /* Include the original umask in our mask */
969 umask(~socket_mode | old_mask);
970
971 r = mkfifo(path, socket_mode);
972 umask(old_mask);
973
974 if (r < 0 && errno != EEXIST) {
975 r = -errno;
976 goto fail;
977 }
978
979 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
980 r = -errno;
981 goto fail;
982 }
983
984 label_context_clear();
985
986 if (fstat(fd, &st) < 0) {
987 r = -errno;
988 goto fail;
989 }
990
991 if (!S_ISFIFO(st.st_mode) ||
992 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
993 st.st_uid != getuid() ||
994 st.st_gid != getgid()) {
995
996 r = -EEXIST;
997 goto fail;
998 }
999
1000 *_fd = fd;
1001 return 0;
1002
1003 fail:
1004 label_context_clear();
1005 safe_close(fd);
1006
1007 return r;
1008 }
1009
1010 static int special_address_create(
1011 const char *path,
1012 int *_fd) {
1013
1014 int fd = -1, r = 0;
1015 struct stat st;
1016
1017 assert(path);
1018 assert(_fd);
1019
1020 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1021 if (fd < 0) {
1022 r = -errno;
1023 goto fail;
1024 }
1025
1026 if (fstat(fd, &st) < 0) {
1027 r = -errno;
1028 goto fail;
1029 }
1030
1031 /* Check whether this is a /proc, /sys or /dev file or char device */
1032 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1033 r = -EEXIST;
1034 goto fail;
1035 }
1036
1037 *_fd = fd;
1038 return 0;
1039
1040 fail:
1041 safe_close(fd);
1042
1043 return r;
1044 }
1045
1046 static int mq_address_create(
1047 const char *path,
1048 mode_t mq_mode,
1049 long maxmsg,
1050 long msgsize,
1051 int *_fd) {
1052
1053 int fd = -1, r = 0;
1054 struct stat st;
1055 mode_t old_mask;
1056 struct mq_attr _attr, *attr = NULL;
1057
1058 assert(path);
1059 assert(_fd);
1060
1061 if (maxmsg > 0 && msgsize > 0) {
1062 zero(_attr);
1063 _attr.mq_flags = O_NONBLOCK;
1064 _attr.mq_maxmsg = maxmsg;
1065 _attr.mq_msgsize = msgsize;
1066 attr = &_attr;
1067 }
1068
1069 /* Enforce the right access mode for the mq */
1070 old_mask = umask(~ mq_mode);
1071
1072 /* Include the original umask in our mask */
1073 umask(~mq_mode | old_mask);
1074 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1075 umask(old_mask);
1076
1077 if (fd < 0) {
1078 r = -errno;
1079 goto fail;
1080 }
1081
1082 if (fstat(fd, &st) < 0) {
1083 r = -errno;
1084 goto fail;
1085 }
1086
1087 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1088 st.st_uid != getuid() ||
1089 st.st_gid != getgid()) {
1090
1091 r = -EEXIST;
1092 goto fail;
1093 }
1094
1095 *_fd = fd;
1096 return 0;
1097
1098 fail:
1099 safe_close(fd);
1100 return r;
1101 }
1102
1103 static int socket_symlink(Socket *s) {
1104 const char *p;
1105 char **i;
1106
1107 assert(s);
1108
1109 p = socket_find_symlink_target(s);
1110 if (!p)
1111 return 0;
1112
1113 STRV_FOREACH(i, s->symlinks)
1114 symlink(p, *i);
1115
1116 return 0;
1117 }
1118
1119 static int socket_open_fds(Socket *s) {
1120 SocketPort *p;
1121 int r;
1122 char *label = NULL;
1123 bool know_label = false;
1124
1125 assert(s);
1126
1127 LIST_FOREACH(port, p, s->ports) {
1128
1129 if (p->fd >= 0)
1130 continue;
1131
1132 if (p->type == SOCKET_SOCKET) {
1133
1134 if (!know_label) {
1135
1136 r = socket_instantiate_service(s);
1137 if (r < 0)
1138 return r;
1139
1140 if (UNIT_ISSET(s->service) &&
1141 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1142 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1143 if (r < 0 && r != -EPERM)
1144 return r;
1145 }
1146
1147 know_label = true;
1148 }
1149
1150 r = socket_address_listen(
1151 &p->address,
1152 SOCK_CLOEXEC|SOCK_NONBLOCK,
1153 s->backlog,
1154 s->bind_ipv6_only,
1155 s->bind_to_device,
1156 s->free_bind,
1157 s->transparent,
1158 s->directory_mode,
1159 s->socket_mode,
1160 label);
1161 if (r < 0)
1162 goto rollback;
1163
1164 p->fd = r;
1165 socket_apply_socket_options(s, p->fd);
1166 socket_symlink(s);
1167
1168 } else if (p->type == SOCKET_SPECIAL) {
1169
1170 r = special_address_create(
1171 p->path,
1172 &p->fd);
1173 if (r < 0)
1174 goto rollback;
1175
1176 } else if (p->type == SOCKET_FIFO) {
1177
1178 r = fifo_address_create(
1179 p->path,
1180 s->directory_mode,
1181 s->socket_mode,
1182 &p->fd);
1183 if (r < 0)
1184 goto rollback;
1185
1186 socket_apply_fifo_options(s, p->fd);
1187 socket_symlink(s);
1188
1189 } else if (p->type == SOCKET_MQUEUE) {
1190
1191 r = mq_address_create(
1192 p->path,
1193 s->socket_mode,
1194 s->mq_maxmsg,
1195 s->mq_msgsize,
1196 &p->fd);
1197 if (r < 0)
1198 goto rollback;
1199 } else
1200 assert_not_reached("Unknown port type");
1201 }
1202
1203 label_free(label);
1204 return 0;
1205
1206 rollback:
1207 socket_close_fds(s);
1208 label_free(label);
1209 return r;
1210 }
1211
1212 static void socket_unwatch_fds(Socket *s) {
1213 SocketPort *p;
1214 int r;
1215
1216 assert(s);
1217
1218 LIST_FOREACH(port, p, s->ports) {
1219 if (p->fd < 0)
1220 continue;
1221
1222 if (!p->event_source)
1223 continue;
1224
1225 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1226 if (r < 0)
1227 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1228 }
1229 }
1230
1231 static int socket_watch_fds(Socket *s) {
1232 SocketPort *p;
1233 int r;
1234
1235 assert(s);
1236
1237 LIST_FOREACH(port, p, s->ports) {
1238 if (p->fd < 0)
1239 continue;
1240
1241 if (p->event_source)
1242 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1243 else
1244 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1245
1246 if (r < 0) {
1247 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1248 goto fail;
1249 }
1250 }
1251
1252 return 0;
1253
1254 fail:
1255 socket_unwatch_fds(s);
1256 return r;
1257 }
1258
1259 static void socket_set_state(Socket *s, SocketState state) {
1260 SocketState old_state;
1261 assert(s);
1262
1263 old_state = s->state;
1264 s->state = state;
1265
1266 if (!IN_SET(state,
1267 SOCKET_START_PRE,
1268 SOCKET_START_CHOWN,
1269 SOCKET_START_POST,
1270 SOCKET_STOP_PRE,
1271 SOCKET_STOP_PRE_SIGTERM,
1272 SOCKET_STOP_PRE_SIGKILL,
1273 SOCKET_STOP_POST,
1274 SOCKET_FINAL_SIGTERM,
1275 SOCKET_FINAL_SIGKILL)) {
1276
1277 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1278 socket_unwatch_control_pid(s);
1279 s->control_command = NULL;
1280 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1281 }
1282
1283 if (state != SOCKET_LISTENING)
1284 socket_unwatch_fds(s);
1285
1286 if (!IN_SET(state,
1287 SOCKET_START_CHOWN,
1288 SOCKET_START_POST,
1289 SOCKET_LISTENING,
1290 SOCKET_RUNNING,
1291 SOCKET_STOP_PRE,
1292 SOCKET_STOP_PRE_SIGTERM,
1293 SOCKET_STOP_PRE_SIGKILL))
1294 socket_close_fds(s);
1295
1296 if (state != old_state)
1297 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1298 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1299
1300 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1301 }
1302
1303 static int socket_coldplug(Unit *u) {
1304 Socket *s = SOCKET(u);
1305 int r;
1306
1307 assert(s);
1308 assert(s->state == SOCKET_DEAD);
1309
1310 if (s->deserialized_state == s->state)
1311 return 0;
1312
1313 if (IN_SET(s->deserialized_state,
1314 SOCKET_START_PRE,
1315 SOCKET_START_CHOWN,
1316 SOCKET_START_POST,
1317 SOCKET_STOP_PRE,
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL,
1320 SOCKET_STOP_POST,
1321 SOCKET_FINAL_SIGTERM,
1322 SOCKET_FINAL_SIGKILL)) {
1323
1324 if (s->control_pid <= 0)
1325 return -EBADMSG;
1326
1327 r = unit_watch_pid(UNIT(s), s->control_pid);
1328 if (r < 0)
1329 return r;
1330
1331 r = socket_arm_timer(s);
1332 if (r < 0)
1333 return r;
1334 }
1335
1336 if (IN_SET(s->deserialized_state,
1337 SOCKET_START_CHOWN,
1338 SOCKET_START_POST,
1339 SOCKET_LISTENING,
1340 SOCKET_RUNNING,
1341 SOCKET_STOP_PRE,
1342 SOCKET_STOP_PRE_SIGTERM,
1343 SOCKET_STOP_PRE_SIGKILL)) {
1344 r = socket_open_fds(s);
1345 if (r < 0)
1346 return r;
1347 }
1348
1349 if (s->deserialized_state == SOCKET_LISTENING) {
1350 r = socket_watch_fds(s);
1351 if (r < 0)
1352 return r;
1353 }
1354
1355 socket_set_state(s, s->deserialized_state);
1356 return 0;
1357 }
1358
1359 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1360 _cleanup_free_ char **argv = NULL;
1361 pid_t pid;
1362 int r;
1363
1364 assert(s);
1365 assert(c);
1366 assert(_pid);
1367
1368 unit_realize_cgroup(UNIT(s));
1369
1370 r = unit_setup_exec_runtime(UNIT(s));
1371 if (r < 0)
1372 goto fail;
1373
1374 r = socket_arm_timer(s);
1375 if (r < 0)
1376 goto fail;
1377
1378 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1379 if (r < 0)
1380 goto fail;
1381
1382 r = exec_spawn(c,
1383 argv,
1384 &s->exec_context,
1385 NULL, 0,
1386 UNIT(s)->manager->environment,
1387 true,
1388 true,
1389 true,
1390 UNIT(s)->manager->confirm_spawn,
1391 UNIT(s)->manager->cgroup_supported,
1392 UNIT(s)->cgroup_path,
1393 manager_get_runtime_prefix(UNIT(s)->manager),
1394 UNIT(s)->id,
1395 0,
1396 NULL,
1397 s->exec_runtime,
1398 &pid);
1399 if (r < 0)
1400 goto fail;
1401
1402 r = unit_watch_pid(UNIT(s), pid);
1403 if (r < 0)
1404 /* FIXME: we need to do something here */
1405 goto fail;
1406
1407 *_pid = pid;
1408 return 0;
1409
1410 fail:
1411 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1412 return r;
1413 }
1414
1415 static int socket_chown(Socket *s, pid_t *_pid) {
1416 pid_t pid;
1417 int r;
1418
1419 r = socket_arm_timer(s);
1420 if (r < 0)
1421 goto fail;
1422
1423 /* We have to resolve the user names out-of-process, hence
1424 * let's fork here. It's messy, but well, what can we do? */
1425
1426 pid = fork();
1427 if (pid < 0)
1428 return -errno;
1429
1430 if (pid == 0) {
1431 SocketPort *p;
1432 uid_t uid = (uid_t) -1;
1433 gid_t gid = (gid_t) -1;
1434 int ret;
1435
1436 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1437 ignore_signals(SIGPIPE, -1);
1438 log_forget_fds();
1439
1440 if (!isempty(s->user)) {
1441 const char *user = s->user;
1442
1443 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1444 if (r < 0) {
1445 ret = EXIT_USER;
1446 goto fail_child;
1447 }
1448 }
1449
1450 if (!isempty(s->group)) {
1451 const char *group = s->group;
1452
1453 r = get_group_creds(&group, &gid);
1454 if (r < 0) {
1455 ret = EXIT_GROUP;
1456 goto fail_child;
1457 }
1458 }
1459
1460 LIST_FOREACH(port, p, s->ports) {
1461 const char *path = NULL;
1462
1463 if (p->type == SOCKET_SOCKET)
1464 path = socket_address_get_path(&p->address);
1465 else if (p->type == SOCKET_FIFO)
1466 path = p->path;
1467
1468 if (!path)
1469 continue;
1470
1471 if (chown(path, uid, gid) < 0) {
1472 r = -errno;
1473 ret = EXIT_CHOWN;
1474 goto fail_child;
1475 }
1476 }
1477
1478 _exit(0);
1479
1480 fail_child:
1481 log_open();
1482 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1483
1484 _exit(ret);
1485 }
1486
1487 r = unit_watch_pid(UNIT(s), pid);
1488 if (r < 0)
1489 goto fail;
1490
1491 *_pid = pid;
1492 return 0;
1493
1494 fail:
1495 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1496 return r;
1497 }
1498
1499 static void socket_enter_dead(Socket *s, SocketResult f) {
1500 assert(s);
1501
1502 if (f != SOCKET_SUCCESS)
1503 s->result = f;
1504
1505 exec_runtime_destroy(s->exec_runtime);
1506 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1507
1508 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1509
1510 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1511 }
1512
1513 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1514
1515 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1516 int r;
1517 assert(s);
1518
1519 if (f != SOCKET_SUCCESS)
1520 s->result = f;
1521
1522 socket_unwatch_control_pid(s);
1523 s->control_command_id = SOCKET_EXEC_STOP_POST;
1524 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1525
1526 if (s->control_command) {
1527 r = socket_spawn(s, s->control_command, &s->control_pid);
1528 if (r < 0)
1529 goto fail;
1530
1531 socket_set_state(s, SOCKET_STOP_POST);
1532 } else
1533 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1534
1535 return;
1536
1537 fail:
1538 log_warning_unit(UNIT(s)->id,
1539 "%s failed to run 'stop-post' task: %s",
1540 UNIT(s)->id, strerror(-r));
1541 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1542 }
1543
1544 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1545 int r;
1546
1547 assert(s);
1548
1549 if (f != SOCKET_SUCCESS)
1550 s->result = f;
1551
1552 r = unit_kill_context(
1553 UNIT(s),
1554 &s->kill_context,
1555 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1556 -1,
1557 s->control_pid,
1558 false);
1559 if (r < 0)
1560 goto fail;
1561
1562 if (r > 0) {
1563 r = socket_arm_timer(s);
1564 if (r < 0)
1565 goto fail;
1566
1567 socket_set_state(s, state);
1568 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1569 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1570 else if (state == SOCKET_STOP_PRE_SIGKILL)
1571 socket_enter_stop_post(s, SOCKET_SUCCESS);
1572 else if (state == SOCKET_FINAL_SIGTERM)
1573 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1574 else
1575 socket_enter_dead(s, SOCKET_SUCCESS);
1576
1577 return;
1578
1579 fail:
1580 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1581
1582 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1583 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1584 else
1585 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1586 }
1587
1588 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1589 int r;
1590 assert(s);
1591
1592 if (f != SOCKET_SUCCESS)
1593 s->result = f;
1594
1595 socket_unwatch_control_pid(s);
1596 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1597 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1598
1599 if (s->control_command) {
1600 r = socket_spawn(s, s->control_command, &s->control_pid);
1601 if (r < 0)
1602 goto fail;
1603
1604 socket_set_state(s, SOCKET_STOP_PRE);
1605 } else
1606 socket_enter_stop_post(s, SOCKET_SUCCESS);
1607
1608 return;
1609
1610 fail:
1611 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1613 }
1614
1615 static void socket_enter_listening(Socket *s) {
1616 int r;
1617 assert(s);
1618
1619 r = socket_watch_fds(s);
1620 if (r < 0) {
1621 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1622 goto fail;
1623 }
1624
1625 socket_set_state(s, SOCKET_LISTENING);
1626 return;
1627
1628 fail:
1629 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1630 }
1631
1632 static void socket_enter_start_post(Socket *s) {
1633 int r;
1634 assert(s);
1635
1636 socket_unwatch_control_pid(s);
1637 s->control_command_id = SOCKET_EXEC_START_POST;
1638 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1639
1640 if (s->control_command) {
1641 r = socket_spawn(s, s->control_command, &s->control_pid);
1642 if (r < 0) {
1643 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1644 goto fail;
1645 }
1646
1647 socket_set_state(s, SOCKET_START_POST);
1648 } else
1649 socket_enter_listening(s);
1650
1651 return;
1652
1653 fail:
1654 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1655 }
1656
1657 static void socket_enter_start_chown(Socket *s) {
1658 int r;
1659
1660 assert(s);
1661
1662 r = socket_open_fds(s);
1663 if (r < 0) {
1664 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1665 goto fail;
1666 }
1667
1668 if (!isempty(s->user) || !isempty(s->group)) {
1669
1670 socket_unwatch_control_pid(s);
1671 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1672 s->control_command = NULL;
1673
1674 r = socket_chown(s, &s->control_pid);
1675 if (r < 0) {
1676 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1677 goto fail;
1678 }
1679
1680 socket_set_state(s, SOCKET_START_CHOWN);
1681 } else
1682 socket_enter_start_post(s);
1683
1684 return;
1685
1686 fail:
1687 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1688 }
1689
1690 static void socket_enter_start_pre(Socket *s) {
1691 int r;
1692 assert(s);
1693
1694 socket_unwatch_control_pid(s);
1695 s->control_command_id = SOCKET_EXEC_START_PRE;
1696 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1697
1698 if (s->control_command) {
1699 r = socket_spawn(s, s->control_command, &s->control_pid);
1700 if (r < 0) {
1701 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1702 goto fail;
1703 }
1704
1705 socket_set_state(s, SOCKET_START_PRE);
1706 } else
1707 socket_enter_start_chown(s);
1708
1709 return;
1710
1711 fail:
1712 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1713 }
1714
1715 static void socket_enter_running(Socket *s, int cfd) {
1716 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1717 int r;
1718
1719 assert(s);
1720
1721 /* We don't take connections anymore if we are supposed to
1722 * shut down anyway */
1723 if (unit_stop_pending(UNIT(s))) {
1724
1725 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1726
1727 if (cfd >= 0)
1728 safe_close(cfd);
1729 else {
1730 /* Flush all sockets by closing and reopening them */
1731 socket_close_fds(s);
1732
1733 r = socket_open_fds(s);
1734 if (r < 0) {
1735 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1736 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1737 return;
1738 }
1739
1740 r = socket_watch_fds(s);
1741 if (r < 0) {
1742 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1743 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1744 }
1745 }
1746
1747 return;
1748 }
1749
1750 if (cfd < 0) {
1751 Iterator i;
1752 Unit *other;
1753 bool pending = false;
1754
1755 /* If there's already a start pending don't bother to
1756 * do anything */
1757 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1758 if (unit_active_or_pending(other)) {
1759 pending = true;
1760 break;
1761 }
1762
1763 if (!pending) {
1764 if (!UNIT_ISSET(s->service)) {
1765 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1766 r = -ENOENT;
1767 goto fail;
1768 }
1769
1770 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1771 if (r < 0)
1772 goto fail;
1773 }
1774
1775 socket_set_state(s, SOCKET_RUNNING);
1776 } else {
1777 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1778 Service *service;
1779
1780 if (s->n_connections >= s->max_connections) {
1781 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1782 safe_close(cfd);
1783 return;
1784 }
1785
1786 r = socket_instantiate_service(s);
1787 if (r < 0)
1788 goto fail;
1789
1790 r = instance_from_socket(cfd, s->n_accepted, &instance);
1791 if (r < 0) {
1792 if (r != -ENOTCONN)
1793 goto fail;
1794
1795 /* ENOTCONN is legitimate if TCP RST was received.
1796 * This connection is over, but the socket unit lives on. */
1797 safe_close(cfd);
1798 return;
1799 }
1800
1801 prefix = unit_name_to_prefix(UNIT(s)->id);
1802 if (!prefix) {
1803 r = -ENOMEM;
1804 goto fail;
1805 }
1806
1807 name = unit_name_build(prefix, instance, ".service");
1808 if (!name) {
1809 r = -ENOMEM;
1810 goto fail;
1811 }
1812
1813 r = unit_add_name(UNIT_DEREF(s->service), name);
1814 if (r < 0)
1815 goto fail;
1816
1817 service = SERVICE(UNIT_DEREF(s->service));
1818 unit_ref_unset(&s->service);
1819 s->n_accepted ++;
1820
1821 UNIT(service)->no_gc = false;
1822
1823 unit_choose_id(UNIT(service), name);
1824
1825 r = service_set_socket_fd(service, cfd, s);
1826 if (r < 0)
1827 goto fail;
1828
1829 cfd = -1;
1830 s->n_connections ++;
1831
1832 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1833 if (r < 0)
1834 goto fail;
1835
1836 /* Notify clients about changed counters */
1837 unit_add_to_dbus_queue(UNIT(s));
1838 }
1839
1840 return;
1841
1842 fail:
1843 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1844 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1845 bus_error_message(&error, r));
1846
1847 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1848 safe_close(cfd);
1849 }
1850
1851 static void socket_run_next(Socket *s) {
1852 int r;
1853
1854 assert(s);
1855 assert(s->control_command);
1856 assert(s->control_command->command_next);
1857
1858 socket_unwatch_control_pid(s);
1859
1860 s->control_command = s->control_command->command_next;
1861
1862 r = socket_spawn(s, s->control_command, &s->control_pid);
1863 if (r < 0)
1864 goto fail;
1865
1866 return;
1867
1868 fail:
1869 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1870
1871 if (s->state == SOCKET_START_POST)
1872 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1873 else if (s->state == SOCKET_STOP_POST)
1874 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1875 else
1876 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1877 }
1878
1879 static int socket_start(Unit *u) {
1880 Socket *s = SOCKET(u);
1881
1882 assert(s);
1883
1884 /* We cannot fulfill this request right now, try again later
1885 * please! */
1886 if (IN_SET(s->state,
1887 SOCKET_STOP_PRE,
1888 SOCKET_STOP_PRE_SIGKILL,
1889 SOCKET_STOP_PRE_SIGTERM,
1890 SOCKET_STOP_POST,
1891 SOCKET_FINAL_SIGTERM,
1892 SOCKET_FINAL_SIGKILL))
1893 return -EAGAIN;
1894
1895 /* Already on it! */
1896 if (IN_SET(s->state,
1897 SOCKET_START_PRE,
1898 SOCKET_START_CHOWN,
1899 SOCKET_START_POST))
1900 return 0;
1901
1902 /* Cannot run this without the service being around */
1903 if (UNIT_ISSET(s->service)) {
1904 Service *service;
1905
1906 service = SERVICE(UNIT_DEREF(s->service));
1907
1908 if (UNIT(service)->load_state != UNIT_LOADED) {
1909 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1910 return -ENOENT;
1911 }
1912
1913 /* If the service is already active we cannot start the
1914 * socket */
1915 if (service->state != SERVICE_DEAD &&
1916 service->state != SERVICE_FAILED &&
1917 service->state != SERVICE_AUTO_RESTART) {
1918 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1919 return -EBUSY;
1920 }
1921 }
1922
1923 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1924
1925 s->result = SOCKET_SUCCESS;
1926 socket_enter_start_pre(s);
1927
1928 return 0;
1929 }
1930
1931 static int socket_stop(Unit *u) {
1932 Socket *s = SOCKET(u);
1933
1934 assert(s);
1935
1936 /* Already on it */
1937 if (IN_SET(s->state,
1938 SOCKET_STOP_PRE,
1939 SOCKET_STOP_PRE_SIGTERM,
1940 SOCKET_STOP_PRE_SIGKILL,
1941 SOCKET_STOP_POST,
1942 SOCKET_FINAL_SIGTERM,
1943 SOCKET_FINAL_SIGKILL))
1944 return 0;
1945
1946 /* If there's already something running we go directly into
1947 * kill mode. */
1948 if (IN_SET(s->state,
1949 SOCKET_START_PRE,
1950 SOCKET_START_CHOWN,
1951 SOCKET_START_POST)) {
1952 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1953 return -EAGAIN;
1954 }
1955
1956 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1957
1958 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1959 return 0;
1960 }
1961
1962 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1963 Socket *s = SOCKET(u);
1964 SocketPort *p;
1965 int r;
1966
1967 assert(u);
1968 assert(f);
1969 assert(fds);
1970
1971 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1972 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1973 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1974
1975 if (s->control_pid > 0)
1976 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1977
1978 if (s->control_command_id >= 0)
1979 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1980
1981 LIST_FOREACH(port, p, s->ports) {
1982 int copy;
1983
1984 if (p->fd < 0)
1985 continue;
1986
1987 copy = fdset_put_dup(fds, p->fd);
1988 if (copy < 0)
1989 return copy;
1990
1991 if (p->type == SOCKET_SOCKET) {
1992 _cleanup_free_ char *t = NULL;
1993
1994 r = socket_address_print(&p->address, &t);
1995 if (r < 0)
1996 return r;
1997
1998 if (socket_address_family(&p->address) == AF_NETLINK)
1999 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2000 else
2001 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2002
2003 } else if (p->type == SOCKET_SPECIAL)
2004 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2005 else if (p->type == SOCKET_MQUEUE)
2006 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2007 else {
2008 assert(p->type == SOCKET_FIFO);
2009 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2010 }
2011 }
2012
2013 return 0;
2014 }
2015
2016 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2017 Socket *s = SOCKET(u);
2018
2019 assert(u);
2020 assert(key);
2021 assert(value);
2022
2023 if (streq(key, "state")) {
2024 SocketState state;
2025
2026 state = socket_state_from_string(value);
2027 if (state < 0)
2028 log_debug_unit(u->id, "Failed to parse state value %s", value);
2029 else
2030 s->deserialized_state = state;
2031 } else if (streq(key, "result")) {
2032 SocketResult f;
2033
2034 f = socket_result_from_string(value);
2035 if (f < 0)
2036 log_debug_unit(u->id, "Failed to parse result value %s", value);
2037 else if (f != SOCKET_SUCCESS)
2038 s->result = f;
2039
2040 } else if (streq(key, "n-accepted")) {
2041 unsigned k;
2042
2043 if (safe_atou(value, &k) < 0)
2044 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2045 else
2046 s->n_accepted += k;
2047 } else if (streq(key, "control-pid")) {
2048 pid_t pid;
2049
2050 if (parse_pid(value, &pid) < 0)
2051 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2052 else
2053 s->control_pid = pid;
2054 } else if (streq(key, "control-command")) {
2055 SocketExecCommand id;
2056
2057 id = socket_exec_command_from_string(value);
2058 if (id < 0)
2059 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2060 else {
2061 s->control_command_id = id;
2062 s->control_command = s->exec_command[id];
2063 }
2064 } else if (streq(key, "fifo")) {
2065 int fd, skip = 0;
2066 SocketPort *p;
2067
2068 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2069 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2070 else {
2071
2072 LIST_FOREACH(port, p, s->ports)
2073 if (p->type == SOCKET_FIFO &&
2074 streq_ptr(p->path, value+skip))
2075 break;
2076
2077 if (p) {
2078 safe_close(p->fd);
2079 p->fd = fdset_remove(fds, fd);
2080 }
2081 }
2082
2083 } else if (streq(key, "special")) {
2084 int fd, skip = 0;
2085 SocketPort *p;
2086
2087 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2088 log_debug_unit(u->id, "Failed to parse special value %s", value);
2089 else {
2090
2091 LIST_FOREACH(port, p, s->ports)
2092 if (p->type == SOCKET_SPECIAL &&
2093 streq_ptr(p->path, value+skip))
2094 break;
2095
2096 if (p) {
2097 safe_close(p->fd);
2098 p->fd = fdset_remove(fds, fd);
2099 }
2100 }
2101
2102 } else if (streq(key, "mqueue")) {
2103 int fd, skip = 0;
2104 SocketPort *p;
2105
2106 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2107 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2108 else {
2109
2110 LIST_FOREACH(port, p, s->ports)
2111 if (p->type == SOCKET_MQUEUE &&
2112 streq_ptr(p->path, value+skip))
2113 break;
2114
2115 if (p) {
2116 safe_close(p->fd);
2117 p->fd = fdset_remove(fds, fd);
2118 }
2119 }
2120
2121 } else if (streq(key, "socket")) {
2122 int fd, type, skip = 0;
2123 SocketPort *p;
2124
2125 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2126 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2127 else {
2128
2129 LIST_FOREACH(port, p, s->ports)
2130 if (socket_address_is(&p->address, value+skip, type))
2131 break;
2132
2133 if (p) {
2134 safe_close(p->fd);
2135 p->fd = fdset_remove(fds, fd);
2136 }
2137 }
2138
2139 } else if (streq(key, "netlink")) {
2140 int fd, skip = 0;
2141 SocketPort *p;
2142
2143 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2144 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2145 else {
2146
2147 LIST_FOREACH(port, p, s->ports)
2148 if (socket_address_is_netlink(&p->address, value+skip))
2149 break;
2150
2151 if (p) {
2152 safe_close(p->fd);
2153 p->fd = fdset_remove(fds, fd);
2154 }
2155 }
2156 } else
2157 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2158
2159 return 0;
2160 }
2161
2162 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2163 Socket *s = SOCKET(u);
2164 SocketPort *p;
2165
2166 assert(u);
2167
2168 LIST_FOREACH(port, p, s->ports) {
2169 Iterator i;
2170 int fd;
2171
2172 if (p->type != SOCKET_SOCKET)
2173 continue;
2174
2175 if (p->fd >= 0)
2176 continue;
2177
2178 FDSET_FOREACH(fd, fds, i) {
2179 if (socket_address_matches_fd(&p->address, fd)) {
2180 p->fd = fdset_remove(fds, fd);
2181 s->deserialized_state = SOCKET_LISTENING;
2182 break;
2183 }
2184 }
2185 }
2186
2187 return 0;
2188 }
2189
2190 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2191 assert(u);
2192
2193 return state_translation_table[SOCKET(u)->state];
2194 }
2195
2196 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2197 assert(u);
2198
2199 return socket_state_to_string(SOCKET(u)->state);
2200 }
2201
2202 const char* socket_port_type_to_string(SocketPort *p) {
2203
2204 assert(p);
2205
2206 switch (p->type) {
2207
2208 case SOCKET_SOCKET:
2209
2210 switch (p->address.type) {
2211
2212 case SOCK_STREAM:
2213 return "Stream";
2214
2215 case SOCK_DGRAM:
2216 return "Datagram";
2217
2218 case SOCK_SEQPACKET:
2219 return "SequentialPacket";
2220
2221 case SOCK_RAW:
2222 if (socket_address_family(&p->address) == AF_NETLINK)
2223 return "Netlink";
2224
2225 default:
2226 return NULL;
2227 }
2228
2229 case SOCKET_SPECIAL:
2230 return "Special";
2231
2232 case SOCKET_MQUEUE:
2233 return "MessageQueue";
2234
2235 case SOCKET_FIFO:
2236 return "FIFO";
2237
2238 default:
2239 return NULL;
2240 }
2241 }
2242
2243 _pure_ static bool socket_check_gc(Unit *u) {
2244 Socket *s = SOCKET(u);
2245
2246 assert(u);
2247
2248 return s->n_connections > 0;
2249 }
2250
2251 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2252 SocketPort *p = userdata;
2253 int cfd = -1;
2254
2255 assert(p);
2256 assert(fd >= 0);
2257
2258 if (p->socket->state != SOCKET_LISTENING)
2259 return 0;
2260
2261 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2262
2263 if (revents != EPOLLIN) {
2264
2265 if (revents & EPOLLHUP)
2266 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2267 UNIT(p->socket)->id);
2268 else
2269 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2270 UNIT(p->socket)->id, revents);
2271
2272 goto fail;
2273 }
2274
2275 if (p->socket->accept &&
2276 p->type == SOCKET_SOCKET &&
2277 socket_address_can_accept(&p->address)) {
2278
2279 for (;;) {
2280
2281 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2282 if (cfd < 0) {
2283
2284 if (errno == EINTR)
2285 continue;
2286
2287 log_error_unit(UNIT(p->socket)->id,
2288 "Failed to accept socket: %m");
2289 goto fail;
2290 }
2291
2292 break;
2293 }
2294
2295 socket_apply_socket_options(p->socket, cfd);
2296 }
2297
2298 socket_enter_running(p->socket, cfd);
2299 return 0;
2300
2301 fail:
2302 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2303 return 0;
2304 }
2305
2306 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2307 Socket *s = SOCKET(u);
2308 SocketResult f;
2309
2310 assert(s);
2311 assert(pid >= 0);
2312
2313 if (pid != s->control_pid)
2314 return;
2315
2316 s->control_pid = 0;
2317
2318 if (is_clean_exit(code, status, NULL))
2319 f = SOCKET_SUCCESS;
2320 else if (code == CLD_EXITED)
2321 f = SOCKET_FAILURE_EXIT_CODE;
2322 else if (code == CLD_KILLED)
2323 f = SOCKET_FAILURE_SIGNAL;
2324 else if (code == CLD_DUMPED)
2325 f = SOCKET_FAILURE_CORE_DUMP;
2326 else
2327 assert_not_reached("Unknown sigchld code");
2328
2329 if (s->control_command) {
2330 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2331
2332 if (s->control_command->ignore)
2333 f = SOCKET_SUCCESS;
2334 }
2335
2336 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2337 u->id,
2338 "%s control process exited, code=%s status=%i",
2339 u->id, sigchld_code_to_string(code), status);
2340
2341 if (f != SOCKET_SUCCESS)
2342 s->result = f;
2343
2344 if (s->control_command &&
2345 s->control_command->command_next &&
2346 f == SOCKET_SUCCESS) {
2347
2348 log_debug_unit(u->id,
2349 "%s running next command for state %s",
2350 u->id, socket_state_to_string(s->state));
2351 socket_run_next(s);
2352 } else {
2353 s->control_command = NULL;
2354 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2355
2356 /* No further commands for this step, so let's figure
2357 * out what to do next */
2358
2359 log_debug_unit(u->id,
2360 "%s got final SIGCHLD for state %s",
2361 u->id, socket_state_to_string(s->state));
2362
2363 switch (s->state) {
2364
2365 case SOCKET_START_PRE:
2366 if (f == SOCKET_SUCCESS)
2367 socket_enter_start_chown(s);
2368 else
2369 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2370 break;
2371
2372 case SOCKET_START_CHOWN:
2373 if (f == SOCKET_SUCCESS)
2374 socket_enter_start_post(s);
2375 else
2376 socket_enter_stop_pre(s, f);
2377 break;
2378
2379 case SOCKET_START_POST:
2380 if (f == SOCKET_SUCCESS)
2381 socket_enter_listening(s);
2382 else
2383 socket_enter_stop_pre(s, f);
2384 break;
2385
2386 case SOCKET_STOP_PRE:
2387 case SOCKET_STOP_PRE_SIGTERM:
2388 case SOCKET_STOP_PRE_SIGKILL:
2389 socket_enter_stop_post(s, f);
2390 break;
2391
2392 case SOCKET_STOP_POST:
2393 case SOCKET_FINAL_SIGTERM:
2394 case SOCKET_FINAL_SIGKILL:
2395 socket_enter_dead(s, f);
2396 break;
2397
2398 default:
2399 assert_not_reached("Uh, control process died at wrong time.");
2400 }
2401 }
2402
2403 /* Notify clients about changed exit status */
2404 unit_add_to_dbus_queue(u);
2405 }
2406
2407 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2408 Socket *s = SOCKET(userdata);
2409
2410 assert(s);
2411 assert(s->timer_event_source == source);
2412
2413 switch (s->state) {
2414
2415 case SOCKET_START_PRE:
2416 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2417 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2418 break;
2419
2420 case SOCKET_START_CHOWN:
2421 case SOCKET_START_POST:
2422 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2423 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2424 break;
2425
2426 case SOCKET_STOP_PRE:
2427 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2428 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2429 break;
2430
2431 case SOCKET_STOP_PRE_SIGTERM:
2432 if (s->kill_context.send_sigkill) {
2433 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2434 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2435 } else {
2436 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2437 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2438 }
2439 break;
2440
2441 case SOCKET_STOP_PRE_SIGKILL:
2442 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2443 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2444 break;
2445
2446 case SOCKET_STOP_POST:
2447 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2448 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2449 break;
2450
2451 case SOCKET_FINAL_SIGTERM:
2452 if (s->kill_context.send_sigkill) {
2453 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2454 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2455 } else {
2456 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2457 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2458 }
2459 break;
2460
2461 case SOCKET_FINAL_SIGKILL:
2462 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2463 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2464 break;
2465
2466 default:
2467 assert_not_reached("Timeout at wrong time.");
2468 }
2469
2470 return 0;
2471 }
2472
2473 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2474 int *rfds;
2475 unsigned rn_fds, k;
2476 SocketPort *p;
2477
2478 assert(s);
2479 assert(fds);
2480 assert(n_fds);
2481
2482 /* Called from the service code for requesting our fds */
2483
2484 rn_fds = 0;
2485 LIST_FOREACH(port, p, s->ports)
2486 if (p->fd >= 0)
2487 rn_fds++;
2488
2489 if (rn_fds <= 0) {
2490 *fds = NULL;
2491 *n_fds = 0;
2492 return 0;
2493 }
2494
2495 if (!(rfds = new(int, rn_fds)))
2496 return -ENOMEM;
2497
2498 k = 0;
2499 LIST_FOREACH(port, p, s->ports)
2500 if (p->fd >= 0)
2501 rfds[k++] = p->fd;
2502
2503 assert(k == rn_fds);
2504
2505 *fds = rfds;
2506 *n_fds = rn_fds;
2507
2508 return 0;
2509 }
2510
2511 static void socket_reset_failed(Unit *u) {
2512 Socket *s = SOCKET(u);
2513
2514 assert(s);
2515
2516 if (s->state == SOCKET_FAILED)
2517 socket_set_state(s, SOCKET_DEAD);
2518
2519 s->result = SOCKET_SUCCESS;
2520 }
2521
2522 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2523 assert(s);
2524
2525 /* The service is dead. Dang!
2526 *
2527 * This is strictly for one-instance-for-all-connections
2528 * services. */
2529
2530 if (s->state == SOCKET_RUNNING) {
2531 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2532 if (failed_permanent)
2533 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2534 else
2535 socket_enter_listening(s);
2536 }
2537 }
2538
2539 void socket_connection_unref(Socket *s) {
2540 assert(s);
2541
2542 /* The service is dead. Yay!
2543 *
2544 * This is strictly for one-instance-per-connection
2545 * services. */
2546
2547 assert(s->n_connections > 0);
2548 s->n_connections--;
2549
2550 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2551 }
2552
2553 static void socket_trigger_notify(Unit *u, Unit *other) {
2554 Socket *s = SOCKET(u);
2555 Service *se;
2556
2557 assert(u);
2558 assert(other);
2559
2560 /* Don't propagate state changes from the service if we are
2561 already down or accepting connections */
2562 if ((s->state != SOCKET_RUNNING &&
2563 s->state != SOCKET_LISTENING) ||
2564 s->accept)
2565 return;
2566
2567 if (other->load_state != UNIT_LOADED ||
2568 other->type != UNIT_SERVICE)
2569 return;
2570
2571 se = SERVICE(other);
2572
2573 if (se->state == SERVICE_FAILED)
2574 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2575
2576 if (se->state == SERVICE_DEAD ||
2577 se->state == SERVICE_STOP ||
2578 se->state == SERVICE_STOP_SIGTERM ||
2579 se->state == SERVICE_STOP_SIGKILL ||
2580 se->state == SERVICE_STOP_POST ||
2581 se->state == SERVICE_FINAL_SIGTERM ||
2582 se->state == SERVICE_FINAL_SIGKILL ||
2583 se->state == SERVICE_AUTO_RESTART)
2584 socket_notify_service_dead(s, false);
2585
2586 if (se->state == SERVICE_RUNNING)
2587 socket_set_state(s, SOCKET_RUNNING);
2588 }
2589
2590 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2591 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2592 }
2593
2594 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2595 Socket *s = SOCKET(u);
2596 int r;
2597
2598 if (!s->timer_event_source)
2599 return 0;
2600
2601 r = sd_event_source_get_time(s->timer_event_source, timeout);
2602 if (r < 0)
2603 return r;
2604
2605 return 1;
2606 }
2607
2608 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2609 [SOCKET_DEAD] = "dead",
2610 [SOCKET_START_PRE] = "start-pre",
2611 [SOCKET_START_CHOWN] = "start-chown",
2612 [SOCKET_START_POST] = "start-post",
2613 [SOCKET_LISTENING] = "listening",
2614 [SOCKET_RUNNING] = "running",
2615 [SOCKET_STOP_PRE] = "stop-pre",
2616 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2617 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2618 [SOCKET_STOP_POST] = "stop-post",
2619 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2620 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2621 [SOCKET_FAILED] = "failed"
2622 };
2623
2624 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2625
2626 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2627 [SOCKET_EXEC_START_PRE] = "StartPre",
2628 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2629 [SOCKET_EXEC_START_POST] = "StartPost",
2630 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2631 [SOCKET_EXEC_STOP_POST] = "StopPost"
2632 };
2633
2634 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2635
2636 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2637 [SOCKET_SUCCESS] = "success",
2638 [SOCKET_FAILURE_RESOURCES] = "resources",
2639 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2640 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2641 [SOCKET_FAILURE_SIGNAL] = "signal",
2642 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2643 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2644 };
2645
2646 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2647
2648 const UnitVTable socket_vtable = {
2649 .object_size = sizeof(Socket),
2650 .exec_context_offset = offsetof(Socket, exec_context),
2651 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2652 .kill_context_offset = offsetof(Socket, kill_context),
2653 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2654
2655 .sections =
2656 "Unit\0"
2657 "Socket\0"
2658 "Install\0",
2659 .private_section = "Socket",
2660
2661 .init = socket_init,
2662 .done = socket_done,
2663 .load = socket_load,
2664
2665 .coldplug = socket_coldplug,
2666
2667 .dump = socket_dump,
2668
2669 .start = socket_start,
2670 .stop = socket_stop,
2671
2672 .kill = socket_kill,
2673
2674 .get_timeout = socket_get_timeout,
2675
2676 .serialize = socket_serialize,
2677 .deserialize_item = socket_deserialize_item,
2678 .distribute_fds = socket_distribute_fds,
2679
2680 .active_state = socket_active_state,
2681 .sub_state_to_string = socket_sub_state_to_string,
2682
2683 .check_gc = socket_check_gc,
2684
2685 .sigchld_event = socket_sigchld_event,
2686
2687 .trigger_notify = socket_trigger_notify,
2688
2689 .reset_failed = socket_reset_failed,
2690
2691 .bus_interface = "org.freedesktop.systemd1.Socket",
2692 .bus_vtable = bus_socket_vtable,
2693 .bus_set_property = bus_socket_set_property,
2694 .bus_commit_properties = bus_socket_commit_properties,
2695
2696 .status_message_formats = {
2697 /*.starting_stopping = {
2698 [0] = "Starting socket %s...",
2699 [1] = "Stopping socket %s...",
2700 },*/
2701 .finished_start_job = {
2702 [JOB_DONE] = "Listening on %s.",
2703 [JOB_FAILED] = "Failed to listen on %s.",
2704 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2705 [JOB_TIMEOUT] = "Timed out starting %s.",
2706 },
2707 .finished_stop_job = {
2708 [JOB_DONE] = "Closed %s.",
2709 [JOB_FAILED] = "Failed stopping %s.",
2710 [JOB_TIMEOUT] = "Timed out stopping %s.",
2711 },
2712 },
2713 };
Unnamed repository; edit this file 'description' to name the repository.