]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #3193 from htejun/cgroup-io-controller
[thirdparty/systemd.git] / src / core / socket.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <arpa/inet.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <mqueue.h>
24 #include <netinet/tcp.h>
25 #include <signal.h>
26 #include <sys/epoll.h>
27 #include <sys/stat.h>
28 #include <unistd.h>
29 #include <linux/sctp.h>
30
31 #include "alloc-util.h"
32 #include "bus-error.h"
33 #include "bus-util.h"
34 #include "copy.h"
35 #include "dbus-socket.h"
36 #include "def.h"
37 #include "exit-status.h"
38 #include "fd-util.h"
39 #include "formats-util.h"
40 #include "io-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "parse-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "selinux-util.h"
49 #include "signal-util.h"
50 #include "smack-util.h"
51 #include "socket.h"
52 #include "special.h"
53 #include "string-table.h"
54 #include "string-util.h"
55 #include "strv.h"
56 #include "unit-name.h"
57 #include "unit-printf.h"
58 #include "unit.h"
59 #include "user-util.h"
60
61 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
62 [SOCKET_DEAD] = UNIT_INACTIVE,
63 [SOCKET_START_PRE] = UNIT_ACTIVATING,
64 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
65 [SOCKET_START_POST] = UNIT_ACTIVATING,
66 [SOCKET_LISTENING] = UNIT_ACTIVE,
67 [SOCKET_RUNNING] = UNIT_ACTIVE,
68 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
72 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
73 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
74 [SOCKET_FAILED] = UNIT_FAILED
75 };
76
77 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
78 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
79
80 static void socket_init(Unit *u) {
81 Socket *s = SOCKET(u);
82
83 assert(u);
84 assert(u->load_state == UNIT_STUB);
85
86 s->backlog = SOMAXCONN;
87 s->timeout_usec = u->manager->default_timeout_start_usec;
88 s->directory_mode = 0755;
89 s->socket_mode = 0666;
90
91 s->max_connections = 64;
92
93 s->priority = -1;
94 s->ip_tos = -1;
95 s->ip_ttl = -1;
96 s->mark = -1;
97
98 s->exec_context.std_output = u->manager->default_std_output;
99 s->exec_context.std_error = u->manager->default_std_error;
100
101 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
102
103 s->trigger_limit.interval = USEC_INFINITY;
104 s->trigger_limit.burst = (unsigned) -1;
105 }
106
107 static void socket_unwatch_control_pid(Socket *s) {
108 assert(s);
109
110 if (s->control_pid <= 0)
111 return;
112
113 unit_unwatch_pid(UNIT(s), s->control_pid);
114 s->control_pid = 0;
115 }
116
117 static void socket_cleanup_fd_list(SocketPort *p) {
118 assert(p);
119
120 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
121 p->auxiliary_fds = mfree(p->auxiliary_fds);
122 p->n_auxiliary_fds = 0;
123 }
124
125 void socket_free_ports(Socket *s) {
126 SocketPort *p;
127
128 assert(s);
129
130 while ((p = s->ports)) {
131 LIST_REMOVE(port, s->ports, p);
132
133 sd_event_source_unref(p->event_source);
134
135 socket_cleanup_fd_list(p);
136 safe_close(p->fd);
137 free(p->path);
138 free(p);
139 }
140 }
141
142 static void socket_done(Unit *u) {
143 Socket *s = SOCKET(u);
144
145 assert(s);
146
147 socket_free_ports(s);
148
149 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
150 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
151 s->control_command = NULL;
152
153 socket_unwatch_control_pid(s);
154
155 unit_ref_unset(&s->service);
156
157 s->tcp_congestion = mfree(s->tcp_congestion);
158 s->bind_to_device = mfree(s->bind_to_device);
159
160 s->smack = mfree(s->smack);
161 s->smack_ip_in = mfree(s->smack_ip_in);
162 s->smack_ip_out = mfree(s->smack_ip_out);
163
164 strv_free(s->symlinks);
165
166 s->user = mfree(s->user);
167 s->group = mfree(s->group);
168
169 s->fdname = mfree(s->fdname);
170
171 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
172 }
173
174 static int socket_arm_timer(Socket *s, usec_t usec) {
175 int r;
176
177 assert(s);
178
179 if (s->timer_event_source) {
180 r = sd_event_source_set_time(s->timer_event_source, usec);
181 if (r < 0)
182 return r;
183
184 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
185 }
186
187 if (usec == USEC_INFINITY)
188 return 0;
189
190 r = sd_event_add_time(
191 UNIT(s)->manager->event,
192 &s->timer_event_source,
193 CLOCK_MONOTONIC,
194 usec, 0,
195 socket_dispatch_timer, s);
196 if (r < 0)
197 return r;
198
199 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
200
201 return 0;
202 }
203
204 int socket_instantiate_service(Socket *s) {
205 _cleanup_free_ char *prefix = NULL, *name = NULL;
206 int r;
207 Unit *u;
208
209 assert(s);
210
211 /* This fills in s->service if it isn't filled in yet. For
212 * Accept=yes sockets we create the next connection service
213 * here. For Accept=no this is mostly a NOP since the service
214 * is figured out at load time anyway. */
215
216 if (UNIT_DEREF(s->service))
217 return 0;
218
219 if (!s->accept)
220 return 0;
221
222 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
223 if (r < 0)
224 return r;
225
226 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
227 return -ENOMEM;
228
229 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
230 if (r < 0)
231 return r;
232
233 unit_ref_set(&s->service, u);
234
235 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
236 }
237
238 static bool have_non_accept_socket(Socket *s) {
239 SocketPort *p;
240
241 assert(s);
242
243 if (!s->accept)
244 return true;
245
246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type != SOCKET_SOCKET)
249 return true;
250
251 if (!socket_address_can_accept(&p->address))
252 return true;
253 }
254
255 return false;
256 }
257
258 static int socket_add_mount_links(Socket *s) {
259 SocketPort *p;
260 int r;
261
262 assert(s);
263
264 LIST_FOREACH(port, p, s->ports) {
265 const char *path = NULL;
266
267 if (p->type == SOCKET_SOCKET)
268 path = socket_address_get_path(&p->address);
269 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
270 path = p->path;
271
272 if (!path)
273 continue;
274
275 r = unit_require_mounts_for(UNIT(s), path);
276 if (r < 0)
277 return r;
278 }
279
280 return 0;
281 }
282
283 static int socket_add_device_link(Socket *s) {
284 char *t;
285
286 assert(s);
287
288 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
289 return 0;
290
291 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
292 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
293 }
294
295 static int socket_add_default_dependencies(Socket *s) {
296 int r;
297 assert(s);
298
299 if (!UNIT(s)->default_dependencies)
300 return 0;
301
302 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
303 if (r < 0)
304 return r;
305
306 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
307 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
308 if (r < 0)
309 return r;
310 }
311
312 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
313 }
314
315 _pure_ static bool socket_has_exec(Socket *s) {
316 unsigned i;
317 assert(s);
318
319 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
320 if (s->exec_command[i])
321 return true;
322
323 return false;
324 }
325
326 static int socket_add_extras(Socket *s) {
327 Unit *u = UNIT(s);
328 int r;
329
330 assert(s);
331
332 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
333 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
334 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
335 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
336 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
337 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
338 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
339 * service starts are typical. */
340
341 if (s->trigger_limit.interval == USEC_INFINITY)
342 s->trigger_limit.interval = 2 * USEC_PER_SEC;
343
344 if (s->trigger_limit.burst == (unsigned) -1) {
345 if (s->accept)
346 s->trigger_limit.burst = 200;
347 else
348 s->trigger_limit.burst = 20;
349 }
350
351 if (have_non_accept_socket(s)) {
352
353 if (!UNIT_DEREF(s->service)) {
354 Unit *x;
355
356 r = unit_load_related_unit(u, ".service", &x);
357 if (r < 0)
358 return r;
359
360 unit_ref_set(&s->service, x);
361 }
362
363 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
364 if (r < 0)
365 return r;
366 }
367
368 r = socket_add_mount_links(s);
369 if (r < 0)
370 return r;
371
372 r = socket_add_device_link(s);
373 if (r < 0)
374 return r;
375
376 r = unit_patch_contexts(u);
377 if (r < 0)
378 return r;
379
380 if (socket_has_exec(s)) {
381 r = unit_add_exec_dependencies(u, &s->exec_context);
382 if (r < 0)
383 return r;
384
385 r = unit_set_default_slice(u);
386 if (r < 0)
387 return r;
388 }
389
390 r = socket_add_default_dependencies(s);
391 if (r < 0)
392 return r;
393
394 return 0;
395 }
396
397 static const char *socket_find_symlink_target(Socket *s) {
398 const char *found = NULL;
399 SocketPort *p;
400
401 LIST_FOREACH(port, p, s->ports) {
402 const char *f = NULL;
403
404 switch (p->type) {
405
406 case SOCKET_FIFO:
407 f = p->path;
408 break;
409
410 case SOCKET_SOCKET:
411 if (p->address.sockaddr.un.sun_path[0] != 0)
412 f = p->address.sockaddr.un.sun_path;
413 break;
414
415 default:
416 break;
417 }
418
419 if (f) {
420 if (found)
421 return NULL;
422
423 found = f;
424 }
425 }
426
427 return found;
428 }
429
430 static int socket_verify(Socket *s) {
431 assert(s);
432
433 if (UNIT(s)->load_state != UNIT_LOADED)
434 return 0;
435
436 if (!s->ports) {
437 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
438 return -EINVAL;
439 }
440
441 if (s->accept && have_non_accept_socket(s)) {
442 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
443 return -EINVAL;
444 }
445
446 if (s->accept && s->max_connections <= 0) {
447 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
448 return -EINVAL;
449 }
450
451 if (s->accept && UNIT_DEREF(s->service)) {
452 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
453 return -EINVAL;
454 }
455
456 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
457 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
458 return -EINVAL;
459 }
460
461 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
462 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
463 return -EINVAL;
464 }
465
466 return 0;
467 }
468
469 static int socket_load(Unit *u) {
470 Socket *s = SOCKET(u);
471 int r;
472
473 assert(u);
474 assert(u->load_state == UNIT_STUB);
475
476 r = unit_load_fragment_and_dropin(u);
477 if (r < 0)
478 return r;
479
480 if (u->load_state == UNIT_LOADED) {
481 /* This is a new unit? Then let's add in some extras */
482 r = socket_add_extras(s);
483 if (r < 0)
484 return r;
485 }
486
487 return socket_verify(s);
488 }
489
490 _const_ static const char* listen_lookup(int family, int type) {
491
492 if (family == AF_NETLINK)
493 return "ListenNetlink";
494
495 if (type == SOCK_STREAM)
496 return "ListenStream";
497 else if (type == SOCK_DGRAM)
498 return "ListenDatagram";
499 else if (type == SOCK_SEQPACKET)
500 return "ListenSequentialPacket";
501
502 assert_not_reached("Unknown socket type");
503 return NULL;
504 }
505
506 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
507 char time_string[FORMAT_TIMESPAN_MAX];
508 SocketExecCommand c;
509 Socket *s = SOCKET(u);
510 SocketPort *p;
511 const char *prefix2;
512
513 assert(s);
514 assert(f);
515
516 prefix = strempty(prefix);
517 prefix2 = strjoina(prefix, "\t");
518
519 fprintf(f,
520 "%sSocket State: %s\n"
521 "%sResult: %s\n"
522 "%sBindIPv6Only: %s\n"
523 "%sBacklog: %u\n"
524 "%sSocketMode: %04o\n"
525 "%sDirectoryMode: %04o\n"
526 "%sKeepAlive: %s\n"
527 "%sNoDelay: %s\n"
528 "%sFreeBind: %s\n"
529 "%sTransparent: %s\n"
530 "%sBroadcast: %s\n"
531 "%sPassCredentials: %s\n"
532 "%sPassSecurity: %s\n"
533 "%sTCPCongestion: %s\n"
534 "%sRemoveOnStop: %s\n"
535 "%sWritable: %s\n"
536 "%sFDName: %s\n"
537 "%sSELinuxContextFromNet: %s\n",
538 prefix, socket_state_to_string(s->state),
539 prefix, socket_result_to_string(s->result),
540 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
541 prefix, s->backlog,
542 prefix, s->socket_mode,
543 prefix, s->directory_mode,
544 prefix, yes_no(s->keep_alive),
545 prefix, yes_no(s->no_delay),
546 prefix, yes_no(s->free_bind),
547 prefix, yes_no(s->transparent),
548 prefix, yes_no(s->broadcast),
549 prefix, yes_no(s->pass_cred),
550 prefix, yes_no(s->pass_sec),
551 prefix, strna(s->tcp_congestion),
552 prefix, yes_no(s->remove_on_stop),
553 prefix, yes_no(s->writable),
554 prefix, socket_fdname(s),
555 prefix, yes_no(s->selinux_context_from_net));
556
557 if (s->control_pid > 0)
558 fprintf(f,
559 "%sControl PID: "PID_FMT"\n",
560 prefix, s->control_pid);
561
562 if (s->bind_to_device)
563 fprintf(f,
564 "%sBindToDevice: %s\n",
565 prefix, s->bind_to_device);
566
567 if (s->accept)
568 fprintf(f,
569 "%sAccepted: %u\n"
570 "%sNConnections: %u\n"
571 "%sMaxConnections: %u\n",
572 prefix, s->n_accepted,
573 prefix, s->n_connections,
574 prefix, s->max_connections);
575
576 if (s->priority >= 0)
577 fprintf(f,
578 "%sPriority: %i\n",
579 prefix, s->priority);
580
581 if (s->receive_buffer > 0)
582 fprintf(f,
583 "%sReceiveBuffer: %zu\n",
584 prefix, s->receive_buffer);
585
586 if (s->send_buffer > 0)
587 fprintf(f,
588 "%sSendBuffer: %zu\n",
589 prefix, s->send_buffer);
590
591 if (s->ip_tos >= 0)
592 fprintf(f,
593 "%sIPTOS: %i\n",
594 prefix, s->ip_tos);
595
596 if (s->ip_ttl >= 0)
597 fprintf(f,
598 "%sIPTTL: %i\n",
599 prefix, s->ip_ttl);
600
601 if (s->pipe_size > 0)
602 fprintf(f,
603 "%sPipeSize: %zu\n",
604 prefix, s->pipe_size);
605
606 if (s->mark >= 0)
607 fprintf(f,
608 "%sMark: %i\n",
609 prefix, s->mark);
610
611 if (s->mq_maxmsg > 0)
612 fprintf(f,
613 "%sMessageQueueMaxMessages: %li\n",
614 prefix, s->mq_maxmsg);
615
616 if (s->mq_msgsize > 0)
617 fprintf(f,
618 "%sMessageQueueMessageSize: %li\n",
619 prefix, s->mq_msgsize);
620
621 if (s->reuse_port)
622 fprintf(f,
623 "%sReusePort: %s\n",
624 prefix, yes_no(s->reuse_port));
625
626 if (s->smack)
627 fprintf(f,
628 "%sSmackLabel: %s\n",
629 prefix, s->smack);
630
631 if (s->smack_ip_in)
632 fprintf(f,
633 "%sSmackLabelIPIn: %s\n",
634 prefix, s->smack_ip_in);
635
636 if (s->smack_ip_out)
637 fprintf(f,
638 "%sSmackLabelIPOut: %s\n",
639 prefix, s->smack_ip_out);
640
641 if (!isempty(s->user) || !isempty(s->group))
642 fprintf(f,
643 "%sSocketUser: %s\n"
644 "%sSocketGroup: %s\n",
645 prefix, strna(s->user),
646 prefix, strna(s->group));
647
648 if (s->keep_alive_time > 0)
649 fprintf(f,
650 "%sKeepAliveTimeSec: %s\n",
651 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
652
653 if (s->keep_alive_interval)
654 fprintf(f,
655 "%sKeepAliveIntervalSec: %s\n",
656 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
657
658 if (s->keep_alive_cnt)
659 fprintf(f,
660 "%sKeepAliveProbes: %u\n",
661 prefix, s->keep_alive_cnt);
662
663 if (s->defer_accept)
664 fprintf(f,
665 "%sDeferAcceptSec: %s\n",
666 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
667
668 LIST_FOREACH(port, p, s->ports) {
669
670 if (p->type == SOCKET_SOCKET) {
671 const char *t;
672 int r;
673 char *k = NULL;
674
675 r = socket_address_print(&p->address, &k);
676 if (r < 0)
677 t = strerror(-r);
678 else
679 t = k;
680
681 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
682 free(k);
683 } else if (p->type == SOCKET_SPECIAL)
684 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
685 else if (p->type == SOCKET_USB_FUNCTION)
686 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
687 else if (p->type == SOCKET_MQUEUE)
688 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
689 else
690 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
691 }
692
693 fprintf(f,
694 "%sTriggerLimitIntervalSec: %s\n"
695 "%sTriggerLimitBurst: %u\n",
696 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
697 prefix, s->trigger_limit.burst);
698
699 exec_context_dump(&s->exec_context, f, prefix);
700 kill_context_dump(&s->kill_context, f, prefix);
701
702 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
703 if (!s->exec_command[c])
704 continue;
705
706 fprintf(f, "%s-> %s:\n",
707 prefix, socket_exec_command_to_string(c));
708
709 exec_command_dump_list(s->exec_command[c], f, prefix2);
710 }
711 }
712
713 static int instance_from_socket(int fd, unsigned nr, char **instance) {
714 socklen_t l;
715 char *r;
716 union sockaddr_union local, remote;
717
718 assert(fd >= 0);
719 assert(instance);
720
721 l = sizeof(local);
722 if (getsockname(fd, &local.sa, &l) < 0)
723 return -errno;
724
725 l = sizeof(remote);
726 if (getpeername(fd, &remote.sa, &l) < 0)
727 return -errno;
728
729 switch (local.sa.sa_family) {
730
731 case AF_INET: {
732 uint32_t
733 a = ntohl(local.in.sin_addr.s_addr),
734 b = ntohl(remote.in.sin_addr.s_addr);
735
736 if (asprintf(&r,
737 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
738 nr,
739 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
740 ntohs(local.in.sin_port),
741 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
742 ntohs(remote.in.sin_port)) < 0)
743 return -ENOMEM;
744
745 break;
746 }
747
748 case AF_INET6: {
749 static const unsigned char ipv4_prefix[] = {
750 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
751 };
752
753 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
754 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
755 const uint8_t
756 *a = local.in6.sin6_addr.s6_addr+12,
757 *b = remote.in6.sin6_addr.s6_addr+12;
758
759 if (asprintf(&r,
760 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
761 nr,
762 a[0], a[1], a[2], a[3],
763 ntohs(local.in6.sin6_port),
764 b[0], b[1], b[2], b[3],
765 ntohs(remote.in6.sin6_port)) < 0)
766 return -ENOMEM;
767 } else {
768 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
769
770 if (asprintf(&r,
771 "%u-%s:%u-%s:%u",
772 nr,
773 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
774 ntohs(local.in6.sin6_port),
775 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
776 ntohs(remote.in6.sin6_port)) < 0)
777 return -ENOMEM;
778 }
779
780 break;
781 }
782
783 case AF_UNIX: {
784 struct ucred ucred;
785 int k;
786
787 k = getpeercred(fd, &ucred);
788 if (k >= 0) {
789 if (asprintf(&r,
790 "%u-"PID_FMT"-"UID_FMT,
791 nr, ucred.pid, ucred.uid) < 0)
792 return -ENOMEM;
793 } else if (k == -ENODATA) {
794 /* This handles the case where somebody is
795 * connecting from another pid/uid namespace
796 * (e.g. from outside of our container). */
797 if (asprintf(&r,
798 "%u-unknown",
799 nr) < 0)
800 return -ENOMEM;
801 } else
802 return k;
803
804 break;
805 }
806
807 default:
808 assert_not_reached("Unhandled socket type.");
809 }
810
811 *instance = r;
812 return 0;
813 }
814
815 static void socket_close_fds(Socket *s) {
816 SocketPort *p;
817 char **i;
818
819 assert(s);
820
821 LIST_FOREACH(port, p, s->ports) {
822 bool was_open;
823
824 was_open = p->fd >= 0;
825
826 p->event_source = sd_event_source_unref(p->event_source);
827 p->fd = safe_close(p->fd);
828 socket_cleanup_fd_list(p);
829
830 /* One little note: we should normally not delete any sockets in the file system here! After all some
831 * other process we spawned might still have a reference of this fd and wants to continue to use
832 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
833 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
834 * anyway, but only then. */
835
836 if (!was_open || !s->remove_on_stop)
837 continue;
838
839 switch (p->type) {
840
841 case SOCKET_FIFO:
842 (void) unlink(p->path);
843 break;
844
845 case SOCKET_MQUEUE:
846 (void) mq_unlink(p->path);
847 break;
848
849 case SOCKET_SOCKET:
850 (void) socket_address_unlink(&p->address);
851 break;
852
853 default:
854 break;
855 }
856 }
857
858 if (s->remove_on_stop)
859 STRV_FOREACH(i, s->symlinks)
860 (void) unlink(*i);
861 }
862
863 static void socket_apply_socket_options(Socket *s, int fd) {
864 int r;
865
866 assert(s);
867 assert(fd >= 0);
868
869 if (s->keep_alive) {
870 int b = s->keep_alive;
871 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
872 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
873 }
874
875 if (s->keep_alive_time) {
876 int value = s->keep_alive_time / USEC_PER_SEC;
877 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
878 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
879 }
880
881 if (s->keep_alive_interval) {
882 int value = s->keep_alive_interval / USEC_PER_SEC;
883 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
884 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
885 }
886
887 if (s->keep_alive_cnt) {
888 int value = s->keep_alive_cnt;
889 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
890 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
891 }
892
893 if (s->defer_accept) {
894 int value = s->defer_accept / USEC_PER_SEC;
895 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
896 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
897 }
898
899 if (s->no_delay) {
900 int b = s->no_delay;
901
902 if (s->socket_protocol == IPPROTO_SCTP) {
903 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
904 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
905 } else {
906 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
907 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
908 }
909 }
910
911 if (s->broadcast) {
912 int one = 1;
913 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
914 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
915 }
916
917 if (s->pass_cred) {
918 int one = 1;
919 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
920 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
921 }
922
923 if (s->pass_sec) {
924 int one = 1;
925 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
926 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
927 }
928
929 if (s->priority >= 0)
930 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
931 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
932
933 if (s->receive_buffer > 0) {
934 int value = (int) s->receive_buffer;
935
936 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
937
938 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
939 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
940 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
941 }
942
943 if (s->send_buffer > 0) {
944 int value = (int) s->send_buffer;
945 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
946 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
947 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
948 }
949
950 if (s->mark >= 0)
951 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
952 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
953
954 if (s->ip_tos >= 0)
955 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
956 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
957
958 if (s->ip_ttl >= 0) {
959 int x;
960
961 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
962
963 if (socket_ipv6_is_supported())
964 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
965 else {
966 x = -1;
967 errno = EAFNOSUPPORT;
968 }
969
970 if (r < 0 && x < 0)
971 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
972 }
973
974 if (s->tcp_congestion)
975 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
976 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
977
978 if (s->smack_ip_in) {
979 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
980 if (r < 0)
981 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
982 }
983
984 if (s->smack_ip_out) {
985 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
986 if (r < 0)
987 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
988 }
989 }
990
991 static void socket_apply_fifo_options(Socket *s, int fd) {
992 int r;
993
994 assert(s);
995 assert(fd >= 0);
996
997 if (s->pipe_size > 0)
998 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
999 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
1000
1001 if (s->smack) {
1002 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
1003 if (r < 0)
1004 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
1005 }
1006 }
1007
1008 static int fifo_address_create(
1009 const char *path,
1010 mode_t directory_mode,
1011 mode_t socket_mode) {
1012
1013 _cleanup_close_ int fd = -1;
1014 mode_t old_mask;
1015 struct stat st;
1016 int r;
1017
1018 assert(path);
1019
1020 mkdir_parents_label(path, directory_mode);
1021
1022 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1023 if (r < 0)
1024 return r;
1025
1026 /* Enforce the right access mode for the fifo */
1027 old_mask = umask(~ socket_mode);
1028
1029 /* Include the original umask in our mask */
1030 (void) umask(~socket_mode | old_mask);
1031
1032 r = mkfifo(path, socket_mode);
1033 (void) umask(old_mask);
1034
1035 if (r < 0 && errno != EEXIST) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1041 if (fd < 0) {
1042 r = -errno;
1043 goto fail;
1044 }
1045
1046 mac_selinux_create_file_clear();
1047
1048 if (fstat(fd, &st) < 0) {
1049 r = -errno;
1050 goto fail;
1051 }
1052
1053 if (!S_ISFIFO(st.st_mode) ||
1054 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1055 st.st_uid != getuid() ||
1056 st.st_gid != getgid()) {
1057 r = -EEXIST;
1058 goto fail;
1059 }
1060
1061 r = fd;
1062 fd = -1;
1063
1064 return r;
1065
1066 fail:
1067 mac_selinux_create_file_clear();
1068 return r;
1069 }
1070
1071 static int special_address_create(const char *path, bool writable) {
1072 _cleanup_close_ int fd = -1;
1073 struct stat st;
1074 int r;
1075
1076 assert(path);
1077
1078 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1079 if (fd < 0)
1080 return -errno;
1081
1082 if (fstat(fd, &st) < 0)
1083 return -errno;
1084
1085 /* Check whether this is a /proc, /sys or /dev file or char device */
1086 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1087 return -EEXIST;
1088
1089 r = fd;
1090 fd = -1;
1091
1092 return r;
1093 }
1094
1095 static int usbffs_address_create(const char *path) {
1096 _cleanup_close_ int fd = -1;
1097 struct stat st;
1098 int r;
1099
1100 assert(path);
1101
1102 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1103 if (fd < 0)
1104 return -errno;
1105
1106 if (fstat(fd, &st) < 0)
1107 return -errno;
1108
1109 /* Check whether this is a regular file (ffs endpoint)*/
1110 if (!S_ISREG(st.st_mode))
1111 return -EEXIST;
1112
1113 r = fd;
1114 fd = -1;
1115
1116 return r;
1117 }
1118
1119 static int mq_address_create(
1120 const char *path,
1121 mode_t mq_mode,
1122 long maxmsg,
1123 long msgsize) {
1124
1125 _cleanup_close_ int fd = -1;
1126 struct stat st;
1127 mode_t old_mask;
1128 struct mq_attr _attr, *attr = NULL;
1129 int r;
1130
1131 assert(path);
1132
1133 if (maxmsg > 0 && msgsize > 0) {
1134 _attr = (struct mq_attr) {
1135 .mq_flags = O_NONBLOCK,
1136 .mq_maxmsg = maxmsg,
1137 .mq_msgsize = msgsize,
1138 };
1139 attr = &_attr;
1140 }
1141
1142 /* Enforce the right access mode for the mq */
1143 old_mask = umask(~ mq_mode);
1144
1145 /* Include the original umask in our mask */
1146 (void) umask(~mq_mode | old_mask);
1147 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1148 (void) umask(old_mask);
1149
1150 if (fd < 0)
1151 return -errno;
1152
1153 if (fstat(fd, &st) < 0)
1154 return -errno;
1155
1156 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1157 st.st_uid != getuid() ||
1158 st.st_gid != getgid())
1159 return -EEXIST;
1160
1161 r = fd;
1162 fd = -1;
1163
1164 return r;
1165 }
1166
1167 static int socket_symlink(Socket *s) {
1168 const char *p;
1169 char **i;
1170
1171 assert(s);
1172
1173 p = socket_find_symlink_target(s);
1174 if (!p)
1175 return 0;
1176
1177 STRV_FOREACH(i, s->symlinks)
1178 symlink_label(p, *i);
1179
1180 return 0;
1181 }
1182
1183 static int usbffs_write_descs(int fd, Service *s) {
1184 int r;
1185
1186 if (!s->usb_function_descriptors || !s->usb_function_strings)
1187 return -EINVAL;
1188
1189 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1190 if (r < 0)
1191 return r;
1192
1193 return copy_file_fd(s->usb_function_strings, fd, false);
1194 }
1195
1196 static int usbffs_select_ep(const struct dirent *d) {
1197 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1198 }
1199
1200 static int usbffs_dispatch_eps(SocketPort *p) {
1201 _cleanup_free_ struct dirent **ent = NULL;
1202 _cleanup_free_ char *path = NULL;
1203 int r, i, n, k;
1204
1205 path = dirname_malloc(p->path);
1206 if (!path)
1207 return -ENOMEM;
1208
1209 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1210 if (r < 0)
1211 return -errno;
1212
1213 n = r;
1214 p->auxiliary_fds = new(int, n);
1215 if (!p->auxiliary_fds)
1216 return -ENOMEM;
1217
1218 p->n_auxiliary_fds = n;
1219
1220 k = 0;
1221 for (i = 0; i < n; ++i) {
1222 _cleanup_free_ char *ep = NULL;
1223
1224 ep = path_make_absolute(ent[i]->d_name, path);
1225 if (!ep)
1226 return -ENOMEM;
1227
1228 path_kill_slashes(ep);
1229
1230 r = usbffs_address_create(ep);
1231 if (r < 0)
1232 goto fail;
1233
1234 p->auxiliary_fds[k] = r;
1235
1236 ++k;
1237 free(ent[i]);
1238 }
1239
1240 return r;
1241
1242 fail:
1243 close_many(p->auxiliary_fds, k);
1244 p->auxiliary_fds = mfree(p->auxiliary_fds);
1245 p->n_auxiliary_fds = 0;
1246
1247 return r;
1248 }
1249
1250 static int socket_determine_selinux_label(Socket *s, char **ret) {
1251 ExecCommand *c;
1252 int r;
1253
1254 assert(s);
1255 assert(ret);
1256
1257 if (s->selinux_context_from_net) {
1258 /* If this is requested, get label from the network label */
1259
1260 r = mac_selinux_get_our_label(ret);
1261 if (r == -EOPNOTSUPP)
1262 goto no_label;
1263
1264 } else {
1265 /* Otherwise, get it from the executable we are about to start */
1266 r = socket_instantiate_service(s);
1267 if (r < 0)
1268 return r;
1269
1270 if (!UNIT_ISSET(s->service))
1271 goto no_label;
1272
1273 c = SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START];
1274 if (!c)
1275 goto no_label;
1276
1277 r = mac_selinux_get_create_label_from_exe(c->path, ret);
1278 if (r == -EPERM || r == -EOPNOTSUPP)
1279 goto no_label;
1280 }
1281
1282 return r;
1283
1284 no_label:
1285 *ret = NULL;
1286 return 0;
1287 }
1288
1289 static int socket_open_fds(Socket *s) {
1290 _cleanup_(mac_selinux_freep) char *label = NULL;
1291 bool know_label = false;
1292 SocketPort *p;
1293 int r;
1294
1295 assert(s);
1296
1297 LIST_FOREACH(port, p, s->ports) {
1298
1299 if (p->fd >= 0)
1300 continue;
1301
1302 switch (p->type) {
1303
1304 case SOCKET_SOCKET:
1305
1306 if (!know_label) {
1307 /* Figure out label, if we don't it know yet. We do it once, for the first socket where
1308 * we need this and remember it for the rest. */
1309
1310 r = socket_determine_selinux_label(s, &label);
1311 if (r < 0)
1312 goto rollback;
1313
1314 know_label = true;
1315 }
1316
1317 /* Apply the socket protocol */
1318 switch (p->address.type) {
1319
1320 case SOCK_STREAM:
1321 case SOCK_SEQPACKET:
1322 if (s->socket_protocol == IPPROTO_SCTP)
1323 p->address.protocol = s->socket_protocol;
1324 break;
1325
1326 case SOCK_DGRAM:
1327 if (s->socket_protocol == IPPROTO_UDPLITE)
1328 p->address.protocol = s->socket_protocol;
1329 break;
1330 }
1331
1332 r = socket_address_listen(
1333 &p->address,
1334 SOCK_CLOEXEC|SOCK_NONBLOCK,
1335 s->backlog,
1336 s->bind_ipv6_only,
1337 s->bind_to_device,
1338 s->reuse_port,
1339 s->free_bind,
1340 s->transparent,
1341 s->directory_mode,
1342 s->socket_mode,
1343 label);
1344 if (r < 0)
1345 goto rollback;
1346
1347 p->fd = r;
1348 socket_apply_socket_options(s, p->fd);
1349 socket_symlink(s);
1350 break;
1351
1352 case SOCKET_SPECIAL:
1353
1354 p->fd = special_address_create(p->path, s->writable);
1355 if (p->fd < 0) {
1356 r = p->fd;
1357 goto rollback;
1358 }
1359 break;
1360
1361 case SOCKET_FIFO:
1362
1363 p->fd = fifo_address_create(
1364 p->path,
1365 s->directory_mode,
1366 s->socket_mode);
1367 if (p->fd < 0) {
1368 r = p->fd;
1369 goto rollback;
1370 }
1371
1372 socket_apply_fifo_options(s, p->fd);
1373 socket_symlink(s);
1374 break;
1375
1376 case SOCKET_MQUEUE:
1377
1378 p->fd = mq_address_create(
1379 p->path,
1380 s->socket_mode,
1381 s->mq_maxmsg,
1382 s->mq_msgsize);
1383 if (p->fd < 0) {
1384 r = p->fd;
1385 goto rollback;
1386 }
1387 break;
1388
1389 case SOCKET_USB_FUNCTION: {
1390 _cleanup_free_ char *ep = NULL;
1391
1392 ep = path_make_absolute("ep0", p->path);
1393
1394 p->fd = usbffs_address_create(ep);
1395 if (p->fd < 0) {
1396 r = p->fd;
1397 goto rollback;
1398 }
1399
1400 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1401 if (r < 0)
1402 goto rollback;
1403
1404 r = usbffs_dispatch_eps(p);
1405 if (r < 0)
1406 goto rollback;
1407
1408 break;
1409 }
1410 default:
1411 assert_not_reached("Unknown port type");
1412 }
1413 }
1414
1415 return 0;
1416
1417 rollback:
1418 socket_close_fds(s);
1419 return r;
1420 }
1421
1422 static void socket_unwatch_fds(Socket *s) {
1423 SocketPort *p;
1424 int r;
1425
1426 assert(s);
1427
1428 LIST_FOREACH(port, p, s->ports) {
1429 if (p->fd < 0)
1430 continue;
1431
1432 if (!p->event_source)
1433 continue;
1434
1435 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1436 if (r < 0)
1437 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1438 }
1439 }
1440
1441 static int socket_watch_fds(Socket *s) {
1442 SocketPort *p;
1443 int r;
1444
1445 assert(s);
1446
1447 LIST_FOREACH(port, p, s->ports) {
1448 if (p->fd < 0)
1449 continue;
1450
1451 if (p->event_source) {
1452 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1453 if (r < 0)
1454 goto fail;
1455 } else {
1456 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1457 if (r < 0)
1458 goto fail;
1459
1460 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1461 }
1462 }
1463
1464 return 0;
1465
1466 fail:
1467 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1468 socket_unwatch_fds(s);
1469 return r;
1470 }
1471
1472 enum {
1473 SOCKET_OPEN_NONE,
1474 SOCKET_OPEN_SOME,
1475 SOCKET_OPEN_ALL,
1476 };
1477
1478 static int socket_check_open(Socket *s) {
1479 bool have_open = false, have_closed = false;
1480 SocketPort *p;
1481
1482 assert(s);
1483
1484 LIST_FOREACH(port, p, s->ports) {
1485 if (p->fd < 0)
1486 have_closed = true;
1487 else
1488 have_open = true;
1489
1490 if (have_open && have_closed)
1491 return SOCKET_OPEN_SOME;
1492 }
1493
1494 if (have_open)
1495 return SOCKET_OPEN_ALL;
1496
1497 return SOCKET_OPEN_NONE;
1498 }
1499
1500 static void socket_set_state(Socket *s, SocketState state) {
1501 SocketState old_state;
1502 assert(s);
1503
1504 old_state = s->state;
1505 s->state = state;
1506
1507 if (!IN_SET(state,
1508 SOCKET_START_PRE,
1509 SOCKET_START_CHOWN,
1510 SOCKET_START_POST,
1511 SOCKET_STOP_PRE,
1512 SOCKET_STOP_PRE_SIGTERM,
1513 SOCKET_STOP_PRE_SIGKILL,
1514 SOCKET_STOP_POST,
1515 SOCKET_FINAL_SIGTERM,
1516 SOCKET_FINAL_SIGKILL)) {
1517
1518 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1519 socket_unwatch_control_pid(s);
1520 s->control_command = NULL;
1521 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1522 }
1523
1524 if (state != SOCKET_LISTENING)
1525 socket_unwatch_fds(s);
1526
1527 if (!IN_SET(state,
1528 SOCKET_START_CHOWN,
1529 SOCKET_START_POST,
1530 SOCKET_LISTENING,
1531 SOCKET_RUNNING,
1532 SOCKET_STOP_PRE,
1533 SOCKET_STOP_PRE_SIGTERM,
1534 SOCKET_STOP_PRE_SIGKILL))
1535 socket_close_fds(s);
1536
1537 if (state != old_state)
1538 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1539
1540 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1541 }
1542
1543 static int socket_coldplug(Unit *u) {
1544 Socket *s = SOCKET(u);
1545 int r;
1546
1547 assert(s);
1548 assert(s->state == SOCKET_DEAD);
1549
1550 if (s->deserialized_state == s->state)
1551 return 0;
1552
1553 if (s->control_pid > 0 &&
1554 pid_is_unwaited(s->control_pid) &&
1555 IN_SET(s->deserialized_state,
1556 SOCKET_START_PRE,
1557 SOCKET_START_CHOWN,
1558 SOCKET_START_POST,
1559 SOCKET_STOP_PRE,
1560 SOCKET_STOP_PRE_SIGTERM,
1561 SOCKET_STOP_PRE_SIGKILL,
1562 SOCKET_STOP_POST,
1563 SOCKET_FINAL_SIGTERM,
1564 SOCKET_FINAL_SIGKILL)) {
1565
1566 r = unit_watch_pid(UNIT(s), s->control_pid);
1567 if (r < 0)
1568 return r;
1569
1570 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
1571 if (r < 0)
1572 return r;
1573 }
1574
1575 if (IN_SET(s->deserialized_state,
1576 SOCKET_START_CHOWN,
1577 SOCKET_START_POST,
1578 SOCKET_LISTENING,
1579 SOCKET_RUNNING)) {
1580
1581 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1582 * for. However, this is problematic, as we won't traverse throught the SOCKET_START_CHOWN state for
1583 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1584 * and if there's a mismatch, warn loudly. */
1585
1586 r = socket_check_open(s);
1587 if (r == SOCKET_OPEN_NONE)
1588 log_unit_warning(UNIT(s),
1589 "Socket unit configuration has changed while unit has been running, "
1590 "no open socket file descriptor left. "
1591 "The socket unit is not functional until restarted.");
1592 else if (r == SOCKET_OPEN_SOME)
1593 log_unit_warning(UNIT(s),
1594 "Socket unit configuration has changed while unit has been running, "
1595 "and some socket file descriptors have not been opened yet. "
1596 "The socket unit is not fully functional until restarted.");
1597 }
1598
1599 if (s->deserialized_state == SOCKET_LISTENING) {
1600 r = socket_watch_fds(s);
1601 if (r < 0)
1602 return r;
1603 }
1604
1605 socket_set_state(s, s->deserialized_state);
1606 return 0;
1607 }
1608
1609 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1610 _cleanup_free_ char **argv = NULL;
1611 pid_t pid;
1612 int r;
1613 ExecParameters exec_params = {
1614 .apply_permissions = true,
1615 .apply_chroot = true,
1616 .apply_tty_stdin = true,
1617 .stdin_fd = -1,
1618 .stdout_fd = -1,
1619 .stderr_fd = -1,
1620 };
1621
1622 assert(s);
1623 assert(c);
1624 assert(_pid);
1625
1626 (void) unit_realize_cgroup(UNIT(s));
1627 if (s->reset_cpu_usage) {
1628 (void) unit_reset_cpu_usage(UNIT(s));
1629 s->reset_cpu_usage = false;
1630 }
1631
1632 r = unit_setup_exec_runtime(UNIT(s));
1633 if (r < 0)
1634 return r;
1635
1636 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1637 if (r < 0)
1638 return r;
1639
1640 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1641 if (r < 0)
1642 return r;
1643
1644 exec_params.argv = argv;
1645 exec_params.environment = UNIT(s)->manager->environment;
1646 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1647 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1648 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1649 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1650 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1651
1652 r = exec_spawn(UNIT(s),
1653 c,
1654 &s->exec_context,
1655 &exec_params,
1656 s->exec_runtime,
1657 &pid);
1658 if (r < 0)
1659 return r;
1660
1661 r = unit_watch_pid(UNIT(s), pid);
1662 if (r < 0)
1663 /* FIXME: we need to do something here */
1664 return r;
1665
1666 *_pid = pid;
1667 return 0;
1668 }
1669
1670 static int socket_chown(Socket *s, pid_t *_pid) {
1671 pid_t pid;
1672 int r;
1673
1674 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1675 if (r < 0)
1676 goto fail;
1677
1678 /* We have to resolve the user names out-of-process, hence
1679 * let's fork here. It's messy, but well, what can we do? */
1680
1681 pid = fork();
1682 if (pid < 0)
1683 return -errno;
1684
1685 if (pid == 0) {
1686 SocketPort *p;
1687 uid_t uid = UID_INVALID;
1688 gid_t gid = GID_INVALID;
1689 int ret;
1690
1691 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1692 (void) ignore_signals(SIGPIPE, -1);
1693 log_forget_fds();
1694
1695 if (!isempty(s->user)) {
1696 const char *user = s->user;
1697
1698 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1699 if (r < 0) {
1700 ret = EXIT_USER;
1701 goto fail_child;
1702 }
1703 }
1704
1705 if (!isempty(s->group)) {
1706 const char *group = s->group;
1707
1708 r = get_group_creds(&group, &gid);
1709 if (r < 0) {
1710 ret = EXIT_GROUP;
1711 goto fail_child;
1712 }
1713 }
1714
1715 LIST_FOREACH(port, p, s->ports) {
1716 const char *path = NULL;
1717
1718 if (p->type == SOCKET_SOCKET)
1719 path = socket_address_get_path(&p->address);
1720 else if (p->type == SOCKET_FIFO)
1721 path = p->path;
1722
1723 if (!path)
1724 continue;
1725
1726 if (chown(path, uid, gid) < 0) {
1727 r = -errno;
1728 ret = EXIT_CHOWN;
1729 goto fail_child;
1730 }
1731 }
1732
1733 _exit(0);
1734
1735 fail_child:
1736 log_open();
1737 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1738
1739 _exit(ret);
1740 }
1741
1742 r = unit_watch_pid(UNIT(s), pid);
1743 if (r < 0)
1744 goto fail;
1745
1746 *_pid = pid;
1747 return 0;
1748
1749 fail:
1750 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1751 return r;
1752 }
1753
1754 static void socket_enter_dead(Socket *s, SocketResult f) {
1755 assert(s);
1756
1757 if (f != SOCKET_SUCCESS)
1758 s->result = f;
1759
1760 exec_runtime_destroy(s->exec_runtime);
1761 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1762
1763 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1764
1765 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1766 }
1767
1768 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1769
1770 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1771 int r;
1772 assert(s);
1773
1774 if (f != SOCKET_SUCCESS)
1775 s->result = f;
1776
1777 socket_unwatch_control_pid(s);
1778 s->control_command_id = SOCKET_EXEC_STOP_POST;
1779 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1780
1781 if (s->control_command) {
1782 r = socket_spawn(s, s->control_command, &s->control_pid);
1783 if (r < 0)
1784 goto fail;
1785
1786 socket_set_state(s, SOCKET_STOP_POST);
1787 } else
1788 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1789
1790 return;
1791
1792 fail:
1793 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1794 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1795 }
1796
1797 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1798 int r;
1799
1800 assert(s);
1801
1802 if (f != SOCKET_SUCCESS)
1803 s->result = f;
1804
1805 r = unit_kill_context(
1806 UNIT(s),
1807 &s->kill_context,
1808 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1809 KILL_KILL : KILL_TERMINATE,
1810 -1,
1811 s->control_pid,
1812 false);
1813 if (r < 0)
1814 goto fail;
1815
1816 if (r > 0) {
1817 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1818 if (r < 0)
1819 goto fail;
1820
1821 socket_set_state(s, state);
1822 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1823 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1824 else if (state == SOCKET_STOP_PRE_SIGKILL)
1825 socket_enter_stop_post(s, SOCKET_SUCCESS);
1826 else if (state == SOCKET_FINAL_SIGTERM)
1827 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1828 else
1829 socket_enter_dead(s, SOCKET_SUCCESS);
1830
1831 return;
1832
1833 fail:
1834 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1835
1836 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1837 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1838 else
1839 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1840 }
1841
1842 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1843 int r;
1844 assert(s);
1845
1846 if (f != SOCKET_SUCCESS)
1847 s->result = f;
1848
1849 socket_unwatch_control_pid(s);
1850 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1851 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1852
1853 if (s->control_command) {
1854 r = socket_spawn(s, s->control_command, &s->control_pid);
1855 if (r < 0)
1856 goto fail;
1857
1858 socket_set_state(s, SOCKET_STOP_PRE);
1859 } else
1860 socket_enter_stop_post(s, SOCKET_SUCCESS);
1861
1862 return;
1863
1864 fail:
1865 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1866 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1867 }
1868
1869 static void socket_enter_listening(Socket *s) {
1870 int r;
1871 assert(s);
1872
1873 r = socket_watch_fds(s);
1874 if (r < 0) {
1875 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1876 goto fail;
1877 }
1878
1879 socket_set_state(s, SOCKET_LISTENING);
1880 return;
1881
1882 fail:
1883 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1884 }
1885
1886 static void socket_enter_start_post(Socket *s) {
1887 int r;
1888 assert(s);
1889
1890 socket_unwatch_control_pid(s);
1891 s->control_command_id = SOCKET_EXEC_START_POST;
1892 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1893
1894 if (s->control_command) {
1895 r = socket_spawn(s, s->control_command, &s->control_pid);
1896 if (r < 0) {
1897 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1898 goto fail;
1899 }
1900
1901 socket_set_state(s, SOCKET_START_POST);
1902 } else
1903 socket_enter_listening(s);
1904
1905 return;
1906
1907 fail:
1908 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1909 }
1910
1911 static void socket_enter_start_chown(Socket *s) {
1912 int r;
1913
1914 assert(s);
1915
1916 r = socket_open_fds(s);
1917 if (r < 0) {
1918 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1919 goto fail;
1920 }
1921
1922 if (!isempty(s->user) || !isempty(s->group)) {
1923
1924 socket_unwatch_control_pid(s);
1925 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1926 s->control_command = NULL;
1927
1928 r = socket_chown(s, &s->control_pid);
1929 if (r < 0) {
1930 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1931 goto fail;
1932 }
1933
1934 socket_set_state(s, SOCKET_START_CHOWN);
1935 } else
1936 socket_enter_start_post(s);
1937
1938 return;
1939
1940 fail:
1941 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1942 }
1943
1944 static void socket_enter_start_pre(Socket *s) {
1945 int r;
1946 assert(s);
1947
1948 socket_unwatch_control_pid(s);
1949 s->control_command_id = SOCKET_EXEC_START_PRE;
1950 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1951
1952 if (s->control_command) {
1953 r = socket_spawn(s, s->control_command, &s->control_pid);
1954 if (r < 0) {
1955 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1956 goto fail;
1957 }
1958
1959 socket_set_state(s, SOCKET_START_PRE);
1960 } else
1961 socket_enter_start_chown(s);
1962
1963 return;
1964
1965 fail:
1966 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1967 }
1968
1969 static void flush_ports(Socket *s) {
1970 SocketPort *p;
1971
1972 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
1973 * anymore */
1974
1975 LIST_FOREACH(port, p, s->ports) {
1976 if (p->fd < 0)
1977 continue;
1978
1979 (void) flush_accept(p->fd);
1980 (void) flush_fd(p->fd);
1981 }
1982 }
1983
1984 static void socket_enter_running(Socket *s, int cfd) {
1985 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1986 int r;
1987
1988 /* Note that this call takes possession of the connection fd passed. It either has to assign it somewhere or
1989 * close it. */
1990
1991 assert(s);
1992
1993 /* We don't take connections anymore if we are supposed to shut down anyway */
1994 if (unit_stop_pending(UNIT(s))) {
1995
1996 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1997
1998 if (cfd >= 0)
1999 cfd = safe_close(cfd);
2000 else
2001 flush_ports(s);
2002
2003 return;
2004 }
2005
2006 if (!ratelimit_test(&s->trigger_limit)) {
2007 safe_close(cfd);
2008 log_unit_warning(UNIT(s), "Trigger limit hit, refusing further activation.");
2009 socket_enter_stop_pre(s, SOCKET_FAILURE_TRIGGER_LIMIT_HIT);
2010 return;
2011 }
2012
2013 if (cfd < 0) {
2014 Iterator i;
2015 Unit *other;
2016 bool pending = false;
2017
2018 /* If there's already a start pending don't bother to
2019 * do anything */
2020 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
2021 if (unit_active_or_pending(other)) {
2022 pending = true;
2023 break;
2024 }
2025
2026 if (!pending) {
2027 if (!UNIT_ISSET(s->service)) {
2028 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
2029 r = -ENOENT;
2030 goto fail;
2031 }
2032
2033 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
2034 if (r < 0)
2035 goto fail;
2036 }
2037
2038 socket_set_state(s, SOCKET_RUNNING);
2039 } else {
2040 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
2041 Service *service;
2042
2043 if (s->n_connections >= s->max_connections) {
2044 log_unit_warning(UNIT(s), "Too many incoming connections (%u), refusing connection attempt.", s->n_connections);
2045 safe_close(cfd);
2046 return;
2047 }
2048
2049 r = socket_instantiate_service(s);
2050 if (r < 0)
2051 goto fail;
2052
2053 r = instance_from_socket(cfd, s->n_accepted, &instance);
2054 if (r < 0) {
2055 if (r != -ENOTCONN)
2056 goto fail;
2057
2058 /* ENOTCONN is legitimate if TCP RST was received.
2059 * This connection is over, but the socket unit lives on. */
2060 log_unit_debug(UNIT(s), "Got ENOTCONN on incoming socket, assuming aborted connection attempt, ignoring.");
2061 safe_close(cfd);
2062 return;
2063 }
2064
2065 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
2066 if (r < 0)
2067 goto fail;
2068
2069 r = unit_name_build(prefix, instance, ".service", &name);
2070 if (r < 0)
2071 goto fail;
2072
2073 r = unit_add_name(UNIT_DEREF(s->service), name);
2074 if (r < 0)
2075 goto fail;
2076
2077 service = SERVICE(UNIT_DEREF(s->service));
2078 unit_ref_unset(&s->service);
2079
2080 s->n_accepted++;
2081 unit_choose_id(UNIT(service), name);
2082
2083 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
2084 if (r < 0)
2085 goto fail;
2086
2087 cfd = -1; /* We passed ownership of the fd to the service now. Forget it here. */
2088 s->n_connections++;
2089
2090 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
2091 if (r < 0) {
2092 /* We failed to activate the new service, but it still exists. Let's make sure the service
2093 * closes and forgets the connection fd again, immediately. */
2094 service_close_socket_fd(service);
2095 goto fail;
2096 }
2097
2098 /* Notify clients about changed counters */
2099 unit_add_to_dbus_queue(UNIT(s));
2100 }
2101
2102 return;
2103
2104 fail:
2105 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2106 cfd >= 0 ? "template" : "non-template",
2107 bus_error_message(&error, r));
2108
2109 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2110 safe_close(cfd);
2111 }
2112
2113 static void socket_run_next(Socket *s) {
2114 int r;
2115
2116 assert(s);
2117 assert(s->control_command);
2118 assert(s->control_command->command_next);
2119
2120 socket_unwatch_control_pid(s);
2121
2122 s->control_command = s->control_command->command_next;
2123
2124 r = socket_spawn(s, s->control_command, &s->control_pid);
2125 if (r < 0)
2126 goto fail;
2127
2128 return;
2129
2130 fail:
2131 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2132
2133 if (s->state == SOCKET_START_POST)
2134 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2135 else if (s->state == SOCKET_STOP_POST)
2136 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2137 else
2138 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2139 }
2140
2141 static int socket_start(Unit *u) {
2142 Socket *s = SOCKET(u);
2143 int r;
2144
2145 assert(s);
2146
2147 /* We cannot fulfill this request right now, try again later
2148 * please! */
2149 if (IN_SET(s->state,
2150 SOCKET_STOP_PRE,
2151 SOCKET_STOP_PRE_SIGKILL,
2152 SOCKET_STOP_PRE_SIGTERM,
2153 SOCKET_STOP_POST,
2154 SOCKET_FINAL_SIGTERM,
2155 SOCKET_FINAL_SIGKILL))
2156 return -EAGAIN;
2157
2158 /* Already on it! */
2159 if (IN_SET(s->state,
2160 SOCKET_START_PRE,
2161 SOCKET_START_CHOWN,
2162 SOCKET_START_POST))
2163 return 0;
2164
2165 /* Cannot run this without the service being around */
2166 if (UNIT_ISSET(s->service)) {
2167 Service *service;
2168
2169 service = SERVICE(UNIT_DEREF(s->service));
2170
2171 if (UNIT(service)->load_state != UNIT_LOADED) {
2172 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2173 return -ENOENT;
2174 }
2175
2176 /* If the service is already active we cannot start the
2177 * socket */
2178 if (service->state != SERVICE_DEAD &&
2179 service->state != SERVICE_FAILED &&
2180 service->state != SERVICE_AUTO_RESTART) {
2181 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2182 return -EBUSY;
2183 }
2184 }
2185
2186 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2187
2188 r = unit_start_limit_test(u);
2189 if (r < 0) {
2190 socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
2191 return r;
2192 }
2193
2194 s->result = SOCKET_SUCCESS;
2195 s->reset_cpu_usage = true;
2196
2197 socket_enter_start_pre(s);
2198
2199 return 1;
2200 }
2201
2202 static int socket_stop(Unit *u) {
2203 Socket *s = SOCKET(u);
2204
2205 assert(s);
2206
2207 /* Already on it */
2208 if (IN_SET(s->state,
2209 SOCKET_STOP_PRE,
2210 SOCKET_STOP_PRE_SIGTERM,
2211 SOCKET_STOP_PRE_SIGKILL,
2212 SOCKET_STOP_POST,
2213 SOCKET_FINAL_SIGTERM,
2214 SOCKET_FINAL_SIGKILL))
2215 return 0;
2216
2217 /* If there's already something running we go directly into
2218 * kill mode. */
2219 if (IN_SET(s->state,
2220 SOCKET_START_PRE,
2221 SOCKET_START_CHOWN,
2222 SOCKET_START_POST)) {
2223 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2224 return -EAGAIN;
2225 }
2226
2227 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2228
2229 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2230 return 1;
2231 }
2232
2233 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2234 Socket *s = SOCKET(u);
2235 SocketPort *p;
2236 int r;
2237
2238 assert(u);
2239 assert(f);
2240 assert(fds);
2241
2242 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2243 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2244 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2245
2246 if (s->control_pid > 0)
2247 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2248
2249 if (s->control_command_id >= 0)
2250 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2251
2252 LIST_FOREACH(port, p, s->ports) {
2253 int copy;
2254
2255 if (p->fd < 0)
2256 continue;
2257
2258 copy = fdset_put_dup(fds, p->fd);
2259 if (copy < 0)
2260 return copy;
2261
2262 if (p->type == SOCKET_SOCKET) {
2263 _cleanup_free_ char *t = NULL;
2264
2265 r = socket_address_print(&p->address, &t);
2266 if (r < 0)
2267 return r;
2268
2269 if (socket_address_family(&p->address) == AF_NETLINK)
2270 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2271 else
2272 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2273
2274 } else if (p->type == SOCKET_SPECIAL)
2275 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2276 else if (p->type == SOCKET_MQUEUE)
2277 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2278 else if (p->type == SOCKET_USB_FUNCTION)
2279 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2280 else {
2281 assert(p->type == SOCKET_FIFO);
2282 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2283 }
2284 }
2285
2286 return 0;
2287 }
2288
2289 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2290 Socket *s = SOCKET(u);
2291
2292 assert(u);
2293 assert(key);
2294 assert(value);
2295
2296 if (streq(key, "state")) {
2297 SocketState state;
2298
2299 state = socket_state_from_string(value);
2300 if (state < 0)
2301 log_unit_debug(u, "Failed to parse state value: %s", value);
2302 else
2303 s->deserialized_state = state;
2304 } else if (streq(key, "result")) {
2305 SocketResult f;
2306
2307 f = socket_result_from_string(value);
2308 if (f < 0)
2309 log_unit_debug(u, "Failed to parse result value: %s", value);
2310 else if (f != SOCKET_SUCCESS)
2311 s->result = f;
2312
2313 } else if (streq(key, "n-accepted")) {
2314 unsigned k;
2315
2316 if (safe_atou(value, &k) < 0)
2317 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2318 else
2319 s->n_accepted += k;
2320 } else if (streq(key, "control-pid")) {
2321 pid_t pid;
2322
2323 if (parse_pid(value, &pid) < 0)
2324 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2325 else
2326 s->control_pid = pid;
2327 } else if (streq(key, "control-command")) {
2328 SocketExecCommand id;
2329
2330 id = socket_exec_command_from_string(value);
2331 if (id < 0)
2332 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2333 else {
2334 s->control_command_id = id;
2335 s->control_command = s->exec_command[id];
2336 }
2337 } else if (streq(key, "fifo")) {
2338 int fd, skip = 0;
2339 SocketPort *p;
2340
2341 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2342 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2343 else {
2344
2345 LIST_FOREACH(port, p, s->ports)
2346 if (p->type == SOCKET_FIFO &&
2347 path_equal_or_files_same(p->path, value+skip))
2348 break;
2349
2350 if (p) {
2351 safe_close(p->fd);
2352 p->fd = fdset_remove(fds, fd);
2353 }
2354 }
2355
2356 } else if (streq(key, "special")) {
2357 int fd, skip = 0;
2358 SocketPort *p;
2359
2360 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2361 log_unit_debug(u, "Failed to parse special value: %s", value);
2362 else {
2363
2364 LIST_FOREACH(port, p, s->ports)
2365 if (p->type == SOCKET_SPECIAL &&
2366 path_equal_or_files_same(p->path, value+skip))
2367 break;
2368
2369 if (p) {
2370 safe_close(p->fd);
2371 p->fd = fdset_remove(fds, fd);
2372 }
2373 }
2374
2375 } else if (streq(key, "mqueue")) {
2376 int fd, skip = 0;
2377 SocketPort *p;
2378
2379 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2380 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2381 else {
2382
2383 LIST_FOREACH(port, p, s->ports)
2384 if (p->type == SOCKET_MQUEUE &&
2385 streq(p->path, value+skip))
2386 break;
2387
2388 if (p) {
2389 safe_close(p->fd);
2390 p->fd = fdset_remove(fds, fd);
2391 }
2392 }
2393
2394 } else if (streq(key, "socket")) {
2395 int fd, type, skip = 0;
2396 SocketPort *p;
2397
2398 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2399 log_unit_debug(u, "Failed to parse socket value: %s", value);
2400 else {
2401
2402 LIST_FOREACH(port, p, s->ports)
2403 if (socket_address_is(&p->address, value+skip, type))
2404 break;
2405
2406 if (p) {
2407 safe_close(p->fd);
2408 p->fd = fdset_remove(fds, fd);
2409 }
2410 }
2411
2412 } else if (streq(key, "netlink")) {
2413 int fd, skip = 0;
2414 SocketPort *p;
2415
2416 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2417 log_unit_debug(u, "Failed to parse socket value: %s", value);
2418 else {
2419
2420 LIST_FOREACH(port, p, s->ports)
2421 if (socket_address_is_netlink(&p->address, value+skip))
2422 break;
2423
2424 if (p) {
2425 safe_close(p->fd);
2426 p->fd = fdset_remove(fds, fd);
2427 }
2428 }
2429
2430 } else if (streq(key, "ffs")) {
2431 int fd, skip = 0;
2432 SocketPort *p;
2433
2434 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2435 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2436 else {
2437
2438 LIST_FOREACH(port, p, s->ports)
2439 if (p->type == SOCKET_USB_FUNCTION &&
2440 path_equal_or_files_same(p->path, value+skip))
2441 break;
2442
2443 if (p) {
2444 safe_close(p->fd);
2445 p->fd = fdset_remove(fds, fd);
2446 }
2447 }
2448
2449 } else
2450 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2451
2452 return 0;
2453 }
2454
2455 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2456 Socket *s = SOCKET(u);
2457 SocketPort *p;
2458
2459 assert(u);
2460
2461 LIST_FOREACH(port, p, s->ports) {
2462 Iterator i;
2463 int fd;
2464
2465 if (p->type != SOCKET_SOCKET)
2466 continue;
2467
2468 if (p->fd >= 0)
2469 continue;
2470
2471 FDSET_FOREACH(fd, fds, i) {
2472 if (socket_address_matches_fd(&p->address, fd)) {
2473 p->fd = fdset_remove(fds, fd);
2474 s->deserialized_state = SOCKET_LISTENING;
2475 break;
2476 }
2477 }
2478 }
2479 }
2480
2481 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2482 assert(u);
2483
2484 return state_translation_table[SOCKET(u)->state];
2485 }
2486
2487 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2488 assert(u);
2489
2490 return socket_state_to_string(SOCKET(u)->state);
2491 }
2492
2493 const char* socket_port_type_to_string(SocketPort *p) {
2494
2495 assert(p);
2496
2497 switch (p->type) {
2498
2499 case SOCKET_SOCKET:
2500
2501 switch (p->address.type) {
2502
2503 case SOCK_STREAM:
2504 return "Stream";
2505
2506 case SOCK_DGRAM:
2507 return "Datagram";
2508
2509 case SOCK_SEQPACKET:
2510 return "SequentialPacket";
2511
2512 case SOCK_RAW:
2513 if (socket_address_family(&p->address) == AF_NETLINK)
2514 return "Netlink";
2515
2516 default:
2517 return NULL;
2518 }
2519
2520 case SOCKET_SPECIAL:
2521 return "Special";
2522
2523 case SOCKET_MQUEUE:
2524 return "MessageQueue";
2525
2526 case SOCKET_FIFO:
2527 return "FIFO";
2528
2529 case SOCKET_USB_FUNCTION:
2530 return "USBFunction";
2531
2532 default:
2533 return NULL;
2534 }
2535 }
2536
2537 _pure_ static bool socket_check_gc(Unit *u) {
2538 Socket *s = SOCKET(u);
2539
2540 assert(u);
2541
2542 return s->n_connections > 0;
2543 }
2544
2545 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2546 SocketPort *p = userdata;
2547 int cfd = -1;
2548
2549 assert(p);
2550 assert(fd >= 0);
2551
2552 if (p->socket->state != SOCKET_LISTENING)
2553 return 0;
2554
2555 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2556
2557 if (revents != EPOLLIN) {
2558
2559 if (revents & EPOLLHUP)
2560 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2561 else
2562 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2563 goto fail;
2564 }
2565
2566 if (p->socket->accept &&
2567 p->type == SOCKET_SOCKET &&
2568 socket_address_can_accept(&p->address)) {
2569
2570 for (;;) {
2571
2572 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2573 if (cfd < 0) {
2574
2575 if (errno == EINTR)
2576 continue;
2577
2578 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2579 goto fail;
2580 }
2581
2582 break;
2583 }
2584
2585 socket_apply_socket_options(p->socket, cfd);
2586 }
2587
2588 socket_enter_running(p->socket, cfd);
2589 return 0;
2590
2591 fail:
2592 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2593 return 0;
2594 }
2595
2596 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2597 Socket *s = SOCKET(u);
2598 SocketResult f;
2599
2600 assert(s);
2601 assert(pid >= 0);
2602
2603 if (pid != s->control_pid)
2604 return;
2605
2606 s->control_pid = 0;
2607
2608 if (is_clean_exit(code, status, NULL))
2609 f = SOCKET_SUCCESS;
2610 else if (code == CLD_EXITED)
2611 f = SOCKET_FAILURE_EXIT_CODE;
2612 else if (code == CLD_KILLED)
2613 f = SOCKET_FAILURE_SIGNAL;
2614 else if (code == CLD_DUMPED)
2615 f = SOCKET_FAILURE_CORE_DUMP;
2616 else
2617 assert_not_reached("Unknown sigchld code");
2618
2619 if (s->control_command) {
2620 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2621
2622 if (s->control_command->ignore)
2623 f = SOCKET_SUCCESS;
2624 }
2625
2626 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2627 "Control process exited, code=%s status=%i",
2628 sigchld_code_to_string(code), status);
2629
2630 if (f != SOCKET_SUCCESS)
2631 s->result = f;
2632
2633 if (s->control_command &&
2634 s->control_command->command_next &&
2635 f == SOCKET_SUCCESS) {
2636
2637 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2638 socket_run_next(s);
2639 } else {
2640 s->control_command = NULL;
2641 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2642
2643 /* No further commands for this step, so let's figure
2644 * out what to do next */
2645
2646 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2647
2648 switch (s->state) {
2649
2650 case SOCKET_START_PRE:
2651 if (f == SOCKET_SUCCESS)
2652 socket_enter_start_chown(s);
2653 else
2654 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2655 break;
2656
2657 case SOCKET_START_CHOWN:
2658 if (f == SOCKET_SUCCESS)
2659 socket_enter_start_post(s);
2660 else
2661 socket_enter_stop_pre(s, f);
2662 break;
2663
2664 case SOCKET_START_POST:
2665 if (f == SOCKET_SUCCESS)
2666 socket_enter_listening(s);
2667 else
2668 socket_enter_stop_pre(s, f);
2669 break;
2670
2671 case SOCKET_STOP_PRE:
2672 case SOCKET_STOP_PRE_SIGTERM:
2673 case SOCKET_STOP_PRE_SIGKILL:
2674 socket_enter_stop_post(s, f);
2675 break;
2676
2677 case SOCKET_STOP_POST:
2678 case SOCKET_FINAL_SIGTERM:
2679 case SOCKET_FINAL_SIGKILL:
2680 socket_enter_dead(s, f);
2681 break;
2682
2683 default:
2684 assert_not_reached("Uh, control process died at wrong time.");
2685 }
2686 }
2687
2688 /* Notify clients about changed exit status */
2689 unit_add_to_dbus_queue(u);
2690 }
2691
2692 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2693 Socket *s = SOCKET(userdata);
2694
2695 assert(s);
2696 assert(s->timer_event_source == source);
2697
2698 switch (s->state) {
2699
2700 case SOCKET_START_PRE:
2701 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2702 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2703 break;
2704
2705 case SOCKET_START_CHOWN:
2706 case SOCKET_START_POST:
2707 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2708 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2709 break;
2710
2711 case SOCKET_STOP_PRE:
2712 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2713 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2714 break;
2715
2716 case SOCKET_STOP_PRE_SIGTERM:
2717 if (s->kill_context.send_sigkill) {
2718 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2719 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2720 } else {
2721 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2722 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2723 }
2724 break;
2725
2726 case SOCKET_STOP_PRE_SIGKILL:
2727 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2728 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2729 break;
2730
2731 case SOCKET_STOP_POST:
2732 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2733 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2734 break;
2735
2736 case SOCKET_FINAL_SIGTERM:
2737 if (s->kill_context.send_sigkill) {
2738 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2739 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2740 } else {
2741 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2742 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2743 }
2744 break;
2745
2746 case SOCKET_FINAL_SIGKILL:
2747 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2748 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2749 break;
2750
2751 default:
2752 assert_not_reached("Timeout at wrong time.");
2753 }
2754
2755 return 0;
2756 }
2757
2758 int socket_collect_fds(Socket *s, int **fds) {
2759 int *rfds, k = 0, n = 0;
2760 SocketPort *p;
2761
2762 assert(s);
2763 assert(fds);
2764
2765 /* Called from the service code for requesting our fds */
2766
2767 LIST_FOREACH(port, p, s->ports) {
2768 if (p->fd >= 0)
2769 n++;
2770 n += p->n_auxiliary_fds;
2771 }
2772
2773 if (n <= 0) {
2774 *fds = NULL;
2775 return 0;
2776 }
2777
2778 rfds = new(int, n);
2779 if (!rfds)
2780 return -ENOMEM;
2781
2782 LIST_FOREACH(port, p, s->ports) {
2783 int i;
2784
2785 if (p->fd >= 0)
2786 rfds[k++] = p->fd;
2787 for (i = 0; i < p->n_auxiliary_fds; ++i)
2788 rfds[k++] = p->auxiliary_fds[i];
2789 }
2790
2791 assert(k == n);
2792
2793 *fds = rfds;
2794 return n;
2795 }
2796
2797 static void socket_reset_failed(Unit *u) {
2798 Socket *s = SOCKET(u);
2799
2800 assert(s);
2801
2802 if (s->state == SOCKET_FAILED)
2803 socket_set_state(s, SOCKET_DEAD);
2804
2805 s->result = SOCKET_SUCCESS;
2806 }
2807
2808 void socket_connection_unref(Socket *s) {
2809 assert(s);
2810
2811 /* The service is dead. Yay!
2812 *
2813 * This is strictly for one-instance-per-connection
2814 * services. */
2815
2816 assert(s->n_connections > 0);
2817 s->n_connections--;
2818
2819 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2820 }
2821
2822 static void socket_trigger_notify(Unit *u, Unit *other) {
2823 Socket *s = SOCKET(u);
2824
2825 assert(u);
2826 assert(other);
2827
2828 /* Filter out invocations with bogus state */
2829 if (other->load_state != UNIT_LOADED || other->type != UNIT_SERVICE)
2830 return;
2831
2832 /* Don't propagate state changes from the service if we are already down */
2833 if (!IN_SET(s->state, SOCKET_RUNNING, SOCKET_LISTENING))
2834 return;
2835
2836 /* We don't care for the service state if we are in Accept=yes mode */
2837 if (s->accept)
2838 return;
2839
2840 /* Propagate start limit hit state */
2841 if (other->start_limit_hit) {
2842 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT);
2843 return;
2844 }
2845
2846 /* Don't propagate anything if there's still a job queued */
2847 if (other->job)
2848 return;
2849
2850 if (IN_SET(SERVICE(other)->state,
2851 SERVICE_DEAD, SERVICE_FAILED,
2852 SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
2853 SERVICE_AUTO_RESTART))
2854 socket_enter_listening(s);
2855
2856 if (SERVICE(other)->state == SERVICE_RUNNING)
2857 socket_set_state(s, SOCKET_RUNNING);
2858 }
2859
2860 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2861 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2862 }
2863
2864 static int socket_get_timeout(Unit *u, usec_t *timeout) {
2865 Socket *s = SOCKET(u);
2866 usec_t t;
2867 int r;
2868
2869 if (!s->timer_event_source)
2870 return 0;
2871
2872 r = sd_event_source_get_time(s->timer_event_source, &t);
2873 if (r < 0)
2874 return r;
2875 if (t == USEC_INFINITY)
2876 return 0;
2877
2878 *timeout = t;
2879 return 1;
2880 }
2881
2882 char *socket_fdname(Socket *s) {
2883 assert(s);
2884
2885 /* Returns the name to use for $LISTEN_NAMES. If the user
2886 * didn't specify anything specifically, use the socket unit's
2887 * name as fallback. */
2888
2889 if (s->fdname)
2890 return s->fdname;
2891
2892 return UNIT(s)->id;
2893 }
2894
2895 static int socket_control_pid(Unit *u) {
2896 Socket *s = SOCKET(u);
2897
2898 assert(s);
2899
2900 return s->control_pid;
2901 }
2902
2903 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2904 [SOCKET_EXEC_START_PRE] = "StartPre",
2905 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2906 [SOCKET_EXEC_START_POST] = "StartPost",
2907 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2908 [SOCKET_EXEC_STOP_POST] = "StopPost"
2909 };
2910
2911 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2912
2913 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2914 [SOCKET_SUCCESS] = "success",
2915 [SOCKET_FAILURE_RESOURCES] = "resources",
2916 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2917 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2918 [SOCKET_FAILURE_SIGNAL] = "signal",
2919 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2920 [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
2921 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
2922 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
2923 };
2924
2925 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2926
2927 const UnitVTable socket_vtable = {
2928 .object_size = sizeof(Socket),
2929 .exec_context_offset = offsetof(Socket, exec_context),
2930 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2931 .kill_context_offset = offsetof(Socket, kill_context),
2932 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2933
2934 .sections =
2935 "Unit\0"
2936 "Socket\0"
2937 "Install\0",
2938 .private_section = "Socket",
2939
2940 .init = socket_init,
2941 .done = socket_done,
2942 .load = socket_load,
2943
2944 .coldplug = socket_coldplug,
2945
2946 .dump = socket_dump,
2947
2948 .start = socket_start,
2949 .stop = socket_stop,
2950
2951 .kill = socket_kill,
2952
2953 .get_timeout = socket_get_timeout,
2954
2955 .serialize = socket_serialize,
2956 .deserialize_item = socket_deserialize_item,
2957 .distribute_fds = socket_distribute_fds,
2958
2959 .active_state = socket_active_state,
2960 .sub_state_to_string = socket_sub_state_to_string,
2961
2962 .check_gc = socket_check_gc,
2963
2964 .sigchld_event = socket_sigchld_event,
2965
2966 .trigger_notify = socket_trigger_notify,
2967
2968 .reset_failed = socket_reset_failed,
2969
2970 .control_pid = socket_control_pid,
2971
2972 .bus_vtable = bus_socket_vtable,
2973 .bus_set_property = bus_socket_set_property,
2974 .bus_commit_properties = bus_socket_commit_properties,
2975
2976 .status_message_formats = {
2977 /*.starting_stopping = {
2978 [0] = "Starting socket %s...",
2979 [1] = "Stopping socket %s...",
2980 },*/
2981 .finished_start_job = {
2982 [JOB_DONE] = "Listening on %s.",
2983 [JOB_FAILED] = "Failed to listen on %s.",
2984 [JOB_TIMEOUT] = "Timed out starting %s.",
2985 },
2986 .finished_stop_job = {
2987 [JOB_DONE] = "Closed %s.",
2988 [JOB_FAILED] = "Failed stopping %s.",
2989 [JOB_TIMEOUT] = "Timed out stopping %s.",
2990 },
2991 },
2992 };
Unnamed repository; edit this file 'description' to name the repository.