1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
54 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
55 [SOCKET_DEAD
] = UNIT_INACTIVE
,
56 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
57 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
58 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
59 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
60 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
61 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
64 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
66 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
67 [SOCKET_FAILED
] = UNIT_FAILED
70 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
71 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
73 static void socket_init(Unit
*u
) {
74 Socket
*s
= SOCKET(u
);
77 assert(u
->load_state
== UNIT_STUB
);
79 s
->backlog
= SOMAXCONN
;
80 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
81 s
->directory_mode
= 0755;
82 s
->socket_mode
= 0666;
84 s
->max_connections
= 64;
91 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
92 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
94 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
97 static void socket_unwatch_control_pid(Socket
*s
) {
100 if (s
->control_pid
<= 0)
103 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
107 void socket_free_ports(Socket
*s
) {
112 while ((p
= s
->ports
)) {
113 LIST_REMOVE(port
, s
->ports
, p
);
115 sd_event_source_unref(p
->event_source
);
123 static void socket_done(Unit
*u
) {
124 Socket
*s
= SOCKET(u
);
128 socket_free_ports(s
);
130 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
131 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
132 s
->control_command
= NULL
;
134 socket_unwatch_control_pid(s
);
136 unit_ref_unset(&s
->service
);
138 free(s
->tcp_congestion
);
139 s
->tcp_congestion
= NULL
;
141 free(s
->bind_to_device
);
142 s
->bind_to_device
= NULL
;
145 free(s
->smack_ip_in
);
146 free(s
->smack_ip_out
);
148 strv_free(s
->symlinks
);
153 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
156 static int socket_arm_timer(Socket
*s
) {
161 if (s
->timeout_usec
<= 0) {
162 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
166 if (s
->timer_event_source
) {
167 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
171 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
174 r
= sd_event_add_time(
175 UNIT(s
)->manager
->event
,
176 &s
->timer_event_source
,
178 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
179 socket_dispatch_timer
, s
);
183 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
188 int socket_instantiate_service(Socket
*s
) {
189 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
200 if (UNIT_DEREF(s
->service
))
206 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
210 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
213 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
218 unit_ref_set(&s
->service
, u
);
220 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
223 static bool have_non_accept_socket(Socket
*s
) {
231 LIST_FOREACH(port
, p
, s
->ports
) {
233 if (p
->type
!= SOCKET_SOCKET
)
236 if (!socket_address_can_accept(&p
->address
))
243 static int socket_add_mount_links(Socket
*s
) {
249 LIST_FOREACH(port
, p
, s
->ports
) {
250 const char *path
= NULL
;
252 if (p
->type
== SOCKET_SOCKET
)
253 path
= socket_address_get_path(&p
->address
);
254 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
260 r
= unit_require_mounts_for(UNIT(s
), path
);
268 static int socket_add_device_link(Socket
*s
) {
273 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
276 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
277 return unit_add_node_link(UNIT(s
), t
, false);
280 static int socket_add_default_dependencies(Socket
*s
) {
284 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
288 if (UNIT(s
)->manager
->running_as
== MANAGER_SYSTEM
) {
289 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
294 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
297 _pure_
static bool socket_has_exec(Socket
*s
) {
301 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
302 if (s
->exec_command
[i
])
308 static int socket_add_extras(Socket
*s
) {
314 if (have_non_accept_socket(s
)) {
316 if (!UNIT_DEREF(s
->service
)) {
319 r
= unit_load_related_unit(u
, ".service", &x
);
323 unit_ref_set(&s
->service
, x
);
326 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
331 r
= socket_add_mount_links(s
);
335 r
= socket_add_device_link(s
);
339 r
= unit_patch_contexts(u
);
343 if (socket_has_exec(s
)) {
344 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
348 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
353 if (u
->default_dependencies
) {
354 r
= socket_add_default_dependencies(s
);
362 static const char *socket_find_symlink_target(Socket
*s
) {
363 const char *found
= NULL
;
366 LIST_FOREACH(port
, p
, s
->ports
) {
367 const char *f
= NULL
;
376 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
377 f
= p
->address
.sockaddr
.un
.sun_path
;
395 static int socket_verify(Socket
*s
) {
398 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
402 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
406 if (s
->accept
&& have_non_accept_socket(s
)) {
407 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
411 if (s
->accept
&& s
->max_connections
<= 0) {
412 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
416 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
417 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
421 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
422 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
426 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
427 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
434 static int socket_load(Unit
*u
) {
435 Socket
*s
= SOCKET(u
);
439 assert(u
->load_state
== UNIT_STUB
);
441 r
= unit_load_fragment_and_dropin(u
);
445 if (u
->load_state
== UNIT_LOADED
) {
446 /* This is a new unit? Then let's add in some extras */
447 r
= socket_add_extras(s
);
452 return socket_verify(s
);
455 _const_
static const char* listen_lookup(int family
, int type
) {
457 if (family
== AF_NETLINK
)
458 return "ListenNetlink";
460 if (type
== SOCK_STREAM
)
461 return "ListenStream";
462 else if (type
== SOCK_DGRAM
)
463 return "ListenDatagram";
464 else if (type
== SOCK_SEQPACKET
)
465 return "ListenSequentialPacket";
467 assert_not_reached("Unknown socket type");
471 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
472 char time_string
[FORMAT_TIMESPAN_MAX
];
474 Socket
*s
= SOCKET(u
);
481 prefix
= strempty(prefix
);
482 prefix2
= strjoina(prefix
, "\t");
485 "%sSocket State: %s\n"
487 "%sBindIPv6Only: %s\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
494 "%sTransparent: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix
, socket_state_to_string(s
->state
),
502 prefix
, socket_result_to_string(s
->result
),
503 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
505 prefix
, s
->socket_mode
,
506 prefix
, s
->directory_mode
,
507 prefix
, yes_no(s
->keep_alive
),
508 prefix
, yes_no(s
->no_delay
),
509 prefix
, yes_no(s
->free_bind
),
510 prefix
, yes_no(s
->transparent
),
511 prefix
, yes_no(s
->broadcast
),
512 prefix
, yes_no(s
->pass_cred
),
513 prefix
, yes_no(s
->pass_sec
),
514 prefix
, strna(s
->tcp_congestion
),
515 prefix
, yes_no(s
->remove_on_stop
),
516 prefix
, yes_no(s
->selinux_context_from_net
));
518 if (s
->control_pid
> 0)
520 "%sControl PID: "PID_FMT
"\n",
521 prefix
, s
->control_pid
);
523 if (s
->bind_to_device
)
525 "%sBindToDevice: %s\n",
526 prefix
, s
->bind_to_device
);
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix
, s
->n_accepted
,
534 prefix
, s
->n_connections
,
535 prefix
, s
->max_connections
);
537 if (s
->priority
>= 0)
540 prefix
, s
->priority
);
542 if (s
->receive_buffer
> 0)
544 "%sReceiveBuffer: %zu\n",
545 prefix
, s
->receive_buffer
);
547 if (s
->send_buffer
> 0)
549 "%sSendBuffer: %zu\n",
550 prefix
, s
->send_buffer
);
562 if (s
->pipe_size
> 0)
565 prefix
, s
->pipe_size
);
572 if (s
->mq_maxmsg
> 0)
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix
, s
->mq_maxmsg
);
577 if (s
->mq_msgsize
> 0)
579 "%sMessageQueueMessageSize: %li\n",
580 prefix
, s
->mq_msgsize
);
585 prefix
, yes_no(s
->reuse_port
));
589 "%sSmackLabel: %s\n",
594 "%sSmackLabelIPIn: %s\n",
595 prefix
, s
->smack_ip_in
);
599 "%sSmackLabelIPOut: %s\n",
600 prefix
, s
->smack_ip_out
);
602 if (!isempty(s
->user
) || !isempty(s
->group
))
605 "%sOwnerGroup: %s\n",
606 prefix
, strna(s
->user
),
607 prefix
, strna(s
->group
));
609 if (s
->keep_alive_time
> 0)
611 "%sKeepAliveTimeSec: %s\n",
612 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
614 if (s
->keep_alive_interval
)
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
619 if (s
->keep_alive_cnt
)
621 "%sKeepAliveProbes: %u\n",
622 prefix
, s
->keep_alive_cnt
);
626 "%sDeferAcceptSec: %s\n",
627 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
629 LIST_FOREACH(port
, p
, s
->ports
) {
631 if (p
->type
== SOCKET_SOCKET
) {
636 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
641 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
643 } else if (p
->type
== SOCKET_SPECIAL
)
644 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
645 else if (p
->type
== SOCKET_MQUEUE
)
646 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
648 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
651 exec_context_dump(&s
->exec_context
, f
, prefix
);
652 kill_context_dump(&s
->kill_context
, f
, prefix
);
654 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
655 if (!s
->exec_command
[c
])
658 fprintf(f
, "%s-> %s:\n",
659 prefix
, socket_exec_command_to_string(c
));
661 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
665 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
668 union sockaddr_union local
, remote
;
674 if (getsockname(fd
, &local
.sa
, &l
) < 0)
678 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
681 switch (local
.sa
.sa_family
) {
685 a
= ntohl(local
.in
.sin_addr
.s_addr
),
686 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
691 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
692 ntohs(local
.in
.sin_port
),
693 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
694 ntohs(remote
.in
.sin_port
)) < 0)
701 static const unsigned char ipv4_prefix
[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
705 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
706 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
708 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
709 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
714 a
[0], a
[1], a
[2], a
[3],
715 ntohs(local
.in6
.sin6_port
),
716 b
[0], b
[1], b
[2], b
[3],
717 ntohs(remote
.in6
.sin6_port
)) < 0)
720 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
725 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
726 ntohs(local
.in6
.sin6_port
),
727 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
728 ntohs(remote
.in6
.sin6_port
)) < 0)
739 k
= getpeercred(fd
, &ucred
);
742 "%u-"PID_FMT
"-"UID_FMT
,
743 nr
, ucred
.pid
, ucred
.uid
) < 0)
745 } else if (k
== -ENODATA
) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
760 assert_not_reached("Unhandled socket type.");
767 static void socket_close_fds(Socket
*s
) {
773 LIST_FOREACH(port
, p
, s
->ports
) {
775 p
->event_source
= sd_event_source_unref(p
->event_source
);
780 p
->fd
= safe_close(p
->fd
);
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
790 if (s
->remove_on_stop
) {
802 socket_address_unlink(&p
->address
);
811 if (s
->remove_on_stop
)
812 STRV_FOREACH(i
, s
->symlinks
)
816 static void socket_apply_socket_options(Socket
*s
, int fd
) {
823 int b
= s
->keep_alive
;
824 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
825 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
828 if (s
->keep_alive_time
) {
829 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
830 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
831 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
834 if (s
->keep_alive_interval
) {
835 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
836 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
837 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
840 if (s
->keep_alive_cnt
) {
841 int value
= s
->keep_alive_cnt
;
842 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
843 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
846 if (s
->defer_accept
) {
847 int value
= s
->defer_accept
/ USEC_PER_SEC
;
848 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
849 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
854 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
855 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
860 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
861 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
866 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
867 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
872 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
873 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
876 if (s
->priority
>= 0)
877 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
878 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
880 if (s
->receive_buffer
> 0) {
881 int value
= (int) s
->receive_buffer
;
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
885 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
886 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
887 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
890 if (s
->send_buffer
> 0) {
891 int value
= (int) s
->send_buffer
;
892 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
893 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
894 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
898 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
899 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
902 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
903 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
905 if (s
->ip_ttl
>= 0) {
908 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
910 if (socket_ipv6_is_supported())
911 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
914 errno
= EAFNOSUPPORT
;
918 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
921 if (s
->tcp_congestion
)
922 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
923 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
926 int b
= s
->reuse_port
;
927 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEPORT
, &b
, sizeof(b
)) < 0)
928 log_unit_warning_errno(UNIT(s
), errno
, "SO_REUSEPORT failed: %m");
931 if (s
->smack_ip_in
) {
932 r
= mac_smack_apply_ip_in_fd(fd
, s
->smack_ip_in
);
934 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
937 if (s
->smack_ip_out
) {
938 r
= mac_smack_apply_ip_out_fd(fd
, s
->smack_ip_out
);
940 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
944 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
950 if (s
->pipe_size
> 0)
951 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
952 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
955 r
= mac_smack_apply_fd(fd
, s
->smack
);
957 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
961 static int fifo_address_create(
963 mode_t directory_mode
,
974 mkdir_parents_label(path
, directory_mode
);
976 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
980 /* Enforce the right access mode for the fifo */
981 old_mask
= umask(~ socket_mode
);
983 /* Include the original umask in our mask */
984 umask(~socket_mode
| old_mask
);
986 r
= mkfifo(path
, socket_mode
);
989 if (r
< 0 && errno
!= EEXIST
) {
994 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
999 mac_selinux_create_file_clear();
1001 if (fstat(fd
, &st
) < 0) {
1006 if (!S_ISFIFO(st
.st_mode
) ||
1007 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1008 st
.st_uid
!= getuid() ||
1009 st
.st_gid
!= getgid()) {
1019 mac_selinux_create_file_clear();
1025 static int special_address_create(
1035 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1041 if (fstat(fd
, &st
) < 0) {
1046 /* Check whether this is a /proc, /sys or /dev file or char device */
1047 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1061 static int mq_address_create(
1071 struct mq_attr _attr
, *attr
= NULL
;
1076 if (maxmsg
> 0 && msgsize
> 0) {
1078 _attr
.mq_flags
= O_NONBLOCK
;
1079 _attr
.mq_maxmsg
= maxmsg
;
1080 _attr
.mq_msgsize
= msgsize
;
1084 /* Enforce the right access mode for the mq */
1085 old_mask
= umask(~ mq_mode
);
1087 /* Include the original umask in our mask */
1088 umask(~mq_mode
| old_mask
);
1089 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1097 if (fstat(fd
, &st
) < 0) {
1102 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1103 st
.st_uid
!= getuid() ||
1104 st
.st_gid
!= getgid()) {
1118 static int socket_symlink(Socket
*s
) {
1124 p
= socket_find_symlink_target(s
);
1128 STRV_FOREACH(i
, s
->symlinks
)
1129 symlink_label(p
, *i
);
1134 static int socket_open_fds(Socket
*s
) {
1138 bool know_label
= false;
1142 LIST_FOREACH(port
, p
, s
->ports
) {
1147 if (p
->type
== SOCKET_SOCKET
) {
1150 /* Figure out label, if we don't it know
1151 * yet. We do it once, for the first
1152 * socket where we need this and
1153 * remember it for the rest. */
1155 if (s
->selinux_context_from_net
) {
1156 /* Get it from the network label */
1158 r
= mac_selinux_get_our_label(&label
);
1159 if (r
< 0 && r
!= -EOPNOTSUPP
)
1163 /* Get it from the executable we are about to start */
1165 r
= socket_instantiate_service(s
);
1169 if (UNIT_ISSET(s
->service
) &&
1170 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1171 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1172 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1180 r
= socket_address_listen(
1182 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1195 socket_apply_socket_options(s
, p
->fd
);
1198 } else if (p
->type
== SOCKET_SPECIAL
) {
1200 r
= special_address_create(
1206 } else if (p
->type
== SOCKET_FIFO
) {
1208 r
= fifo_address_create(
1216 socket_apply_fifo_options(s
, p
->fd
);
1219 } else if (p
->type
== SOCKET_MQUEUE
) {
1221 r
= mq_address_create(
1230 assert_not_reached("Unknown port type");
1233 mac_selinux_free(label
);
1237 socket_close_fds(s
);
1238 mac_selinux_free(label
);
1243 static void socket_unwatch_fds(Socket
*s
) {
1249 LIST_FOREACH(port
, p
, s
->ports
) {
1253 if (!p
->event_source
)
1256 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1258 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1262 static int socket_watch_fds(Socket
*s
) {
1268 LIST_FOREACH(port
, p
, s
->ports
) {
1272 if (p
->event_source
) {
1273 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1277 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1281 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1288 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1289 socket_unwatch_fds(s
);
1293 static void socket_set_state(Socket
*s
, SocketState state
) {
1294 SocketState old_state
;
1297 old_state
= s
->state
;
1305 SOCKET_STOP_PRE_SIGTERM
,
1306 SOCKET_STOP_PRE_SIGKILL
,
1308 SOCKET_FINAL_SIGTERM
,
1309 SOCKET_FINAL_SIGKILL
)) {
1311 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1312 socket_unwatch_control_pid(s
);
1313 s
->control_command
= NULL
;
1314 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1317 if (state
!= SOCKET_LISTENING
)
1318 socket_unwatch_fds(s
);
1326 SOCKET_STOP_PRE_SIGTERM
,
1327 SOCKET_STOP_PRE_SIGKILL
))
1328 socket_close_fds(s
);
1330 if (state
!= old_state
)
1331 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1333 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1336 static int socket_coldplug(Unit
*u
) {
1337 Socket
*s
= SOCKET(u
);
1341 assert(s
->state
== SOCKET_DEAD
);
1343 if (s
->deserialized_state
== s
->state
)
1346 if (IN_SET(s
->deserialized_state
,
1351 SOCKET_STOP_PRE_SIGTERM
,
1352 SOCKET_STOP_PRE_SIGKILL
,
1354 SOCKET_FINAL_SIGTERM
,
1355 SOCKET_FINAL_SIGKILL
)) {
1357 if (s
->control_pid
<= 0)
1360 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1364 r
= socket_arm_timer(s
);
1369 if (IN_SET(s
->deserialized_state
,
1375 SOCKET_STOP_PRE_SIGTERM
,
1376 SOCKET_STOP_PRE_SIGKILL
)) {
1377 r
= socket_open_fds(s
);
1382 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1383 r
= socket_watch_fds(s
);
1388 socket_set_state(s
, s
->deserialized_state
);
1392 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1393 _cleanup_free_
char **argv
= NULL
;
1396 ExecParameters exec_params
= {
1397 .apply_permissions
= true,
1398 .apply_chroot
= true,
1399 .apply_tty_stdin
= true,
1400 .bus_endpoint_fd
= -1,
1407 (void) unit_realize_cgroup(UNIT(s
));
1408 if (s
->reset_cpu_usage
) {
1409 (void) unit_reset_cpu_usage(UNIT(s
));
1410 s
->reset_cpu_usage
= false;
1413 r
= unit_setup_exec_runtime(UNIT(s
));
1417 r
= socket_arm_timer(s
);
1421 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1425 exec_params
.argv
= argv
;
1426 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1427 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1428 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1429 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1430 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1431 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1433 r
= exec_spawn(UNIT(s
),
1442 r
= unit_watch_pid(UNIT(s
), pid
);
1444 /* FIXME: we need to do something here */
1451 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1455 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1459 r
= socket_arm_timer(s
);
1463 /* We have to resolve the user names out-of-process, hence
1464 * let's fork here. It's messy, but well, what can we do? */
1472 uid_t uid
= UID_INVALID
;
1473 gid_t gid
= GID_INVALID
;
1476 default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1477 ignore_signals(SIGPIPE
, -1);
1480 if (!isempty(s
->user
)) {
1481 const char *user
= s
->user
;
1483 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1490 if (!isempty(s
->group
)) {
1491 const char *group
= s
->group
;
1493 r
= get_group_creds(&group
, &gid
);
1500 LIST_FOREACH(port
, p
, s
->ports
) {
1501 const char *path
= NULL
;
1503 if (p
->type
== SOCKET_SOCKET
)
1504 path
= socket_address_get_path(&p
->address
);
1505 else if (p
->type
== SOCKET_FIFO
)
1511 if (chown(path
, uid
, gid
) < 0) {
1522 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1527 r
= unit_watch_pid(UNIT(s
), pid
);
1535 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1539 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1542 if (f
!= SOCKET_SUCCESS
)
1545 exec_runtime_destroy(s
->exec_runtime
);
1546 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1548 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1550 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1553 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1555 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1559 if (f
!= SOCKET_SUCCESS
)
1562 socket_unwatch_control_pid(s
);
1563 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1564 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1566 if (s
->control_command
) {
1567 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1571 socket_set_state(s
, SOCKET_STOP_POST
);
1573 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1578 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1579 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1582 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1587 if (f
!= SOCKET_SUCCESS
)
1590 r
= unit_kill_context(
1593 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1594 KILL_KILL
: KILL_TERMINATE
,
1602 r
= socket_arm_timer(s
);
1606 socket_set_state(s
, state
);
1607 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1608 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1609 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1610 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1611 else if (state
== SOCKET_FINAL_SIGTERM
)
1612 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1614 socket_enter_dead(s
, SOCKET_SUCCESS
);
1619 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1621 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1622 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1624 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1627 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1631 if (f
!= SOCKET_SUCCESS
)
1634 socket_unwatch_control_pid(s
);
1635 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1636 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1638 if (s
->control_command
) {
1639 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1643 socket_set_state(s
, SOCKET_STOP_PRE
);
1645 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1650 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1651 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1654 static void socket_enter_listening(Socket
*s
) {
1658 r
= socket_watch_fds(s
);
1660 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1664 socket_set_state(s
, SOCKET_LISTENING
);
1668 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1671 static void socket_enter_start_post(Socket
*s
) {
1675 socket_unwatch_control_pid(s
);
1676 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1677 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1679 if (s
->control_command
) {
1680 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1682 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1686 socket_set_state(s
, SOCKET_START_POST
);
1688 socket_enter_listening(s
);
1693 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1696 static void socket_enter_start_chown(Socket
*s
) {
1701 r
= socket_open_fds(s
);
1703 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1707 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1709 socket_unwatch_control_pid(s
);
1710 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1711 s
->control_command
= NULL
;
1713 r
= socket_chown(s
, &s
->control_pid
);
1715 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1719 socket_set_state(s
, SOCKET_START_CHOWN
);
1721 socket_enter_start_post(s
);
1726 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1729 static void socket_enter_start_pre(Socket
*s
) {
1733 socket_unwatch_control_pid(s
);
1734 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1735 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1737 if (s
->control_command
) {
1738 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1740 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1744 socket_set_state(s
, SOCKET_START_PRE
);
1746 socket_enter_start_chown(s
);
1751 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1754 static void socket_enter_running(Socket
*s
, int cfd
) {
1755 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1760 /* We don't take connections anymore if we are supposed to
1761 * shut down anyway */
1762 if (unit_stop_pending(UNIT(s
))) {
1764 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1769 /* Flush all sockets by closing and reopening them */
1770 socket_close_fds(s
);
1772 r
= socket_open_fds(s
);
1774 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1775 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1779 r
= socket_watch_fds(s
);
1781 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1782 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1792 bool pending
= false;
1794 /* If there's already a start pending don't bother to
1796 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1797 if (unit_active_or_pending(other
)) {
1803 if (!UNIT_ISSET(s
->service
)) {
1804 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1809 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1814 socket_set_state(s
, SOCKET_RUNNING
);
1816 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1819 if (s
->n_connections
>= s
->max_connections
) {
1820 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1825 r
= socket_instantiate_service(s
);
1829 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1834 /* ENOTCONN is legitimate if TCP RST was received.
1835 * This connection is over, but the socket unit lives on. */
1840 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1844 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1848 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1852 service
= SERVICE(UNIT_DEREF(s
->service
));
1853 unit_ref_unset(&s
->service
);
1856 UNIT(service
)->no_gc
= false;
1858 unit_choose_id(UNIT(service
), name
);
1860 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1865 s
->n_connections
++;
1867 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1871 /* Notify clients about changed counters */
1872 unit_add_to_dbus_queue(UNIT(s
));
1878 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1879 cfd
>= 0 ? "template" : "non-template",
1880 bus_error_message(&error
, r
));
1882 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1886 static void socket_run_next(Socket
*s
) {
1890 assert(s
->control_command
);
1891 assert(s
->control_command
->command_next
);
1893 socket_unwatch_control_pid(s
);
1895 s
->control_command
= s
->control_command
->command_next
;
1897 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1904 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1906 if (s
->state
== SOCKET_START_POST
)
1907 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1908 else if (s
->state
== SOCKET_STOP_POST
)
1909 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1911 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1914 static int socket_start(Unit
*u
) {
1915 Socket
*s
= SOCKET(u
);
1919 /* We cannot fulfill this request right now, try again later
1921 if (IN_SET(s
->state
,
1923 SOCKET_STOP_PRE_SIGKILL
,
1924 SOCKET_STOP_PRE_SIGTERM
,
1926 SOCKET_FINAL_SIGTERM
,
1927 SOCKET_FINAL_SIGKILL
))
1930 /* Already on it! */
1931 if (IN_SET(s
->state
,
1937 /* Cannot run this without the service being around */
1938 if (UNIT_ISSET(s
->service
)) {
1941 service
= SERVICE(UNIT_DEREF(s
->service
));
1943 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1944 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1948 /* If the service is already active we cannot start the
1950 if (service
->state
!= SERVICE_DEAD
&&
1951 service
->state
!= SERVICE_FAILED
&&
1952 service
->state
!= SERVICE_AUTO_RESTART
) {
1953 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1958 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1960 s
->result
= SOCKET_SUCCESS
;
1961 s
->reset_cpu_usage
= true;
1963 socket_enter_start_pre(s
);
1968 static int socket_stop(Unit
*u
) {
1969 Socket
*s
= SOCKET(u
);
1974 if (IN_SET(s
->state
,
1976 SOCKET_STOP_PRE_SIGTERM
,
1977 SOCKET_STOP_PRE_SIGKILL
,
1979 SOCKET_FINAL_SIGTERM
,
1980 SOCKET_FINAL_SIGKILL
))
1983 /* If there's already something running we go directly into
1985 if (IN_SET(s
->state
,
1988 SOCKET_START_POST
)) {
1989 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1993 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1995 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1999 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
2000 Socket
*s
= SOCKET(u
);
2008 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2009 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2010 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2012 if (s
->control_pid
> 0)
2013 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2015 if (s
->control_command_id
>= 0)
2016 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2018 LIST_FOREACH(port
, p
, s
->ports
) {
2024 copy
= fdset_put_dup(fds
, p
->fd
);
2028 if (p
->type
== SOCKET_SOCKET
) {
2029 _cleanup_free_
char *t
= NULL
;
2031 r
= socket_address_print(&p
->address
, &t
);
2035 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2036 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2038 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2040 } else if (p
->type
== SOCKET_SPECIAL
)
2041 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2042 else if (p
->type
== SOCKET_MQUEUE
)
2043 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2045 assert(p
->type
== SOCKET_FIFO
);
2046 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2053 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2054 Socket
*s
= SOCKET(u
);
2060 if (streq(key
, "state")) {
2063 state
= socket_state_from_string(value
);
2065 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2067 s
->deserialized_state
= state
;
2068 } else if (streq(key
, "result")) {
2071 f
= socket_result_from_string(value
);
2073 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2074 else if (f
!= SOCKET_SUCCESS
)
2077 } else if (streq(key
, "n-accepted")) {
2080 if (safe_atou(value
, &k
) < 0)
2081 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2084 } else if (streq(key
, "control-pid")) {
2087 if (parse_pid(value
, &pid
) < 0)
2088 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2090 s
->control_pid
= pid
;
2091 } else if (streq(key
, "control-command")) {
2092 SocketExecCommand id
;
2094 id
= socket_exec_command_from_string(value
);
2096 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2098 s
->control_command_id
= id
;
2099 s
->control_command
= s
->exec_command
[id
];
2101 } else if (streq(key
, "fifo")) {
2105 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2106 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2109 LIST_FOREACH(port
, p
, s
->ports
)
2110 if (p
->type
== SOCKET_FIFO
&&
2111 path_equal_or_files_same(p
->path
, value
+skip
))
2116 p
->fd
= fdset_remove(fds
, fd
);
2120 } else if (streq(key
, "special")) {
2124 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2125 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2128 LIST_FOREACH(port
, p
, s
->ports
)
2129 if (p
->type
== SOCKET_SPECIAL
&&
2130 path_equal_or_files_same(p
->path
, value
+skip
))
2135 p
->fd
= fdset_remove(fds
, fd
);
2139 } else if (streq(key
, "mqueue")) {
2143 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2144 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2147 LIST_FOREACH(port
, p
, s
->ports
)
2148 if (p
->type
== SOCKET_MQUEUE
&&
2149 streq(p
->path
, value
+skip
))
2154 p
->fd
= fdset_remove(fds
, fd
);
2158 } else if (streq(key
, "socket")) {
2159 int fd
, type
, skip
= 0;
2162 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2163 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2166 LIST_FOREACH(port
, p
, s
->ports
)
2167 if (socket_address_is(&p
->address
, value
+skip
, type
))
2172 p
->fd
= fdset_remove(fds
, fd
);
2176 } else if (streq(key
, "netlink")) {
2180 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2181 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2184 LIST_FOREACH(port
, p
, s
->ports
)
2185 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2190 p
->fd
= fdset_remove(fds
, fd
);
2194 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2199 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2200 Socket
*s
= SOCKET(u
);
2205 LIST_FOREACH(port
, p
, s
->ports
) {
2209 if (p
->type
!= SOCKET_SOCKET
)
2215 FDSET_FOREACH(fd
, fds
, i
) {
2216 if (socket_address_matches_fd(&p
->address
, fd
)) {
2217 p
->fd
= fdset_remove(fds
, fd
);
2218 s
->deserialized_state
= SOCKET_LISTENING
;
2227 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2230 return state_translation_table
[SOCKET(u
)->state
];
2233 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2236 return socket_state_to_string(SOCKET(u
)->state
);
2239 const char* socket_port_type_to_string(SocketPort
*p
) {
2247 switch (p
->address
.type
) {
2255 case SOCK_SEQPACKET
:
2256 return "SequentialPacket";
2259 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2266 case SOCKET_SPECIAL
:
2270 return "MessageQueue";
2280 _pure_
static bool socket_check_gc(Unit
*u
) {
2281 Socket
*s
= SOCKET(u
);
2285 return s
->n_connections
> 0;
2288 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2289 SocketPort
*p
= userdata
;
2295 if (p
->socket
->state
!= SOCKET_LISTENING
)
2298 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2300 if (revents
!= EPOLLIN
) {
2302 if (revents
& EPOLLHUP
)
2303 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2305 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2310 if (p
->socket
->accept
&&
2311 p
->type
== SOCKET_SOCKET
&&
2312 socket_address_can_accept(&p
->address
)) {
2316 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2322 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2329 socket_apply_socket_options(p
->socket
, cfd
);
2332 socket_enter_running(p
->socket
, cfd
);
2336 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2340 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2341 Socket
*s
= SOCKET(u
);
2347 if (pid
!= s
->control_pid
)
2352 if (is_clean_exit(code
, status
, NULL
))
2354 else if (code
== CLD_EXITED
)
2355 f
= SOCKET_FAILURE_EXIT_CODE
;
2356 else if (code
== CLD_KILLED
)
2357 f
= SOCKET_FAILURE_SIGNAL
;
2358 else if (code
== CLD_DUMPED
)
2359 f
= SOCKET_FAILURE_CORE_DUMP
;
2361 assert_not_reached("Unknown sigchld code");
2363 if (s
->control_command
) {
2364 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2366 if (s
->control_command
->ignore
)
2370 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2371 "Control process exited, code=%s status=%i",
2372 sigchld_code_to_string(code
), status
);
2374 if (f
!= SOCKET_SUCCESS
)
2377 if (s
->control_command
&&
2378 s
->control_command
->command_next
&&
2379 f
== SOCKET_SUCCESS
) {
2381 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2384 s
->control_command
= NULL
;
2385 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2387 /* No further commands for this step, so let's figure
2388 * out what to do next */
2390 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2394 case SOCKET_START_PRE
:
2395 if (f
== SOCKET_SUCCESS
)
2396 socket_enter_start_chown(s
);
2398 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2401 case SOCKET_START_CHOWN
:
2402 if (f
== SOCKET_SUCCESS
)
2403 socket_enter_start_post(s
);
2405 socket_enter_stop_pre(s
, f
);
2408 case SOCKET_START_POST
:
2409 if (f
== SOCKET_SUCCESS
)
2410 socket_enter_listening(s
);
2412 socket_enter_stop_pre(s
, f
);
2415 case SOCKET_STOP_PRE
:
2416 case SOCKET_STOP_PRE_SIGTERM
:
2417 case SOCKET_STOP_PRE_SIGKILL
:
2418 socket_enter_stop_post(s
, f
);
2421 case SOCKET_STOP_POST
:
2422 case SOCKET_FINAL_SIGTERM
:
2423 case SOCKET_FINAL_SIGKILL
:
2424 socket_enter_dead(s
, f
);
2428 assert_not_reached("Uh, control process died at wrong time.");
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u
);
2436 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2437 Socket
*s
= SOCKET(userdata
);
2440 assert(s
->timer_event_source
== source
);
2444 case SOCKET_START_PRE
:
2445 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2446 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2449 case SOCKET_START_CHOWN
:
2450 case SOCKET_START_POST
:
2451 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2452 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2455 case SOCKET_STOP_PRE
:
2456 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2457 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2460 case SOCKET_STOP_PRE_SIGTERM
:
2461 if (s
->kill_context
.send_sigkill
) {
2462 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2463 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2465 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2466 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2470 case SOCKET_STOP_PRE_SIGKILL
:
2471 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2472 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2475 case SOCKET_STOP_POST
:
2476 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2477 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2480 case SOCKET_FINAL_SIGTERM
:
2481 if (s
->kill_context
.send_sigkill
) {
2482 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2483 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2485 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2486 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2490 case SOCKET_FINAL_SIGKILL
:
2491 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2492 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2496 assert_not_reached("Timeout at wrong time.");
2502 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2511 /* Called from the service code for requesting our fds */
2514 LIST_FOREACH(port
, p
, s
->ports
)
2524 rfds
= new(int, rn_fds
);
2529 LIST_FOREACH(port
, p
, s
->ports
)
2533 assert(k
== rn_fds
);
2541 static void socket_reset_failed(Unit
*u
) {
2542 Socket
*s
= SOCKET(u
);
2546 if (s
->state
== SOCKET_FAILED
)
2547 socket_set_state(s
, SOCKET_DEAD
);
2549 s
->result
= SOCKET_SUCCESS
;
2552 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2555 /* The service is dead. Dang!
2557 * This is strictly for one-instance-for-all-connections
2560 if (s
->state
== SOCKET_RUNNING
) {
2561 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2562 if (failed_permanent
)
2563 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2565 socket_enter_listening(s
);
2569 void socket_connection_unref(Socket
*s
) {
2572 /* The service is dead. Yay!
2574 * This is strictly for one-instance-per-connection
2577 assert(s
->n_connections
> 0);
2580 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2583 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2584 Socket
*s
= SOCKET(u
);
2590 /* Don't propagate state changes from the service if we are
2591 already down or accepting connections */
2592 if ((s
->state
!= SOCKET_RUNNING
&&
2593 s
->state
!= SOCKET_LISTENING
) ||
2597 if (other
->load_state
!= UNIT_LOADED
||
2598 other
->type
!= UNIT_SERVICE
)
2601 se
= SERVICE(other
);
2603 if (se
->state
== SERVICE_FAILED
)
2604 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2606 if (se
->state
== SERVICE_DEAD
||
2607 se
->state
== SERVICE_FINAL_SIGTERM
||
2608 se
->state
== SERVICE_FINAL_SIGKILL
||
2609 se
->state
== SERVICE_AUTO_RESTART
)
2610 socket_notify_service_dead(s
, false);
2612 if (se
->state
== SERVICE_RUNNING
)
2613 socket_set_state(s
, SOCKET_RUNNING
);
2616 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2617 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2620 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2621 Socket
*s
= SOCKET(u
);
2624 if (!s
->timer_event_source
)
2627 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2634 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2635 [SOCKET_DEAD
] = "dead",
2636 [SOCKET_START_PRE
] = "start-pre",
2637 [SOCKET_START_CHOWN
] = "start-chown",
2638 [SOCKET_START_POST
] = "start-post",
2639 [SOCKET_LISTENING
] = "listening",
2640 [SOCKET_RUNNING
] = "running",
2641 [SOCKET_STOP_PRE
] = "stop-pre",
2642 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2643 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2644 [SOCKET_STOP_POST
] = "stop-post",
2645 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2646 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2647 [SOCKET_FAILED
] = "failed"
2650 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2652 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2653 [SOCKET_EXEC_START_PRE
] = "StartPre",
2654 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2655 [SOCKET_EXEC_START_POST
] = "StartPost",
2656 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2657 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2660 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2662 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2663 [SOCKET_SUCCESS
] = "success",
2664 [SOCKET_FAILURE_RESOURCES
] = "resources",
2665 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2666 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2667 [SOCKET_FAILURE_SIGNAL
] = "signal",
2668 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2669 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2672 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2674 const UnitVTable socket_vtable
= {
2675 .object_size
= sizeof(Socket
),
2676 .exec_context_offset
= offsetof(Socket
, exec_context
),
2677 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2678 .kill_context_offset
= offsetof(Socket
, kill_context
),
2679 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2685 .private_section
= "Socket",
2687 .init
= socket_init
,
2688 .done
= socket_done
,
2689 .load
= socket_load
,
2691 .coldplug
= socket_coldplug
,
2693 .dump
= socket_dump
,
2695 .start
= socket_start
,
2696 .stop
= socket_stop
,
2698 .kill
= socket_kill
,
2700 .get_timeout
= socket_get_timeout
,
2702 .serialize
= socket_serialize
,
2703 .deserialize_item
= socket_deserialize_item
,
2704 .distribute_fds
= socket_distribute_fds
,
2706 .active_state
= socket_active_state
,
2707 .sub_state_to_string
= socket_sub_state_to_string
,
2709 .check_gc
= socket_check_gc
,
2711 .sigchld_event
= socket_sigchld_event
,
2713 .trigger_notify
= socket_trigger_notify
,
2715 .reset_failed
= socket_reset_failed
,
2717 .bus_interface
= "org.freedesktop.systemd1.Socket",
2718 .bus_vtable
= bus_socket_vtable
,
2719 .bus_set_property
= bus_socket_set_property
,
2720 .bus_commit_properties
= bus_socket_commit_properties
,
2722 .status_message_formats
= {
2723 /*.starting_stopping = {
2724 [0] = "Starting socket %s...",
2725 [1] = "Stopping socket %s...",
2727 .finished_start_job
= {
2728 [JOB_DONE
] = "Listening on %s.",
2729 [JOB_FAILED
] = "Failed to listen on %s.",
2730 [JOB_DEPENDENCY
] = "Dependency failed for %s.",
2731 [JOB_TIMEOUT
] = "Timed out starting %s.",
2733 .finished_stop_job
= {
2734 [JOB_DONE
] = "Closed %s.",
2735 [JOB_FAILED
] = "Failed stopping %s.",
2736 [JOB_TIMEOUT
] = "Timed out stopping %s.",