From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 9 Jun 2020 13:36:07 +0000 (+0100)
Subject: [Project] Do not listen sockets in the main process
X-Git-Tag: 2.6~340
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=903111c6cc2cbc07de9f84a8ad1b9cddc5dfaaeb;p=thirdparty%2Frspamd.git

[Project] Do not listen sockets in the main process
---

diff --git a/src/libserver/worker_util.c b/src/libserver/worker_util.c
index d5e603cfac..f1afcce0fc 100644
--- a/src/libserver/worker_util.c
+++ b/src/libserver/worker_util.c
@@ -936,13 +936,24 @@ rspamd_main_heartbeat_start (struct rspamd_worker *wrk, struct ev_loop *event_lo
 static bool
 rspamd_maybe_reuseport_socket (struct rspamd_worker_listen_socket *ls)
 {
-	if (ls->fd == -1 || ls->is_systemd ||
-		rspamd_inet_address_get_af (ls->addr) == AF_UNIX) {
-		return false;
+	gint nfd = -1;
+
+	if (ls->fd == -1 || ls->is_systemd) {
+		/* No need to reuseport */
+		return true;
+	}
+
+	if (rspamd_inet_address_get_af (ls->addr) == AF_UNIX) {
+		/* Just try listen */
+
+		if (listen (ls->fd, -1) == -1) {
+			return false;
+		}
+
+		return true;
 	}
 
 #if defined(SO_REUSEPORT) && defined(SO_REUSEADDR)
-	gint nfd;
 
 	nfd = rspamd_inet_address_listen (ls->addr,
 			(ls->type == RSPAMD_WORKER_SOCKET_UDP ? SOCK_DGRAM : SOCK_STREAM),
@@ -952,16 +963,25 @@ rspamd_maybe_reuseport_socket (struct rspamd_worker_listen_socket *ls)
 	if (nfd == -1) {
 		msg_warn ("cannot create reuseport listen socket for %d: %s",
 				ls->fd, strerror (errno));
+		nfd = ls->fd;
 	}
 	else {
 		close (ls->fd);
 		ls->fd = nfd;
+		nfd = -1;
 	}
 #else
-
+	nfd = ls->fd;
 #endif
 
-	return false;
+	/* This means that we have an fd with no listening enabled */
+	if (nfd != -1) {
+		if (listen (nfd, -1) == -1) {
+			return false;
+		}
+	}
+
+	return true;
 }
 
 /**
diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index b43f7cf032..bb98dbee26 100644
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -1114,34 +1114,36 @@ rspamd_inet_address_listen (const rspamd_inet_addr_t *addr, gint type,
 		}
 	}
 
-	if (type != (int)SOCK_DGRAM) {
+	if (addr->af == AF_UNIX) {
+		path = addr->u.un->addr.sun_path;
+		/* Try to set mode and owner */
 
-		if (addr->af == AF_UNIX) {
-			path = addr->u.un->addr.sun_path;
-			/* Try to set mode and owner */
-
-			if (addr->u.un->owner != (uid_t)-1 || addr->u.un->group != (gid_t)-1) {
-				if (chown (path, addr->u.un->owner, addr->u.un->group) == -1) {
-					msg_info ("cannot change owner for %s to %d:%d: %s",
-							path, addr->u.un->owner, addr->u.un->group,
-							strerror (errno));
-				}
+		if (addr->u.un->owner != (uid_t)-1 || addr->u.un->group != (gid_t)-1) {
+			if (chown (path, addr->u.un->owner, addr->u.un->group) == -1) {
+				msg_info ("cannot change owner for %s to %d:%d: %s",
+						path, addr->u.un->owner, addr->u.un->group,
+						strerror (errno));
 			}
+		}
 
-			if (chmod (path, addr->u.un->mode) == -1) {
-				msg_info ("cannot change mode for %s to %od %s",
-						path, addr->u.un->mode, strerror (errno));
-			}
+		if (chmod (path, addr->u.un->mode) == -1) {
+			msg_info ("cannot change mode for %s to %od %s",
+					path, addr->u.un->mode, strerror (errno));
 		}
+	}
 
-		r = listen (fd, listen_queue);
+	if (type != (int)SOCK_DGRAM) {
 
-		if (r == -1) {
-			msg_warn ("listen %s failed: %d, '%s'",
-					rspamd_inet_address_to_string_pretty (addr),
-					errno, strerror (errno));
+		if (!(opts & RSPAMD_INET_ADDRESS_LISTEN_NOLISTEN)) {
+			r = listen (fd, listen_queue);
 
-			goto err;
+			if (r == -1) {
+				msg_warn ("listen %s failed: %d, '%s'",
+						rspamd_inet_address_to_string_pretty (addr),
+						errno, strerror (errno));
+
+				goto err;
+			}
 		}
 	}
 
diff --git a/src/libutil/addr.h b/src/libutil/addr.h
index 852e43b603..483ad94349 100644
--- a/src/libutil/addr.h
+++ b/src/libutil/addr.h
@@ -232,6 +232,7 @@ enum rspamd_inet_address_listen_opts {
 	RSPAMD_INET_ADDRESS_LISTEN_DEFAULT = 0,
 	RSPAMD_INET_ADDRESS_LISTEN_ASYNC = (1u << 0u),
 	RSPAMD_INET_ADDRESS_LISTEN_REUSEPORT = (1u << 1u),
+	RSPAMD_INET_ADDRESS_LISTEN_NOLISTEN = (1u << 2u),
 };
 /**
  * Listen on a specified inet address
diff --git a/src/rspamd.c b/src/rspamd.c
index 2f86739b65..7ea403258e 100644
--- a/src/rspamd.c
+++ b/src/rspamd.c
@@ -402,6 +402,9 @@ create_listen_socket (GPtrArray *addrs, guint cnt,
 	GList *result = NULL;
 	gint fd;
 	guint i;
+	static const int listen_opts = RSPAMD_INET_ADDRESS_LISTEN_ASYNC|
+								   RSPAMD_INET_ADDRESS_LISTEN_REUSEPORT|
+								   RSPAMD_INET_ADDRESS_LISTEN_NOLISTEN;
 	struct rspamd_worker_listen_socket *ls;
 
 	g_ptr_array_sort (addrs, rspamd_inet_address_compare_ptr);
@@ -413,7 +416,7 @@ create_listen_socket (GPtrArray *addrs, guint cnt,
 		if (listen_type & RSPAMD_WORKER_SOCKET_TCP) {
 			fd = rspamd_inet_address_listen (g_ptr_array_index (addrs, i),
 					SOCK_STREAM,
-					RSPAMD_INET_ADDRESS_LISTEN_ASYNC|RSPAMD_INET_ADDRESS_LISTEN_REUSEPORT, -1);
+					listen_opts, -1);
 			if (fd != -1) {
 				ls = g_malloc0 (sizeof (*ls));
 				ls->addr = rspamd_inet_address_copy (g_ptr_array_index (addrs, i));
@@ -425,7 +428,7 @@ create_listen_socket (GPtrArray *addrs, guint cnt,
 		if (listen_type & RSPAMD_WORKER_SOCKET_UDP) {
 			fd = rspamd_inet_address_listen (g_ptr_array_index (addrs, i),
 					SOCK_DGRAM,
-					RSPAMD_INET_ADDRESS_LISTEN_ASYNC|RSPAMD_INET_ADDRESS_LISTEN_REUSEPORT, -1);
+					listen_opts, -1);
 			if (fd != -1) {
 				ls = g_malloc0 (sizeof (*ls));
 				ls->addr = rspamd_inet_address_copy (g_ptr_array_index (addrs, i));