1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
54 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
55 [SOCKET_DEAD
] = UNIT_INACTIVE
,
56 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
57 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
58 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
59 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
60 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
61 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
64 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
66 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
67 [SOCKET_FAILED
] = UNIT_FAILED
70 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
71 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
73 static void socket_init(Unit
*u
) {
74 Socket
*s
= SOCKET(u
);
77 assert(u
->load_state
== UNIT_STUB
);
79 s
->backlog
= SOMAXCONN
;
80 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
81 s
->directory_mode
= 0755;
82 s
->socket_mode
= 0666;
84 s
->max_connections
= 64;
91 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
92 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
94 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
97 static void socket_unwatch_control_pid(Socket
*s
) {
100 if (s
->control_pid
<= 0)
103 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
107 void socket_free_ports(Socket
*s
) {
112 while ((p
= s
->ports
)) {
113 LIST_REMOVE(port
, s
->ports
, p
);
115 sd_event_source_unref(p
->event_source
);
123 static void socket_done(Unit
*u
) {
124 Socket
*s
= SOCKET(u
);
128 socket_free_ports(s
);
130 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
131 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
132 s
->control_command
= NULL
;
134 socket_unwatch_control_pid(s
);
136 unit_ref_unset(&s
->service
);
138 s
->tcp_congestion
= mfree(s
->tcp_congestion
);
139 s
->bind_to_device
= mfree(s
->bind_to_device
);
142 free(s
->smack_ip_in
);
143 free(s
->smack_ip_out
);
145 strv_free(s
->symlinks
);
150 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
153 static int socket_arm_timer(Socket
*s
) {
158 if (s
->timeout_usec
<= 0) {
159 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
163 if (s
->timer_event_source
) {
164 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
168 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
171 r
= sd_event_add_time(
172 UNIT(s
)->manager
->event
,
173 &s
->timer_event_source
,
175 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
176 socket_dispatch_timer
, s
);
180 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
185 int socket_instantiate_service(Socket
*s
) {
186 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
192 /* This fills in s->service if it isn't filled in yet. For
193 * Accept=yes sockets we create the next connection service
194 * here. For Accept=no this is mostly a NOP since the service
195 * is figured out at load time anyway. */
197 if (UNIT_DEREF(s
->service
))
203 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
207 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
210 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
215 unit_ref_set(&s
->service
, u
);
217 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
220 static bool have_non_accept_socket(Socket
*s
) {
228 LIST_FOREACH(port
, p
, s
->ports
) {
230 if (p
->type
!= SOCKET_SOCKET
)
233 if (!socket_address_can_accept(&p
->address
))
240 static int socket_add_mount_links(Socket
*s
) {
246 LIST_FOREACH(port
, p
, s
->ports
) {
247 const char *path
= NULL
;
249 if (p
->type
== SOCKET_SOCKET
)
250 path
= socket_address_get_path(&p
->address
);
251 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
257 r
= unit_require_mounts_for(UNIT(s
), path
);
265 static int socket_add_device_link(Socket
*s
) {
270 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
273 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
274 return unit_add_node_link(UNIT(s
), t
, false);
277 static int socket_add_default_dependencies(Socket
*s
) {
281 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
285 if (UNIT(s
)->manager
->running_as
== MANAGER_SYSTEM
) {
286 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
291 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
294 _pure_
static bool socket_has_exec(Socket
*s
) {
298 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
299 if (s
->exec_command
[i
])
305 static int socket_add_extras(Socket
*s
) {
311 if (have_non_accept_socket(s
)) {
313 if (!UNIT_DEREF(s
->service
)) {
316 r
= unit_load_related_unit(u
, ".service", &x
);
320 unit_ref_set(&s
->service
, x
);
323 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
328 r
= socket_add_mount_links(s
);
332 r
= socket_add_device_link(s
);
336 r
= unit_patch_contexts(u
);
340 if (socket_has_exec(s
)) {
341 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
345 r
= unit_set_default_slice(u
);
350 if (u
->default_dependencies
) {
351 r
= socket_add_default_dependencies(s
);
359 static const char *socket_find_symlink_target(Socket
*s
) {
360 const char *found
= NULL
;
363 LIST_FOREACH(port
, p
, s
->ports
) {
364 const char *f
= NULL
;
373 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
374 f
= p
->address
.sockaddr
.un
.sun_path
;
392 static int socket_verify(Socket
*s
) {
395 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
399 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
403 if (s
->accept
&& have_non_accept_socket(s
)) {
404 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
408 if (s
->accept
&& s
->max_connections
<= 0) {
409 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
413 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
414 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
418 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
419 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
423 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
424 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
431 static int socket_load(Unit
*u
) {
432 Socket
*s
= SOCKET(u
);
436 assert(u
->load_state
== UNIT_STUB
);
438 r
= unit_load_fragment_and_dropin(u
);
442 if (u
->load_state
== UNIT_LOADED
) {
443 /* This is a new unit? Then let's add in some extras */
444 r
= socket_add_extras(s
);
449 return socket_verify(s
);
452 _const_
static const char* listen_lookup(int family
, int type
) {
454 if (family
== AF_NETLINK
)
455 return "ListenNetlink";
457 if (type
== SOCK_STREAM
)
458 return "ListenStream";
459 else if (type
== SOCK_DGRAM
)
460 return "ListenDatagram";
461 else if (type
== SOCK_SEQPACKET
)
462 return "ListenSequentialPacket";
464 assert_not_reached("Unknown socket type");
468 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
469 char time_string
[FORMAT_TIMESPAN_MAX
];
471 Socket
*s
= SOCKET(u
);
478 prefix
= strempty(prefix
);
479 prefix2
= strjoina(prefix
, "\t");
482 "%sSocket State: %s\n"
484 "%sBindIPv6Only: %s\n"
486 "%sSocketMode: %04o\n"
487 "%sDirectoryMode: %04o\n"
491 "%sTransparent: %s\n"
493 "%sPassCredentials: %s\n"
494 "%sPassSecurity: %s\n"
495 "%sTCPCongestion: %s\n"
496 "%sRemoveOnStop: %s\n"
497 "%sSELinuxContextFromNet: %s\n",
498 prefix
, socket_state_to_string(s
->state
),
499 prefix
, socket_result_to_string(s
->result
),
500 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
502 prefix
, s
->socket_mode
,
503 prefix
, s
->directory_mode
,
504 prefix
, yes_no(s
->keep_alive
),
505 prefix
, yes_no(s
->no_delay
),
506 prefix
, yes_no(s
->free_bind
),
507 prefix
, yes_no(s
->transparent
),
508 prefix
, yes_no(s
->broadcast
),
509 prefix
, yes_no(s
->pass_cred
),
510 prefix
, yes_no(s
->pass_sec
),
511 prefix
, strna(s
->tcp_congestion
),
512 prefix
, yes_no(s
->remove_on_stop
),
513 prefix
, yes_no(s
->selinux_context_from_net
));
515 if (s
->control_pid
> 0)
517 "%sControl PID: "PID_FMT
"\n",
518 prefix
, s
->control_pid
);
520 if (s
->bind_to_device
)
522 "%sBindToDevice: %s\n",
523 prefix
, s
->bind_to_device
);
528 "%sNConnections: %u\n"
529 "%sMaxConnections: %u\n",
530 prefix
, s
->n_accepted
,
531 prefix
, s
->n_connections
,
532 prefix
, s
->max_connections
);
534 if (s
->priority
>= 0)
537 prefix
, s
->priority
);
539 if (s
->receive_buffer
> 0)
541 "%sReceiveBuffer: %zu\n",
542 prefix
, s
->receive_buffer
);
544 if (s
->send_buffer
> 0)
546 "%sSendBuffer: %zu\n",
547 prefix
, s
->send_buffer
);
559 if (s
->pipe_size
> 0)
562 prefix
, s
->pipe_size
);
569 if (s
->mq_maxmsg
> 0)
571 "%sMessageQueueMaxMessages: %li\n",
572 prefix
, s
->mq_maxmsg
);
574 if (s
->mq_msgsize
> 0)
576 "%sMessageQueueMessageSize: %li\n",
577 prefix
, s
->mq_msgsize
);
582 prefix
, yes_no(s
->reuse_port
));
586 "%sSmackLabel: %s\n",
591 "%sSmackLabelIPIn: %s\n",
592 prefix
, s
->smack_ip_in
);
596 "%sSmackLabelIPOut: %s\n",
597 prefix
, s
->smack_ip_out
);
599 if (!isempty(s
->user
) || !isempty(s
->group
))
602 "%sOwnerGroup: %s\n",
603 prefix
, strna(s
->user
),
604 prefix
, strna(s
->group
));
606 if (s
->keep_alive_time
> 0)
608 "%sKeepAliveTimeSec: %s\n",
609 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
611 if (s
->keep_alive_interval
)
613 "%sKeepAliveIntervalSec: %s\n",
614 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
616 if (s
->keep_alive_cnt
)
618 "%sKeepAliveProbes: %u\n",
619 prefix
, s
->keep_alive_cnt
);
623 "%sDeferAcceptSec: %s\n",
624 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
626 LIST_FOREACH(port
, p
, s
->ports
) {
628 if (p
->type
== SOCKET_SOCKET
) {
633 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
638 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
640 } else if (p
->type
== SOCKET_SPECIAL
)
641 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
642 else if (p
->type
== SOCKET_MQUEUE
)
643 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
645 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
648 exec_context_dump(&s
->exec_context
, f
, prefix
);
649 kill_context_dump(&s
->kill_context
, f
, prefix
);
651 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
652 if (!s
->exec_command
[c
])
655 fprintf(f
, "%s-> %s:\n",
656 prefix
, socket_exec_command_to_string(c
));
658 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
662 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
665 union sockaddr_union local
, remote
;
671 if (getsockname(fd
, &local
.sa
, &l
) < 0)
675 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
678 switch (local
.sa
.sa_family
) {
682 a
= ntohl(local
.in
.sin_addr
.s_addr
),
683 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
686 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
688 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
689 ntohs(local
.in
.sin_port
),
690 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
691 ntohs(remote
.in
.sin_port
)) < 0)
698 static const unsigned char ipv4_prefix
[] = {
699 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
703 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
705 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
706 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
709 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
711 a
[0], a
[1], a
[2], a
[3],
712 ntohs(local
.in6
.sin6_port
),
713 b
[0], b
[1], b
[2], b
[3],
714 ntohs(remote
.in6
.sin6_port
)) < 0)
717 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
722 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
723 ntohs(local
.in6
.sin6_port
),
724 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
725 ntohs(remote
.in6
.sin6_port
)) < 0)
736 k
= getpeercred(fd
, &ucred
);
739 "%u-"PID_FMT
"-"UID_FMT
,
740 nr
, ucred
.pid
, ucred
.uid
) < 0)
742 } else if (k
== -ENODATA
) {
743 /* This handles the case where somebody is
744 * connecting from another pid/uid namespace
745 * (e.g. from outside of our container). */
757 assert_not_reached("Unhandled socket type.");
764 static void socket_close_fds(Socket
*s
) {
770 LIST_FOREACH(port
, p
, s
->ports
) {
772 p
->event_source
= sd_event_source_unref(p
->event_source
);
777 p
->fd
= safe_close(p
->fd
);
779 /* One little note: we should normally not delete any
780 * sockets in the file system here! After all some
781 * other process we spawned might still have a
782 * reference of this fd and wants to continue to use
783 * it. Therefore we delete sockets in the file system
784 * before we create a new one, not after we stopped
787 if (s
->remove_on_stop
) {
799 socket_address_unlink(&p
->address
);
808 if (s
->remove_on_stop
)
809 STRV_FOREACH(i
, s
->symlinks
)
813 static void socket_apply_socket_options(Socket
*s
, int fd
) {
820 int b
= s
->keep_alive
;
821 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
822 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
825 if (s
->keep_alive_time
) {
826 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
827 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
828 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
831 if (s
->keep_alive_interval
) {
832 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
833 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
834 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
837 if (s
->keep_alive_cnt
) {
838 int value
= s
->keep_alive_cnt
;
839 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
840 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
843 if (s
->defer_accept
) {
844 int value
= s
->defer_accept
/ USEC_PER_SEC
;
845 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
846 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
851 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
852 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
857 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
858 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
863 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
864 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
869 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
870 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
873 if (s
->priority
>= 0)
874 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
875 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
877 if (s
->receive_buffer
> 0) {
878 int value
= (int) s
->receive_buffer
;
880 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
882 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
883 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
884 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
887 if (s
->send_buffer
> 0) {
888 int value
= (int) s
->send_buffer
;
889 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
890 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
891 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
895 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
896 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
899 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
900 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
902 if (s
->ip_ttl
>= 0) {
905 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
907 if (socket_ipv6_is_supported())
908 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
911 errno
= EAFNOSUPPORT
;
915 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
918 if (s
->tcp_congestion
)
919 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
920 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
922 if (s
->smack_ip_in
) {
923 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPIN
, s
->smack_ip_in
);
925 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
928 if (s
->smack_ip_out
) {
929 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_IPOUT
, s
->smack_ip_out
);
931 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
935 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
941 if (s
->pipe_size
> 0)
942 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
943 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
946 r
= mac_smack_apply_fd(fd
, SMACK_ATTR_ACCESS
, s
->smack
);
948 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
952 static int fifo_address_create(
954 mode_t directory_mode
,
965 mkdir_parents_label(path
, directory_mode
);
967 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
971 /* Enforce the right access mode for the fifo */
972 old_mask
= umask(~ socket_mode
);
974 /* Include the original umask in our mask */
975 umask(~socket_mode
| old_mask
);
977 r
= mkfifo(path
, socket_mode
);
980 if (r
< 0 && errno
!= EEXIST
) {
985 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
990 mac_selinux_create_file_clear();
992 if (fstat(fd
, &st
) < 0) {
997 if (!S_ISFIFO(st
.st_mode
) ||
998 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
999 st
.st_uid
!= getuid() ||
1000 st
.st_gid
!= getgid()) {
1010 mac_selinux_create_file_clear();
1016 static int special_address_create(
1026 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1032 if (fstat(fd
, &st
) < 0) {
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1052 static int mq_address_create(
1062 struct mq_attr _attr
, *attr
= NULL
;
1067 if (maxmsg
> 0 && msgsize
> 0) {
1069 _attr
.mq_flags
= O_NONBLOCK
;
1070 _attr
.mq_maxmsg
= maxmsg
;
1071 _attr
.mq_msgsize
= msgsize
;
1075 /* Enforce the right access mode for the mq */
1076 old_mask
= umask(~ mq_mode
);
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode
| old_mask
);
1080 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1088 if (fstat(fd
, &st
) < 0) {
1093 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1094 st
.st_uid
!= getuid() ||
1095 st
.st_gid
!= getgid()) {
1109 static int socket_symlink(Socket
*s
) {
1115 p
= socket_find_symlink_target(s
);
1119 STRV_FOREACH(i
, s
->symlinks
)
1120 symlink_label(p
, *i
);
1125 static int socket_open_fds(Socket
*s
) {
1129 bool know_label
= false;
1133 LIST_FOREACH(port
, p
, s
->ports
) {
1138 if (p
->type
== SOCKET_SOCKET
) {
1141 /* Figure out label, if we don't it know
1142 * yet. We do it once, for the first
1143 * socket where we need this and
1144 * remember it for the rest. */
1146 if (s
->selinux_context_from_net
) {
1147 /* Get it from the network label */
1149 r
= mac_selinux_get_our_label(&label
);
1150 if (r
< 0 && r
!= -EOPNOTSUPP
)
1154 /* Get it from the executable we are about to start */
1156 r
= socket_instantiate_service(s
);
1160 if (UNIT_ISSET(s
->service
) &&
1161 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1162 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1163 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1171 r
= socket_address_listen(
1173 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1187 socket_apply_socket_options(s
, p
->fd
);
1190 } else if (p
->type
== SOCKET_SPECIAL
) {
1192 r
= special_address_create(
1198 } else if (p
->type
== SOCKET_FIFO
) {
1200 r
= fifo_address_create(
1208 socket_apply_fifo_options(s
, p
->fd
);
1211 } else if (p
->type
== SOCKET_MQUEUE
) {
1213 r
= mq_address_create(
1222 assert_not_reached("Unknown port type");
1225 mac_selinux_free(label
);
1229 socket_close_fds(s
);
1230 mac_selinux_free(label
);
1235 static void socket_unwatch_fds(Socket
*s
) {
1241 LIST_FOREACH(port
, p
, s
->ports
) {
1245 if (!p
->event_source
)
1248 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1250 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1254 static int socket_watch_fds(Socket
*s
) {
1260 LIST_FOREACH(port
, p
, s
->ports
) {
1264 if (p
->event_source
) {
1265 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1269 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1273 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1280 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1281 socket_unwatch_fds(s
);
1285 static void socket_set_state(Socket
*s
, SocketState state
) {
1286 SocketState old_state
;
1289 old_state
= s
->state
;
1297 SOCKET_STOP_PRE_SIGTERM
,
1298 SOCKET_STOP_PRE_SIGKILL
,
1300 SOCKET_FINAL_SIGTERM
,
1301 SOCKET_FINAL_SIGKILL
)) {
1303 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1304 socket_unwatch_control_pid(s
);
1305 s
->control_command
= NULL
;
1306 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1309 if (state
!= SOCKET_LISTENING
)
1310 socket_unwatch_fds(s
);
1318 SOCKET_STOP_PRE_SIGTERM
,
1319 SOCKET_STOP_PRE_SIGKILL
))
1320 socket_close_fds(s
);
1322 if (state
!= old_state
)
1323 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1325 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1328 static int socket_coldplug(Unit
*u
) {
1329 Socket
*s
= SOCKET(u
);
1333 assert(s
->state
== SOCKET_DEAD
);
1335 if (s
->deserialized_state
== s
->state
)
1338 if (IN_SET(s
->deserialized_state
,
1343 SOCKET_STOP_PRE_SIGTERM
,
1344 SOCKET_STOP_PRE_SIGKILL
,
1346 SOCKET_FINAL_SIGTERM
,
1347 SOCKET_FINAL_SIGKILL
)) {
1349 if (s
->control_pid
<= 0)
1352 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1356 r
= socket_arm_timer(s
);
1361 if (IN_SET(s
->deserialized_state
,
1367 SOCKET_STOP_PRE_SIGTERM
,
1368 SOCKET_STOP_PRE_SIGKILL
)) {
1369 r
= socket_open_fds(s
);
1374 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1375 r
= socket_watch_fds(s
);
1380 socket_set_state(s
, s
->deserialized_state
);
1384 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1385 _cleanup_free_
char **argv
= NULL
;
1388 ExecParameters exec_params
= {
1389 .apply_permissions
= true,
1390 .apply_chroot
= true,
1391 .apply_tty_stdin
= true,
1392 .bus_endpoint_fd
= -1,
1399 (void) unit_realize_cgroup(UNIT(s
));
1400 if (s
->reset_cpu_usage
) {
1401 (void) unit_reset_cpu_usage(UNIT(s
));
1402 s
->reset_cpu_usage
= false;
1405 r
= unit_setup_exec_runtime(UNIT(s
));
1409 r
= socket_arm_timer(s
);
1413 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1417 exec_params
.argv
= argv
;
1418 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1419 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1420 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1421 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1422 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1423 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1425 r
= exec_spawn(UNIT(s
),
1434 r
= unit_watch_pid(UNIT(s
), pid
);
1436 /* FIXME: we need to do something here */
1443 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1447 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1451 r
= socket_arm_timer(s
);
1455 /* We have to resolve the user names out-of-process, hence
1456 * let's fork here. It's messy, but well, what can we do? */
1464 uid_t uid
= UID_INVALID
;
1465 gid_t gid
= GID_INVALID
;
1468 (void) default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1469 (void) ignore_signals(SIGPIPE
, -1);
1472 if (!isempty(s
->user
)) {
1473 const char *user
= s
->user
;
1475 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1482 if (!isempty(s
->group
)) {
1483 const char *group
= s
->group
;
1485 r
= get_group_creds(&group
, &gid
);
1492 LIST_FOREACH(port
, p
, s
->ports
) {
1493 const char *path
= NULL
;
1495 if (p
->type
== SOCKET_SOCKET
)
1496 path
= socket_address_get_path(&p
->address
);
1497 else if (p
->type
== SOCKET_FIFO
)
1503 if (chown(path
, uid
, gid
) < 0) {
1514 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1519 r
= unit_watch_pid(UNIT(s
), pid
);
1527 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1531 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1534 if (f
!= SOCKET_SUCCESS
)
1537 exec_runtime_destroy(s
->exec_runtime
);
1538 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1540 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1542 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1545 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1547 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1551 if (f
!= SOCKET_SUCCESS
)
1554 socket_unwatch_control_pid(s
);
1555 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1556 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1558 if (s
->control_command
) {
1559 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1563 socket_set_state(s
, SOCKET_STOP_POST
);
1565 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1570 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1571 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1574 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1579 if (f
!= SOCKET_SUCCESS
)
1582 r
= unit_kill_context(
1585 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1586 KILL_KILL
: KILL_TERMINATE
,
1594 r
= socket_arm_timer(s
);
1598 socket_set_state(s
, state
);
1599 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1600 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1601 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1602 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1603 else if (state
== SOCKET_FINAL_SIGTERM
)
1604 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1606 socket_enter_dead(s
, SOCKET_SUCCESS
);
1611 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1613 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1614 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1616 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1619 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1623 if (f
!= SOCKET_SUCCESS
)
1626 socket_unwatch_control_pid(s
);
1627 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1628 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1630 if (s
->control_command
) {
1631 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1635 socket_set_state(s
, SOCKET_STOP_PRE
);
1637 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1642 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1643 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1646 static void socket_enter_listening(Socket
*s
) {
1650 r
= socket_watch_fds(s
);
1652 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1656 socket_set_state(s
, SOCKET_LISTENING
);
1660 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1663 static void socket_enter_start_post(Socket
*s
) {
1667 socket_unwatch_control_pid(s
);
1668 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1669 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1671 if (s
->control_command
) {
1672 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1674 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1678 socket_set_state(s
, SOCKET_START_POST
);
1680 socket_enter_listening(s
);
1685 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1688 static void socket_enter_start_chown(Socket
*s
) {
1693 r
= socket_open_fds(s
);
1695 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1699 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1701 socket_unwatch_control_pid(s
);
1702 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1703 s
->control_command
= NULL
;
1705 r
= socket_chown(s
, &s
->control_pid
);
1707 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1711 socket_set_state(s
, SOCKET_START_CHOWN
);
1713 socket_enter_start_post(s
);
1718 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1721 static void socket_enter_start_pre(Socket
*s
) {
1725 socket_unwatch_control_pid(s
);
1726 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1727 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1729 if (s
->control_command
) {
1730 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1732 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1736 socket_set_state(s
, SOCKET_START_PRE
);
1738 socket_enter_start_chown(s
);
1743 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1746 static void socket_enter_running(Socket
*s
, int cfd
) {
1747 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1752 /* We don't take connections anymore if we are supposed to
1753 * shut down anyway */
1754 if (unit_stop_pending(UNIT(s
))) {
1756 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1761 /* Flush all sockets by closing and reopening them */
1762 socket_close_fds(s
);
1764 r
= socket_open_fds(s
);
1766 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1767 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1771 r
= socket_watch_fds(s
);
1773 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1774 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1784 bool pending
= false;
1786 /* If there's already a start pending don't bother to
1788 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1789 if (unit_active_or_pending(other
)) {
1795 if (!UNIT_ISSET(s
->service
)) {
1796 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1801 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1806 socket_set_state(s
, SOCKET_RUNNING
);
1808 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1811 if (s
->n_connections
>= s
->max_connections
) {
1812 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1817 r
= socket_instantiate_service(s
);
1821 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1826 /* ENOTCONN is legitimate if TCP RST was received.
1827 * This connection is over, but the socket unit lives on. */
1832 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1836 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1840 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1844 service
= SERVICE(UNIT_DEREF(s
->service
));
1845 unit_ref_unset(&s
->service
);
1848 UNIT(service
)->no_gc
= false;
1850 unit_choose_id(UNIT(service
), name
);
1852 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1857 s
->n_connections
++;
1859 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1863 /* Notify clients about changed counters */
1864 unit_add_to_dbus_queue(UNIT(s
));
1870 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1871 cfd
>= 0 ? "template" : "non-template",
1872 bus_error_message(&error
, r
));
1874 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1878 static void socket_run_next(Socket
*s
) {
1882 assert(s
->control_command
);
1883 assert(s
->control_command
->command_next
);
1885 socket_unwatch_control_pid(s
);
1887 s
->control_command
= s
->control_command
->command_next
;
1889 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1896 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1898 if (s
->state
== SOCKET_START_POST
)
1899 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1900 else if (s
->state
== SOCKET_STOP_POST
)
1901 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1903 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1906 static int socket_start(Unit
*u
) {
1907 Socket
*s
= SOCKET(u
);
1911 /* We cannot fulfill this request right now, try again later
1913 if (IN_SET(s
->state
,
1915 SOCKET_STOP_PRE_SIGKILL
,
1916 SOCKET_STOP_PRE_SIGTERM
,
1918 SOCKET_FINAL_SIGTERM
,
1919 SOCKET_FINAL_SIGKILL
))
1922 /* Already on it! */
1923 if (IN_SET(s
->state
,
1929 /* Cannot run this without the service being around */
1930 if (UNIT_ISSET(s
->service
)) {
1933 service
= SERVICE(UNIT_DEREF(s
->service
));
1935 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1936 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1940 /* If the service is already active we cannot start the
1942 if (service
->state
!= SERVICE_DEAD
&&
1943 service
->state
!= SERVICE_FAILED
&&
1944 service
->state
!= SERVICE_AUTO_RESTART
) {
1945 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1950 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1952 s
->result
= SOCKET_SUCCESS
;
1953 s
->reset_cpu_usage
= true;
1955 socket_enter_start_pre(s
);
1960 static int socket_stop(Unit
*u
) {
1961 Socket
*s
= SOCKET(u
);
1966 if (IN_SET(s
->state
,
1968 SOCKET_STOP_PRE_SIGTERM
,
1969 SOCKET_STOP_PRE_SIGKILL
,
1971 SOCKET_FINAL_SIGTERM
,
1972 SOCKET_FINAL_SIGKILL
))
1975 /* If there's already something running we go directly into
1977 if (IN_SET(s
->state
,
1980 SOCKET_START_POST
)) {
1981 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1985 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1987 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1991 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1992 Socket
*s
= SOCKET(u
);
2000 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2001 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2002 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2004 if (s
->control_pid
> 0)
2005 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2007 if (s
->control_command_id
>= 0)
2008 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2010 LIST_FOREACH(port
, p
, s
->ports
) {
2016 copy
= fdset_put_dup(fds
, p
->fd
);
2020 if (p
->type
== SOCKET_SOCKET
) {
2021 _cleanup_free_
char *t
= NULL
;
2023 r
= socket_address_print(&p
->address
, &t
);
2027 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2028 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2030 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2032 } else if (p
->type
== SOCKET_SPECIAL
)
2033 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2034 else if (p
->type
== SOCKET_MQUEUE
)
2035 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2037 assert(p
->type
== SOCKET_FIFO
);
2038 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2045 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2046 Socket
*s
= SOCKET(u
);
2052 if (streq(key
, "state")) {
2055 state
= socket_state_from_string(value
);
2057 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2059 s
->deserialized_state
= state
;
2060 } else if (streq(key
, "result")) {
2063 f
= socket_result_from_string(value
);
2065 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2066 else if (f
!= SOCKET_SUCCESS
)
2069 } else if (streq(key
, "n-accepted")) {
2072 if (safe_atou(value
, &k
) < 0)
2073 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2076 } else if (streq(key
, "control-pid")) {
2079 if (parse_pid(value
, &pid
) < 0)
2080 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2082 s
->control_pid
= pid
;
2083 } else if (streq(key
, "control-command")) {
2084 SocketExecCommand id
;
2086 id
= socket_exec_command_from_string(value
);
2088 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2090 s
->control_command_id
= id
;
2091 s
->control_command
= s
->exec_command
[id
];
2093 } else if (streq(key
, "fifo")) {
2097 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2098 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2101 LIST_FOREACH(port
, p
, s
->ports
)
2102 if (p
->type
== SOCKET_FIFO
&&
2103 path_equal_or_files_same(p
->path
, value
+skip
))
2108 p
->fd
= fdset_remove(fds
, fd
);
2112 } else if (streq(key
, "special")) {
2116 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2117 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2120 LIST_FOREACH(port
, p
, s
->ports
)
2121 if (p
->type
== SOCKET_SPECIAL
&&
2122 path_equal_or_files_same(p
->path
, value
+skip
))
2127 p
->fd
= fdset_remove(fds
, fd
);
2131 } else if (streq(key
, "mqueue")) {
2135 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2136 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2139 LIST_FOREACH(port
, p
, s
->ports
)
2140 if (p
->type
== SOCKET_MQUEUE
&&
2141 streq(p
->path
, value
+skip
))
2146 p
->fd
= fdset_remove(fds
, fd
);
2150 } else if (streq(key
, "socket")) {
2151 int fd
, type
, skip
= 0;
2154 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2155 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2158 LIST_FOREACH(port
, p
, s
->ports
)
2159 if (socket_address_is(&p
->address
, value
+skip
, type
))
2164 p
->fd
= fdset_remove(fds
, fd
);
2168 } else if (streq(key
, "netlink")) {
2172 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2173 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2176 LIST_FOREACH(port
, p
, s
->ports
)
2177 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2182 p
->fd
= fdset_remove(fds
, fd
);
2186 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2191 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2192 Socket
*s
= SOCKET(u
);
2197 LIST_FOREACH(port
, p
, s
->ports
) {
2201 if (p
->type
!= SOCKET_SOCKET
)
2207 FDSET_FOREACH(fd
, fds
, i
) {
2208 if (socket_address_matches_fd(&p
->address
, fd
)) {
2209 p
->fd
= fdset_remove(fds
, fd
);
2210 s
->deserialized_state
= SOCKET_LISTENING
;
2219 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2222 return state_translation_table
[SOCKET(u
)->state
];
2225 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2228 return socket_state_to_string(SOCKET(u
)->state
);
2231 const char* socket_port_type_to_string(SocketPort
*p
) {
2239 switch (p
->address
.type
) {
2247 case SOCK_SEQPACKET
:
2248 return "SequentialPacket";
2251 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2258 case SOCKET_SPECIAL
:
2262 return "MessageQueue";
2272 _pure_
static bool socket_check_gc(Unit
*u
) {
2273 Socket
*s
= SOCKET(u
);
2277 return s
->n_connections
> 0;
2280 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2281 SocketPort
*p
= userdata
;
2287 if (p
->socket
->state
!= SOCKET_LISTENING
)
2290 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2292 if (revents
!= EPOLLIN
) {
2294 if (revents
& EPOLLHUP
)
2295 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2297 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2302 if (p
->socket
->accept
&&
2303 p
->type
== SOCKET_SOCKET
&&
2304 socket_address_can_accept(&p
->address
)) {
2308 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2314 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2321 socket_apply_socket_options(p
->socket
, cfd
);
2324 socket_enter_running(p
->socket
, cfd
);
2328 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2332 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2333 Socket
*s
= SOCKET(u
);
2339 if (pid
!= s
->control_pid
)
2344 if (is_clean_exit(code
, status
, NULL
))
2346 else if (code
== CLD_EXITED
)
2347 f
= SOCKET_FAILURE_EXIT_CODE
;
2348 else if (code
== CLD_KILLED
)
2349 f
= SOCKET_FAILURE_SIGNAL
;
2350 else if (code
== CLD_DUMPED
)
2351 f
= SOCKET_FAILURE_CORE_DUMP
;
2353 assert_not_reached("Unknown sigchld code");
2355 if (s
->control_command
) {
2356 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2358 if (s
->control_command
->ignore
)
2362 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2363 "Control process exited, code=%s status=%i",
2364 sigchld_code_to_string(code
), status
);
2366 if (f
!= SOCKET_SUCCESS
)
2369 if (s
->control_command
&&
2370 s
->control_command
->command_next
&&
2371 f
== SOCKET_SUCCESS
) {
2373 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2376 s
->control_command
= NULL
;
2377 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2379 /* No further commands for this step, so let's figure
2380 * out what to do next */
2382 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2386 case SOCKET_START_PRE
:
2387 if (f
== SOCKET_SUCCESS
)
2388 socket_enter_start_chown(s
);
2390 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2393 case SOCKET_START_CHOWN
:
2394 if (f
== SOCKET_SUCCESS
)
2395 socket_enter_start_post(s
);
2397 socket_enter_stop_pre(s
, f
);
2400 case SOCKET_START_POST
:
2401 if (f
== SOCKET_SUCCESS
)
2402 socket_enter_listening(s
);
2404 socket_enter_stop_pre(s
, f
);
2407 case SOCKET_STOP_PRE
:
2408 case SOCKET_STOP_PRE_SIGTERM
:
2409 case SOCKET_STOP_PRE_SIGKILL
:
2410 socket_enter_stop_post(s
, f
);
2413 case SOCKET_STOP_POST
:
2414 case SOCKET_FINAL_SIGTERM
:
2415 case SOCKET_FINAL_SIGKILL
:
2416 socket_enter_dead(s
, f
);
2420 assert_not_reached("Uh, control process died at wrong time.");
2424 /* Notify clients about changed exit status */
2425 unit_add_to_dbus_queue(u
);
2428 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2429 Socket
*s
= SOCKET(userdata
);
2432 assert(s
->timer_event_source
== source
);
2436 case SOCKET_START_PRE
:
2437 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2438 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2441 case SOCKET_START_CHOWN
:
2442 case SOCKET_START_POST
:
2443 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2444 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2447 case SOCKET_STOP_PRE
:
2448 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2449 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2452 case SOCKET_STOP_PRE_SIGTERM
:
2453 if (s
->kill_context
.send_sigkill
) {
2454 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2455 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2457 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2458 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2462 case SOCKET_STOP_PRE_SIGKILL
:
2463 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2464 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2467 case SOCKET_STOP_POST
:
2468 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2469 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2472 case SOCKET_FINAL_SIGTERM
:
2473 if (s
->kill_context
.send_sigkill
) {
2474 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2475 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2477 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2478 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2482 case SOCKET_FINAL_SIGKILL
:
2483 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2484 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2488 assert_not_reached("Timeout at wrong time.");
2494 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2503 /* Called from the service code for requesting our fds */
2506 LIST_FOREACH(port
, p
, s
->ports
)
2516 rfds
= new(int, rn_fds
);
2521 LIST_FOREACH(port
, p
, s
->ports
)
2525 assert(k
== rn_fds
);
2533 static void socket_reset_failed(Unit
*u
) {
2534 Socket
*s
= SOCKET(u
);
2538 if (s
->state
== SOCKET_FAILED
)
2539 socket_set_state(s
, SOCKET_DEAD
);
2541 s
->result
= SOCKET_SUCCESS
;
2544 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2547 /* The service is dead. Dang!
2549 * This is strictly for one-instance-for-all-connections
2552 if (s
->state
== SOCKET_RUNNING
) {
2553 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2554 if (failed_permanent
)
2555 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2557 socket_enter_listening(s
);
2561 void socket_connection_unref(Socket
*s
) {
2564 /* The service is dead. Yay!
2566 * This is strictly for one-instance-per-connection
2569 assert(s
->n_connections
> 0);
2572 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2575 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2576 Socket
*s
= SOCKET(u
);
2582 /* Don't propagate state changes from the service if we are
2583 already down or accepting connections */
2584 if ((s
->state
!= SOCKET_RUNNING
&&
2585 s
->state
!= SOCKET_LISTENING
) ||
2589 if (other
->load_state
!= UNIT_LOADED
||
2590 other
->type
!= UNIT_SERVICE
)
2593 se
= SERVICE(other
);
2595 if (se
->state
== SERVICE_FAILED
)
2596 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2598 if (se
->state
== SERVICE_DEAD
||
2599 se
->state
== SERVICE_FINAL_SIGTERM
||
2600 se
->state
== SERVICE_FINAL_SIGKILL
||
2601 se
->state
== SERVICE_AUTO_RESTART
)
2602 socket_notify_service_dead(s
, false);
2604 if (se
->state
== SERVICE_RUNNING
)
2605 socket_set_state(s
, SOCKET_RUNNING
);
2608 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2609 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2612 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2613 Socket
*s
= SOCKET(u
);
2616 if (!s
->timer_event_source
)
2619 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2626 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2627 [SOCKET_DEAD
] = "dead",
2628 [SOCKET_START_PRE
] = "start-pre",
2629 [SOCKET_START_CHOWN
] = "start-chown",
2630 [SOCKET_START_POST
] = "start-post",
2631 [SOCKET_LISTENING
] = "listening",
2632 [SOCKET_RUNNING
] = "running",
2633 [SOCKET_STOP_PRE
] = "stop-pre",
2634 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2635 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2636 [SOCKET_STOP_POST
] = "stop-post",
2637 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2638 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2639 [SOCKET_FAILED
] = "failed"
2642 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2644 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2645 [SOCKET_EXEC_START_PRE
] = "StartPre",
2646 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2647 [SOCKET_EXEC_START_POST
] = "StartPost",
2648 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2649 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2652 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2654 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2655 [SOCKET_SUCCESS
] = "success",
2656 [SOCKET_FAILURE_RESOURCES
] = "resources",
2657 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2658 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2659 [SOCKET_FAILURE_SIGNAL
] = "signal",
2660 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2661 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2664 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2666 const UnitVTable socket_vtable
= {
2667 .object_size
= sizeof(Socket
),
2668 .exec_context_offset
= offsetof(Socket
, exec_context
),
2669 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2670 .kill_context_offset
= offsetof(Socket
, kill_context
),
2671 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2677 .private_section
= "Socket",
2679 .init
= socket_init
,
2680 .done
= socket_done
,
2681 .load
= socket_load
,
2683 .coldplug
= socket_coldplug
,
2685 .dump
= socket_dump
,
2687 .start
= socket_start
,
2688 .stop
= socket_stop
,
2690 .kill
= socket_kill
,
2692 .get_timeout
= socket_get_timeout
,
2694 .serialize
= socket_serialize
,
2695 .deserialize_item
= socket_deserialize_item
,
2696 .distribute_fds
= socket_distribute_fds
,
2698 .active_state
= socket_active_state
,
2699 .sub_state_to_string
= socket_sub_state_to_string
,
2701 .check_gc
= socket_check_gc
,
2703 .sigchld_event
= socket_sigchld_event
,
2705 .trigger_notify
= socket_trigger_notify
,
2707 .reset_failed
= socket_reset_failed
,
2709 .bus_vtable
= bus_socket_vtable
,
2710 .bus_set_property
= bus_socket_set_property
,
2711 .bus_commit_properties
= bus_socket_commit_properties
,
2713 .status_message_formats
= {
2714 /*.starting_stopping = {
2715 [0] = "Starting socket %s...",
2716 [1] = "Stopping socket %s...",
2718 .finished_start_job
= {
2719 [JOB_DONE
] = "Listening on %s.",
2720 [JOB_FAILED
] = "Failed to listen on %s.",
2721 [JOB_TIMEOUT
] = "Timed out starting %s.",
2723 .finished_stop_job
= {
2724 [JOB_DONE
] = "Closed %s.",
2725 [JOB_FAILED
] = "Failed stopping %s.",
2726 [JOB_TIMEOUT
] = "Timed out stopping %s.",