2 This file is part of systemd.
4 Copyright 2010 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <arpa/inet.h>
24 #include <netinet/tcp.h>
26 #include <sys/epoll.h>
29 #include <linux/sctp.h>
31 #include "alloc-util.h"
32 #include "bus-error.h"
35 #include "dbus-socket.h"
37 #include "exit-status.h"
39 #include "format-util.h"
45 #include "parse-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "selinux-util.h"
49 #include "signal-util.h"
50 #include "smack-util.h"
53 #include "string-table.h"
54 #include "string-util.h"
56 #include "unit-name.h"
58 #include "user-util.h"
59 #include "in-addr-util.h"
65 union sockaddr_union peer
;
68 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
69 [SOCKET_DEAD
] = UNIT_INACTIVE
,
70 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
71 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
72 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
73 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
74 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
75 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
76 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
77 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
78 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
79 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
80 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
81 [SOCKET_FAILED
] = UNIT_FAILED
84 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
85 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
87 static void socket_init(Unit
*u
) {
88 Socket
*s
= SOCKET(u
);
91 assert(u
->load_state
== UNIT_STUB
);
93 s
->backlog
= SOMAXCONN
;
94 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
95 s
->directory_mode
= 0755;
96 s
->socket_mode
= 0666;
98 s
->max_connections
= 64;
105 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
106 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
108 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
110 s
->trigger_limit
.interval
= USEC_INFINITY
;
111 s
->trigger_limit
.burst
= (unsigned) -1;
114 static void socket_unwatch_control_pid(Socket
*s
) {
117 if (s
->control_pid
<= 0)
120 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
124 static void socket_cleanup_fd_list(SocketPort
*p
) {
127 close_many(p
->auxiliary_fds
, p
->n_auxiliary_fds
);
128 p
->auxiliary_fds
= mfree(p
->auxiliary_fds
);
129 p
->n_auxiliary_fds
= 0;
132 void socket_free_ports(Socket
*s
) {
137 while ((p
= s
->ports
)) {
138 LIST_REMOVE(port
, s
->ports
, p
);
140 sd_event_source_unref(p
->event_source
);
142 socket_cleanup_fd_list(p
);
149 static void socket_done(Unit
*u
) {
150 Socket
*s
= SOCKET(u
);
155 socket_free_ports(s
);
157 while ((p
= set_steal_first(s
->peers_by_address
)))
160 s
->peers_by_address
= set_free(s
->peers_by_address
);
162 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
163 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
164 s
->control_command
= NULL
;
166 dynamic_creds_unref(&s
->dynamic_creds
);
168 socket_unwatch_control_pid(s
);
170 unit_ref_unset(&s
->service
);
172 s
->tcp_congestion
= mfree(s
->tcp_congestion
);
173 s
->bind_to_device
= mfree(s
->bind_to_device
);
175 s
->smack
= mfree(s
->smack
);
176 s
->smack_ip_in
= mfree(s
->smack_ip_in
);
177 s
->smack_ip_out
= mfree(s
->smack_ip_out
);
179 strv_free(s
->symlinks
);
181 s
->user
= mfree(s
->user
);
182 s
->group
= mfree(s
->group
);
184 s
->fdname
= mfree(s
->fdname
);
186 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
189 static int socket_arm_timer(Socket
*s
, usec_t usec
) {
194 if (s
->timer_event_source
) {
195 r
= sd_event_source_set_time(s
->timer_event_source
, usec
);
199 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
202 if (usec
== USEC_INFINITY
)
205 r
= sd_event_add_time(
206 UNIT(s
)->manager
->event
,
207 &s
->timer_event_source
,
210 socket_dispatch_timer
, s
);
214 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
219 int socket_instantiate_service(Socket
*s
) {
220 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
226 /* This fills in s->service if it isn't filled in yet. For
227 * Accept=yes sockets we create the next connection service
228 * here. For Accept=no this is mostly a NOP since the service
229 * is figured out at load time anyway. */
231 if (UNIT_DEREF(s
->service
))
237 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
241 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
244 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
248 unit_ref_set(&s
->service
, u
);
250 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
253 static bool have_non_accept_socket(Socket
*s
) {
261 LIST_FOREACH(port
, p
, s
->ports
) {
263 if (p
->type
!= SOCKET_SOCKET
)
266 if (!socket_address_can_accept(&p
->address
))
273 static int socket_add_mount_links(Socket
*s
) {
279 LIST_FOREACH(port
, p
, s
->ports
) {
280 const char *path
= NULL
;
282 if (p
->type
== SOCKET_SOCKET
)
283 path
= socket_address_get_path(&p
->address
);
284 else if (IN_SET(p
->type
, SOCKET_FIFO
, SOCKET_SPECIAL
, SOCKET_USB_FUNCTION
))
290 r
= unit_require_mounts_for(UNIT(s
), path
);
298 static int socket_add_device_link(Socket
*s
) {
303 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
306 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
307 return unit_add_node_link(UNIT(s
), t
, false, UNIT_BINDS_TO
);
310 static int socket_add_default_dependencies(Socket
*s
) {
314 if (!UNIT(s
)->default_dependencies
)
317 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
321 if (MANAGER_IS_SYSTEM(UNIT(s
)->manager
)) {
322 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
327 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
330 _pure_
static bool socket_has_exec(Socket
*s
) {
334 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
335 if (s
->exec_command
[i
])
341 static int socket_add_extras(Socket
*s
) {
347 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
348 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
349 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
350 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
351 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
352 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
353 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
354 * service starts are typical. */
356 if (s
->trigger_limit
.interval
== USEC_INFINITY
)
357 s
->trigger_limit
.interval
= 2 * USEC_PER_SEC
;
359 if (s
->trigger_limit
.burst
== (unsigned) -1) {
361 s
->trigger_limit
.burst
= 200;
363 s
->trigger_limit
.burst
= 20;
366 if (have_non_accept_socket(s
)) {
368 if (!UNIT_DEREF(s
->service
)) {
371 r
= unit_load_related_unit(u
, ".service", &x
);
375 unit_ref_set(&s
->service
, x
);
378 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
383 r
= socket_add_mount_links(s
);
387 r
= socket_add_device_link(s
);
391 r
= unit_patch_contexts(u
);
395 if (socket_has_exec(s
)) {
396 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
400 r
= unit_set_default_slice(u
);
405 r
= socket_add_default_dependencies(s
);
412 static const char *socket_find_symlink_target(Socket
*s
) {
413 const char *found
= NULL
;
416 LIST_FOREACH(port
, p
, s
->ports
) {
417 const char *f
= NULL
;
426 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
427 f
= p
->address
.sockaddr
.un
.sun_path
;
445 static int socket_verify(Socket
*s
) {
448 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
452 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
456 if (s
->accept
&& have_non_accept_socket(s
)) {
457 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
461 if (s
->accept
&& s
->max_connections
<= 0) {
462 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
466 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
467 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
471 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
472 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
476 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
477 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
484 static void peer_address_hash_func(const void *p
, struct siphash
*state
) {
485 const SocketPeer
*s
= p
;
488 assert(IN_SET(s
->peer
.sa
.sa_family
, AF_INET
, AF_INET6
));
490 if (s
->peer
.sa
.sa_family
== AF_INET
)
491 siphash24_compress(&s
->peer
.in
.sin_addr
, sizeof(s
->peer
.in
.sin_addr
), state
);
493 siphash24_compress(&s
->peer
.in6
.sin6_addr
, sizeof(s
->peer
.in6
.sin6_addr
), state
);
496 static int peer_address_compare_func(const void *a
, const void *b
) {
497 const SocketPeer
*x
= a
, *y
= b
;
499 if (x
->peer
.sa
.sa_family
< y
->peer
.sa
.sa_family
)
501 if (x
->peer
.sa
.sa_family
> y
->peer
.sa
.sa_family
)
504 switch(x
->peer
.sa
.sa_family
) {
506 return memcmp(&x
->peer
.in
.sin_addr
, &y
->peer
.in
.sin_addr
, sizeof(x
->peer
.in
.sin_addr
));
508 return memcmp(&x
->peer
.in6
.sin6_addr
, &y
->peer
.in6
.sin6_addr
, sizeof(x
->peer
.in6
.sin6_addr
));
510 assert_not_reached("Black sheep in the family!");
513 const struct hash_ops peer_address_hash_ops
= {
514 .hash
= peer_address_hash_func
,
515 .compare
= peer_address_compare_func
518 static int socket_load(Unit
*u
) {
519 Socket
*s
= SOCKET(u
);
523 assert(u
->load_state
== UNIT_STUB
);
525 r
= set_ensure_allocated(&s
->peers_by_address
, &peer_address_hash_ops
);
529 r
= unit_load_fragment_and_dropin(u
);
533 if (u
->load_state
== UNIT_LOADED
) {
534 /* This is a new unit? Then let's add in some extras */
535 r
= socket_add_extras(s
);
540 return socket_verify(s
);
543 static SocketPeer
*socket_peer_new(void) {
546 p
= new0(SocketPeer
, 1);
555 SocketPeer
*socket_peer_ref(SocketPeer
*p
) {
559 assert(p
->n_ref
> 0);
565 SocketPeer
*socket_peer_unref(SocketPeer
*p
) {
569 assert(p
->n_ref
> 0);
577 set_remove(p
->socket
->peers_by_address
, p
);
582 int socket_acquire_peer(Socket
*s
, int fd
, SocketPeer
**p
) {
583 _cleanup_(socket_peer_unrefp
) SocketPeer
*remote
= NULL
;
584 SocketPeer sa
= {}, *i
;
585 socklen_t salen
= sizeof(sa
.peer
);
591 r
= getpeername(fd
, &sa
.peer
.sa
, &salen
);
593 return log_error_errno(errno
, "getpeername failed: %m");
595 if (!IN_SET(sa
.peer
.sa
.sa_family
, AF_INET
, AF_INET6
)) {
600 i
= set_get(s
->peers_by_address
, &sa
);
602 *p
= socket_peer_ref(i
);
606 remote
= socket_peer_new();
610 remote
->peer
= sa
.peer
;
612 r
= set_put(s
->peers_by_address
, remote
);
624 _const_
static const char* listen_lookup(int family
, int type
) {
626 if (family
== AF_NETLINK
)
627 return "ListenNetlink";
629 if (type
== SOCK_STREAM
)
630 return "ListenStream";
631 else if (type
== SOCK_DGRAM
)
632 return "ListenDatagram";
633 else if (type
== SOCK_SEQPACKET
)
634 return "ListenSequentialPacket";
636 assert_not_reached("Unknown socket type");
640 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
641 char time_string
[FORMAT_TIMESPAN_MAX
];
643 Socket
*s
= SOCKET(u
);
650 prefix
= strempty(prefix
);
651 prefix2
= strjoina(prefix
, "\t");
654 "%sSocket State: %s\n"
656 "%sBindIPv6Only: %s\n"
658 "%sSocketMode: %04o\n"
659 "%sDirectoryMode: %04o\n"
663 "%sTransparent: %s\n"
665 "%sPassCredentials: %s\n"
666 "%sPassSecurity: %s\n"
667 "%sTCPCongestion: %s\n"
668 "%sRemoveOnStop: %s\n"
671 "%sSELinuxContextFromNet: %s\n",
672 prefix
, socket_state_to_string(s
->state
),
673 prefix
, socket_result_to_string(s
->result
),
674 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
676 prefix
, s
->socket_mode
,
677 prefix
, s
->directory_mode
,
678 prefix
, yes_no(s
->keep_alive
),
679 prefix
, yes_no(s
->no_delay
),
680 prefix
, yes_no(s
->free_bind
),
681 prefix
, yes_no(s
->transparent
),
682 prefix
, yes_no(s
->broadcast
),
683 prefix
, yes_no(s
->pass_cred
),
684 prefix
, yes_no(s
->pass_sec
),
685 prefix
, strna(s
->tcp_congestion
),
686 prefix
, yes_no(s
->remove_on_stop
),
687 prefix
, yes_no(s
->writable
),
688 prefix
, socket_fdname(s
),
689 prefix
, yes_no(s
->selinux_context_from_net
));
691 if (s
->control_pid
> 0)
693 "%sControl PID: "PID_FMT
"\n",
694 prefix
, s
->control_pid
);
696 if (s
->bind_to_device
)
698 "%sBindToDevice: %s\n",
699 prefix
, s
->bind_to_device
);
704 "%sNConnections: %u\n"
705 "%sMaxConnections: %u\n",
706 prefix
, s
->n_accepted
,
707 prefix
, s
->n_connections
,
708 prefix
, s
->max_connections
);
710 if (s
->priority
>= 0)
713 prefix
, s
->priority
);
715 if (s
->receive_buffer
> 0)
717 "%sReceiveBuffer: %zu\n",
718 prefix
, s
->receive_buffer
);
720 if (s
->send_buffer
> 0)
722 "%sSendBuffer: %zu\n",
723 prefix
, s
->send_buffer
);
735 if (s
->pipe_size
> 0)
738 prefix
, s
->pipe_size
);
745 if (s
->mq_maxmsg
> 0)
747 "%sMessageQueueMaxMessages: %li\n",
748 prefix
, s
->mq_maxmsg
);
750 if (s
->mq_msgsize
> 0)
752 "%sMessageQueueMessageSize: %li\n",
753 prefix
, s
->mq_msgsize
);
758 prefix
, yes_no(s
->reuse_port
));
762 "%sSmackLabel: %s\n",
767 "%sSmackLabelIPIn: %s\n",
768 prefix
, s
->smack_ip_in
);
772 "%sSmackLabelIPOut: %s\n",
773 prefix
, s
->smack_ip_out
);
775 if (!isempty(s
->user
) || !isempty(s
->group
))
778 "%sSocketGroup: %s\n",
779 prefix
, strna(s
->user
),
780 prefix
, strna(s
->group
));
782 if (s
->keep_alive_time
> 0)
784 "%sKeepAliveTimeSec: %s\n",
785 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
787 if (s
->keep_alive_interval
)
789 "%sKeepAliveIntervalSec: %s\n",
790 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
792 if (s
->keep_alive_cnt
)
794 "%sKeepAliveProbes: %u\n",
795 prefix
, s
->keep_alive_cnt
);
799 "%sDeferAcceptSec: %s\n",
800 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
802 LIST_FOREACH(port
, p
, s
->ports
) {
804 if (p
->type
== SOCKET_SOCKET
) {
809 r
= socket_address_print(&p
->address
, &k
);
815 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
817 } else if (p
->type
== SOCKET_SPECIAL
)
818 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
819 else if (p
->type
== SOCKET_USB_FUNCTION
)
820 fprintf(f
, "%sListenUSBFunction: %s\n", prefix
, p
->path
);
821 else if (p
->type
== SOCKET_MQUEUE
)
822 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
824 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
828 "%sTriggerLimitIntervalSec: %s\n"
829 "%sTriggerLimitBurst: %u\n",
830 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->trigger_limit
.interval
, USEC_PER_SEC
),
831 prefix
, s
->trigger_limit
.burst
);
833 exec_context_dump(&s
->exec_context
, f
, prefix
);
834 kill_context_dump(&s
->kill_context
, f
, prefix
);
836 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
837 if (!s
->exec_command
[c
])
840 fprintf(f
, "%s-> %s:\n",
841 prefix
, socket_exec_command_to_string(c
));
843 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
847 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
850 union sockaddr_union local
, remote
;
856 if (getsockname(fd
, &local
.sa
, &l
) < 0)
860 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
863 switch (local
.sa
.sa_family
) {
867 a
= be32toh(local
.in
.sin_addr
.s_addr
),
868 b
= be32toh(remote
.in
.sin_addr
.s_addr
);
871 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
873 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
874 be16toh(local
.in
.sin_port
),
875 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
876 be16toh(remote
.in
.sin_port
)) < 0)
883 static const unsigned char ipv4_prefix
[] = {
884 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
887 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
888 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
890 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
891 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
894 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
896 a
[0], a
[1], a
[2], a
[3],
897 be16toh(local
.in6
.sin6_port
),
898 b
[0], b
[1], b
[2], b
[3],
899 be16toh(remote
.in6
.sin6_port
)) < 0)
902 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
907 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
908 be16toh(local
.in6
.sin6_port
),
909 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
910 be16toh(remote
.in6
.sin6_port
)) < 0)
921 k
= getpeercred(fd
, &ucred
);
924 "%u-"PID_FMT
"-"UID_FMT
,
925 nr
, ucred
.pid
, ucred
.uid
) < 0)
927 } else if (k
== -ENODATA
) {
928 /* This handles the case where somebody is
929 * connecting from another pid/uid namespace
930 * (e.g. from outside of our container). */
942 assert_not_reached("Unhandled socket type.");
949 static void socket_close_fds(Socket
*s
) {
955 LIST_FOREACH(port
, p
, s
->ports
) {
958 was_open
= p
->fd
>= 0;
960 p
->event_source
= sd_event_source_unref(p
->event_source
);
961 p
->fd
= safe_close(p
->fd
);
962 socket_cleanup_fd_list(p
);
964 /* One little note: we should normally not delete any sockets in the file system here! After all some
965 * other process we spawned might still have a reference of this fd and wants to continue to use
966 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
967 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
968 * anyway, but only then. */
970 if (!was_open
|| !s
->remove_on_stop
)
976 (void) unlink(p
->path
);
980 (void) mq_unlink(p
->path
);
984 (void) socket_address_unlink(&p
->address
);
992 if (s
->remove_on_stop
)
993 STRV_FOREACH(i
, s
->symlinks
)
997 static void socket_apply_socket_options(Socket
*s
, int fd
) {
1003 if (s
->keep_alive
) {
1004 int b
= s
->keep_alive
;
1005 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
1006 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
1009 if (s
->keep_alive_time
) {
1010 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
1011 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
1012 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
1015 if (s
->keep_alive_interval
) {
1016 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
1017 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
1018 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
1021 if (s
->keep_alive_cnt
) {
1022 int value
= s
->keep_alive_cnt
;
1023 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
1024 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
1027 if (s
->defer_accept
) {
1028 int value
= s
->defer_accept
/ USEC_PER_SEC
;
1029 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
1030 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
1034 int b
= s
->no_delay
;
1036 if (s
->socket_protocol
== IPPROTO_SCTP
) {
1037 if (setsockopt(fd
, SOL_SCTP
, SCTP_NODELAY
, &b
, sizeof(b
)) < 0)
1038 log_unit_warning_errno(UNIT(s
), errno
, "SCTP_NODELAY failed: %m");
1040 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
1041 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
1047 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
1048 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
1053 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
1054 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
1059 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
1060 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
1063 if (s
->priority
>= 0)
1064 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
1065 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
1067 if (s
->receive_buffer
> 0) {
1068 int value
= (int) s
->receive_buffer
;
1070 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
1072 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
1073 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
1074 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
1077 if (s
->send_buffer
> 0) {
1078 int value
= (int) s
->send_buffer
;
1079 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
1080 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
1081 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
1085 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
1086 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
1089 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
1090 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
1092 if (s
->ip_ttl
>= 0) {
1095 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
1097 if (socket_ipv6_is_supported())
1098 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
1101 errno
= EAFNOSUPPORT
;
1105 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
1108 if (s
->tcp_congestion
)
1109 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
1110 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
1112 if (s
->smack_ip_in
) {
1113 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPIN
, s
->smack_ip_in
);
1115 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
1118 if (s
->smack_ip_out
) {
1119 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPOUT
, s
->smack_ip_out
);
1121 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
1125 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
1131 if (s
->pipe_size
> 0)
1132 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
1133 log_unit_warning_errno(UNIT(s
), errno
, "Setting pipe size failed, ignoring: %m");
1136 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_ACCESS
, s
->smack
);
1138 log_unit_error_errno(UNIT(s
), r
, "SMACK relabelling failed, ignoring: %m");
1142 static int fifo_address_create(
1144 mode_t directory_mode
,
1145 mode_t socket_mode
) {
1147 _cleanup_close_
int fd
= -1;
1154 mkdir_parents_label(path
, directory_mode
);
1156 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
1160 /* Enforce the right access mode for the fifo */
1161 old_mask
= umask(~ socket_mode
);
1163 /* Include the original umask in our mask */
1164 (void) umask(~socket_mode
| old_mask
);
1166 r
= mkfifo(path
, socket_mode
);
1167 (void) umask(old_mask
);
1169 if (r
< 0 && errno
!= EEXIST
) {
1174 fd
= open(path
, O_RDWR
| O_CLOEXEC
| O_NOCTTY
| O_NONBLOCK
| O_NOFOLLOW
);
1180 mac_selinux_create_file_clear();
1182 if (fstat(fd
, &st
) < 0) {
1187 if (!S_ISFIFO(st
.st_mode
) ||
1188 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1189 st
.st_uid
!= getuid() ||
1190 st
.st_gid
!= getgid()) {
1201 mac_selinux_create_file_clear();
1205 static int special_address_create(const char *path
, bool writable
) {
1206 _cleanup_close_
int fd
= -1;
1212 fd
= open(path
, (writable
? O_RDWR
: O_RDONLY
)|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1216 if (fstat(fd
, &st
) < 0)
1219 /* Check whether this is a /proc, /sys or /dev file or char device */
1220 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
))
1229 static int usbffs_address_create(const char *path
) {
1230 _cleanup_close_
int fd
= -1;
1236 fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1240 if (fstat(fd
, &st
) < 0)
1243 /* Check whether this is a regular file (ffs endpoint)*/
1244 if (!S_ISREG(st
.st_mode
))
1253 static int mq_address_create(
1259 _cleanup_close_
int fd
= -1;
1262 struct mq_attr _attr
, *attr
= NULL
;
1267 if (maxmsg
> 0 && msgsize
> 0) {
1268 _attr
= (struct mq_attr
) {
1269 .mq_flags
= O_NONBLOCK
,
1270 .mq_maxmsg
= maxmsg
,
1271 .mq_msgsize
= msgsize
,
1276 /* Enforce the right access mode for the mq */
1277 old_mask
= umask(~ mq_mode
);
1279 /* Include the original umask in our mask */
1280 (void) umask(~mq_mode
| old_mask
);
1281 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1282 (void) umask(old_mask
);
1287 if (fstat(fd
, &st
) < 0)
1290 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1291 st
.st_uid
!= getuid() ||
1292 st
.st_gid
!= getgid())
1301 static int socket_symlink(Socket
*s
) {
1307 p
= socket_find_symlink_target(s
);
1311 STRV_FOREACH(i
, s
->symlinks
)
1312 symlink_label(p
, *i
);
1317 static int usbffs_write_descs(int fd
, Service
*s
) {
1320 if (!s
->usb_function_descriptors
|| !s
->usb_function_strings
)
1323 r
= copy_file_fd(s
->usb_function_descriptors
, fd
, false);
1327 return copy_file_fd(s
->usb_function_strings
, fd
, false);
1330 static int usbffs_select_ep(const struct dirent
*d
) {
1331 return d
->d_name
[0] != '.' && !streq(d
->d_name
, "ep0");
1334 static int usbffs_dispatch_eps(SocketPort
*p
) {
1335 _cleanup_free_
struct dirent
**ent
= NULL
;
1338 r
= scandir(p
->path
, &ent
, usbffs_select_ep
, alphasort
);
1343 p
->auxiliary_fds
= new(int, n
);
1344 if (!p
->auxiliary_fds
)
1347 p
->n_auxiliary_fds
= n
;
1350 for (i
= 0; i
< n
; ++i
) {
1351 _cleanup_free_
char *ep
= NULL
;
1353 ep
= path_make_absolute(ent
[i
]->d_name
, p
->path
);
1357 path_kill_slashes(ep
);
1359 r
= usbffs_address_create(ep
);
1363 p
->auxiliary_fds
[k
] = r
;
1372 close_many(p
->auxiliary_fds
, k
);
1373 p
->auxiliary_fds
= mfree(p
->auxiliary_fds
);
1374 p
->n_auxiliary_fds
= 0;
1379 static int socket_determine_selinux_label(Socket
*s
, char **ret
) {
1386 if (s
->selinux_context_from_net
) {
1387 /* If this is requested, get label from the network label */
1389 r
= mac_selinux_get_our_label(ret
);
1390 if (r
== -EOPNOTSUPP
)
1394 /* Otherwise, get it from the executable we are about to start */
1395 r
= socket_instantiate_service(s
);
1399 if (!UNIT_ISSET(s
->service
))
1402 c
= SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
];
1406 r
= mac_selinux_get_create_label_from_exe(c
->path
, ret
);
1407 if (r
== -EPERM
|| r
== -EOPNOTSUPP
)
1418 static int socket_open_fds(Socket
*s
) {
1419 _cleanup_(mac_selinux_freep
) char *label
= NULL
;
1420 bool know_label
= false;
1426 LIST_FOREACH(port
, p
, s
->ports
) {
1436 /* Figure out label, if we don't it know yet. We do it once, for the first socket where
1437 * we need this and remember it for the rest. */
1439 r
= socket_determine_selinux_label(s
, &label
);
1446 /* Apply the socket protocol */
1447 switch (p
->address
.type
) {
1450 case SOCK_SEQPACKET
:
1451 if (s
->socket_protocol
== IPPROTO_SCTP
)
1452 p
->address
.protocol
= s
->socket_protocol
;
1456 if (s
->socket_protocol
== IPPROTO_UDPLITE
)
1457 p
->address
.protocol
= s
->socket_protocol
;
1461 r
= socket_address_listen(
1463 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1477 socket_apply_socket_options(s
, p
->fd
);
1481 case SOCKET_SPECIAL
:
1483 p
->fd
= special_address_create(p
->path
, s
->writable
);
1492 p
->fd
= fifo_address_create(
1501 socket_apply_fifo_options(s
, p
->fd
);
1507 p
->fd
= mq_address_create(
1518 case SOCKET_USB_FUNCTION
: {
1519 _cleanup_free_
char *ep
= NULL
;
1521 ep
= path_make_absolute("ep0", p
->path
);
1523 p
->fd
= usbffs_address_create(ep
);
1529 r
= usbffs_write_descs(p
->fd
, SERVICE(UNIT_DEREF(s
->service
)));
1533 r
= usbffs_dispatch_eps(p
);
1540 assert_not_reached("Unknown port type");
1547 socket_close_fds(s
);
1551 static void socket_unwatch_fds(Socket
*s
) {
1557 LIST_FOREACH(port
, p
, s
->ports
) {
1561 if (!p
->event_source
)
1564 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1566 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1570 static int socket_watch_fds(Socket
*s
) {
1576 LIST_FOREACH(port
, p
, s
->ports
) {
1580 if (p
->event_source
) {
1581 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1585 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1589 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1596 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1597 socket_unwatch_fds(s
);
1607 static int socket_check_open(Socket
*s
) {
1608 bool have_open
= false, have_closed
= false;
1613 LIST_FOREACH(port
, p
, s
->ports
) {
1619 if (have_open
&& have_closed
)
1620 return SOCKET_OPEN_SOME
;
1624 return SOCKET_OPEN_ALL
;
1626 return SOCKET_OPEN_NONE
;
1629 static void socket_set_state(Socket
*s
, SocketState state
) {
1630 SocketState old_state
;
1633 old_state
= s
->state
;
1641 SOCKET_STOP_PRE_SIGTERM
,
1642 SOCKET_STOP_PRE_SIGKILL
,
1644 SOCKET_FINAL_SIGTERM
,
1645 SOCKET_FINAL_SIGKILL
)) {
1647 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1648 socket_unwatch_control_pid(s
);
1649 s
->control_command
= NULL
;
1650 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1653 if (state
!= SOCKET_LISTENING
)
1654 socket_unwatch_fds(s
);
1662 SOCKET_STOP_PRE_SIGTERM
,
1663 SOCKET_STOP_PRE_SIGKILL
))
1664 socket_close_fds(s
);
1666 if (state
!= old_state
)
1667 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1669 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1672 static int socket_coldplug(Unit
*u
) {
1673 Socket
*s
= SOCKET(u
);
1677 assert(s
->state
== SOCKET_DEAD
);
1679 if (s
->deserialized_state
== s
->state
)
1682 if (s
->control_pid
> 0 &&
1683 pid_is_unwaited(s
->control_pid
) &&
1684 IN_SET(s
->deserialized_state
,
1689 SOCKET_STOP_PRE_SIGTERM
,
1690 SOCKET_STOP_PRE_SIGKILL
,
1692 SOCKET_FINAL_SIGTERM
,
1693 SOCKET_FINAL_SIGKILL
)) {
1695 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1699 r
= socket_arm_timer(s
, usec_add(u
->state_change_timestamp
.monotonic
, s
->timeout_usec
));
1704 if (IN_SET(s
->deserialized_state
,
1710 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1711 * for. However, this is problematic, as we won't traverse throught the SOCKET_START_CHOWN state for
1712 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1713 * and if there's a mismatch, warn loudly. */
1715 r
= socket_check_open(s
);
1716 if (r
== SOCKET_OPEN_NONE
)
1717 log_unit_warning(UNIT(s
),
1718 "Socket unit configuration has changed while unit has been running, "
1719 "no open socket file descriptor left. "
1720 "The socket unit is not functional until restarted.");
1721 else if (r
== SOCKET_OPEN_SOME
)
1722 log_unit_warning(UNIT(s
),
1723 "Socket unit configuration has changed while unit has been running, "
1724 "and some socket file descriptors have not been opened yet. "
1725 "The socket unit is not fully functional until restarted.");
1728 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1729 r
= socket_watch_fds(s
);
1734 if (!IN_SET(s
->deserialized_state
, SOCKET_DEAD
, SOCKET_FAILED
))
1735 (void) unit_setup_dynamic_creds(u
);
1737 socket_set_state(s
, s
->deserialized_state
);
1741 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1744 ExecParameters exec_params
= {
1745 .flags
= EXEC_APPLY_PERMISSIONS
|EXEC_APPLY_CHROOT
|EXEC_APPLY_TTY_STDIN
,
1755 (void) unit_realize_cgroup(UNIT(s
));
1756 if (s
->reset_cpu_usage
) {
1757 (void) unit_reset_cpu_usage(UNIT(s
));
1758 s
->reset_cpu_usage
= false;
1761 r
= unit_setup_exec_runtime(UNIT(s
));
1765 r
= unit_setup_dynamic_creds(UNIT(s
));
1769 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
1773 exec_params
.argv
= c
->argv
;
1774 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1775 exec_params
.confirm_spawn
= manager_get_confirm_spawn(UNIT(s
)->manager
);
1776 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1777 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1778 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1779 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1781 r
= exec_spawn(UNIT(s
),
1791 r
= unit_watch_pid(UNIT(s
), pid
);
1793 /* FIXME: we need to do something here */
1800 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1804 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
1808 /* We have to resolve the user names out-of-process, hence
1809 * let's fork here. It's messy, but well, what can we do? */
1817 uid_t uid
= UID_INVALID
;
1818 gid_t gid
= GID_INVALID
;
1821 (void) default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1822 (void) ignore_signals(SIGPIPE
, -1);
1825 if (!isempty(s
->user
)) {
1826 const char *user
= s
->user
;
1828 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1835 if (!isempty(s
->group
)) {
1836 const char *group
= s
->group
;
1838 r
= get_group_creds(&group
, &gid
);
1845 LIST_FOREACH(port
, p
, s
->ports
) {
1846 const char *path
= NULL
;
1848 if (p
->type
== SOCKET_SOCKET
)
1849 path
= socket_address_get_path(&p
->address
);
1850 else if (p
->type
== SOCKET_FIFO
)
1856 if (chown(path
, uid
, gid
) < 0) {
1867 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1872 r
= unit_watch_pid(UNIT(s
), pid
);
1880 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1884 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1887 if (s
->result
== SOCKET_SUCCESS
)
1890 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1892 exec_runtime_destroy(s
->exec_runtime
);
1893 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1895 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1897 unit_unref_uid_gid(UNIT(s
), true);
1899 dynamic_creds_destroy(&s
->dynamic_creds
);
1902 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1904 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1908 if (s
->result
== SOCKET_SUCCESS
)
1911 socket_unwatch_control_pid(s
);
1912 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1913 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1915 if (s
->control_command
) {
1916 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1920 socket_set_state(s
, SOCKET_STOP_POST
);
1922 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1927 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1928 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1931 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1936 if (s
->result
== SOCKET_SUCCESS
)
1939 r
= unit_kill_context(
1942 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1943 KILL_KILL
: KILL_TERMINATE
,
1951 r
= socket_arm_timer(s
, usec_add(now(CLOCK_MONOTONIC
), s
->timeout_usec
));
1955 socket_set_state(s
, state
);
1956 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1957 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1958 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1959 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1960 else if (state
== SOCKET_FINAL_SIGTERM
)
1961 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1963 socket_enter_dead(s
, SOCKET_SUCCESS
);
1968 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1970 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1971 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1973 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1976 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1980 if (s
->result
== SOCKET_SUCCESS
)
1983 socket_unwatch_control_pid(s
);
1984 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1985 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1987 if (s
->control_command
) {
1988 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1992 socket_set_state(s
, SOCKET_STOP_PRE
);
1994 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1999 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
2000 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
2003 static void socket_enter_listening(Socket
*s
) {
2007 r
= socket_watch_fds(s
);
2009 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
2013 socket_set_state(s
, SOCKET_LISTENING
);
2017 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2020 static void socket_enter_start_post(Socket
*s
) {
2024 socket_unwatch_control_pid(s
);
2025 s
->control_command_id
= SOCKET_EXEC_START_POST
;
2026 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
2028 if (s
->control_command
) {
2029 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2031 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
2035 socket_set_state(s
, SOCKET_START_POST
);
2037 socket_enter_listening(s
);
2042 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2045 static void socket_enter_start_chown(Socket
*s
) {
2050 r
= socket_open_fds(s
);
2052 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
2056 if (!isempty(s
->user
) || !isempty(s
->group
)) {
2058 socket_unwatch_control_pid(s
);
2059 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
2060 s
->control_command
= NULL
;
2062 r
= socket_chown(s
, &s
->control_pid
);
2064 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
2068 socket_set_state(s
, SOCKET_START_CHOWN
);
2070 socket_enter_start_post(s
);
2075 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2078 static void socket_enter_start_pre(Socket
*s
) {
2082 socket_unwatch_control_pid(s
);
2083 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
2084 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
2086 if (s
->control_command
) {
2087 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2089 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
2093 socket_set_state(s
, SOCKET_START_PRE
);
2095 socket_enter_start_chown(s
);
2100 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
2103 static void flush_ports(Socket
*s
) {
2106 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
2109 LIST_FOREACH(port
, p
, s
->ports
) {
2113 (void) flush_accept(p
->fd
);
2114 (void) flush_fd(p
->fd
);
2118 static void socket_enter_running(Socket
*s
, int cfd
) {
2119 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2122 /* Note that this call takes possession of the connection fd passed. It either has to assign it somewhere or
2127 /* We don't take connections anymore if we are supposed to shut down anyway */
2128 if (unit_stop_pending(UNIT(s
))) {
2130 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
2133 cfd
= safe_close(cfd
);
2140 if (!ratelimit_test(&s
->trigger_limit
)) {
2142 log_unit_warning(UNIT(s
), "Trigger limit hit, refusing further activation.");
2143 socket_enter_stop_pre(s
, SOCKET_FAILURE_TRIGGER_LIMIT_HIT
);
2150 bool pending
= false;
2152 /* If there's already a start pending don't bother to
2154 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
2155 if (unit_active_or_pending(other
)) {
2161 if (!UNIT_ISSET(s
->service
)) {
2162 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
2167 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, &error
, NULL
);
2172 socket_set_state(s
, SOCKET_RUNNING
);
2174 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
2175 _cleanup_(socket_peer_unrefp
) SocketPeer
*p
= NULL
;
2178 if (s
->n_connections
>= s
->max_connections
) {
2179 log_unit_warning(UNIT(s
), "Too many incoming connections (%u), dropping connection.",
2185 if (s
->max_connections_per_source
> 0) {
2186 r
= socket_acquire_peer(s
, cfd
, &p
);
2190 } else if (r
> 0 && p
->n_ref
> s
->max_connections_per_source
) {
2191 _cleanup_free_
char *t
= NULL
;
2193 sockaddr_pretty(&p
->peer
.sa
, FAMILY_ADDRESS_SIZE(p
->peer
.sa
.sa_family
), true, false, &t
);
2195 log_unit_warning(UNIT(s
),
2196 "Too many incoming connections (%u) from source %s, dropping connection.",
2197 p
->n_ref
, strnull(t
));
2203 r
= socket_instantiate_service(s
);
2207 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
2212 /* ENOTCONN is legitimate if TCP RST was received.
2213 * This connection is over, but the socket unit lives on. */
2214 log_unit_debug(UNIT(s
), "Got ENOTCONN on incoming socket, assuming aborted connection attempt, ignoring.");
2219 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
2223 r
= unit_name_build(prefix
, instance
, ".service", &name
);
2227 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
2231 service
= SERVICE(UNIT_DEREF(s
->service
));
2232 unit_ref_unset(&s
->service
);
2235 unit_choose_id(UNIT(service
), name
);
2237 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
2241 cfd
= -1; /* We passed ownership of the fd to the service now. Forget it here. */
2244 service
->peer
= p
; /* Pass ownership of the peer reference */
2247 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, &error
, NULL
);
2249 /* We failed to activate the new service, but it still exists. Let's make sure the service
2250 * closes and forgets the connection fd again, immediately. */
2251 service_close_socket_fd(service
);
2255 /* Notify clients about changed counters */
2256 unit_add_to_dbus_queue(UNIT(s
));
2262 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2263 cfd
>= 0 ? "template" : "non-template",
2264 bus_error_message(&error
, r
));
2266 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2270 static void socket_run_next(Socket
*s
) {
2274 assert(s
->control_command
);
2275 assert(s
->control_command
->command_next
);
2277 socket_unwatch_control_pid(s
);
2279 s
->control_command
= s
->control_command
->command_next
;
2281 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
2288 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
2290 if (s
->state
== SOCKET_START_POST
)
2291 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
2292 else if (s
->state
== SOCKET_STOP_POST
)
2293 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
2295 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
2298 static int socket_start(Unit
*u
) {
2299 Socket
*s
= SOCKET(u
);
2304 /* We cannot fulfill this request right now, try again later
2306 if (IN_SET(s
->state
,
2308 SOCKET_STOP_PRE_SIGKILL
,
2309 SOCKET_STOP_PRE_SIGTERM
,
2311 SOCKET_FINAL_SIGTERM
,
2312 SOCKET_FINAL_SIGKILL
))
2315 /* Already on it! */
2316 if (IN_SET(s
->state
,
2322 /* Cannot run this without the service being around */
2323 if (UNIT_ISSET(s
->service
)) {
2326 service
= SERVICE(UNIT_DEREF(s
->service
));
2328 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
2329 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
2333 /* If the service is already active we cannot start the
2335 if (service
->state
!= SERVICE_DEAD
&&
2336 service
->state
!= SERVICE_FAILED
&&
2337 service
->state
!= SERVICE_AUTO_RESTART
) {
2338 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
2343 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
2345 r
= unit_start_limit_test(u
);
2347 socket_enter_dead(s
, SOCKET_FAILURE_START_LIMIT_HIT
);
2351 r
= unit_acquire_invocation_id(u
);
2355 s
->result
= SOCKET_SUCCESS
;
2356 s
->reset_cpu_usage
= true;
2358 socket_enter_start_pre(s
);
2362 static int socket_stop(Unit
*u
) {
2363 Socket
*s
= SOCKET(u
);
2368 if (IN_SET(s
->state
,
2370 SOCKET_STOP_PRE_SIGTERM
,
2371 SOCKET_STOP_PRE_SIGKILL
,
2373 SOCKET_FINAL_SIGTERM
,
2374 SOCKET_FINAL_SIGKILL
))
2377 /* If there's already something running we go directly into
2379 if (IN_SET(s
->state
,
2382 SOCKET_START_POST
)) {
2383 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
2387 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
2389 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
2393 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
2394 Socket
*s
= SOCKET(u
);
2402 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2403 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2404 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2406 if (s
->control_pid
> 0)
2407 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2409 if (s
->control_command_id
>= 0)
2410 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2412 LIST_FOREACH(port
, p
, s
->ports
) {
2418 copy
= fdset_put_dup(fds
, p
->fd
);
2422 if (p
->type
== SOCKET_SOCKET
) {
2423 _cleanup_free_
char *t
= NULL
;
2425 r
= socket_address_print(&p
->address
, &t
);
2429 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2430 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2432 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2434 } else if (p
->type
== SOCKET_SPECIAL
)
2435 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2436 else if (p
->type
== SOCKET_MQUEUE
)
2437 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2438 else if (p
->type
== SOCKET_USB_FUNCTION
)
2439 unit_serialize_item_format(u
, f
, "ffs", "%i %s", copy
, p
->path
);
2441 assert(p
->type
== SOCKET_FIFO
);
2442 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2449 static void socket_port_take_fd(SocketPort
*p
, FDSet
*fds
, int fd
) {
2451 p
->fd
= fdset_remove(fds
, fd
);
2454 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2455 Socket
*s
= SOCKET(u
);
2461 if (streq(key
, "state")) {
2464 state
= socket_state_from_string(value
);
2466 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2468 s
->deserialized_state
= state
;
2469 } else if (streq(key
, "result")) {
2472 f
= socket_result_from_string(value
);
2474 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2475 else if (f
!= SOCKET_SUCCESS
)
2478 } else if (streq(key
, "n-accepted")) {
2481 if (safe_atou(value
, &k
) < 0)
2482 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2485 } else if (streq(key
, "control-pid")) {
2488 if (parse_pid(value
, &pid
) < 0)
2489 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2491 s
->control_pid
= pid
;
2492 } else if (streq(key
, "control-command")) {
2493 SocketExecCommand id
;
2495 id
= socket_exec_command_from_string(value
);
2497 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2499 s
->control_command_id
= id
;
2500 s
->control_command
= s
->exec_command
[id
];
2502 } else if (streq(key
, "fifo")) {
2506 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2507 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2509 LIST_FOREACH(port
, p
, s
->ports
)
2510 if (p
->type
== SOCKET_FIFO
&&
2511 path_equal_or_files_same(p
->path
, value
+skip
)) {
2512 socket_port_take_fd(p
, fds
, fd
);
2516 } else if (streq(key
, "special")) {
2520 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2521 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2523 LIST_FOREACH(port
, p
, s
->ports
)
2524 if (p
->type
== SOCKET_SPECIAL
&&
2525 path_equal_or_files_same(p
->path
, value
+skip
)) {
2526 socket_port_take_fd(p
, fds
, fd
);
2530 } else if (streq(key
, "mqueue")) {
2534 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2535 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2537 LIST_FOREACH(port
, p
, s
->ports
)
2538 if (p
->type
== SOCKET_MQUEUE
&&
2539 streq(p
->path
, value
+skip
)) {
2540 socket_port_take_fd(p
, fds
, fd
);
2544 } else if (streq(key
, "socket")) {
2545 int fd
, type
, skip
= 0;
2548 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2549 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2551 LIST_FOREACH(port
, p
, s
->ports
)
2552 if (socket_address_is(&p
->address
, value
+skip
, type
)) {
2553 socket_port_take_fd(p
, fds
, fd
);
2557 } else if (streq(key
, "netlink")) {
2561 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2562 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2564 LIST_FOREACH(port
, p
, s
->ports
)
2565 if (socket_address_is_netlink(&p
->address
, value
+skip
)) {
2566 socket_port_take_fd(p
, fds
, fd
);
2570 } else if (streq(key
, "ffs")) {
2574 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2575 log_unit_debug(u
, "Failed to parse ffs value: %s", value
);
2577 LIST_FOREACH(port
, p
, s
->ports
)
2578 if (p
->type
== SOCKET_USB_FUNCTION
&&
2579 path_equal_or_files_same(p
->path
, value
+skip
)) {
2580 socket_port_take_fd(p
, fds
, fd
);
2585 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2590 static void socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2591 Socket
*s
= SOCKET(u
);
2596 LIST_FOREACH(port
, p
, s
->ports
) {
2600 if (p
->type
!= SOCKET_SOCKET
)
2606 FDSET_FOREACH(fd
, fds
, i
) {
2607 if (socket_address_matches_fd(&p
->address
, fd
)) {
2608 p
->fd
= fdset_remove(fds
, fd
);
2609 s
->deserialized_state
= SOCKET_LISTENING
;
2616 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2619 return state_translation_table
[SOCKET(u
)->state
];
2622 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2625 return socket_state_to_string(SOCKET(u
)->state
);
2628 const char* socket_port_type_to_string(SocketPort
*p
) {
2636 switch (p
->address
.type
) {
2644 case SOCK_SEQPACKET
:
2645 return "SequentialPacket";
2648 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2655 case SOCKET_SPECIAL
:
2659 return "MessageQueue";
2664 case SOCKET_USB_FUNCTION
:
2665 return "USBFunction";
2672 _pure_
static bool socket_check_gc(Unit
*u
) {
2673 Socket
*s
= SOCKET(u
);
2677 return s
->n_connections
> 0;
2680 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2681 SocketPort
*p
= userdata
;
2687 if (p
->socket
->state
!= SOCKET_LISTENING
)
2690 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2692 if (revents
!= EPOLLIN
) {
2694 if (revents
& EPOLLHUP
)
2695 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2697 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2701 if (p
->socket
->accept
&&
2702 p
->type
== SOCKET_SOCKET
&&
2703 socket_address_can_accept(&p
->address
)) {
2707 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2713 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2720 socket_apply_socket_options(p
->socket
, cfd
);
2723 socket_enter_running(p
->socket
, cfd
);
2727 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2731 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2732 Socket
*s
= SOCKET(u
);
2738 if (pid
!= s
->control_pid
)
2743 if (is_clean_exit(code
, status
, EXIT_CLEAN_COMMAND
, NULL
))
2745 else if (code
== CLD_EXITED
)
2746 f
= SOCKET_FAILURE_EXIT_CODE
;
2747 else if (code
== CLD_KILLED
)
2748 f
= SOCKET_FAILURE_SIGNAL
;
2749 else if (code
== CLD_DUMPED
)
2750 f
= SOCKET_FAILURE_CORE_DUMP
;
2752 assert_not_reached("Unknown sigchld code");
2754 if (s
->control_command
) {
2755 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2757 if (s
->control_command
->ignore
)
2761 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2762 "Control process exited, code=%s status=%i",
2763 sigchld_code_to_string(code
), status
);
2765 if (s
->result
== SOCKET_SUCCESS
)
2768 if (s
->control_command
&&
2769 s
->control_command
->command_next
&&
2770 f
== SOCKET_SUCCESS
) {
2772 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2775 s
->control_command
= NULL
;
2776 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2778 /* No further commands for this step, so let's figure
2779 * out what to do next */
2781 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2785 case SOCKET_START_PRE
:
2786 if (f
== SOCKET_SUCCESS
)
2787 socket_enter_start_chown(s
);
2789 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2792 case SOCKET_START_CHOWN
:
2793 if (f
== SOCKET_SUCCESS
)
2794 socket_enter_start_post(s
);
2796 socket_enter_stop_pre(s
, f
);
2799 case SOCKET_START_POST
:
2800 if (f
== SOCKET_SUCCESS
)
2801 socket_enter_listening(s
);
2803 socket_enter_stop_pre(s
, f
);
2806 case SOCKET_STOP_PRE
:
2807 case SOCKET_STOP_PRE_SIGTERM
:
2808 case SOCKET_STOP_PRE_SIGKILL
:
2809 socket_enter_stop_post(s
, f
);
2812 case SOCKET_STOP_POST
:
2813 case SOCKET_FINAL_SIGTERM
:
2814 case SOCKET_FINAL_SIGKILL
:
2815 socket_enter_dead(s
, f
);
2819 assert_not_reached("Uh, control process died at wrong time.");
2823 /* Notify clients about changed exit status */
2824 unit_add_to_dbus_queue(u
);
2827 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2828 Socket
*s
= SOCKET(userdata
);
2831 assert(s
->timer_event_source
== source
);
2835 case SOCKET_START_PRE
:
2836 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2837 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2840 case SOCKET_START_CHOWN
:
2841 case SOCKET_START_POST
:
2842 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2843 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2846 case SOCKET_STOP_PRE
:
2847 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2848 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2851 case SOCKET_STOP_PRE_SIGTERM
:
2852 if (s
->kill_context
.send_sigkill
) {
2853 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2854 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2856 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2857 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2861 case SOCKET_STOP_PRE_SIGKILL
:
2862 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2863 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2866 case SOCKET_STOP_POST
:
2867 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2868 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2871 case SOCKET_FINAL_SIGTERM
:
2872 if (s
->kill_context
.send_sigkill
) {
2873 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2874 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2876 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2877 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2881 case SOCKET_FINAL_SIGKILL
:
2882 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2883 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2887 assert_not_reached("Timeout at wrong time.");
2893 int socket_collect_fds(Socket
*s
, int **fds
) {
2894 int *rfds
, k
= 0, n
= 0;
2900 /* Called from the service code for requesting our fds */
2902 LIST_FOREACH(port
, p
, s
->ports
) {
2905 n
+= p
->n_auxiliary_fds
;
2917 LIST_FOREACH(port
, p
, s
->ports
) {
2922 for (i
= 0; i
< p
->n_auxiliary_fds
; ++i
)
2923 rfds
[k
++] = p
->auxiliary_fds
[i
];
2932 static void socket_reset_failed(Unit
*u
) {
2933 Socket
*s
= SOCKET(u
);
2937 if (s
->state
== SOCKET_FAILED
)
2938 socket_set_state(s
, SOCKET_DEAD
);
2940 s
->result
= SOCKET_SUCCESS
;
2943 void socket_connection_unref(Socket
*s
) {
2946 /* The service is dead. Yay!
2948 * This is strictly for one-instance-per-connection
2951 assert(s
->n_connections
> 0);
2954 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2957 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2958 Socket
*s
= SOCKET(u
);
2963 /* Filter out invocations with bogus state */
2964 if (other
->load_state
!= UNIT_LOADED
|| other
->type
!= UNIT_SERVICE
)
2967 /* Don't propagate state changes from the service if we are already down */
2968 if (!IN_SET(s
->state
, SOCKET_RUNNING
, SOCKET_LISTENING
))
2971 /* We don't care for the service state if we are in Accept=yes mode */
2975 /* Propagate start limit hit state */
2976 if (other
->start_limit_hit
) {
2977 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT
);
2981 /* Don't propagate anything if there's still a job queued */
2985 if (IN_SET(SERVICE(other
)->state
,
2986 SERVICE_DEAD
, SERVICE_FAILED
,
2987 SERVICE_FINAL_SIGTERM
, SERVICE_FINAL_SIGKILL
,
2988 SERVICE_AUTO_RESTART
))
2989 socket_enter_listening(s
);
2991 if (SERVICE(other
)->state
== SERVICE_RUNNING
)
2992 socket_set_state(s
, SOCKET_RUNNING
);
2995 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2996 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2999 static int socket_get_timeout(Unit
*u
, usec_t
*timeout
) {
3000 Socket
*s
= SOCKET(u
);
3004 if (!s
->timer_event_source
)
3007 r
= sd_event_source_get_time(s
->timer_event_source
, &t
);
3010 if (t
== USEC_INFINITY
)
3017 char *socket_fdname(Socket
*s
) {
3020 /* Returns the name to use for $LISTEN_NAMES. If the user
3021 * didn't specify anything specifically, use the socket unit's
3022 * name as fallback. */
3030 static int socket_control_pid(Unit
*u
) {
3031 Socket
*s
= SOCKET(u
);
3035 return s
->control_pid
;
3038 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
3039 [SOCKET_EXEC_START_PRE
] = "StartPre",
3040 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
3041 [SOCKET_EXEC_START_POST
] = "StartPost",
3042 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
3043 [SOCKET_EXEC_STOP_POST
] = "StopPost"
3046 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
3048 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
3049 [SOCKET_SUCCESS
] = "success",
3050 [SOCKET_FAILURE_RESOURCES
] = "resources",
3051 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
3052 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
3053 [SOCKET_FAILURE_SIGNAL
] = "signal",
3054 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
3055 [SOCKET_FAILURE_START_LIMIT_HIT
] = "start-limit-hit",
3056 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT
] = "trigger-limit-hit",
3057 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT
] = "service-start-limit-hit"
3060 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
3062 const UnitVTable socket_vtable
= {
3063 .object_size
= sizeof(Socket
),
3064 .exec_context_offset
= offsetof(Socket
, exec_context
),
3065 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
3066 .kill_context_offset
= offsetof(Socket
, kill_context
),
3067 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
3068 .dynamic_creds_offset
= offsetof(Socket
, dynamic_creds
),
3074 .private_section
= "Socket",
3076 .init
= socket_init
,
3077 .done
= socket_done
,
3078 .load
= socket_load
,
3080 .coldplug
= socket_coldplug
,
3082 .dump
= socket_dump
,
3084 .start
= socket_start
,
3085 .stop
= socket_stop
,
3087 .kill
= socket_kill
,
3089 .get_timeout
= socket_get_timeout
,
3091 .serialize
= socket_serialize
,
3092 .deserialize_item
= socket_deserialize_item
,
3093 .distribute_fds
= socket_distribute_fds
,
3095 .active_state
= socket_active_state
,
3096 .sub_state_to_string
= socket_sub_state_to_string
,
3098 .check_gc
= socket_check_gc
,
3100 .sigchld_event
= socket_sigchld_event
,
3102 .trigger_notify
= socket_trigger_notify
,
3104 .reset_failed
= socket_reset_failed
,
3106 .control_pid
= socket_control_pid
,
3108 .bus_vtable
= bus_socket_vtable
,
3109 .bus_set_property
= bus_socket_set_property
,
3110 .bus_commit_properties
= bus_socket_commit_properties
,
3112 .status_message_formats
= {
3113 /*.starting_stopping = {
3114 [0] = "Starting socket %s...",
3115 [1] = "Stopping socket %s...",
3117 .finished_start_job
= {
3118 [JOB_DONE
] = "Listening on %s.",
3119 [JOB_FAILED
] = "Failed to listen on %s.",
3120 [JOB_TIMEOUT
] = "Timed out starting %s.",
3122 .finished_stop_job
= {
3123 [JOB_DONE
] = "Closed %s.",
3124 [JOB_FAILED
] = "Failed stopping %s.",
3125 [JOB_TIMEOUT
] = "Timed out stopping %s.",