1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
51 #include "formats-util.h"
53 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
54 [SOCKET_DEAD
] = UNIT_INACTIVE
,
55 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
56 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
57 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
58 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
59 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
60 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
61 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
64 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
66 [SOCKET_FAILED
] = UNIT_FAILED
69 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
70 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
72 static void socket_init(Unit
*u
) {
73 Socket
*s
= SOCKET(u
);
76 assert(u
->load_state
== UNIT_STUB
);
78 s
->backlog
= SOMAXCONN
;
79 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
80 s
->directory_mode
= 0755;
81 s
->socket_mode
= 0666;
83 s
->max_connections
= 64;
90 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
91 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
93 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
96 static void socket_unwatch_control_pid(Socket
*s
) {
99 if (s
->control_pid
<= 0)
102 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
106 void socket_free_ports(Socket
*s
) {
111 while ((p
= s
->ports
)) {
112 LIST_REMOVE(port
, s
->ports
, p
);
114 sd_event_source_unref(p
->event_source
);
122 static void socket_done(Unit
*u
) {
123 Socket
*s
= SOCKET(u
);
127 socket_free_ports(s
);
129 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
130 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
131 s
->control_command
= NULL
;
133 socket_unwatch_control_pid(s
);
135 unit_ref_unset(&s
->service
);
137 free(s
->tcp_congestion
);
138 s
->tcp_congestion
= NULL
;
140 free(s
->bind_to_device
);
141 s
->bind_to_device
= NULL
;
144 free(s
->smack_ip_in
);
145 free(s
->smack_ip_out
);
147 strv_free(s
->symlinks
);
152 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
155 static int socket_arm_timer(Socket
*s
) {
160 if (s
->timeout_usec
<= 0) {
161 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
165 if (s
->timer_event_source
) {
166 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
170 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
173 r
= sd_event_add_time(
174 UNIT(s
)->manager
->event
,
175 &s
->timer_event_source
,
177 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
178 socket_dispatch_timer
, s
);
182 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
187 int socket_instantiate_service(Socket
*s
) {
188 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
199 if (UNIT_DEREF(s
->service
))
205 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
209 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
212 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
217 unit_ref_set(&s
->service
, u
);
219 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
222 static bool have_non_accept_socket(Socket
*s
) {
230 LIST_FOREACH(port
, p
, s
->ports
) {
232 if (p
->type
!= SOCKET_SOCKET
)
235 if (!socket_address_can_accept(&p
->address
))
242 static int socket_add_mount_links(Socket
*s
) {
248 LIST_FOREACH(port
, p
, s
->ports
) {
249 const char *path
= NULL
;
251 if (p
->type
== SOCKET_SOCKET
)
252 path
= socket_address_get_path(&p
->address
);
253 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
259 r
= unit_require_mounts_for(UNIT(s
), path
);
267 static int socket_add_device_link(Socket
*s
) {
272 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
275 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
276 return unit_add_node_link(UNIT(s
), t
, false);
279 static int socket_add_default_dependencies(Socket
*s
) {
283 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
287 if (UNIT(s
)->manager
->running_as
== SYSTEMD_SYSTEM
) {
288 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
293 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
296 _pure_
static bool socket_has_exec(Socket
*s
) {
300 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
301 if (s
->exec_command
[i
])
307 static int socket_add_extras(Socket
*s
) {
313 if (have_non_accept_socket(s
)) {
315 if (!UNIT_DEREF(s
->service
)) {
318 r
= unit_load_related_unit(u
, ".service", &x
);
322 unit_ref_set(&s
->service
, x
);
325 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
330 r
= socket_add_mount_links(s
);
334 r
= socket_add_device_link(s
);
338 r
= unit_patch_contexts(u
);
342 if (socket_has_exec(s
)) {
343 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
347 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
352 if (u
->default_dependencies
) {
353 r
= socket_add_default_dependencies(s
);
361 static const char *socket_find_symlink_target(Socket
*s
) {
362 const char *found
= NULL
;
365 LIST_FOREACH(port
, p
, s
->ports
) {
366 const char *f
= NULL
;
375 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
376 f
= p
->address
.sockaddr
.un
.sun_path
;
394 static int socket_verify(Socket
*s
) {
397 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
401 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
405 if (s
->accept
&& have_non_accept_socket(s
)) {
406 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
410 if (s
->accept
&& s
->max_connections
<= 0) {
411 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
415 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
416 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
420 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
421 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
425 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
426 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
433 static int socket_load(Unit
*u
) {
434 Socket
*s
= SOCKET(u
);
438 assert(u
->load_state
== UNIT_STUB
);
440 r
= unit_load_fragment_and_dropin(u
);
444 if (u
->load_state
== UNIT_LOADED
) {
445 /* This is a new unit? Then let's add in some extras */
446 r
= socket_add_extras(s
);
451 return socket_verify(s
);
454 _const_
static const char* listen_lookup(int family
, int type
) {
456 if (family
== AF_NETLINK
)
457 return "ListenNetlink";
459 if (type
== SOCK_STREAM
)
460 return "ListenStream";
461 else if (type
== SOCK_DGRAM
)
462 return "ListenDatagram";
463 else if (type
== SOCK_SEQPACKET
)
464 return "ListenSequentialPacket";
466 assert_not_reached("Unknown socket type");
470 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
471 char time_string
[FORMAT_TIMESPAN_MAX
];
473 Socket
*s
= SOCKET(u
);
480 prefix
= strempty(prefix
);
481 prefix2
= strjoina(prefix
, "\t");
484 "%sSocket State: %s\n"
486 "%sBindIPv6Only: %s\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
493 "%sTransparent: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix
, socket_state_to_string(s
->state
),
501 prefix
, socket_result_to_string(s
->result
),
502 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
504 prefix
, s
->socket_mode
,
505 prefix
, s
->directory_mode
,
506 prefix
, yes_no(s
->keep_alive
),
507 prefix
, yes_no(s
->no_delay
),
508 prefix
, yes_no(s
->free_bind
),
509 prefix
, yes_no(s
->transparent
),
510 prefix
, yes_no(s
->broadcast
),
511 prefix
, yes_no(s
->pass_cred
),
512 prefix
, yes_no(s
->pass_sec
),
513 prefix
, strna(s
->tcp_congestion
),
514 prefix
, yes_no(s
->remove_on_stop
),
515 prefix
, yes_no(s
->selinux_context_from_net
));
517 if (s
->control_pid
> 0)
519 "%sControl PID: "PID_FMT
"\n",
520 prefix
, s
->control_pid
);
522 if (s
->bind_to_device
)
524 "%sBindToDevice: %s\n",
525 prefix
, s
->bind_to_device
);
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix
, s
->n_accepted
,
533 prefix
, s
->n_connections
,
534 prefix
, s
->max_connections
);
536 if (s
->priority
>= 0)
539 prefix
, s
->priority
);
541 if (s
->receive_buffer
> 0)
543 "%sReceiveBuffer: %zu\n",
544 prefix
, s
->receive_buffer
);
546 if (s
->send_buffer
> 0)
548 "%sSendBuffer: %zu\n",
549 prefix
, s
->send_buffer
);
561 if (s
->pipe_size
> 0)
564 prefix
, s
->pipe_size
);
571 if (s
->mq_maxmsg
> 0)
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix
, s
->mq_maxmsg
);
576 if (s
->mq_msgsize
> 0)
578 "%sMessageQueueMessageSize: %li\n",
579 prefix
, s
->mq_msgsize
);
584 prefix
, yes_no(s
->reuse_port
));
588 "%sSmackLabel: %s\n",
593 "%sSmackLabelIPIn: %s\n",
594 prefix
, s
->smack_ip_in
);
598 "%sSmackLabelIPOut: %s\n",
599 prefix
, s
->smack_ip_out
);
601 if (!isempty(s
->user
) || !isempty(s
->group
))
604 "%sOwnerGroup: %s\n",
605 prefix
, strna(s
->user
),
606 prefix
, strna(s
->group
));
608 if (s
->keep_alive_time
> 0)
610 "%sKeepAliveTimeSec: %s\n",
611 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
613 if (s
->keep_alive_interval
)
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
618 if (s
->keep_alive_cnt
)
620 "%sKeepAliveProbes: %u\n",
621 prefix
, s
->keep_alive_cnt
);
625 "%sDeferAcceptSec: %s\n",
626 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
628 LIST_FOREACH(port
, p
, s
->ports
) {
630 if (p
->type
== SOCKET_SOCKET
) {
635 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
640 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
642 } else if (p
->type
== SOCKET_SPECIAL
)
643 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
644 else if (p
->type
== SOCKET_MQUEUE
)
645 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
647 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
650 exec_context_dump(&s
->exec_context
, f
, prefix
);
651 kill_context_dump(&s
->kill_context
, f
, prefix
);
653 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
654 if (!s
->exec_command
[c
])
657 fprintf(f
, "%s-> %s:\n",
658 prefix
, socket_exec_command_to_string(c
));
660 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
664 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
667 union sockaddr_union local
, remote
;
673 if (getsockname(fd
, &local
.sa
, &l
) < 0)
677 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
680 switch (local
.sa
.sa_family
) {
684 a
= ntohl(local
.in
.sin_addr
.s_addr
),
685 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
691 ntohs(local
.in
.sin_port
),
692 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
693 ntohs(remote
.in
.sin_port
)) < 0)
700 static const unsigned char ipv4_prefix
[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
704 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
705 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
707 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
708 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 a
[0], a
[1], a
[2], a
[3],
714 ntohs(local
.in6
.sin6_port
),
715 b
[0], b
[1], b
[2], b
[3],
716 ntohs(remote
.in6
.sin6_port
)) < 0)
719 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
724 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
725 ntohs(local
.in6
.sin6_port
),
726 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
727 ntohs(remote
.in6
.sin6_port
)) < 0)
738 k
= getpeercred(fd
, &ucred
);
741 "%u-"PID_FMT
"-"UID_FMT
,
742 nr
, ucred
.pid
, ucred
.uid
) < 0)
744 } else if (k
== -ENODATA
) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
759 assert_not_reached("Unhandled socket type.");
766 static void socket_close_fds(Socket
*s
) {
772 LIST_FOREACH(port
, p
, s
->ports
) {
774 p
->event_source
= sd_event_source_unref(p
->event_source
);
779 p
->fd
= safe_close(p
->fd
);
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
789 if (s
->remove_on_stop
) {
801 socket_address_unlink(&p
->address
);
810 if (s
->remove_on_stop
)
811 STRV_FOREACH(i
, s
->symlinks
)
815 static void socket_apply_socket_options(Socket
*s
, int fd
) {
822 int b
= s
->keep_alive
;
823 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
824 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
827 if (s
->keep_alive_time
) {
828 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
829 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
830 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
833 if (s
->keep_alive_interval
) {
834 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
835 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
836 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
839 if (s
->keep_alive_cnt
) {
840 int value
= s
->keep_alive_cnt
;
841 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
842 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
845 if (s
->defer_accept
) {
846 int value
= s
->defer_accept
/ USEC_PER_SEC
;
847 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
848 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
853 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
854 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
859 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
860 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
865 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
866 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
871 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
872 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
875 if (s
->priority
>= 0)
876 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
877 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
879 if (s
->receive_buffer
> 0) {
880 int value
= (int) s
->receive_buffer
;
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
885 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
886 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
889 if (s
->send_buffer
> 0) {
890 int value
= (int) s
->send_buffer
;
891 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
892 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
893 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
897 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
898 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
901 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
902 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
904 if (s
->ip_ttl
>= 0) {
907 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
909 if (socket_ipv6_is_supported())
910 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
913 errno
= EAFNOSUPPORT
;
917 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
920 if (s
->tcp_congestion
)
921 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
922 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
925 int b
= s
->reuse_port
;
926 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEPORT
, &b
, sizeof(b
)) < 0)
927 log_unit_warning_errno(UNIT(s
), errno
, "SO_REUSEPORT failed: %m");
930 if (s
->smack_ip_in
) {
931 r
= mac_smack_apply_ip_in_fd(fd
, s
->smack_ip_in
);
933 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
936 if (s
->smack_ip_out
) {
937 r
= mac_smack_apply_ip_out_fd(fd
, s
->smack_ip_out
);
939 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
943 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
949 if (s
->pipe_size
> 0)
950 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
951 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
954 r
= mac_smack_apply_fd(fd
, s
->smack
);
956 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
960 static int fifo_address_create(
962 mode_t directory_mode
,
973 mkdir_parents_label(path
, directory_mode
);
975 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
979 /* Enforce the right access mode for the fifo */
980 old_mask
= umask(~ socket_mode
);
982 /* Include the original umask in our mask */
983 umask(~socket_mode
| old_mask
);
985 r
= mkfifo(path
, socket_mode
);
988 if (r
< 0 && errno
!= EEXIST
) {
993 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
998 mac_selinux_create_file_clear();
1000 if (fstat(fd
, &st
) < 0) {
1005 if (!S_ISFIFO(st
.st_mode
) ||
1006 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1007 st
.st_uid
!= getuid() ||
1008 st
.st_gid
!= getgid()) {
1018 mac_selinux_create_file_clear();
1024 static int special_address_create(
1034 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1040 if (fstat(fd
, &st
) < 0) {
1045 /* Check whether this is a /proc, /sys or /dev file or char device */
1046 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1060 static int mq_address_create(
1070 struct mq_attr _attr
, *attr
= NULL
;
1075 if (maxmsg
> 0 && msgsize
> 0) {
1077 _attr
.mq_flags
= O_NONBLOCK
;
1078 _attr
.mq_maxmsg
= maxmsg
;
1079 _attr
.mq_msgsize
= msgsize
;
1083 /* Enforce the right access mode for the mq */
1084 old_mask
= umask(~ mq_mode
);
1086 /* Include the original umask in our mask */
1087 umask(~mq_mode
| old_mask
);
1088 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1096 if (fstat(fd
, &st
) < 0) {
1101 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1102 st
.st_uid
!= getuid() ||
1103 st
.st_gid
!= getgid()) {
1117 static int socket_symlink(Socket
*s
) {
1123 p
= socket_find_symlink_target(s
);
1127 STRV_FOREACH(i
, s
->symlinks
)
1128 symlink_label(p
, *i
);
1133 static int socket_open_fds(Socket
*s
) {
1137 bool know_label
= false;
1141 LIST_FOREACH(port
, p
, s
->ports
) {
1146 if (p
->type
== SOCKET_SOCKET
) {
1149 /* Figure out label, if we don't it know
1150 * yet. We do it once, for the first
1151 * socket where we need this and
1152 * remember it for the rest. */
1154 if (s
->selinux_context_from_net
) {
1155 /* Get it from the network label */
1157 r
= mac_selinux_get_our_label(&label
);
1158 if (r
< 0 && r
!= -EOPNOTSUPP
)
1162 /* Get it from the executable we are about to start */
1164 r
= socket_instantiate_service(s
);
1168 if (UNIT_ISSET(s
->service
) &&
1169 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1170 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1171 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1179 r
= socket_address_listen(
1181 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1194 socket_apply_socket_options(s
, p
->fd
);
1197 } else if (p
->type
== SOCKET_SPECIAL
) {
1199 r
= special_address_create(
1205 } else if (p
->type
== SOCKET_FIFO
) {
1207 r
= fifo_address_create(
1215 socket_apply_fifo_options(s
, p
->fd
);
1218 } else if (p
->type
== SOCKET_MQUEUE
) {
1220 r
= mq_address_create(
1229 assert_not_reached("Unknown port type");
1232 mac_selinux_free(label
);
1236 socket_close_fds(s
);
1237 mac_selinux_free(label
);
1242 static void socket_unwatch_fds(Socket
*s
) {
1248 LIST_FOREACH(port
, p
, s
->ports
) {
1252 if (!p
->event_source
)
1255 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1257 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1261 static int socket_watch_fds(Socket
*s
) {
1267 LIST_FOREACH(port
, p
, s
->ports
) {
1271 if (p
->event_source
)
1272 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1274 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1277 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1281 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1287 socket_unwatch_fds(s
);
1291 static void socket_set_state(Socket
*s
, SocketState state
) {
1292 SocketState old_state
;
1295 old_state
= s
->state
;
1303 SOCKET_STOP_PRE_SIGTERM
,
1304 SOCKET_STOP_PRE_SIGKILL
,
1306 SOCKET_FINAL_SIGTERM
,
1307 SOCKET_FINAL_SIGKILL
)) {
1309 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1310 socket_unwatch_control_pid(s
);
1311 s
->control_command
= NULL
;
1312 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1315 if (state
!= SOCKET_LISTENING
)
1316 socket_unwatch_fds(s
);
1324 SOCKET_STOP_PRE_SIGTERM
,
1325 SOCKET_STOP_PRE_SIGKILL
))
1326 socket_close_fds(s
);
1328 if (state
!= old_state
)
1329 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1331 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1334 static int socket_coldplug(Unit
*u
) {
1335 Socket
*s
= SOCKET(u
);
1339 assert(s
->state
== SOCKET_DEAD
);
1341 if (s
->deserialized_state
== s
->state
)
1344 if (IN_SET(s
->deserialized_state
,
1349 SOCKET_STOP_PRE_SIGTERM
,
1350 SOCKET_STOP_PRE_SIGKILL
,
1352 SOCKET_FINAL_SIGTERM
,
1353 SOCKET_FINAL_SIGKILL
)) {
1355 if (s
->control_pid
<= 0)
1358 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1362 r
= socket_arm_timer(s
);
1367 if (IN_SET(s
->deserialized_state
,
1373 SOCKET_STOP_PRE_SIGTERM
,
1374 SOCKET_STOP_PRE_SIGKILL
)) {
1375 r
= socket_open_fds(s
);
1380 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1381 r
= socket_watch_fds(s
);
1386 socket_set_state(s
, s
->deserialized_state
);
1390 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1391 _cleanup_free_
char **argv
= NULL
;
1394 ExecParameters exec_params
= {
1395 .apply_permissions
= true,
1396 .apply_chroot
= true,
1397 .apply_tty_stdin
= true,
1398 .bus_endpoint_fd
= -1,
1405 (void) unit_realize_cgroup(UNIT(s
));
1406 if (s
->reset_cpu_usage
) {
1407 (void) unit_reset_cpu_usage(UNIT(s
));
1408 s
->reset_cpu_usage
= false;
1411 r
= unit_setup_exec_runtime(UNIT(s
));
1415 r
= socket_arm_timer(s
);
1419 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1423 exec_params
.argv
= argv
;
1424 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1425 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1426 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1427 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1428 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1429 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1431 r
= exec_spawn(UNIT(s
),
1440 r
= unit_watch_pid(UNIT(s
), pid
);
1442 /* FIXME: we need to do something here */
1449 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1453 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1457 r
= socket_arm_timer(s
);
1461 /* We have to resolve the user names out-of-process, hence
1462 * let's fork here. It's messy, but well, what can we do? */
1470 uid_t uid
= UID_INVALID
;
1471 gid_t gid
= GID_INVALID
;
1474 default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1475 ignore_signals(SIGPIPE
, -1);
1478 if (!isempty(s
->user
)) {
1479 const char *user
= s
->user
;
1481 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1488 if (!isempty(s
->group
)) {
1489 const char *group
= s
->group
;
1491 r
= get_group_creds(&group
, &gid
);
1498 LIST_FOREACH(port
, p
, s
->ports
) {
1499 const char *path
= NULL
;
1501 if (p
->type
== SOCKET_SOCKET
)
1502 path
= socket_address_get_path(&p
->address
);
1503 else if (p
->type
== SOCKET_FIFO
)
1509 if (chown(path
, uid
, gid
) < 0) {
1520 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1525 r
= unit_watch_pid(UNIT(s
), pid
);
1533 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1537 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1540 if (f
!= SOCKET_SUCCESS
)
1543 exec_runtime_destroy(s
->exec_runtime
);
1544 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1546 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1548 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1551 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1553 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1557 if (f
!= SOCKET_SUCCESS
)
1560 socket_unwatch_control_pid(s
);
1561 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1562 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1564 if (s
->control_command
) {
1565 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1569 socket_set_state(s
, SOCKET_STOP_POST
);
1571 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1576 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1577 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1580 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1585 if (f
!= SOCKET_SUCCESS
)
1588 r
= unit_kill_context(
1591 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1592 KILL_KILL
: KILL_TERMINATE
,
1600 r
= socket_arm_timer(s
);
1604 socket_set_state(s
, state
);
1605 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1606 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1607 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1608 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1609 else if (state
== SOCKET_FINAL_SIGTERM
)
1610 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1612 socket_enter_dead(s
, SOCKET_SUCCESS
);
1617 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1619 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1620 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1622 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1625 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1629 if (f
!= SOCKET_SUCCESS
)
1632 socket_unwatch_control_pid(s
);
1633 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1634 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1636 if (s
->control_command
) {
1637 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1641 socket_set_state(s
, SOCKET_STOP_PRE
);
1643 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1648 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1649 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1652 static void socket_enter_listening(Socket
*s
) {
1656 r
= socket_watch_fds(s
);
1658 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1662 socket_set_state(s
, SOCKET_LISTENING
);
1666 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1669 static void socket_enter_start_post(Socket
*s
) {
1673 socket_unwatch_control_pid(s
);
1674 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1675 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1677 if (s
->control_command
) {
1678 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1680 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1684 socket_set_state(s
, SOCKET_START_POST
);
1686 socket_enter_listening(s
);
1691 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1694 static void socket_enter_start_chown(Socket
*s
) {
1699 r
= socket_open_fds(s
);
1701 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1705 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1707 socket_unwatch_control_pid(s
);
1708 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1709 s
->control_command
= NULL
;
1711 r
= socket_chown(s
, &s
->control_pid
);
1713 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1717 socket_set_state(s
, SOCKET_START_CHOWN
);
1719 socket_enter_start_post(s
);
1724 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1727 static void socket_enter_start_pre(Socket
*s
) {
1731 socket_unwatch_control_pid(s
);
1732 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1733 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1735 if (s
->control_command
) {
1736 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1738 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1742 socket_set_state(s
, SOCKET_START_PRE
);
1744 socket_enter_start_chown(s
);
1749 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1752 static void socket_enter_running(Socket
*s
, int cfd
) {
1753 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1758 /* We don't take connections anymore if we are supposed to
1759 * shut down anyway */
1760 if (unit_stop_pending(UNIT(s
))) {
1762 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1767 /* Flush all sockets by closing and reopening them */
1768 socket_close_fds(s
);
1770 r
= socket_open_fds(s
);
1772 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1773 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1777 r
= socket_watch_fds(s
);
1779 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1780 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1790 bool pending
= false;
1792 /* If there's already a start pending don't bother to
1794 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1795 if (unit_active_or_pending(other
)) {
1801 if (!UNIT_ISSET(s
->service
)) {
1802 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1807 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1812 socket_set_state(s
, SOCKET_RUNNING
);
1814 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1817 if (s
->n_connections
>= s
->max_connections
) {
1818 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1823 r
= socket_instantiate_service(s
);
1827 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1832 /* ENOTCONN is legitimate if TCP RST was received.
1833 * This connection is over, but the socket unit lives on. */
1838 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1842 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1846 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1850 service
= SERVICE(UNIT_DEREF(s
->service
));
1851 unit_ref_unset(&s
->service
);
1854 UNIT(service
)->no_gc
= false;
1856 unit_choose_id(UNIT(service
), name
);
1858 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1863 s
->n_connections
++;
1865 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1869 /* Notify clients about changed counters */
1870 unit_add_to_dbus_queue(UNIT(s
));
1876 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1877 cfd
>= 0 ? "template" : "non-template",
1878 bus_error_message(&error
, r
));
1880 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1884 static void socket_run_next(Socket
*s
) {
1888 assert(s
->control_command
);
1889 assert(s
->control_command
->command_next
);
1891 socket_unwatch_control_pid(s
);
1893 s
->control_command
= s
->control_command
->command_next
;
1895 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1902 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1904 if (s
->state
== SOCKET_START_POST
)
1905 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1906 else if (s
->state
== SOCKET_STOP_POST
)
1907 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1909 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1912 static int socket_start(Unit
*u
) {
1913 Socket
*s
= SOCKET(u
);
1917 /* We cannot fulfill this request right now, try again later
1919 if (IN_SET(s
->state
,
1921 SOCKET_STOP_PRE_SIGKILL
,
1922 SOCKET_STOP_PRE_SIGTERM
,
1924 SOCKET_FINAL_SIGTERM
,
1925 SOCKET_FINAL_SIGKILL
))
1928 /* Already on it! */
1929 if (IN_SET(s
->state
,
1935 /* Cannot run this without the service being around */
1936 if (UNIT_ISSET(s
->service
)) {
1939 service
= SERVICE(UNIT_DEREF(s
->service
));
1941 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1942 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1946 /* If the service is already active we cannot start the
1948 if (service
->state
!= SERVICE_DEAD
&&
1949 service
->state
!= SERVICE_FAILED
&&
1950 service
->state
!= SERVICE_AUTO_RESTART
) {
1951 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1956 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1958 s
->result
= SOCKET_SUCCESS
;
1959 s
->reset_cpu_usage
= true;
1961 socket_enter_start_pre(s
);
1966 static int socket_stop(Unit
*u
) {
1967 Socket
*s
= SOCKET(u
);
1972 if (IN_SET(s
->state
,
1974 SOCKET_STOP_PRE_SIGTERM
,
1975 SOCKET_STOP_PRE_SIGKILL
,
1977 SOCKET_FINAL_SIGTERM
,
1978 SOCKET_FINAL_SIGKILL
))
1981 /* If there's already something running we go directly into
1983 if (IN_SET(s
->state
,
1986 SOCKET_START_POST
)) {
1987 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1991 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1993 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1997 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1998 Socket
*s
= SOCKET(u
);
2006 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2007 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2008 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2010 if (s
->control_pid
> 0)
2011 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2013 if (s
->control_command_id
>= 0)
2014 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2016 LIST_FOREACH(port
, p
, s
->ports
) {
2022 copy
= fdset_put_dup(fds
, p
->fd
);
2026 if (p
->type
== SOCKET_SOCKET
) {
2027 _cleanup_free_
char *t
= NULL
;
2029 r
= socket_address_print(&p
->address
, &t
);
2033 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2034 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2036 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2038 } else if (p
->type
== SOCKET_SPECIAL
)
2039 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2040 else if (p
->type
== SOCKET_MQUEUE
)
2041 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2043 assert(p
->type
== SOCKET_FIFO
);
2044 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2051 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2052 Socket
*s
= SOCKET(u
);
2058 if (streq(key
, "state")) {
2061 state
= socket_state_from_string(value
);
2063 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2065 s
->deserialized_state
= state
;
2066 } else if (streq(key
, "result")) {
2069 f
= socket_result_from_string(value
);
2071 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2072 else if (f
!= SOCKET_SUCCESS
)
2075 } else if (streq(key
, "n-accepted")) {
2078 if (safe_atou(value
, &k
) < 0)
2079 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2082 } else if (streq(key
, "control-pid")) {
2085 if (parse_pid(value
, &pid
) < 0)
2086 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2088 s
->control_pid
= pid
;
2089 } else if (streq(key
, "control-command")) {
2090 SocketExecCommand id
;
2092 id
= socket_exec_command_from_string(value
);
2094 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2096 s
->control_command_id
= id
;
2097 s
->control_command
= s
->exec_command
[id
];
2099 } else if (streq(key
, "fifo")) {
2103 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2104 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2107 LIST_FOREACH(port
, p
, s
->ports
)
2108 if (p
->type
== SOCKET_FIFO
&&
2109 path_equal_or_files_same(p
->path
, value
+skip
))
2114 p
->fd
= fdset_remove(fds
, fd
);
2118 } else if (streq(key
, "special")) {
2122 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2123 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2126 LIST_FOREACH(port
, p
, s
->ports
)
2127 if (p
->type
== SOCKET_SPECIAL
&&
2128 path_equal_or_files_same(p
->path
, value
+skip
))
2133 p
->fd
= fdset_remove(fds
, fd
);
2137 } else if (streq(key
, "mqueue")) {
2141 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2142 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2145 LIST_FOREACH(port
, p
, s
->ports
)
2146 if (p
->type
== SOCKET_MQUEUE
&&
2147 streq(p
->path
, value
+skip
))
2152 p
->fd
= fdset_remove(fds
, fd
);
2156 } else if (streq(key
, "socket")) {
2157 int fd
, type
, skip
= 0;
2160 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2161 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2164 LIST_FOREACH(port
, p
, s
->ports
)
2165 if (socket_address_is(&p
->address
, value
+skip
, type
))
2170 p
->fd
= fdset_remove(fds
, fd
);
2174 } else if (streq(key
, "netlink")) {
2178 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2179 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2182 LIST_FOREACH(port
, p
, s
->ports
)
2183 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2188 p
->fd
= fdset_remove(fds
, fd
);
2192 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2197 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2198 Socket
*s
= SOCKET(u
);
2203 LIST_FOREACH(port
, p
, s
->ports
) {
2207 if (p
->type
!= SOCKET_SOCKET
)
2213 FDSET_FOREACH(fd
, fds
, i
) {
2214 if (socket_address_matches_fd(&p
->address
, fd
)) {
2215 p
->fd
= fdset_remove(fds
, fd
);
2216 s
->deserialized_state
= SOCKET_LISTENING
;
2225 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2228 return state_translation_table
[SOCKET(u
)->state
];
2231 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2234 return socket_state_to_string(SOCKET(u
)->state
);
2237 const char* socket_port_type_to_string(SocketPort
*p
) {
2245 switch (p
->address
.type
) {
2253 case SOCK_SEQPACKET
:
2254 return "SequentialPacket";
2257 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2264 case SOCKET_SPECIAL
:
2268 return "MessageQueue";
2278 _pure_
static bool socket_check_gc(Unit
*u
) {
2279 Socket
*s
= SOCKET(u
);
2283 return s
->n_connections
> 0;
2286 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2287 SocketPort
*p
= userdata
;
2293 if (p
->socket
->state
!= SOCKET_LISTENING
)
2296 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2298 if (revents
!= EPOLLIN
) {
2300 if (revents
& EPOLLHUP
)
2301 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2303 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2308 if (p
->socket
->accept
&&
2309 p
->type
== SOCKET_SOCKET
&&
2310 socket_address_can_accept(&p
->address
)) {
2314 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2320 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2327 socket_apply_socket_options(p
->socket
, cfd
);
2330 socket_enter_running(p
->socket
, cfd
);
2334 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2338 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2339 Socket
*s
= SOCKET(u
);
2345 if (pid
!= s
->control_pid
)
2350 if (is_clean_exit(code
, status
, NULL
))
2352 else if (code
== CLD_EXITED
)
2353 f
= SOCKET_FAILURE_EXIT_CODE
;
2354 else if (code
== CLD_KILLED
)
2355 f
= SOCKET_FAILURE_SIGNAL
;
2356 else if (code
== CLD_DUMPED
)
2357 f
= SOCKET_FAILURE_CORE_DUMP
;
2359 assert_not_reached("Unknown sigchld code");
2361 if (s
->control_command
) {
2362 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2364 if (s
->control_command
->ignore
)
2368 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2369 "Control process exited, code=%s status=%i",
2370 sigchld_code_to_string(code
), status
);
2372 if (f
!= SOCKET_SUCCESS
)
2375 if (s
->control_command
&&
2376 s
->control_command
->command_next
&&
2377 f
== SOCKET_SUCCESS
) {
2379 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2382 s
->control_command
= NULL
;
2383 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
2388 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2392 case SOCKET_START_PRE
:
2393 if (f
== SOCKET_SUCCESS
)
2394 socket_enter_start_chown(s
);
2396 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2399 case SOCKET_START_CHOWN
:
2400 if (f
== SOCKET_SUCCESS
)
2401 socket_enter_start_post(s
);
2403 socket_enter_stop_pre(s
, f
);
2406 case SOCKET_START_POST
:
2407 if (f
== SOCKET_SUCCESS
)
2408 socket_enter_listening(s
);
2410 socket_enter_stop_pre(s
, f
);
2413 case SOCKET_STOP_PRE
:
2414 case SOCKET_STOP_PRE_SIGTERM
:
2415 case SOCKET_STOP_PRE_SIGKILL
:
2416 socket_enter_stop_post(s
, f
);
2419 case SOCKET_STOP_POST
:
2420 case SOCKET_FINAL_SIGTERM
:
2421 case SOCKET_FINAL_SIGKILL
:
2422 socket_enter_dead(s
, f
);
2426 assert_not_reached("Uh, control process died at wrong time.");
2430 /* Notify clients about changed exit status */
2431 unit_add_to_dbus_queue(u
);
2434 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2435 Socket
*s
= SOCKET(userdata
);
2438 assert(s
->timer_event_source
== source
);
2442 case SOCKET_START_PRE
:
2443 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2444 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2447 case SOCKET_START_CHOWN
:
2448 case SOCKET_START_POST
:
2449 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2450 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2453 case SOCKET_STOP_PRE
:
2454 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2455 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2458 case SOCKET_STOP_PRE_SIGTERM
:
2459 if (s
->kill_context
.send_sigkill
) {
2460 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2461 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2463 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2464 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2468 case SOCKET_STOP_PRE_SIGKILL
:
2469 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2470 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2473 case SOCKET_STOP_POST
:
2474 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2475 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2478 case SOCKET_FINAL_SIGTERM
:
2479 if (s
->kill_context
.send_sigkill
) {
2480 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2481 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2483 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2484 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2488 case SOCKET_FINAL_SIGKILL
:
2489 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2490 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2494 assert_not_reached("Timeout at wrong time.");
2500 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2509 /* Called from the service code for requesting our fds */
2512 LIST_FOREACH(port
, p
, s
->ports
)
2522 rfds
= new(int, rn_fds
);
2527 LIST_FOREACH(port
, p
, s
->ports
)
2531 assert(k
== rn_fds
);
2539 static void socket_reset_failed(Unit
*u
) {
2540 Socket
*s
= SOCKET(u
);
2544 if (s
->state
== SOCKET_FAILED
)
2545 socket_set_state(s
, SOCKET_DEAD
);
2547 s
->result
= SOCKET_SUCCESS
;
2550 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2553 /* The service is dead. Dang!
2555 * This is strictly for one-instance-for-all-connections
2558 if (s
->state
== SOCKET_RUNNING
) {
2559 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2560 if (failed_permanent
)
2561 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2563 socket_enter_listening(s
);
2567 void socket_connection_unref(Socket
*s
) {
2570 /* The service is dead. Yay!
2572 * This is strictly for one-instance-per-connection
2575 assert(s
->n_connections
> 0);
2578 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2581 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2582 Socket
*s
= SOCKET(u
);
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s
->state
!= SOCKET_RUNNING
&&
2591 s
->state
!= SOCKET_LISTENING
) ||
2595 if (other
->load_state
!= UNIT_LOADED
||
2596 other
->type
!= UNIT_SERVICE
)
2599 se
= SERVICE(other
);
2601 if (se
->state
== SERVICE_FAILED
)
2602 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2604 if (se
->state
== SERVICE_DEAD
||
2605 se
->state
== SERVICE_FINAL_SIGTERM
||
2606 se
->state
== SERVICE_FINAL_SIGKILL
||
2607 se
->state
== SERVICE_AUTO_RESTART
)
2608 socket_notify_service_dead(s
, false);
2610 if (se
->state
== SERVICE_RUNNING
)
2611 socket_set_state(s
, SOCKET_RUNNING
);
2614 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2615 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2618 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2619 Socket
*s
= SOCKET(u
);
2622 if (!s
->timer_event_source
)
2625 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2632 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2633 [SOCKET_DEAD
] = "dead",
2634 [SOCKET_START_PRE
] = "start-pre",
2635 [SOCKET_START_CHOWN
] = "start-chown",
2636 [SOCKET_START_POST
] = "start-post",
2637 [SOCKET_LISTENING
] = "listening",
2638 [SOCKET_RUNNING
] = "running",
2639 [SOCKET_STOP_PRE
] = "stop-pre",
2640 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2641 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2642 [SOCKET_STOP_POST
] = "stop-post",
2643 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2644 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2645 [SOCKET_FAILED
] = "failed"
2648 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2650 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2651 [SOCKET_EXEC_START_PRE
] = "StartPre",
2652 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2653 [SOCKET_EXEC_START_POST
] = "StartPost",
2654 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2655 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2658 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2660 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2661 [SOCKET_SUCCESS
] = "success",
2662 [SOCKET_FAILURE_RESOURCES
] = "resources",
2663 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2664 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2665 [SOCKET_FAILURE_SIGNAL
] = "signal",
2666 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2667 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2670 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2672 const UnitVTable socket_vtable
= {
2673 .object_size
= sizeof(Socket
),
2674 .exec_context_offset
= offsetof(Socket
, exec_context
),
2675 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2676 .kill_context_offset
= offsetof(Socket
, kill_context
),
2677 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2683 .private_section
= "Socket",
2685 .init
= socket_init
,
2686 .done
= socket_done
,
2687 .load
= socket_load
,
2689 .coldplug
= socket_coldplug
,
2691 .dump
= socket_dump
,
2693 .start
= socket_start
,
2694 .stop
= socket_stop
,
2696 .kill
= socket_kill
,
2698 .get_timeout
= socket_get_timeout
,
2700 .serialize
= socket_serialize
,
2701 .deserialize_item
= socket_deserialize_item
,
2702 .distribute_fds
= socket_distribute_fds
,
2704 .active_state
= socket_active_state
,
2705 .sub_state_to_string
= socket_sub_state_to_string
,
2707 .check_gc
= socket_check_gc
,
2709 .sigchld_event
= socket_sigchld_event
,
2711 .trigger_notify
= socket_trigger_notify
,
2713 .reset_failed
= socket_reset_failed
,
2715 .bus_interface
= "org.freedesktop.systemd1.Socket",
2716 .bus_vtable
= bus_socket_vtable
,
2717 .bus_set_property
= bus_socket_set_property
,
2718 .bus_commit_properties
= bus_socket_commit_properties
,
2720 .status_message_formats
= {
2721 /*.starting_stopping = {
2722 [0] = "Starting socket %s...",
2723 [1] = "Stopping socket %s...",
2725 .finished_start_job
= {
2726 [JOB_DONE
] = "Listening on %s.",
2727 [JOB_FAILED
] = "Failed to listen on %s.",
2728 [JOB_DEPENDENCY
] = "Dependency failed for %s.",
2729 [JOB_TIMEOUT
] = "Timed out starting %s.",
2731 .finished_stop_job
= {
2732 [JOB_DONE
] = "Closed %s.",
2733 [JOB_FAILED
] = "Failed stopping %s.",
2734 [JOB_TIMEOUT
] = "Timed out stopping %s.",