1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "selinux-util.h"
47 #include "dbus-socket.h"
49 #include "formats-util.h"
50 #include "signal-util.h"
53 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
54 [SOCKET_DEAD
] = UNIT_INACTIVE
,
55 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
56 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
57 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
58 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
59 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
60 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
61 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
64 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
66 [SOCKET_FAILED
] = UNIT_FAILED
69 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
70 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
72 static void socket_init(Unit
*u
) {
73 Socket
*s
= SOCKET(u
);
76 assert(u
->load_state
== UNIT_STUB
);
78 s
->backlog
= SOMAXCONN
;
79 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
80 s
->directory_mode
= 0755;
81 s
->socket_mode
= 0666;
83 s
->max_connections
= 64;
90 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
91 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
93 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
96 static void socket_unwatch_control_pid(Socket
*s
) {
99 if (s
->control_pid
<= 0)
102 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
106 void socket_free_ports(Socket
*s
) {
111 while ((p
= s
->ports
)) {
112 LIST_REMOVE(port
, s
->ports
, p
);
114 sd_event_source_unref(p
->event_source
);
122 static void socket_done(Unit
*u
) {
123 Socket
*s
= SOCKET(u
);
127 socket_free_ports(s
);
129 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
130 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
131 s
->control_command
= NULL
;
133 socket_unwatch_control_pid(s
);
135 unit_ref_unset(&s
->service
);
137 free(s
->tcp_congestion
);
138 s
->tcp_congestion
= NULL
;
140 free(s
->bind_to_device
);
141 s
->bind_to_device
= NULL
;
144 free(s
->smack_ip_in
);
145 free(s
->smack_ip_out
);
147 strv_free(s
->symlinks
);
152 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
155 static int socket_arm_timer(Socket
*s
) {
160 if (s
->timeout_usec
<= 0) {
161 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
165 if (s
->timer_event_source
) {
166 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
170 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
173 r
= sd_event_add_time(
174 UNIT(s
)->manager
->event
,
175 &s
->timer_event_source
,
177 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
178 socket_dispatch_timer
, s
);
182 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
187 int socket_instantiate_service(Socket
*s
) {
188 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
199 if (UNIT_DEREF(s
->service
))
205 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
209 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
212 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
217 unit_ref_set(&s
->service
, u
);
219 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
222 static bool have_non_accept_socket(Socket
*s
) {
230 LIST_FOREACH(port
, p
, s
->ports
) {
232 if (p
->type
!= SOCKET_SOCKET
)
235 if (!socket_address_can_accept(&p
->address
))
242 static int socket_add_mount_links(Socket
*s
) {
248 LIST_FOREACH(port
, p
, s
->ports
) {
249 const char *path
= NULL
;
251 if (p
->type
== SOCKET_SOCKET
)
252 path
= socket_address_get_path(&p
->address
);
253 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
259 r
= unit_require_mounts_for(UNIT(s
), path
);
267 static int socket_add_device_link(Socket
*s
) {
272 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
275 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
276 return unit_add_node_link(UNIT(s
), t
, false);
279 static int socket_add_default_dependencies(Socket
*s
) {
283 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
287 if (UNIT(s
)->manager
->running_as
== MANAGER_SYSTEM
) {
288 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
293 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
296 _pure_
static bool socket_has_exec(Socket
*s
) {
300 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
301 if (s
->exec_command
[i
])
307 static int socket_add_extras(Socket
*s
) {
313 if (have_non_accept_socket(s
)) {
315 if (!UNIT_DEREF(s
->service
)) {
318 r
= unit_load_related_unit(u
, ".service", &x
);
322 unit_ref_set(&s
->service
, x
);
325 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
330 r
= socket_add_mount_links(s
);
334 r
= socket_add_device_link(s
);
338 r
= unit_patch_contexts(u
);
342 if (socket_has_exec(s
)) {
343 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
347 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
352 if (u
->default_dependencies
) {
353 r
= socket_add_default_dependencies(s
);
361 static const char *socket_find_symlink_target(Socket
*s
) {
362 const char *found
= NULL
;
365 LIST_FOREACH(port
, p
, s
->ports
) {
366 const char *f
= NULL
;
375 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
376 f
= p
->address
.sockaddr
.un
.sun_path
;
394 static int socket_verify(Socket
*s
) {
397 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
401 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
405 if (s
->accept
&& have_non_accept_socket(s
)) {
406 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
410 if (s
->accept
&& s
->max_connections
<= 0) {
411 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
415 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
416 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
420 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
421 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
425 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
426 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
433 static int socket_load(Unit
*u
) {
434 Socket
*s
= SOCKET(u
);
438 assert(u
->load_state
== UNIT_STUB
);
440 r
= unit_load_fragment_and_dropin(u
);
444 if (u
->load_state
== UNIT_LOADED
) {
445 /* This is a new unit? Then let's add in some extras */
446 r
= socket_add_extras(s
);
451 return socket_verify(s
);
454 _const_
static const char* listen_lookup(int family
, int type
) {
456 if (family
== AF_NETLINK
)
457 return "ListenNetlink";
459 if (type
== SOCK_STREAM
)
460 return "ListenStream";
461 else if (type
== SOCK_DGRAM
)
462 return "ListenDatagram";
463 else if (type
== SOCK_SEQPACKET
)
464 return "ListenSequentialPacket";
466 assert_not_reached("Unknown socket type");
470 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
471 char time_string
[FORMAT_TIMESPAN_MAX
];
473 Socket
*s
= SOCKET(u
);
480 prefix
= strempty(prefix
);
481 prefix2
= strjoina(prefix
, "\t");
484 "%sSocket State: %s\n"
486 "%sBindIPv6Only: %s\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
493 "%sTransparent: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix
, socket_state_to_string(s
->state
),
501 prefix
, socket_result_to_string(s
->result
),
502 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
504 prefix
, s
->socket_mode
,
505 prefix
, s
->directory_mode
,
506 prefix
, yes_no(s
->keep_alive
),
507 prefix
, yes_no(s
->no_delay
),
508 prefix
, yes_no(s
->free_bind
),
509 prefix
, yes_no(s
->transparent
),
510 prefix
, yes_no(s
->broadcast
),
511 prefix
, yes_no(s
->pass_cred
),
512 prefix
, yes_no(s
->pass_sec
),
513 prefix
, strna(s
->tcp_congestion
),
514 prefix
, yes_no(s
->remove_on_stop
),
515 prefix
, yes_no(s
->selinux_context_from_net
));
517 if (s
->control_pid
> 0)
519 "%sControl PID: "PID_FMT
"\n",
520 prefix
, s
->control_pid
);
522 if (s
->bind_to_device
)
524 "%sBindToDevice: %s\n",
525 prefix
, s
->bind_to_device
);
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix
, s
->n_accepted
,
533 prefix
, s
->n_connections
,
534 prefix
, s
->max_connections
);
536 if (s
->priority
>= 0)
539 prefix
, s
->priority
);
541 if (s
->receive_buffer
> 0)
543 "%sReceiveBuffer: %zu\n",
544 prefix
, s
->receive_buffer
);
546 if (s
->send_buffer
> 0)
548 "%sSendBuffer: %zu\n",
549 prefix
, s
->send_buffer
);
561 if (s
->pipe_size
> 0)
564 prefix
, s
->pipe_size
);
571 if (s
->mq_maxmsg
> 0)
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix
, s
->mq_maxmsg
);
576 if (s
->mq_msgsize
> 0)
578 "%sMessageQueueMessageSize: %li\n",
579 prefix
, s
->mq_msgsize
);
584 prefix
, yes_no(s
->reuse_port
));
588 "%sSmackLabel: %s\n",
593 "%sSmackLabelIPIn: %s\n",
594 prefix
, s
->smack_ip_in
);
598 "%sSmackLabelIPOut: %s\n",
599 prefix
, s
->smack_ip_out
);
601 if (!isempty(s
->user
) || !isempty(s
->group
))
604 "%sOwnerGroup: %s\n",
605 prefix
, strna(s
->user
),
606 prefix
, strna(s
->group
));
608 if (s
->keep_alive_time
> 0)
610 "%sKeepAliveTimeSec: %s\n",
611 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
613 if (s
->keep_alive_interval
)
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
618 if (s
->keep_alive_cnt
)
620 "%sKeepAliveProbes: %u\n",
621 prefix
, s
->keep_alive_cnt
);
625 "%sDeferAcceptSec: %s\n",
626 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
628 LIST_FOREACH(port
, p
, s
->ports
) {
630 if (p
->type
== SOCKET_SOCKET
) {
635 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
640 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
642 } else if (p
->type
== SOCKET_SPECIAL
)
643 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
644 else if (p
->type
== SOCKET_MQUEUE
)
645 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
647 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
650 exec_context_dump(&s
->exec_context
, f
, prefix
);
651 kill_context_dump(&s
->kill_context
, f
, prefix
);
653 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
654 if (!s
->exec_command
[c
])
657 fprintf(f
, "%s-> %s:\n",
658 prefix
, socket_exec_command_to_string(c
));
660 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
664 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
667 union sockaddr_union local
, remote
;
673 if (getsockname(fd
, &local
.sa
, &l
) < 0)
677 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
680 switch (local
.sa
.sa_family
) {
684 a
= ntohl(local
.in
.sin_addr
.s_addr
),
685 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
691 ntohs(local
.in
.sin_port
),
692 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
693 ntohs(remote
.in
.sin_port
)) < 0)
700 static const unsigned char ipv4_prefix
[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
704 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
705 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
707 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
708 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 a
[0], a
[1], a
[2], a
[3],
714 ntohs(local
.in6
.sin6_port
),
715 b
[0], b
[1], b
[2], b
[3],
716 ntohs(remote
.in6
.sin6_port
)) < 0)
719 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
724 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
725 ntohs(local
.in6
.sin6_port
),
726 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
727 ntohs(remote
.in6
.sin6_port
)) < 0)
738 k
= getpeercred(fd
, &ucred
);
741 "%u-"PID_FMT
"-"UID_FMT
,
742 nr
, ucred
.pid
, ucred
.uid
) < 0)
744 } else if (k
== -ENODATA
) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
759 assert_not_reached("Unhandled socket type.");
766 static void socket_close_fds(Socket
*s
) {
772 LIST_FOREACH(port
, p
, s
->ports
) {
774 p
->event_source
= sd_event_source_unref(p
->event_source
);
779 p
->fd
= safe_close(p
->fd
);
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
789 if (s
->remove_on_stop
) {
801 socket_address_unlink(&p
->address
);
810 if (s
->remove_on_stop
)
811 STRV_FOREACH(i
, s
->symlinks
)
815 static void socket_apply_socket_options(Socket
*s
, int fd
) {
822 int b
= s
->keep_alive
;
823 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
824 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
827 if (s
->keep_alive_time
) {
828 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
829 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
830 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
833 if (s
->keep_alive_interval
) {
834 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
835 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
836 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
839 if (s
->keep_alive_cnt
) {
840 int value
= s
->keep_alive_cnt
;
841 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
842 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
845 if (s
->defer_accept
) {
846 int value
= s
->defer_accept
/ USEC_PER_SEC
;
847 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
848 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
853 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
854 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
859 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
860 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
865 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
866 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
871 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
872 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
875 if (s
->priority
>= 0)
876 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
877 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
879 if (s
->receive_buffer
> 0) {
880 int value
= (int) s
->receive_buffer
;
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
885 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
886 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
889 if (s
->send_buffer
> 0) {
890 int value
= (int) s
->send_buffer
;
891 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
892 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
893 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
897 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
898 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
901 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
902 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
904 if (s
->ip_ttl
>= 0) {
907 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
909 if (socket_ipv6_is_supported())
910 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
913 errno
= EAFNOSUPPORT
;
917 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
920 if (s
->tcp_congestion
)
921 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
922 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
924 if (s
->smack_ip_in
) {
925 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPIN
, s
->smack_ip_in
);
927 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
930 if (s
->smack_ip_out
) {
931 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPOUT
, s
->smack_ip_out
);
933 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
937 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
943 if (s
->pipe_size
> 0)
944 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
945 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
948 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_ACCESS
, s
->smack
);
950 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
954 static int fifo_address_create(
956 mode_t directory_mode
,
967 mkdir_parents_label(path
, directory_mode
);
969 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
973 /* Enforce the right access mode for the fifo */
974 old_mask
= umask(~ socket_mode
);
976 /* Include the original umask in our mask */
977 umask(~socket_mode
| old_mask
);
979 r
= mkfifo(path
, socket_mode
);
982 if (r
< 0 && errno
!= EEXIST
) {
987 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
992 mac_selinux_create_file_clear();
994 if (fstat(fd
, &st
) < 0) {
999 if (!S_ISFIFO(st
.st_mode
) ||
1000 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1001 st
.st_uid
!= getuid() ||
1002 st
.st_gid
!= getgid()) {
1012 mac_selinux_create_file_clear();
1018 static int special_address_create(
1028 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1034 if (fstat(fd
, &st
) < 0) {
1039 /* Check whether this is a /proc, /sys or /dev file or char device */
1040 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1054 static int mq_address_create(
1064 struct mq_attr _attr
, *attr
= NULL
;
1069 if (maxmsg
> 0 && msgsize
> 0) {
1071 _attr
.mq_flags
= O_NONBLOCK
;
1072 _attr
.mq_maxmsg
= maxmsg
;
1073 _attr
.mq_msgsize
= msgsize
;
1077 /* Enforce the right access mode for the mq */
1078 old_mask
= umask(~ mq_mode
);
1080 /* Include the original umask in our mask */
1081 umask(~mq_mode
| old_mask
);
1082 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1090 if (fstat(fd
, &st
) < 0) {
1095 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1096 st
.st_uid
!= getuid() ||
1097 st
.st_gid
!= getgid()) {
1111 static int socket_symlink(Socket
*s
) {
1117 p
= socket_find_symlink_target(s
);
1121 STRV_FOREACH(i
, s
->symlinks
)
1122 symlink_label(p
, *i
);
1127 static int socket_open_fds(Socket
*s
) {
1131 bool know_label
= false;
1135 LIST_FOREACH(port
, p
, s
->ports
) {
1140 if (p
->type
== SOCKET_SOCKET
) {
1143 /* Figure out label, if we don't it know
1144 * yet. We do it once, for the first
1145 * socket where we need this and
1146 * remember it for the rest. */
1148 if (s
->selinux_context_from_net
) {
1149 /* Get it from the network label */
1151 r
= mac_selinux_get_our_label(&label
);
1152 if (r
< 0 && r
!= -EOPNOTSUPP
)
1156 /* Get it from the executable we are about to start */
1158 r
= socket_instantiate_service(s
);
1162 if (UNIT_ISSET(s
->service
) &&
1163 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1164 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1165 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1173 r
= socket_address_listen(
1175 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1189 socket_apply_socket_options(s
, p
->fd
);
1192 } else if (p
->type
== SOCKET_SPECIAL
) {
1194 r
= special_address_create(
1200 } else if (p
->type
== SOCKET_FIFO
) {
1202 r
= fifo_address_create(
1210 socket_apply_fifo_options(s
, p
->fd
);
1213 } else if (p
->type
== SOCKET_MQUEUE
) {
1215 r
= mq_address_create(
1224 assert_not_reached("Unknown port type");
1227 mac_selinux_free(label
);
1231 socket_close_fds(s
);
1232 mac_selinux_free(label
);
1237 static void socket_unwatch_fds(Socket
*s
) {
1243 LIST_FOREACH(port
, p
, s
->ports
) {
1247 if (!p
->event_source
)
1250 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1252 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1256 static int socket_watch_fds(Socket
*s
) {
1262 LIST_FOREACH(port
, p
, s
->ports
) {
1266 if (p
->event_source
) {
1267 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1271 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1275 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1282 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1283 socket_unwatch_fds(s
);
1287 static void socket_set_state(Socket
*s
, SocketState state
) {
1288 SocketState old_state
;
1291 old_state
= s
->state
;
1299 SOCKET_STOP_PRE_SIGTERM
,
1300 SOCKET_STOP_PRE_SIGKILL
,
1302 SOCKET_FINAL_SIGTERM
,
1303 SOCKET_FINAL_SIGKILL
)) {
1305 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1306 socket_unwatch_control_pid(s
);
1307 s
->control_command
= NULL
;
1308 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1311 if (state
!= SOCKET_LISTENING
)
1312 socket_unwatch_fds(s
);
1320 SOCKET_STOP_PRE_SIGTERM
,
1321 SOCKET_STOP_PRE_SIGKILL
))
1322 socket_close_fds(s
);
1324 if (state
!= old_state
)
1325 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1327 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1330 static int socket_coldplug(Unit
*u
) {
1331 Socket
*s
= SOCKET(u
);
1335 assert(s
->state
== SOCKET_DEAD
);
1337 if (s
->deserialized_state
== s
->state
)
1340 if (IN_SET(s
->deserialized_state
,
1345 SOCKET_STOP_PRE_SIGTERM
,
1346 SOCKET_STOP_PRE_SIGKILL
,
1348 SOCKET_FINAL_SIGTERM
,
1349 SOCKET_FINAL_SIGKILL
)) {
1351 if (s
->control_pid
<= 0)
1354 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1358 r
= socket_arm_timer(s
);
1363 if (IN_SET(s
->deserialized_state
,
1369 SOCKET_STOP_PRE_SIGTERM
,
1370 SOCKET_STOP_PRE_SIGKILL
)) {
1371 r
= socket_open_fds(s
);
1376 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1377 r
= socket_watch_fds(s
);
1382 socket_set_state(s
, s
->deserialized_state
);
1386 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1387 _cleanup_free_
char **argv
= NULL
;
1390 ExecParameters exec_params
= {
1391 .apply_permissions
= true,
1392 .apply_chroot
= true,
1393 .apply_tty_stdin
= true,
1394 .bus_endpoint_fd
= -1,
1401 (void) unit_realize_cgroup(UNIT(s
));
1402 if (s
->reset_cpu_usage
) {
1403 (void) unit_reset_cpu_usage(UNIT(s
));
1404 s
->reset_cpu_usage
= false;
1407 r
= unit_setup_exec_runtime(UNIT(s
));
1411 r
= socket_arm_timer(s
);
1415 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1419 exec_params
.argv
= argv
;
1420 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1421 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1422 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1423 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1424 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1425 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1427 r
= exec_spawn(UNIT(s
),
1436 r
= unit_watch_pid(UNIT(s
), pid
);
1438 /* FIXME: we need to do something here */
1445 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1449 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1453 r
= socket_arm_timer(s
);
1457 /* We have to resolve the user names out-of-process, hence
1458 * let's fork here. It's messy, but well, what can we do? */
1466 uid_t uid
= UID_INVALID
;
1467 gid_t gid
= GID_INVALID
;
1470 (void) default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1471 (void) ignore_signals(SIGPIPE
, -1);
1474 if (!isempty(s
->user
)) {
1475 const char *user
= s
->user
;
1477 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1484 if (!isempty(s
->group
)) {
1485 const char *group
= s
->group
;
1487 r
= get_group_creds(&group
, &gid
);
1494 LIST_FOREACH(port
, p
, s
->ports
) {
1495 const char *path
= NULL
;
1497 if (p
->type
== SOCKET_SOCKET
)
1498 path
= socket_address_get_path(&p
->address
);
1499 else if (p
->type
== SOCKET_FIFO
)
1505 if (chown(path
, uid
, gid
) < 0) {
1516 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1521 r
= unit_watch_pid(UNIT(s
), pid
);
1529 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1533 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1536 if (f
!= SOCKET_SUCCESS
)
1539 exec_runtime_destroy(s
->exec_runtime
);
1540 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1542 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1544 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1547 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1549 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1553 if (f
!= SOCKET_SUCCESS
)
1556 socket_unwatch_control_pid(s
);
1557 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1558 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1560 if (s
->control_command
) {
1561 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1565 socket_set_state(s
, SOCKET_STOP_POST
);
1567 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1572 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1573 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1576 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1581 if (f
!= SOCKET_SUCCESS
)
1584 r
= unit_kill_context(
1587 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1588 KILL_KILL
: KILL_TERMINATE
,
1596 r
= socket_arm_timer(s
);
1600 socket_set_state(s
, state
);
1601 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1602 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1603 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1604 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1605 else if (state
== SOCKET_FINAL_SIGTERM
)
1606 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1608 socket_enter_dead(s
, SOCKET_SUCCESS
);
1613 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1615 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1616 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1618 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1621 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1625 if (f
!= SOCKET_SUCCESS
)
1628 socket_unwatch_control_pid(s
);
1629 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1630 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1632 if (s
->control_command
) {
1633 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1637 socket_set_state(s
, SOCKET_STOP_PRE
);
1639 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1644 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1645 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1648 static void socket_enter_listening(Socket
*s
) {
1652 r
= socket_watch_fds(s
);
1654 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1658 socket_set_state(s
, SOCKET_LISTENING
);
1662 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1665 static void socket_enter_start_post(Socket
*s
) {
1669 socket_unwatch_control_pid(s
);
1670 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1671 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1673 if (s
->control_command
) {
1674 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1676 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1680 socket_set_state(s
, SOCKET_START_POST
);
1682 socket_enter_listening(s
);
1687 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1690 static void socket_enter_start_chown(Socket
*s
) {
1695 r
= socket_open_fds(s
);
1697 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1701 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1703 socket_unwatch_control_pid(s
);
1704 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1705 s
->control_command
= NULL
;
1707 r
= socket_chown(s
, &s
->control_pid
);
1709 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1713 socket_set_state(s
, SOCKET_START_CHOWN
);
1715 socket_enter_start_post(s
);
1720 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1723 static void socket_enter_start_pre(Socket
*s
) {
1727 socket_unwatch_control_pid(s
);
1728 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1729 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1731 if (s
->control_command
) {
1732 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1734 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1738 socket_set_state(s
, SOCKET_START_PRE
);
1740 socket_enter_start_chown(s
);
1745 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1748 static void socket_enter_running(Socket
*s
, int cfd
) {
1749 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1754 /* We don't take connections anymore if we are supposed to
1755 * shut down anyway */
1756 if (unit_stop_pending(UNIT(s
))) {
1758 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1763 /* Flush all sockets by closing and reopening them */
1764 socket_close_fds(s
);
1766 r
= socket_open_fds(s
);
1768 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1769 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1773 r
= socket_watch_fds(s
);
1775 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1776 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1786 bool pending
= false;
1788 /* If there's already a start pending don't bother to
1790 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1791 if (unit_active_or_pending(other
)) {
1797 if (!UNIT_ISSET(s
->service
)) {
1798 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1803 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1808 socket_set_state(s
, SOCKET_RUNNING
);
1810 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1813 if (s
->n_connections
>= s
->max_connections
) {
1814 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1819 r
= socket_instantiate_service(s
);
1823 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1828 /* ENOTCONN is legitimate if TCP RST was received.
1829 * This connection is over, but the socket unit lives on. */
1834 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1838 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1842 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1846 service
= SERVICE(UNIT_DEREF(s
->service
));
1847 unit_ref_unset(&s
->service
);
1850 UNIT(service
)->no_gc
= false;
1852 unit_choose_id(UNIT(service
), name
);
1854 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1859 s
->n_connections
++;
1861 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s
));
1872 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 cfd
>= 0 ? "template" : "non-template",
1874 bus_error_message(&error
, r
));
1876 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1880 static void socket_run_next(Socket
*s
) {
1884 assert(s
->control_command
);
1885 assert(s
->control_command
->command_next
);
1887 socket_unwatch_control_pid(s
);
1889 s
->control_command
= s
->control_command
->command_next
;
1891 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1898 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1900 if (s
->state
== SOCKET_START_POST
)
1901 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1902 else if (s
->state
== SOCKET_STOP_POST
)
1903 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1905 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1908 static int socket_start(Unit
*u
) {
1909 Socket
*s
= SOCKET(u
);
1913 /* We cannot fulfill this request right now, try again later
1915 if (IN_SET(s
->state
,
1917 SOCKET_STOP_PRE_SIGKILL
,
1918 SOCKET_STOP_PRE_SIGTERM
,
1920 SOCKET_FINAL_SIGTERM
,
1921 SOCKET_FINAL_SIGKILL
))
1924 /* Already on it! */
1925 if (IN_SET(s
->state
,
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s
->service
)) {
1935 service
= SERVICE(UNIT_DEREF(s
->service
));
1937 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1938 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1942 /* If the service is already active we cannot start the
1944 if (service
->state
!= SERVICE_DEAD
&&
1945 service
->state
!= SERVICE_FAILED
&&
1946 service
->state
!= SERVICE_AUTO_RESTART
) {
1947 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1952 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1954 s
->result
= SOCKET_SUCCESS
;
1955 s
->reset_cpu_usage
= true;
1957 socket_enter_start_pre(s
);
1962 static int socket_stop(Unit
*u
) {
1963 Socket
*s
= SOCKET(u
);
1968 if (IN_SET(s
->state
,
1970 SOCKET_STOP_PRE_SIGTERM
,
1971 SOCKET_STOP_PRE_SIGKILL
,
1973 SOCKET_FINAL_SIGTERM
,
1974 SOCKET_FINAL_SIGKILL
))
1977 /* If there's already something running we go directly into
1979 if (IN_SET(s
->state
,
1982 SOCKET_START_POST
)) {
1983 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1987 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1989 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1993 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1994 Socket
*s
= SOCKET(u
);
2002 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2003 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2004 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2006 if (s
->control_pid
> 0)
2007 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2009 if (s
->control_command_id
>= 0)
2010 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2012 LIST_FOREACH(port
, p
, s
->ports
) {
2018 copy
= fdset_put_dup(fds
, p
->fd
);
2022 if (p
->type
== SOCKET_SOCKET
) {
2023 _cleanup_free_
char *t
= NULL
;
2025 r
= socket_address_print(&p
->address
, &t
);
2029 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2030 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2032 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2034 } else if (p
->type
== SOCKET_SPECIAL
)
2035 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2036 else if (p
->type
== SOCKET_MQUEUE
)
2037 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2039 assert(p
->type
== SOCKET_FIFO
);
2040 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2047 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2048 Socket
*s
= SOCKET(u
);
2054 if (streq(key
, "state")) {
2057 state
= socket_state_from_string(value
);
2059 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2061 s
->deserialized_state
= state
;
2062 } else if (streq(key
, "result")) {
2065 f
= socket_result_from_string(value
);
2067 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2068 else if (f
!= SOCKET_SUCCESS
)
2071 } else if (streq(key
, "n-accepted")) {
2074 if (safe_atou(value
, &k
) < 0)
2075 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2078 } else if (streq(key
, "control-pid")) {
2081 if (parse_pid(value
, &pid
) < 0)
2082 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2084 s
->control_pid
= pid
;
2085 } else if (streq(key
, "control-command")) {
2086 SocketExecCommand id
;
2088 id
= socket_exec_command_from_string(value
);
2090 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2092 s
->control_command_id
= id
;
2093 s
->control_command
= s
->exec_command
[id
];
2095 } else if (streq(key
, "fifo")) {
2099 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2100 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2103 LIST_FOREACH(port
, p
, s
->ports
)
2104 if (p
->type
== SOCKET_FIFO
&&
2105 path_equal_or_files_same(p
->path
, value
+skip
))
2110 p
->fd
= fdset_remove(fds
, fd
);
2114 } else if (streq(key
, "special")) {
2118 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2119 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2122 LIST_FOREACH(port
, p
, s
->ports
)
2123 if (p
->type
== SOCKET_SPECIAL
&&
2124 path_equal_or_files_same(p
->path
, value
+skip
))
2129 p
->fd
= fdset_remove(fds
, fd
);
2133 } else if (streq(key
, "mqueue")) {
2137 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2138 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2141 LIST_FOREACH(port
, p
, s
->ports
)
2142 if (p
->type
== SOCKET_MQUEUE
&&
2143 streq(p
->path
, value
+skip
))
2148 p
->fd
= fdset_remove(fds
, fd
);
2152 } else if (streq(key
, "socket")) {
2153 int fd
, type
, skip
= 0;
2156 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2157 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2160 LIST_FOREACH(port
, p
, s
->ports
)
2161 if (socket_address_is(&p
->address
, value
+skip
, type
))
2166 p
->fd
= fdset_remove(fds
, fd
);
2170 } else if (streq(key
, "netlink")) {
2174 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2175 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2178 LIST_FOREACH(port
, p
, s
->ports
)
2179 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2184 p
->fd
= fdset_remove(fds
, fd
);
2188 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2193 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2194 Socket
*s
= SOCKET(u
);
2199 LIST_FOREACH(port
, p
, s
->ports
) {
2203 if (p
->type
!= SOCKET_SOCKET
)
2209 FDSET_FOREACH(fd
, fds
, i
) {
2210 if (socket_address_matches_fd(&p
->address
, fd
)) {
2211 p
->fd
= fdset_remove(fds
, fd
);
2212 s
->deserialized_state
= SOCKET_LISTENING
;
2221 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2224 return state_translation_table
[SOCKET(u
)->state
];
2227 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2230 return socket_state_to_string(SOCKET(u
)->state
);
2233 const char* socket_port_type_to_string(SocketPort
*p
) {
2241 switch (p
->address
.type
) {
2249 case SOCK_SEQPACKET
:
2250 return "SequentialPacket";
2253 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2260 case SOCKET_SPECIAL
:
2264 return "MessageQueue";
2274 _pure_
static bool socket_check_gc(Unit
*u
) {
2275 Socket
*s
= SOCKET(u
);
2279 return s
->n_connections
> 0;
2282 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2283 SocketPort
*p
= userdata
;
2289 if (p
->socket
->state
!= SOCKET_LISTENING
)
2292 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2294 if (revents
!= EPOLLIN
) {
2296 if (revents
& EPOLLHUP
)
2297 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2299 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2304 if (p
->socket
->accept
&&
2305 p
->type
== SOCKET_SOCKET
&&
2306 socket_address_can_accept(&p
->address
)) {
2310 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2316 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2323 socket_apply_socket_options(p
->socket
, cfd
);
2326 socket_enter_running(p
->socket
, cfd
);
2330 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2334 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2335 Socket
*s
= SOCKET(u
);
2341 if (pid
!= s
->control_pid
)
2346 if (is_clean_exit(code
, status
, NULL
))
2348 else if (code
== CLD_EXITED
)
2349 f
= SOCKET_FAILURE_EXIT_CODE
;
2350 else if (code
== CLD_KILLED
)
2351 f
= SOCKET_FAILURE_SIGNAL
;
2352 else if (code
== CLD_DUMPED
)
2353 f
= SOCKET_FAILURE_CORE_DUMP
;
2355 assert_not_reached("Unknown sigchld code");
2357 if (s
->control_command
) {
2358 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2360 if (s
->control_command
->ignore
)
2364 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2365 "Control process exited, code=%s status=%i",
2366 sigchld_code_to_string(code
), status
);
2368 if (f
!= SOCKET_SUCCESS
)
2371 if (s
->control_command
&&
2372 s
->control_command
->command_next
&&
2373 f
== SOCKET_SUCCESS
) {
2375 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2378 s
->control_command
= NULL
;
2379 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2381 /* No further commands for this step, so let's figure
2382 * out what to do next */
2384 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2388 case SOCKET_START_PRE
:
2389 if (f
== SOCKET_SUCCESS
)
2390 socket_enter_start_chown(s
);
2392 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2395 case SOCKET_START_CHOWN
:
2396 if (f
== SOCKET_SUCCESS
)
2397 socket_enter_start_post(s
);
2399 socket_enter_stop_pre(s
, f
);
2402 case SOCKET_START_POST
:
2403 if (f
== SOCKET_SUCCESS
)
2404 socket_enter_listening(s
);
2406 socket_enter_stop_pre(s
, f
);
2409 case SOCKET_STOP_PRE
:
2410 case SOCKET_STOP_PRE_SIGTERM
:
2411 case SOCKET_STOP_PRE_SIGKILL
:
2412 socket_enter_stop_post(s
, f
);
2415 case SOCKET_STOP_POST
:
2416 case SOCKET_FINAL_SIGTERM
:
2417 case SOCKET_FINAL_SIGKILL
:
2418 socket_enter_dead(s
, f
);
2422 assert_not_reached("Uh, control process died at wrong time.");
2426 /* Notify clients about changed exit status */
2427 unit_add_to_dbus_queue(u
);
2430 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2431 Socket
*s
= SOCKET(userdata
);
2434 assert(s
->timer_event_source
== source
);
2438 case SOCKET_START_PRE
:
2439 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2440 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2443 case SOCKET_START_CHOWN
:
2444 case SOCKET_START_POST
:
2445 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2446 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2449 case SOCKET_STOP_PRE
:
2450 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2451 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2454 case SOCKET_STOP_PRE_SIGTERM
:
2455 if (s
->kill_context
.send_sigkill
) {
2456 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2457 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2459 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2460 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2464 case SOCKET_STOP_PRE_SIGKILL
:
2465 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2466 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2469 case SOCKET_STOP_POST
:
2470 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2471 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2474 case SOCKET_FINAL_SIGTERM
:
2475 if (s
->kill_context
.send_sigkill
) {
2476 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2477 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2479 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2480 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2484 case SOCKET_FINAL_SIGKILL
:
2485 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2486 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2490 assert_not_reached("Timeout at wrong time.");
2496 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2505 /* Called from the service code for requesting our fds */
2508 LIST_FOREACH(port
, p
, s
->ports
)
2518 rfds
= new(int, rn_fds
);
2523 LIST_FOREACH(port
, p
, s
->ports
)
2527 assert(k
== rn_fds
);
2535 static void socket_reset_failed(Unit
*u
) {
2536 Socket
*s
= SOCKET(u
);
2540 if (s
->state
== SOCKET_FAILED
)
2541 socket_set_state(s
, SOCKET_DEAD
);
2543 s
->result
= SOCKET_SUCCESS
;
2546 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2549 /* The service is dead. Dang!
2551 * This is strictly for one-instance-for-all-connections
2554 if (s
->state
== SOCKET_RUNNING
) {
2555 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2556 if (failed_permanent
)
2557 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2559 socket_enter_listening(s
);
2563 void socket_connection_unref(Socket
*s
) {
2566 /* The service is dead. Yay!
2568 * This is strictly for one-instance-per-connection
2571 assert(s
->n_connections
> 0);
2574 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2577 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2578 Socket
*s
= SOCKET(u
);
2584 /* Don't propagate state changes from the service if we are
2585 already down or accepting connections */
2586 if ((s
->state
!= SOCKET_RUNNING
&&
2587 s
->state
!= SOCKET_LISTENING
) ||
2591 if (other
->load_state
!= UNIT_LOADED
||
2592 other
->type
!= UNIT_SERVICE
)
2595 se
= SERVICE(other
);
2597 if (se
->state
== SERVICE_FAILED
)
2598 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2600 if (se
->state
== SERVICE_DEAD
||
2601 se
->state
== SERVICE_FINAL_SIGTERM
||
2602 se
->state
== SERVICE_FINAL_SIGKILL
||
2603 se
->state
== SERVICE_AUTO_RESTART
)
2604 socket_notify_service_dead(s
, false);
2606 if (se
->state
== SERVICE_RUNNING
)
2607 socket_set_state(s
, SOCKET_RUNNING
);
2610 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2611 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2614 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2615 Socket
*s
= SOCKET(u
);
2618 if (!s
->timer_event_source
)
2621 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2628 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2629 [SOCKET_DEAD
] = "dead",
2630 [SOCKET_START_PRE
] = "start-pre",
2631 [SOCKET_START_CHOWN
] = "start-chown",
2632 [SOCKET_START_POST
] = "start-post",
2633 [SOCKET_LISTENING
] = "listening",
2634 [SOCKET_RUNNING
] = "running",
2635 [SOCKET_STOP_PRE
] = "stop-pre",
2636 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2637 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2638 [SOCKET_STOP_POST
] = "stop-post",
2639 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2640 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2641 [SOCKET_FAILED
] = "failed"
2644 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2646 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2647 [SOCKET_EXEC_START_PRE
] = "StartPre",
2648 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2649 [SOCKET_EXEC_START_POST
] = "StartPost",
2650 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2651 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2654 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2656 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2657 [SOCKET_SUCCESS
] = "success",
2658 [SOCKET_FAILURE_RESOURCES
] = "resources",
2659 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2660 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2661 [SOCKET_FAILURE_SIGNAL
] = "signal",
2662 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2663 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2666 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2668 const UnitVTable socket_vtable
= {
2669 .object_size
= sizeof(Socket
),
2670 .exec_context_offset
= offsetof(Socket
, exec_context
),
2671 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2672 .kill_context_offset
= offsetof(Socket
, kill_context
),
2673 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2679 .private_section
= "Socket",
2681 .init
= socket_init
,
2682 .done
= socket_done
,
2683 .load
= socket_load
,
2685 .coldplug
= socket_coldplug
,
2687 .dump
= socket_dump
,
2689 .start
= socket_start
,
2690 .stop
= socket_stop
,
2692 .kill
= socket_kill
,
2694 .get_timeout
= socket_get_timeout
,
2696 .serialize
= socket_serialize
,
2697 .deserialize_item
= socket_deserialize_item
,
2698 .distribute_fds
= socket_distribute_fds
,
2700 .active_state
= socket_active_state
,
2701 .sub_state_to_string
= socket_sub_state_to_string
,
2703 .check_gc
= socket_check_gc
,
2705 .sigchld_event
= socket_sigchld_event
,
2707 .trigger_notify
= socket_trigger_notify
,
2709 .reset_failed
= socket_reset_failed
,
2711 .bus_interface
= "org.freedesktop.systemd1.Socket",
2712 .bus_vtable
= bus_socket_vtable
,
2713 .bus_set_property
= bus_socket_set_property
,
2714 .bus_commit_properties
= bus_socket_commit_properties
,
2716 .status_message_formats
= {
2717 /*.starting_stopping = {
2718 [0] = "Starting socket %s...",
2719 [1] = "Stopping socket %s...",
2721 .finished_start_job
= {
2722 [JOB_DONE
] = "Listening on %s.",
2723 [JOB_FAILED
] = "Failed to listen on %s.",
2724 [JOB_TIMEOUT
] = "Timed out starting %s.",
2726 .finished_stop_job
= {
2727 [JOB_DONE
] = "Closed %s.",
2728 [JOB_FAILED
] = "Failed stopping %s.",
2729 [JOB_TIMEOUT
] = "Timed out stopping %s.",