[thirdparty/systemd.git] / src / socket-proxy / socket-proxyd.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>

#include "sd-daemon.h"
#include "sd-event.h"
#include "sd-resolve.h"

#include "alloc-util.h"
#include "errno-util.h"
#include "fd-util.h"
#include "log.h"
#include "main-func.h"
#include "parse-util.h"
#include "path-util.h"
#include "pretty-print.h"
#include "resolve-private.h"
#include "set.h"
#include "socket-util.h"
#include "string-util.h"
#include "util.h"

#define BUFFER_SIZE (256 * 1024)

static unsigned arg_connections_max = 256;
static const char *arg_remote_host = NULL;

typedef struct Context {
        sd_event *event;
        sd_resolve *resolve;

        Set *listen;
        Set *connections;
} Context;

typedef struct Connection {
        Context *context;

        int server_fd, client_fd;
        int server_to_client_buffer[2]; /* a pipe */
        int client_to_server_buffer[2]; /* a pipe */

        size_t server_to_client_buffer_full, client_to_server_buffer_full;
        size_t server_to_client_buffer_size, client_to_server_buffer_size;

        sd_event_source *server_event_source, *client_event_source;

        sd_resolve_query *resolve_query;
} Connection;

static void connection_free(Connection *c) {
        assert(c);

        if (c->context)
                set_remove(c->context->connections, c);

        sd_event_source_unref(c->server_event_source);
        sd_event_source_unref(c->client_event_source);

        safe_close(c->server_fd);
        safe_close(c->client_fd);

        safe_close_pair(c->server_to_client_buffer);
        safe_close_pair(c->client_to_server_buffer);

        sd_resolve_query_unref(c->resolve_query);

        free(c);
}

static void context_clear(Context *context) {
        assert(context);

        set_free_with_destructor(context->listen, sd_event_source_unref);
        set_free_with_destructor(context->connections, connection_free);

        sd_event_unref(context->event);
        sd_resolve_unref(context->resolve);
}

static int connection_create_pipes(Connection *c, int buffer[static 2], size_t *sz) {
        int r;

        assert(c);
        assert(buffer);
        assert(sz);

        if (buffer[0] >= 0)
                return 0;

        r = pipe2(buffer, O_CLOEXEC|O_NONBLOCK);
        if (r < 0)
                return log_error_errno(errno, "Failed to allocate pipe buffer: %m");

        (void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);

        r = fcntl(buffer[0], F_GETPIPE_SZ);
        if (r < 0)
                return log_error_errno(errno, "Failed to get pipe buffer size: %m");

        assert(r > 0);
        *sz = r;

        return 0;
}

static int connection_shovel(
                Connection *c,
                int *from, int buffer[2], int *to,
                size_t *full, size_t *sz,
                sd_event_source **from_source, sd_event_source **to_source) {

        bool shoveled;

        assert(c);
        assert(from);
        assert(buffer);
        assert(buffer[0] >= 0);
        assert(buffer[1] >= 0);
        assert(to);
        assert(full);
        assert(sz);
        assert(from_source);
        assert(to_source);

        do {
                ssize_t z;

                shoveled = false;

                if (*full < *sz && *from >= 0 && *to >= 0) {
                        z = splice(*from, NULL, buffer[1], NULL, *sz - *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
                        if (z > 0) {
                                *full += z;
                                shoveled = true;
                        } else if (z == 0 || ERRNO_IS_DISCONNECT(errno)) {
                                *from_source = sd_event_source_unref(*from_source);
                                *from = safe_close(*from);
                        } else if (!IN_SET(errno, EAGAIN, EINTR))
                                return log_error_errno(errno, "Failed to splice: %m");
                }

                if (*full > 0 && *to >= 0) {
                        z = splice(buffer[0], NULL, *to, NULL, *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
                        if (z > 0) {
                                *full -= z;
                                shoveled = true;
                        } else if (z == 0 || ERRNO_IS_DISCONNECT(errno)) {
                                *to_source = sd_event_source_unref(*to_source);
                                *to = safe_close(*to);
                        } else if (!IN_SET(errno, EAGAIN, EINTR))
                                return log_error_errno(errno, "Failed to splice: %m");
                }
        } while (shoveled);

        return 0;
}

static int connection_enable_event_sources(Connection *c);

static int traffic_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
        Connection *c = userdata;
        int r;

        assert(s);
        assert(fd >= 0);
        assert(c);

        r = connection_shovel(c,
                              &c->server_fd, c->server_to_client_buffer, &c->client_fd,
                              &c->server_to_client_buffer_full, &c->server_to_client_buffer_size,
                              &c->server_event_source, &c->client_event_source);
        if (r < 0)
                goto quit;

        r = connection_shovel(c,
                              &c->client_fd, c->client_to_server_buffer, &c->server_fd,
                              &c->client_to_server_buffer_full, &c->client_to_server_buffer_size,
                              &c->client_event_source, &c->server_event_source);
        if (r < 0)
                goto quit;

        /* EOF on both sides? */
        if (c->server_fd == -1 && c->client_fd == -1)
                goto quit;

        /* Server closed, and all data written to client? */
        if (c->server_fd == -1 && c->server_to_client_buffer_full <= 0)
                goto quit;

        /* Client closed, and all data written to server? */
        if (c->client_fd == -1 && c->client_to_server_buffer_full <= 0)
                goto quit;

        r = connection_enable_event_sources(c);
        if (r < 0)
                goto quit;

        return 1;

quit:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int connection_enable_event_sources(Connection *c) {
        uint32_t a = 0, b = 0;
        int r;

        assert(c);

        if (c->server_to_client_buffer_full > 0)
                b |= EPOLLOUT;
        if (c->server_to_client_buffer_full < c->server_to_client_buffer_size)
                a |= EPOLLIN;

        if (c->client_to_server_buffer_full > 0)
                a |= EPOLLOUT;
        if (c->client_to_server_buffer_full < c->client_to_server_buffer_size)
                b |= EPOLLIN;

        if (c->server_event_source)
                r = sd_event_source_set_io_events(c->server_event_source, a);
        else if (c->server_fd >= 0)
                r = sd_event_add_io(c->context->event, &c->server_event_source, c->server_fd, a, traffic_cb, c);
        else
                r = 0;

        if (r < 0)
                return log_error_errno(r, "Failed to set up server event source: %m");

        if (c->client_event_source)
                r = sd_event_source_set_io_events(c->client_event_source, b);
        else if (c->client_fd >= 0)
                r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, b, traffic_cb, c);
        else
                r = 0;

        if (r < 0)
                return log_error_errno(r, "Failed to set up client event source: %m");

        return 0;
}

static int connection_complete(Connection *c) {
        int r;

        assert(c);

        r = connection_create_pipes(c, c->server_to_client_buffer, &c->server_to_client_buffer_size);
        if (r < 0)
                goto fail;

        r = connection_create_pipes(c, c->client_to_server_buffer, &c->client_to_server_buffer_size);
        if (r < 0)
                goto fail;

        r = connection_enable_event_sources(c);
        if (r < 0)
                goto fail;

        return 0;

fail:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int connect_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
        Connection *c = userdata;
        socklen_t solen;
        int error, r;

        assert(s);
        assert(fd >= 0);
        assert(c);

        solen = sizeof(error);
        r = getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &solen);
        if (r < 0) {
                log_error_errno(errno, "Failed to issue SO_ERROR: %m");
                goto fail;
        }

        if (error != 0) {
                log_error_errno(error, "Failed to connect to remote host: %m");
                goto fail;
        }

        c->client_event_source = sd_event_source_unref(c->client_event_source);

        return connection_complete(c);

fail:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int connection_start(Connection *c, struct sockaddr *sa, socklen_t salen) {
        int r;

        assert(c);
        assert(sa);
        assert(salen);

        c->client_fd = socket(sa->sa_family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
        if (c->client_fd < 0) {
                log_error_errno(errno, "Failed to get remote socket: %m");
                goto fail;
        }

        r = connect(c->client_fd, sa, salen);
        if (r < 0) {
                if (errno == EINPROGRESS) {
                        r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, EPOLLOUT, connect_cb, c);
                        if (r < 0) {
                                log_error_errno(r, "Failed to add connection socket: %m");
                                goto fail;
                        }

                        r = sd_event_source_set_enabled(c->client_event_source, SD_EVENT_ONESHOT);
                        if (r < 0) {
                                log_error_errno(r, "Failed to enable oneshot event source: %m");
                                goto fail;
                        }
                } else {
                        log_error_errno(errno, "Failed to connect to remote host: %m");
                        goto fail;
                }
        } else {
                r = connection_complete(c);
                if (r < 0)
                        goto fail;
        }

        return 0;

fail:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, Connection *c) {
        assert(q);
        assert(c);

        if (ret != 0) {
                log_error("Failed to resolve host: %s", gai_strerror(ret));
                goto fail;
        }

        c->resolve_query = sd_resolve_query_unref(c->resolve_query);

        return connection_start(c, ai->ai_addr, ai->ai_addrlen);

fail:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int resolve_remote(Connection *c) {

        static const struct addrinfo hints = {
                .ai_family = AF_UNSPEC,
                .ai_socktype = SOCK_STREAM,
                .ai_flags = AI_ADDRCONFIG
        };

        union sockaddr_union sa = {};
        const char *node, *service;
        int r;

        if (IN_SET(arg_remote_host[0], '/', '@')) {
                int salen;

                salen = sockaddr_un_set_path(&sa.un, arg_remote_host);
                if (salen < 0) {
                        log_error_errno(salen, "Specified address doesn't fit in an AF_UNIX address, refusing: %m");
                        goto fail;
                }

                return connection_start(c, &sa.sa, salen);
        }

        service = strrchr(arg_remote_host, ':');
        if (service) {
                node = strndupa(arg_remote_host, service - arg_remote_host);
                service++;
        } else {
                node = arg_remote_host;
                service = "80";
        }

        log_debug("Looking up address info for %s:%s", node, service);
        r = resolve_getaddrinfo(c->context->resolve, &c->resolve_query, node, service, &hints, resolve_handler, NULL, c);
        if (r < 0) {
                log_error_errno(r, "Failed to resolve remote host: %m");
                goto fail;
        }

        return 0;

fail:
        connection_free(c);
        return 0; /* ignore errors, continue serving */
}

static int add_connection_socket(Context *context, int fd) {
        Connection *c;
        int r;

        assert(context);
        assert(fd >= 0);

        if (set_size(context->connections) > arg_connections_max) {
                log_warning("Hit connection limit, refusing connection.");
                safe_close(fd);
                return 0;
        }

        r = set_ensure_allocated(&context->connections, NULL);
        if (r < 0) {
                log_oom();
                return 0;
        }

        c = new0(Connection, 1);
        if (!c) {
                log_oom();
                return 0;
        }

        c->context = context;
        c->server_fd = fd;
        c->client_fd = -1;
        c->server_to_client_buffer[0] = c->server_to_client_buffer[1] = -1;
        c->client_to_server_buffer[0] = c->client_to_server_buffer[1] = -1;

        r = set_put(context->connections, c);
        if (r < 0) {
                free(c);
                log_oom();
                return 0;
        }

        return resolve_remote(c);
}

static int accept_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
        _cleanup_free_ char *peer = NULL;
        Context *context = userdata;
        int nfd = -1, r;

        assert(s);
        assert(fd >= 0);
        assert(revents & EPOLLIN);
        assert(context);

        nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
        if (nfd < 0) {
                if (!ERRNO_IS_ACCEPT_AGAIN(errno))
                        log_warning_errno(errno, "Failed to accept() socket: %m");
        } else {
                (void) getpeername_pretty(nfd, true, &peer);
                log_debug("New connection from %s", strna(peer));

                r = add_connection_socket(context, nfd);
                if (r < 0) {
                        log_error_errno(r, "Failed to accept connection, ignoring: %m");
                        safe_close(fd);
                }
        }

        r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
        if (r < 0) {
                log_error_errno(r, "Error while re-enabling listener with ONESHOT: %m");
                sd_event_exit(context->event, r);
                return r;
        }

        return 1;
}

static int add_listen_socket(Context *context, int fd) {
        sd_event_source *source;
        int r;

        assert(context);
        assert(fd >= 0);

        r = set_ensure_allocated(&context->listen, NULL);
        if (r < 0) {
                log_oom();
                return r;
        }

        r = sd_is_socket(fd, 0, SOCK_STREAM, 1);
        if (r < 0)
                return log_error_errno(r, "Failed to determine socket type: %m");
        if (r == 0)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Passed in socket is not a stream socket.");

        r = fd_nonblock(fd, true);
        if (r < 0)
                return log_error_errno(r, "Failed to mark file descriptor non-blocking: %m");

        r = sd_event_add_io(context->event, &source, fd, EPOLLIN, accept_cb, context);
        if (r < 0)
                return log_error_errno(r, "Failed to add event source: %m");

        r = set_put(context->listen, source);
        if (r < 0) {
                log_error_errno(r, "Failed to add source to set: %m");
                sd_event_source_unref(source);
                return r;
        }

        /* Set the watcher to oneshot in case other processes are also
         * watching to accept(). */
        r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
        if (r < 0)
                return log_error_errno(r, "Failed to enable oneshot mode: %m");

        return 0;
}

static int help(void) {
        _cleanup_free_ char *link = NULL;
        int r;

        r = terminal_urlify_man("systemd-socket-proxyd", "8", &link);
        if (r < 0)
                return log_oom();

        printf("%1$s [HOST:PORT]\n"
               "%1$s [SOCKET]\n\n"
               "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
               "  -c --connections-max=  Set the maximum number of connections to be accepted\n"
               "  -h --help              Show this help\n"
               "     --version           Show package version\n"
               "\nSee the %2$s for details.\n"
               , program_invocation_short_name
               , link
        );

        return 0;
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_VERSION = 0x100,
                ARG_IGNORE_ENV
        };

        static const struct option options[] = {
                { "connections-max", required_argument, NULL, 'c'           },
                { "help",            no_argument,       NULL, 'h'           },
                { "version",         no_argument,       NULL, ARG_VERSION   },
                {}
        };

        int c, r;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "c:h", options, NULL)) >= 0)

                switch (c) {

                case 'h':
                        return help();

                case ARG_VERSION:
                        return version();

                case 'c':
                        r = safe_atou(optarg, &arg_connections_max);
                        if (r < 0) {
                                log_error("Failed to parse --connections-max= argument: %s", optarg);
                                return r;
                        }

                        if (arg_connections_max < 1)
                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                       "Connection limit is too low.");

                        break;

                case '?':
                        return -EINVAL;

                default:
                        assert_not_reached("Unhandled option");
                }

        if (optind >= argc)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Not enough parameters.");

        if (argc != optind+1)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Too many parameters.");

        arg_remote_host = argv[optind];
        return 1;
}

static int run(int argc, char *argv[]) {
        _cleanup_(context_clear) Context context = {};
        int r, n, fd;

        log_parse_environment();
        log_open();

        r = parse_argv(argc, argv);
        if (r <= 0)
                return r;

        r = sd_event_default(&context.event);
        if (r < 0)
                return log_error_errno(r, "Failed to allocate event loop: %m");

        r = sd_resolve_default(&context.resolve);
        if (r < 0)
                return log_error_errno(r, "Failed to allocate resolver: %m");

        r = sd_resolve_attach_event(context.resolve, context.event, 0);
        if (r < 0)
                return log_error_errno(r, "Failed to attach resolver: %m");

        sd_event_set_watchdog(context.event, true);

        r = sd_listen_fds(1);
        if (r < 0)
                return log_error_errno(r, "Failed to receive sockets from parent.");
        if (r == 0)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Didn't get any sockets passed in.");

        n = r;

        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
                r = add_listen_socket(&context, fd);
                if (r < 0)
                        return r;
        }

        r = sd_event_loop(context.event);
        if (r < 0)
                return log_error_errno(r, "Failed to run event loop: %m");

        return 0;
}

DEFINE_MAIN_FUNCTION(run);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
912b54ad	2
912b54ad	3	#include <errno.h>
3f6fd1ba	4	#include <fcntl.h>
912b54ad	5	#include <getopt.h>
3f6fd1ba	6	#include <netdb.h>
912b54ad DS	7	#include <stdio.h>
	8	#include <stdlib.h>
	9	#include <string.h>
912b54ad DS	10	#include <sys/socket.h>
	11	#include <sys/un.h>
	12	#include <unistd.h>
	13
912b54ad DS	14	#include "sd-daemon.h"
912b54ad DS	15	#include "sd-event.h"
fb69d709	16	#include "sd-resolve.h"
3f6fd1ba	17
b5efdb8a	18	#include "alloc-util.h"
f60a028a	19	#include "errno-util.h"
3ffd4af2	20	#include "fd-util.h"
96c374d0	21	#include "log.h"
a160567e	22	#include "main-func.h"
37ec0fdd	23	#include "parse-util.h"
3f6fd1ba	24	#include "path-util.h"
294bf0c3	25	#include "pretty-print.h"
f2935c77	26	#include "resolve-private.h"
3f6fd1ba	27	#include "set.h"
912b54ad	28	#include "socket-util.h"
07630cea	29	#include "string-util.h"
912b54ad	30	#include "util.h"
8569a776 LP	31
8569a776 LP	32	#define BUFFER_SIZE (256 * 1024)
912b54ad	33
f60a028a	34	static unsigned arg_connections_max = 256;
fb69d709 LP	35	static const char *arg_remote_host = NULL;
fb69d709 LP	36
8569a776	37	typedef struct Context {
fb69d709 LP	38	sd_event *event;
	39	sd_resolve *resolve;
	40
8569a776 LP	41	Set *listen;
	42	Set *connections;
	43	} Context;
912b54ad	44
8569a776	45	typedef struct Connection {
e633ea1c LP	46	Context *context;
e633ea1c LP	47
8569a776 LP	48	int server_fd, client_fd;
	49	int server_to_client_buffer[2]; /* a pipe */
	50	int client_to_server_buffer[2]; /* a pipe */
912b54ad	51
8569a776 LP	52	size_t server_to_client_buffer_full, client_to_server_buffer_full;
	53	size_t server_to_client_buffer_size, client_to_server_buffer_size;
	54
	55	sd_event_source server_event_source, client_event_source;
912b54ad	56
fb69d709 LP	57	sd_resolve_query *resolve_query;
fb69d709 LP	58	} Connection;
912b54ad	59
8569a776 LP	60	static void connection_free(Connection *c) {
8569a776 LP	61	assert(c);
32d3c809	62
e633ea1c LP	63	if (c->context)
	64	set_remove(c->context->connections, c);
	65
8569a776 LP	66	sd_event_source_unref(c->server_event_source);
8569a776 LP	67	sd_event_source_unref(c->client_event_source);
32d3c809	68
03e334a1 LP	69	safe_close(c->server_fd);
03e334a1 LP	70	safe_close(c->client_fd);
32d3c809	71
3d94f76c LP	72	safe_close_pair(c->server_to_client_buffer);
3d94f76c LP	73	safe_close_pair(c->client_to_server_buffer);
32d3c809	74
fb69d709 LP	75	sd_resolve_query_unref(c->resolve_query);
fb69d709 LP	76
8569a776 LP	77	free(c);
8569a776 LP	78	}
32d3c809	79
a160567e	80	static void context_clear(Context *context) {
8569a776 LP	81	assert(context);
8569a776 LP	82
224b0e7a ZJS	83	set_free_with_destructor(context->listen, sd_event_source_unref);
224b0e7a ZJS	84	set_free_with_destructor(context->connections, connection_free);
32d3c809	85
fb69d709 LP	86	sd_event_unref(context->event);
fb69d709 LP	87	sd_resolve_unref(context->resolve);
8569a776	88	}
912b54ad	89
3042bbeb	90	static int connection_create_pipes(Connection c, int buffer[static 2], size_t sz) {
8569a776	91	int r;
912b54ad	92
8569a776 LP	93	assert(c);
	94	assert(buffer);
	95	assert(sz);
912b54ad	96
8569a776 LP	97	if (buffer[0] >= 0)
8569a776 LP	98	return 0;
912b54ad	99
8569a776	100	r = pipe2(buffer, O_CLOEXEC\|O_NONBLOCK);
4a62c710 MS	101	if (r < 0)
4a62c710 MS	102	return log_error_errno(errno, "Failed to allocate pipe buffer: %m");
912b54ad	103
25dbe4f5	104	(void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);
8569a776 LP	105
8569a776 LP	106	r = fcntl(buffer[0], F_GETPIPE_SZ);
4a62c710 MS	107	if (r < 0)
4a62c710 MS	108	return log_error_errno(errno, "Failed to get pipe buffer size: %m");
912b54ad	109
8569a776 LP	110	assert(r > 0);
	111	*sz = r;
	112
912b54ad DS	113	return 0;
	114	}
	115
8569a776 LP	116	static int connection_shovel(
	117	Connection *c,
	118	int from, int buffer[2], int to,
	119	size_t full, size_t sz,
	120	sd_event_source from_source, sd_event_source to_source) {
	121
	122	bool shoveled;
	123
	124	assert(c);
	125	assert(from);
	126	assert(buffer);
	127	assert(buffer[0] >= 0);
	128	assert(buffer[1] >= 0);
	129	assert(to);
	130	assert(full);
	131	assert(sz);
	132	assert(from_source);
	133	assert(to_source);
	134
	135	do {
	136	ssize_t z;
	137
	138	shoveled = false;
	139
	140	if (full < sz && from >= 0 && to >= 0) {
	141	z = splice(from, NULL, buffer[1], NULL, sz - *full, SPLICE_F_MOVE\|SPLICE_F_NONBLOCK);
	142	if (z > 0) {
	143	*full += z;
	144	shoveled = true;
f60a028a	145	} else if (z == 0 \|\| ERRNO_IS_DISCONNECT(errno)) {
8569a776	146	from_source = sd_event_source_unref(from_source);
03e334a1	147	from = safe_close(from);
ec2ce0c5	148	} else if (!IN_SET(errno, EAGAIN, EINTR))
4a62c710	149	return log_error_errno(errno, "Failed to splice: %m");
912b54ad DS	150	}
912b54ad DS	151
8569a776 LP	152	if (full > 0 && to >= 0) {
	153	z = splice(buffer[0], NULL, to, NULL, full, SPLICE_F_MOVE\|SPLICE_F_NONBLOCK);
	154	if (z > 0) {
	155	*full -= z;
	156	shoveled = true;
f60a028a	157	} else if (z == 0 \|\| ERRNO_IS_DISCONNECT(errno)) {
8569a776	158	to_source = sd_event_source_unref(to_source);
03e334a1	159	to = safe_close(to);
ec2ce0c5	160	} else if (!IN_SET(errno, EAGAIN, EINTR))
4a62c710	161	return log_error_errno(errno, "Failed to splice: %m");
8569a776 LP	162	}
8569a776 LP	163	} while (shoveled);
912b54ad	164
8569a776	165	return 0;
912b54ad DS	166	}
912b54ad DS	167
fb69d709	168	static int connection_enable_event_sources(Connection *c);
8569a776 LP	169
	170	static int traffic_cb(sd_event_source s, int fd, uint32_t revents, void userdata) {
	171	Connection *c = userdata;
912b54ad DS	172	int r;
912b54ad DS	173
8569a776 LP	174	assert(s);
	175	assert(fd >= 0);
	176	assert(c);
912b54ad	177
8569a776 LP	178	r = connection_shovel(c,
	179	&c->server_fd, c->server_to_client_buffer, &c->client_fd,
	180	&c->server_to_client_buffer_full, &c->server_to_client_buffer_size,
	181	&c->server_event_source, &c->client_event_source);
	182	if (r < 0)
	183	goto quit;
912b54ad	184
8569a776 LP	185	r = connection_shovel(c,
	186	&c->client_fd, c->client_to_server_buffer, &c->server_fd,
	187	&c->client_to_server_buffer_full, &c->client_to_server_buffer_size,
	188	&c->client_event_source, &c->server_event_source);
	189	if (r < 0)
	190	goto quit;
912b54ad	191
8569a776 LP	192	/* EOF on both sides? */
	193	if (c->server_fd == -1 && c->client_fd == -1)
	194	goto quit;
912b54ad	195
8569a776 LP	196	/* Server closed, and all data written to client? */
	197	if (c->server_fd == -1 && c->server_to_client_buffer_full <= 0)
	198	goto quit;
912b54ad	199
8569a776 LP	200	/* Client closed, and all data written to server? */
	201	if (c->client_fd == -1 && c->client_to_server_buffer_full <= 0)
	202	goto quit;
912b54ad	203
fb69d709	204	r = connection_enable_event_sources(c);
8569a776 LP	205	if (r < 0)
8569a776 LP	206	goto quit;
912b54ad	207
8569a776	208	return 1;
912b54ad	209
8569a776 LP	210	quit:
	211	connection_free(c);
	212	return 0; /* ignore errors, continue serving */
912b54ad DS	213	}
912b54ad DS	214
fb69d709	215	static int connection_enable_event_sources(Connection *c) {
8569a776 LP	216	uint32_t a = 0, b = 0;
8569a776 LP	217	int r;
912b54ad	218
8569a776	219	assert(c);
912b54ad	220
8569a776 LP	221	if (c->server_to_client_buffer_full > 0)
	222	b \|= EPOLLOUT;
	223	if (c->server_to_client_buffer_full < c->server_to_client_buffer_size)
	224	a \|= EPOLLIN;
912b54ad	225
8569a776 LP	226	if (c->client_to_server_buffer_full > 0)
	227	a \|= EPOLLOUT;
	228	if (c->client_to_server_buffer_full < c->client_to_server_buffer_size)
	229	b \|= EPOLLIN;
912b54ad	230
8569a776 LP	231	if (c->server_event_source)
	232	r = sd_event_source_set_io_events(c->server_event_source, a);
	233	else if (c->server_fd >= 0)
fb69d709	234	r = sd_event_add_io(c->context->event, &c->server_event_source, c->server_fd, a, traffic_cb, c);
8569a776 LP	235	else
	236	r = 0;
	237
f647962d MS	238	if (r < 0)
f647962d MS	239	return log_error_errno(r, "Failed to set up server event source: %m");
912b54ad	240
8569a776 LP	241	if (c->client_event_source)
	242	r = sd_event_source_set_io_events(c->client_event_source, b);
	243	else if (c->client_fd >= 0)
fb69d709	244	r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, b, traffic_cb, c);
8569a776 LP	245	else
8569a776 LP	246	r = 0;
912b54ad	247
f647962d MS	248	if (r < 0)
f647962d MS	249	return log_error_errno(r, "Failed to set up client event source: %m");
912b54ad	250
8569a776	251	return 0;
912b54ad DS	252	}
912b54ad DS	253
fb69d709 LP	254	static int connection_complete(Connection *c) {
	255	int r;
	256
	257	assert(c);
	258
	259	r = connection_create_pipes(c, c->server_to_client_buffer, &c->server_to_client_buffer_size);
	260	if (r < 0)
	261	goto fail;
	262
	263	r = connection_create_pipes(c, c->client_to_server_buffer, &c->client_to_server_buffer_size);
	264	if (r < 0)
	265	goto fail;
	266
	267	r = connection_enable_event_sources(c);
	268	if (r < 0)
	269	goto fail;
	270
	271	return 0;
	272
	273	fail:
	274	connection_free(c);
	275	return 0; /* ignore errors, continue serving */
	276	}
	277
8569a776 LP	278	static int connect_cb(sd_event_source s, int fd, uint32_t revents, void userdata) {
	279	Connection *c = userdata;
	280	socklen_t solen;
	281	int error, r;
	282
	283	assert(s);
	284	assert(fd >= 0);
	285	assert(c);
	286
	287	solen = sizeof(error);
	288	r = getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &solen);
	289	if (r < 0) {
56f64d95	290	log_error_errno(errno, "Failed to issue SO_ERROR: %m");
40976028 DS	291	goto fail;
40976028 DS	292	}
912b54ad	293
8569a776	294	if (error != 0) {
279d3c9c	295	log_error_errno(error, "Failed to connect to remote host: %m");
912b54ad DS	296	goto fail;
	297	}
	298
8569a776 LP	299	c->client_event_source = sd_event_source_unref(c->client_event_source);
8569a776 LP	300
fb69d709	301	return connection_complete(c);
912b54ad	302
fb69d709 LP	303	fail:
	304	connection_free(c);
	305	return 0; /* ignore errors, continue serving */
	306	}
912b54ad	307
fb69d709 LP	308	static int connection_start(Connection c, struct sockaddr sa, socklen_t salen) {
	309	int r;
	310
	311	assert(c);
	312	assert(sa);
	313	assert(salen);
	314
	315	c->client_fd = socket(sa->sa_family, SOCK_STREAM\|SOCK_NONBLOCK\|SOCK_CLOEXEC, 0);
	316	if (c->client_fd < 0) {
56f64d95	317	log_error_errno(errno, "Failed to get remote socket: %m");
8569a776	318	goto fail;
fb69d709 LP	319	}
	320
	321	r = connect(c->client_fd, sa, salen);
	322	if (r < 0) {
	323	if (errno == EINPROGRESS) {
	324	r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, EPOLLOUT, connect_cb, c);
	325	if (r < 0) {
da927ba9	326	log_error_errno(r, "Failed to add connection socket: %m");
fb69d709 LP	327	goto fail;
	328	}
	329
	330	r = sd_event_source_set_enabled(c->client_event_source, SD_EVENT_ONESHOT);
	331	if (r < 0) {
da927ba9	332	log_error_errno(r, "Failed to enable oneshot event source: %m");
fb69d709 LP	333	goto fail;
	334	}
	335	} else {
56f64d95	336	log_error_errno(errno, "Failed to connect to remote host: %m");
fb69d709 LP	337	goto fail;
	338	}
	339	} else {
	340	r = connection_complete(c);
	341	if (r < 0)
	342	goto fail;
	343	}
912b54ad	344
8569a776	345	return 0;
912b54ad	346
8569a776 LP	347	fail:
	348	connection_free(c);
	349	return 0; /* ignore errors, continue serving */
	350	}
	351
f2935c77	352	static int resolve_handler(sd_resolve_query q, int ret, const struct addrinfo ai, Connection *c) {
fb69d709 LP	353	assert(q);
	354	assert(c);
	355
	356	if (ret != 0) {
	357	log_error("Failed to resolve host: %s", gai_strerror(ret));
	358	goto fail;
	359	}
	360
	361	c->resolve_query = sd_resolve_query_unref(c->resolve_query);
	362
	363	return connection_start(c, ai->ai_addr, ai->ai_addrlen);
	364
	365	fail:
	366	connection_free(c);
	367	return 0; /* ignore errors, continue serving */
	368	}
	369
	370	static int resolve_remote(Connection *c) {
	371
	372	static const struct addrinfo hints = {
	373	.ai_family = AF_UNSPEC,
	374	.ai_socktype = SOCK_STREAM,
	375	.ai_flags = AI_ADDRCONFIG
	376	};
	377
1ec6af16	378	union sockaddr_union sa = {};
fb69d709	379	const char node, service;
fb69d709 LP	380	int r;
fb69d709 LP	381
15a3e96f LP	382	if (IN_SET(arg_remote_host[0], '/', '@')) {
	383	int salen;
	384
	385	salen = sockaddr_un_set_path(&sa.un, arg_remote_host);
	386	if (salen < 0) {
	387	log_error_errno(salen, "Specified address doesn't fit in an AF_UNIX address, refusing: %m");
	388	goto fail;
	389	}
fb69d709	390
15a3e96f	391	return connection_start(c, &sa.sa, salen);
fb69d709 LP	392	}
	393
	394	service = strrchr(arg_remote_host, ':');
	395	if (service) {
	396	node = strndupa(arg_remote_host, service - arg_remote_host);
313cefa1	397	service++;
fb69d709 LP	398	} else {
	399	node = arg_remote_host;
	400	service = "80";
	401	}
	402
	403	log_debug("Looking up address info for %s:%s", node, service);
f2935c77	404	r = resolve_getaddrinfo(c->context->resolve, &c->resolve_query, node, service, &hints, resolve_handler, NULL, c);
fb69d709	405	if (r < 0) {
da927ba9	406	log_error_errno(r, "Failed to resolve remote host: %m");
fb69d709 LP	407	goto fail;
	408	}
	409
	410	return 0;
	411
	412	fail:
	413	connection_free(c);
	414	return 0; /* ignore errors, continue serving */
	415	}
	416
	417	static int add_connection_socket(Context *context, int fd) {
8569a776 LP	418	Connection *c;
	419	int r;
	420
	421	assert(context);
8569a776 LP	422	assert(fd >= 0);
8569a776 LP	423
dc3b8afb	424	if (set_size(context->connections) > arg_connections_max) {
8569a776	425	log_warning("Hit connection limit, refusing connection.");
03e334a1	426	safe_close(fd);
8569a776	427	return 0;
912b54ad DS	428	}
912b54ad DS	429
d5099efc	430	r = set_ensure_allocated(&context->connections, NULL);
fb69d709 LP	431	if (r < 0) {
	432	log_oom();
	433	return 0;
	434	}
912b54ad	435
8569a776	436	c = new0(Connection, 1);
fb69d709 LP	437	if (!c) {
	438	log_oom();
	439	return 0;
	440	}
8569a776	441
e633ea1c	442	c->context = context;
8569a776 LP	443	c->server_fd = fd;
	444	c->client_fd = -1;
	445	c->server_to_client_buffer[0] = c->server_to_client_buffer[1] = -1;
	446	c->client_to_server_buffer[0] = c->client_to_server_buffer[1] = -1;
	447
e633ea1c LP	448	r = set_put(context->connections, c);
	449	if (r < 0) {
	450	free(c);
fb69d709 LP	451	log_oom();
fb69d709 LP	452	return 0;
8569a776	453	}
912b54ad	454
fb69d709	455	return resolve_remote(c);
40976028 DS	456	}
	457
	458	static int accept_cb(sd_event_source s, int fd, uint32_t revents, void userdata) {
7b77ed8c	459	_cleanup_free_ char *peer = NULL;
8569a776 LP	460	Context *context = userdata;
8569a776 LP	461	int nfd = -1, r;
40976028	462
8569a776 LP	463	assert(s);
8569a776 LP	464	assert(fd >= 0);
40976028	465	assert(revents & EPOLLIN);
8569a776 LP	466	assert(context);
	467
	468	nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK\|SOCK_CLOEXEC);
7b77ed8c	469	if (nfd < 0) {
4ff9bc2e	470	if (!ERRNO_IS_ACCEPT_AGAIN(errno))
56f64d95	471	log_warning_errno(errno, "Failed to accept() socket: %m");
7b77ed8c	472	} else {
7ebd758c	473	(void) getpeername_pretty(nfd, true, &peer);
8569a776	474	log_debug("New connection from %s", strna(peer));
40976028	475
fb69d709	476	r = add_connection_socket(context, nfd);
f4bd42aa	477	if (r < 0) {
da927ba9	478	log_error_errno(r, "Failed to accept connection, ignoring: %m");
03e334a1	479	safe_close(fd);
f4bd42aa	480	}
7b77ed8c	481	}
8569a776	482
40976028 DS	483	r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
40976028 DS	484	if (r < 0) {
da927ba9	485	log_error_errno(r, "Error while re-enabling listener with ONESHOT: %m");
fb69d709	486	sd_event_exit(context->event, r);
40976028 DS	487	return r;
	488	}
	489
96c374d0	490	return 1;
912b54ad DS	491	}
912b54ad DS	492
fb69d709	493	static int add_listen_socket(Context *context, int fd) {
8569a776 LP	494	sd_event_source *source;
	495	int r;
	496
	497	assert(context);
8569a776	498	assert(fd >= 0);
912b54ad	499
d5099efc	500	r = set_ensure_allocated(&context->listen, NULL);
96c374d0	501	if (r < 0) {
8569a776 LP	502	log_oom();
	503	return r;
	504	}
	505
	506	r = sd_is_socket(fd, 0, SOCK_STREAM, 1);
f647962d MS	507	if (r < 0)
f647962d MS	508	return log_error_errno(r, "Failed to determine socket type: %m");
baaa35ad ZJS	509	if (r == 0)
	510	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	511	"Passed in socket is not a stream socket.");
912b54ad	512
8569a776	513	r = fd_nonblock(fd, true);
f647962d MS	514	if (r < 0)
f647962d MS	515	return log_error_errno(r, "Failed to mark file descriptor non-blocking: %m");
912b54ad	516
fb69d709	517	r = sd_event_add_io(context->event, &source, fd, EPOLLIN, accept_cb, context);
f647962d MS	518	if (r < 0)
f647962d MS	519	return log_error_errno(r, "Failed to add event source: %m");
912b54ad	520
8569a776	521	r = set_put(context->listen, source);
96c374d0	522	if (r < 0) {
da927ba9	523	log_error_errno(r, "Failed to add source to set: %m");
8569a776	524	sd_event_source_unref(source);
40976028 DS	525	return r;
	526	}
	527
	528	/* Set the watcher to oneshot in case other processes are also
	529	* watching to accept(). */
8569a776	530	r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
f647962d MS	531	if (r < 0)
f647962d MS	532	return log_error_errno(r, "Failed to enable oneshot mode: %m");
912b54ad	533
8569a776	534	return 0;
912b54ad DS	535	}
912b54ad DS	536
37ec0fdd LP	537	static int help(void) {
	538	_cleanup_free_ char *link = NULL;
	539	int r;
	540
	541	r = terminal_urlify_man("systemd-socket-proxyd", "8", &link);
	542	if (r < 0)
	543	return log_oom();
	544
601185b4 ZJS	545	printf("%1$s [HOST:PORT]\n"
601185b4 ZJS	546	"%1$s [SOCKET]\n\n"
8569a776	547	"Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
23d0fff7	548	" -c --connections-max= Set the maximum number of connections to be accepted\n"
8cf030b3	549	" -h --help Show this help\n"
37ec0fdd LP	550	" --version Show package version\n"
	551	"\nSee the %2$s for details.\n"
	552	, program_invocation_short_name
	553	, link
	554	);
	555
	556	return 0;
912b54ad DS	557	}
912b54ad DS	558
8569a776	559	static int parse_argv(int argc, char *argv[]) {
912b54ad DS	560
912b54ad DS	561	enum {
8cf030b3 LP	562	ARG_VERSION = 0x100,
8cf030b3 LP	563	ARG_IGNORE_ENV
912b54ad DS	564	};
	565
	566	static const struct option options[] = {
dc3b8afb DK	567	{ "connections-max", required_argument, NULL, 'c' },
	568	{ "help", no_argument, NULL, 'h' },
	569	{ "version", no_argument, NULL, ARG_VERSION },
eb9da376	570	{}
912b54ad DS	571	};
912b54ad DS	572
dc3b8afb	573	int c, r;
912b54ad DS	574
	575	assert(argc >= 0);
	576	assert(argv);
	577
dc3b8afb	578	while ((c = getopt_long(argc, argv, "c:h", options, NULL)) >= 0)
912b54ad DS	579
	580	switch (c) {
	581
	582	case 'h':
37ec0fdd LP	583	return help();
	584
	585	case ARG_VERSION:
	586	return version();
912b54ad	587
dc3b8afb DK	588	case 'c':
	589	r = safe_atou(optarg, &arg_connections_max);
	590	if (r < 0) {
	591	log_error("Failed to parse --connections-max= argument: %s", optarg);
	592	return r;
	593	}
	594
baaa35ad ZJS	595	if (arg_connections_max < 1)
	596	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	597	"Connection limit is too low.");
dc3b8afb DK	598
	599	break;
	600
eb9da376	601	case '?':
912b54ad	602	return -EINVAL;
eb9da376 LP	603
	604	default:
	605	assert_not_reached("Unhandled option");
912b54ad	606	}
912b54ad	607
baaa35ad ZJS	608	if (optind >= argc)
	609	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	610	"Not enough parameters.");
912b54ad	611
baaa35ad ZJS	612	if (argc != optind+1)
	613	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	614	"Too many parameters.");
912b54ad	615
8569a776	616	arg_remote_host = argv[optind];
912b54ad DS	617	return 1;
	618	}
	619
a160567e YW	620	static int run(int argc, char *argv[]) {
a160567e YW	621	_cleanup_(context_clear) Context context = {};
8569a776	622	int r, n, fd;
912b54ad DS	623
	624	log_parse_environment();
	625	log_open();
	626
8569a776	627	r = parse_argv(argc, argv);
912b54ad	628	if (r <= 0)
a160567e	629	return r;
912b54ad	630
fb69d709	631	r = sd_event_default(&context.event);
a160567e YW	632	if (r < 0)
a160567e YW	633	return log_error_errno(r, "Failed to allocate event loop: %m");
912b54ad	634
fb69d709	635	r = sd_resolve_default(&context.resolve);
a160567e YW	636	if (r < 0)
a160567e YW	637	return log_error_errno(r, "Failed to allocate resolver: %m");
fb69d709 LP	638
fb69d709 LP	639	r = sd_resolve_attach_event(context.resolve, context.event, 0);
a160567e YW	640	if (r < 0)
a160567e YW	641	return log_error_errno(r, "Failed to attach resolver: %m");
fb69d709 LP	642
fb69d709 LP	643	sd_event_set_watchdog(context.event, true);
cde93897	644
a160567e YW	645	r = sd_listen_fds(1);
	646	if (r < 0)
	647	return log_error_errno(r, "Failed to receive sockets from parent.");
	648	if (r == 0)
	649	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Didn't get any sockets passed in.");
	650
	651	n = r;
8cf030b3 LP	652
8cf030b3 LP	653	for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
fb69d709	654	r = add_listen_socket(&context, fd);
8569a776	655	if (r < 0)
a160567e	656	return r;
912b54ad DS	657	}
912b54ad DS	658
fb69d709	659	r = sd_event_loop(context.event);
a160567e YW	660	if (r < 0)
a160567e YW	661	return log_error_errno(r, "Failed to run event loop: %m");
8569a776	662
a160567e	663	return 0;
912b54ad	664	}
a160567e YW	665
a160567e YW	666	DEFINE_MAIN_FUNCTION(run);