1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
51 #include "formats-util.h"
53 static const UnitActiveState state_translation_table
[_SOCKET_STATE_MAX
] = {
54 [SOCKET_DEAD
] = UNIT_INACTIVE
,
55 [SOCKET_START_PRE
] = UNIT_ACTIVATING
,
56 [SOCKET_START_CHOWN
] = UNIT_ACTIVATING
,
57 [SOCKET_START_POST
] = UNIT_ACTIVATING
,
58 [SOCKET_LISTENING
] = UNIT_ACTIVE
,
59 [SOCKET_RUNNING
] = UNIT_ACTIVE
,
60 [SOCKET_STOP_PRE
] = UNIT_DEACTIVATING
,
61 [SOCKET_STOP_PRE_SIGTERM
] = UNIT_DEACTIVATING
,
62 [SOCKET_STOP_PRE_SIGKILL
] = UNIT_DEACTIVATING
,
63 [SOCKET_STOP_POST
] = UNIT_DEACTIVATING
,
64 [SOCKET_FINAL_SIGTERM
] = UNIT_DEACTIVATING
,
65 [SOCKET_FINAL_SIGKILL
] = UNIT_DEACTIVATING
,
66 [SOCKET_FAILED
] = UNIT_FAILED
69 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
70 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
);
72 static void socket_init(Unit
*u
) {
73 Socket
*s
= SOCKET(u
);
76 assert(u
->load_state
== UNIT_STUB
);
78 s
->backlog
= SOMAXCONN
;
79 s
->timeout_usec
= u
->manager
->default_timeout_start_usec
;
80 s
->directory_mode
= 0755;
81 s
->socket_mode
= 0666;
83 s
->max_connections
= 64;
90 s
->exec_context
.std_output
= u
->manager
->default_std_output
;
91 s
->exec_context
.std_error
= u
->manager
->default_std_error
;
93 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
96 static void socket_unwatch_control_pid(Socket
*s
) {
99 if (s
->control_pid
<= 0)
102 unit_unwatch_pid(UNIT(s
), s
->control_pid
);
106 void socket_free_ports(Socket
*s
) {
111 while ((p
= s
->ports
)) {
112 LIST_REMOVE(port
, s
->ports
, p
);
114 sd_event_source_unref(p
->event_source
);
122 static void socket_done(Unit
*u
) {
123 Socket
*s
= SOCKET(u
);
127 socket_free_ports(s
);
129 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
130 exec_command_free_array(s
->exec_command
, _SOCKET_EXEC_COMMAND_MAX
);
131 s
->control_command
= NULL
;
133 socket_unwatch_control_pid(s
);
135 unit_ref_unset(&s
->service
);
137 free(s
->tcp_congestion
);
138 s
->tcp_congestion
= NULL
;
140 free(s
->bind_to_device
);
141 s
->bind_to_device
= NULL
;
144 free(s
->smack_ip_in
);
145 free(s
->smack_ip_out
);
147 strv_free(s
->symlinks
);
152 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
155 static int socket_arm_timer(Socket
*s
) {
160 if (s
->timeout_usec
<= 0) {
161 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
165 if (s
->timer_event_source
) {
166 r
= sd_event_source_set_time(s
->timer_event_source
, now(CLOCK_MONOTONIC
) + s
->timeout_usec
);
170 return sd_event_source_set_enabled(s
->timer_event_source
, SD_EVENT_ONESHOT
);
173 r
= sd_event_add_time(
174 UNIT(s
)->manager
->event
,
175 &s
->timer_event_source
,
177 now(CLOCK_MONOTONIC
) + s
->timeout_usec
, 0,
178 socket_dispatch_timer
, s
);
182 (void) sd_event_source_set_description(s
->timer_event_source
, "socket-timer");
187 int socket_instantiate_service(Socket
*s
) {
188 _cleanup_free_
char *prefix
= NULL
, *name
= NULL
;
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
199 if (UNIT_DEREF(s
->service
))
205 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
209 if (asprintf(&name
, "%s@%u.service", prefix
, s
->n_accepted
) < 0)
212 r
= manager_load_unit(UNIT(s
)->manager
, name
, NULL
, NULL
, &u
);
217 unit_ref_set(&s
->service
, u
);
219 return unit_add_two_dependencies(UNIT(s
), UNIT_BEFORE
, UNIT_TRIGGERS
, u
, false);
222 static bool have_non_accept_socket(Socket
*s
) {
230 LIST_FOREACH(port
, p
, s
->ports
) {
232 if (p
->type
!= SOCKET_SOCKET
)
235 if (!socket_address_can_accept(&p
->address
))
242 static int socket_add_mount_links(Socket
*s
) {
248 LIST_FOREACH(port
, p
, s
->ports
) {
249 const char *path
= NULL
;
251 if (p
->type
== SOCKET_SOCKET
)
252 path
= socket_address_get_path(&p
->address
);
253 else if (p
->type
== SOCKET_FIFO
|| p
->type
== SOCKET_SPECIAL
)
259 r
= unit_require_mounts_for(UNIT(s
), path
);
267 static int socket_add_device_link(Socket
*s
) {
272 if (!s
->bind_to_device
|| streq(s
->bind_to_device
, "lo"))
275 t
= strjoina("/sys/subsystem/net/devices/", s
->bind_to_device
);
276 return unit_add_node_link(UNIT(s
), t
, false);
279 static int socket_add_default_dependencies(Socket
*s
) {
283 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_BEFORE
, SPECIAL_SOCKETS_TARGET
, NULL
, true);
287 if (UNIT(s
)->manager
->running_as
== MANAGER_SYSTEM
) {
288 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_AFTER
, UNIT_REQUIRES
, SPECIAL_SYSINIT_TARGET
, NULL
, true);
293 return unit_add_two_dependencies_by_name(UNIT(s
), UNIT_BEFORE
, UNIT_CONFLICTS
, SPECIAL_SHUTDOWN_TARGET
, NULL
, true);
296 _pure_
static bool socket_has_exec(Socket
*s
) {
300 for (i
= 0; i
< _SOCKET_EXEC_COMMAND_MAX
; i
++)
301 if (s
->exec_command
[i
])
307 static int socket_add_extras(Socket
*s
) {
313 if (have_non_accept_socket(s
)) {
315 if (!UNIT_DEREF(s
->service
)) {
318 r
= unit_load_related_unit(u
, ".service", &x
);
322 unit_ref_set(&s
->service
, x
);
325 r
= unit_add_two_dependencies(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, UNIT_DEREF(s
->service
), true);
330 r
= socket_add_mount_links(s
);
334 r
= socket_add_device_link(s
);
338 r
= unit_patch_contexts(u
);
342 if (socket_has_exec(s
)) {
343 r
= unit_add_exec_dependencies(u
, &s
->exec_context
);
347 r
= unit_add_default_slice(u
, &s
->cgroup_context
);
352 if (u
->default_dependencies
) {
353 r
= socket_add_default_dependencies(s
);
361 static const char *socket_find_symlink_target(Socket
*s
) {
362 const char *found
= NULL
;
365 LIST_FOREACH(port
, p
, s
->ports
) {
366 const char *f
= NULL
;
375 if (p
->address
.sockaddr
.un
.sun_path
[0] != 0)
376 f
= p
->address
.sockaddr
.un
.sun_path
;
394 static int socket_verify(Socket
*s
) {
397 if (UNIT(s
)->load_state
!= UNIT_LOADED
)
401 log_unit_error(UNIT(s
), "Unit lacks Listen setting. Refusing.");
405 if (s
->accept
&& have_non_accept_socket(s
)) {
406 log_unit_error(UNIT(s
), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
410 if (s
->accept
&& s
->max_connections
<= 0) {
411 log_unit_error(UNIT(s
), "MaxConnection= setting too small. Refusing.");
415 if (s
->accept
&& UNIT_DEREF(s
->service
)) {
416 log_unit_error(UNIT(s
), "Explicit service configuration for accepting socket units not supported. Refusing.");
420 if (s
->exec_context
.pam_name
&& s
->kill_context
.kill_mode
!= KILL_CONTROL_GROUP
) {
421 log_unit_error(UNIT(s
), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
425 if (!strv_isempty(s
->symlinks
) && !socket_find_symlink_target(s
)) {
426 log_unit_error(UNIT(s
), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
433 static int socket_load(Unit
*u
) {
434 Socket
*s
= SOCKET(u
);
438 assert(u
->load_state
== UNIT_STUB
);
440 r
= unit_load_fragment_and_dropin(u
);
444 if (u
->load_state
== UNIT_LOADED
) {
445 /* This is a new unit? Then let's add in some extras */
446 r
= socket_add_extras(s
);
451 return socket_verify(s
);
454 _const_
static const char* listen_lookup(int family
, int type
) {
456 if (family
== AF_NETLINK
)
457 return "ListenNetlink";
459 if (type
== SOCK_STREAM
)
460 return "ListenStream";
461 else if (type
== SOCK_DGRAM
)
462 return "ListenDatagram";
463 else if (type
== SOCK_SEQPACKET
)
464 return "ListenSequentialPacket";
466 assert_not_reached("Unknown socket type");
470 static void socket_dump(Unit
*u
, FILE *f
, const char *prefix
) {
471 char time_string
[FORMAT_TIMESPAN_MAX
];
473 Socket
*s
= SOCKET(u
);
480 prefix
= strempty(prefix
);
481 prefix2
= strjoina(prefix
, "\t");
484 "%sSocket State: %s\n"
486 "%sBindIPv6Only: %s\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
493 "%sTransparent: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix
, socket_state_to_string(s
->state
),
501 prefix
, socket_result_to_string(s
->result
),
502 prefix
, socket_address_bind_ipv6_only_to_string(s
->bind_ipv6_only
),
504 prefix
, s
->socket_mode
,
505 prefix
, s
->directory_mode
,
506 prefix
, yes_no(s
->keep_alive
),
507 prefix
, yes_no(s
->no_delay
),
508 prefix
, yes_no(s
->free_bind
),
509 prefix
, yes_no(s
->transparent
),
510 prefix
, yes_no(s
->broadcast
),
511 prefix
, yes_no(s
->pass_cred
),
512 prefix
, yes_no(s
->pass_sec
),
513 prefix
, strna(s
->tcp_congestion
),
514 prefix
, yes_no(s
->remove_on_stop
),
515 prefix
, yes_no(s
->selinux_context_from_net
));
517 if (s
->control_pid
> 0)
519 "%sControl PID: "PID_FMT
"\n",
520 prefix
, s
->control_pid
);
522 if (s
->bind_to_device
)
524 "%sBindToDevice: %s\n",
525 prefix
, s
->bind_to_device
);
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix
, s
->n_accepted
,
533 prefix
, s
->n_connections
,
534 prefix
, s
->max_connections
);
536 if (s
->priority
>= 0)
539 prefix
, s
->priority
);
541 if (s
->receive_buffer
> 0)
543 "%sReceiveBuffer: %zu\n",
544 prefix
, s
->receive_buffer
);
546 if (s
->send_buffer
> 0)
548 "%sSendBuffer: %zu\n",
549 prefix
, s
->send_buffer
);
561 if (s
->pipe_size
> 0)
564 prefix
, s
->pipe_size
);
571 if (s
->mq_maxmsg
> 0)
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix
, s
->mq_maxmsg
);
576 if (s
->mq_msgsize
> 0)
578 "%sMessageQueueMessageSize: %li\n",
579 prefix
, s
->mq_msgsize
);
584 prefix
, yes_no(s
->reuse_port
));
588 "%sSmackLabel: %s\n",
593 "%sSmackLabelIPIn: %s\n",
594 prefix
, s
->smack_ip_in
);
598 "%sSmackLabelIPOut: %s\n",
599 prefix
, s
->smack_ip_out
);
601 if (!isempty(s
->user
) || !isempty(s
->group
))
604 "%sOwnerGroup: %s\n",
605 prefix
, strna(s
->user
),
606 prefix
, strna(s
->group
));
608 if (s
->keep_alive_time
> 0)
610 "%sKeepAliveTimeSec: %s\n",
611 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_time
, USEC_PER_SEC
));
613 if (s
->keep_alive_interval
)
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->keep_alive_interval
, USEC_PER_SEC
));
618 if (s
->keep_alive_cnt
)
620 "%sKeepAliveProbes: %u\n",
621 prefix
, s
->keep_alive_cnt
);
625 "%sDeferAcceptSec: %s\n",
626 prefix
, format_timespan(time_string
, FORMAT_TIMESPAN_MAX
, s
->defer_accept
, USEC_PER_SEC
));
628 LIST_FOREACH(port
, p
, s
->ports
) {
630 if (p
->type
== SOCKET_SOCKET
) {
635 if ((r
= socket_address_print(&p
->address
, &k
)) < 0)
640 fprintf(f
, "%s%s: %s\n", prefix
, listen_lookup(socket_address_family(&p
->address
), p
->address
.type
), t
);
642 } else if (p
->type
== SOCKET_SPECIAL
)
643 fprintf(f
, "%sListenSpecial: %s\n", prefix
, p
->path
);
644 else if (p
->type
== SOCKET_MQUEUE
)
645 fprintf(f
, "%sListenMessageQueue: %s\n", prefix
, p
->path
);
647 fprintf(f
, "%sListenFIFO: %s\n", prefix
, p
->path
);
650 exec_context_dump(&s
->exec_context
, f
, prefix
);
651 kill_context_dump(&s
->kill_context
, f
, prefix
);
653 for (c
= 0; c
< _SOCKET_EXEC_COMMAND_MAX
; c
++) {
654 if (!s
->exec_command
[c
])
657 fprintf(f
, "%s-> %s:\n",
658 prefix
, socket_exec_command_to_string(c
));
660 exec_command_dump_list(s
->exec_command
[c
], f
, prefix2
);
664 static int instance_from_socket(int fd
, unsigned nr
, char **instance
) {
667 union sockaddr_union local
, remote
;
673 if (getsockname(fd
, &local
.sa
, &l
) < 0)
677 if (getpeername(fd
, &remote
.sa
, &l
) < 0)
680 switch (local
.sa
.sa_family
) {
684 a
= ntohl(local
.in
.sin_addr
.s_addr
),
685 b
= ntohl(remote
.in
.sin_addr
.s_addr
);
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
691 ntohs(local
.in
.sin_port
),
692 b
>> 24, (b
>> 16) & 0xFF, (b
>> 8) & 0xFF, b
& 0xFF,
693 ntohs(remote
.in
.sin_port
)) < 0)
700 static const unsigned char ipv4_prefix
[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
704 if (memcmp(&local
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0 &&
705 memcmp(&remote
.in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
707 *a
= local
.in6
.sin6_addr
.s6_addr
+12,
708 *b
= remote
.in6
.sin6_addr
.s6_addr
+12;
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 a
[0], a
[1], a
[2], a
[3],
714 ntohs(local
.in6
.sin6_port
),
715 b
[0], b
[1], b
[2], b
[3],
716 ntohs(remote
.in6
.sin6_port
)) < 0)
719 char a
[INET6_ADDRSTRLEN
], b
[INET6_ADDRSTRLEN
];
724 inet_ntop(AF_INET6
, &local
.in6
.sin6_addr
, a
, sizeof(a
)),
725 ntohs(local
.in6
.sin6_port
),
726 inet_ntop(AF_INET6
, &remote
.in6
.sin6_addr
, b
, sizeof(b
)),
727 ntohs(remote
.in6
.sin6_port
)) < 0)
738 k
= getpeercred(fd
, &ucred
);
741 "%u-"PID_FMT
"-"UID_FMT
,
742 nr
, ucred
.pid
, ucred
.uid
) < 0)
744 } else if (k
== -ENODATA
) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
759 assert_not_reached("Unhandled socket type.");
766 static void socket_close_fds(Socket
*s
) {
772 LIST_FOREACH(port
, p
, s
->ports
) {
774 p
->event_source
= sd_event_source_unref(p
->event_source
);
779 p
->fd
= safe_close(p
->fd
);
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
789 if (s
->remove_on_stop
) {
801 socket_address_unlink(&p
->address
);
810 if (s
->remove_on_stop
)
811 STRV_FOREACH(i
, s
->symlinks
)
815 static void socket_apply_socket_options(Socket
*s
, int fd
) {
822 int b
= s
->keep_alive
;
823 if (setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &b
, sizeof(b
)) < 0)
824 log_unit_warning_errno(UNIT(s
), errno
, "SO_KEEPALIVE failed: %m");
827 if (s
->keep_alive_time
) {
828 int value
= s
->keep_alive_time
/ USEC_PER_SEC
;
829 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPIDLE
, &value
, sizeof(value
)) < 0)
830 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPIDLE failed: %m");
833 if (s
->keep_alive_interval
) {
834 int value
= s
->keep_alive_interval
/ USEC_PER_SEC
;
835 if (setsockopt(fd
, SOL_TCP
, TCP_KEEPINTVL
, &value
, sizeof(value
)) < 0)
836 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPINTVL failed: %m");
839 if (s
->keep_alive_cnt
) {
840 int value
= s
->keep_alive_cnt
;
841 if (setsockopt(fd
, SOL_SOCKET
, TCP_KEEPCNT
, &value
, sizeof(value
)) < 0)
842 log_unit_warning_errno(UNIT(s
), errno
, "TCP_KEEPCNT failed: %m");
845 if (s
->defer_accept
) {
846 int value
= s
->defer_accept
/ USEC_PER_SEC
;
847 if (setsockopt(fd
, SOL_TCP
, TCP_DEFER_ACCEPT
, &value
, sizeof(value
)) < 0)
848 log_unit_warning_errno(UNIT(s
), errno
, "TCP_DEFER_ACCEPT failed: %m");
853 if (setsockopt(fd
, SOL_TCP
, TCP_NODELAY
, &b
, sizeof(b
)) < 0)
854 log_unit_warning_errno(UNIT(s
), errno
, "TCP_NODELAY failed: %m");
859 if (setsockopt(fd
, SOL_SOCKET
, SO_BROADCAST
, &one
, sizeof(one
)) < 0)
860 log_unit_warning_errno(UNIT(s
), errno
, "SO_BROADCAST failed: %m");
865 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
)) < 0)
866 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSCRED failed: %m");
871 if (setsockopt(fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
)) < 0)
872 log_unit_warning_errno(UNIT(s
), errno
, "SO_PASSSEC failed: %m");
875 if (s
->priority
>= 0)
876 if (setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &s
->priority
, sizeof(s
->priority
)) < 0)
877 log_unit_warning_errno(UNIT(s
), errno
, "SO_PRIORITY failed: %m");
879 if (s
->receive_buffer
> 0) {
880 int value
= (int) s
->receive_buffer
;
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
885 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
886 log_unit_warning_errno(UNIT(s
), errno
, "SO_RCVBUF failed: %m");
889 if (s
->send_buffer
> 0) {
890 int value
= (int) s
->send_buffer
;
891 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
892 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
893 log_unit_warning_errno(UNIT(s
), errno
, "SO_SNDBUF failed: %m");
897 if (setsockopt(fd
, SOL_SOCKET
, SO_MARK
, &s
->mark
, sizeof(s
->mark
)) < 0)
898 log_unit_warning_errno(UNIT(s
), errno
, "SO_MARK failed: %m");
901 if (setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &s
->ip_tos
, sizeof(s
->ip_tos
)) < 0)
902 log_unit_warning_errno(UNIT(s
), errno
, "IP_TOS failed: %m");
904 if (s
->ip_ttl
>= 0) {
907 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
909 if (socket_ipv6_is_supported())
910 x
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &s
->ip_ttl
, sizeof(s
->ip_ttl
));
913 errno
= EAFNOSUPPORT
;
917 log_unit_warning_errno(UNIT(s
), errno
, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
920 if (s
->tcp_congestion
)
921 if (setsockopt(fd
, SOL_TCP
, TCP_CONGESTION
, s
->tcp_congestion
, strlen(s
->tcp_congestion
)+1) < 0)
922 log_unit_warning_errno(UNIT(s
), errno
, "TCP_CONGESTION failed: %m");
925 int b
= s
->reuse_port
;
926 if (setsockopt(fd
, SOL_SOCKET
, SO_REUSEPORT
, &b
, sizeof(b
)) < 0)
927 log_unit_warning_errno(UNIT(s
), errno
, "SO_REUSEPORT failed: %m");
930 if (s
->smack_ip_in
) {
931 r
= mac_smack_apply_ip_in_fd(fd
, s
->smack_ip_in
);
933 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_in_fd: %m");
936 if (s
->smack_ip_out
) {
937 r
= mac_smack_apply_ip_out_fd(fd
, s
->smack_ip_out
);
939 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_ip_out_fd: %m");
943 static void socket_apply_fifo_options(Socket
*s
, int fd
) {
949 if (s
->pipe_size
> 0)
950 if (fcntl(fd
, F_SETPIPE_SZ
, s
->pipe_size
) < 0)
951 log_unit_warning_errno(UNIT(s
), errno
, "F_SETPIPE_SZ: %m");
954 r
= mac_smack_apply_fd(fd
, s
->smack
);
956 log_unit_error_errno(UNIT(s
), r
, "mac_smack_apply_fd: %m");
960 static int fifo_address_create(
962 mode_t directory_mode
,
973 mkdir_parents_label(path
, directory_mode
);
975 r
= mac_selinux_create_file_prepare(path
, S_IFIFO
);
979 /* Enforce the right access mode for the fifo */
980 old_mask
= umask(~ socket_mode
);
982 /* Include the original umask in our mask */
983 umask(~socket_mode
| old_mask
);
985 r
= mkfifo(path
, socket_mode
);
988 if (r
< 0 && errno
!= EEXIST
) {
993 if ((fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
)) < 0) {
998 mac_selinux_create_file_clear();
1000 if (fstat(fd
, &st
) < 0) {
1005 if (!S_ISFIFO(st
.st_mode
) ||
1006 (st
.st_mode
& 0777) != (socket_mode
& ~old_mask
) ||
1007 st
.st_uid
!= getuid() ||
1008 st
.st_gid
!= getgid()) {
1018 mac_selinux_create_file_clear();
1024 static int special_address_create(
1034 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
|O_NOFOLLOW
);
1040 if (fstat(fd
, &st
) < 0) {
1045 /* Check whether this is a /proc, /sys or /dev file or char device */
1046 if (!S_ISREG(st
.st_mode
) && !S_ISCHR(st
.st_mode
)) {
1060 static int mq_address_create(
1070 struct mq_attr _attr
, *attr
= NULL
;
1075 if (maxmsg
> 0 && msgsize
> 0) {
1077 _attr
.mq_flags
= O_NONBLOCK
;
1078 _attr
.mq_maxmsg
= maxmsg
;
1079 _attr
.mq_msgsize
= msgsize
;
1083 /* Enforce the right access mode for the mq */
1084 old_mask
= umask(~ mq_mode
);
1086 /* Include the original umask in our mask */
1087 umask(~mq_mode
| old_mask
);
1088 fd
= mq_open(path
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_CREAT
, mq_mode
, attr
);
1096 if (fstat(fd
, &st
) < 0) {
1101 if ((st
.st_mode
& 0777) != (mq_mode
& ~old_mask
) ||
1102 st
.st_uid
!= getuid() ||
1103 st
.st_gid
!= getgid()) {
1117 static int socket_symlink(Socket
*s
) {
1123 p
= socket_find_symlink_target(s
);
1127 STRV_FOREACH(i
, s
->symlinks
)
1128 symlink_label(p
, *i
);
1133 static int socket_open_fds(Socket
*s
) {
1137 bool know_label
= false;
1141 LIST_FOREACH(port
, p
, s
->ports
) {
1146 if (p
->type
== SOCKET_SOCKET
) {
1149 /* Figure out label, if we don't it know
1150 * yet. We do it once, for the first
1151 * socket where we need this and
1152 * remember it for the rest. */
1154 if (s
->selinux_context_from_net
) {
1155 /* Get it from the network label */
1157 r
= mac_selinux_get_our_label(&label
);
1158 if (r
< 0 && r
!= -EOPNOTSUPP
)
1162 /* Get it from the executable we are about to start */
1164 r
= socket_instantiate_service(s
);
1168 if (UNIT_ISSET(s
->service
) &&
1169 SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]) {
1170 r
= mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s
->service
))->exec_command
[SERVICE_EXEC_START
]->path
, &label
);
1171 if (r
< 0 && r
!= -EPERM
&& r
!= -EOPNOTSUPP
)
1179 r
= socket_address_listen(
1181 SOCK_CLOEXEC
|SOCK_NONBLOCK
,
1194 socket_apply_socket_options(s
, p
->fd
);
1197 } else if (p
->type
== SOCKET_SPECIAL
) {
1199 r
= special_address_create(
1205 } else if (p
->type
== SOCKET_FIFO
) {
1207 r
= fifo_address_create(
1215 socket_apply_fifo_options(s
, p
->fd
);
1218 } else if (p
->type
== SOCKET_MQUEUE
) {
1220 r
= mq_address_create(
1229 assert_not_reached("Unknown port type");
1232 mac_selinux_free(label
);
1236 socket_close_fds(s
);
1237 mac_selinux_free(label
);
1242 static void socket_unwatch_fds(Socket
*s
) {
1248 LIST_FOREACH(port
, p
, s
->ports
) {
1252 if (!p
->event_source
)
1255 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_OFF
);
1257 log_unit_debug_errno(UNIT(s
), r
, "Failed to disable event source: %m");
1261 static int socket_watch_fds(Socket
*s
) {
1267 LIST_FOREACH(port
, p
, s
->ports
) {
1271 if (p
->event_source
) {
1272 r
= sd_event_source_set_enabled(p
->event_source
, SD_EVENT_ON
);
1276 r
= sd_event_add_io(UNIT(s
)->manager
->event
, &p
->event_source
, p
->fd
, EPOLLIN
, socket_dispatch_io
, p
);
1280 (void) sd_event_source_set_description(p
->event_source
, "socket-port-io");
1287 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch listening fds: %m");
1288 socket_unwatch_fds(s
);
1292 static void socket_set_state(Socket
*s
, SocketState state
) {
1293 SocketState old_state
;
1296 old_state
= s
->state
;
1304 SOCKET_STOP_PRE_SIGTERM
,
1305 SOCKET_STOP_PRE_SIGKILL
,
1307 SOCKET_FINAL_SIGTERM
,
1308 SOCKET_FINAL_SIGKILL
)) {
1310 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1311 socket_unwatch_control_pid(s
);
1312 s
->control_command
= NULL
;
1313 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
1316 if (state
!= SOCKET_LISTENING
)
1317 socket_unwatch_fds(s
);
1325 SOCKET_STOP_PRE_SIGTERM
,
1326 SOCKET_STOP_PRE_SIGKILL
))
1327 socket_close_fds(s
);
1329 if (state
!= old_state
)
1330 log_unit_debug(UNIT(s
), "Changed %s -> %s", socket_state_to_string(old_state
), socket_state_to_string(state
));
1332 unit_notify(UNIT(s
), state_translation_table
[old_state
], state_translation_table
[state
], true);
1335 static int socket_coldplug(Unit
*u
) {
1336 Socket
*s
= SOCKET(u
);
1340 assert(s
->state
== SOCKET_DEAD
);
1342 if (s
->deserialized_state
== s
->state
)
1345 if (IN_SET(s
->deserialized_state
,
1350 SOCKET_STOP_PRE_SIGTERM
,
1351 SOCKET_STOP_PRE_SIGKILL
,
1353 SOCKET_FINAL_SIGTERM
,
1354 SOCKET_FINAL_SIGKILL
)) {
1356 if (s
->control_pid
<= 0)
1359 r
= unit_watch_pid(UNIT(s
), s
->control_pid
);
1363 r
= socket_arm_timer(s
);
1368 if (IN_SET(s
->deserialized_state
,
1374 SOCKET_STOP_PRE_SIGTERM
,
1375 SOCKET_STOP_PRE_SIGKILL
)) {
1376 r
= socket_open_fds(s
);
1381 if (s
->deserialized_state
== SOCKET_LISTENING
) {
1382 r
= socket_watch_fds(s
);
1387 socket_set_state(s
, s
->deserialized_state
);
1391 static int socket_spawn(Socket
*s
, ExecCommand
*c
, pid_t
*_pid
) {
1392 _cleanup_free_
char **argv
= NULL
;
1395 ExecParameters exec_params
= {
1396 .apply_permissions
= true,
1397 .apply_chroot
= true,
1398 .apply_tty_stdin
= true,
1399 .bus_endpoint_fd
= -1,
1406 (void) unit_realize_cgroup(UNIT(s
));
1407 if (s
->reset_cpu_usage
) {
1408 (void) unit_reset_cpu_usage(UNIT(s
));
1409 s
->reset_cpu_usage
= false;
1412 r
= unit_setup_exec_runtime(UNIT(s
));
1416 r
= socket_arm_timer(s
);
1420 r
= unit_full_printf_strv(UNIT(s
), c
->argv
, &argv
);
1424 exec_params
.argv
= argv
;
1425 exec_params
.environment
= UNIT(s
)->manager
->environment
;
1426 exec_params
.confirm_spawn
= UNIT(s
)->manager
->confirm_spawn
;
1427 exec_params
.cgroup_supported
= UNIT(s
)->manager
->cgroup_supported
;
1428 exec_params
.cgroup_path
= UNIT(s
)->cgroup_path
;
1429 exec_params
.cgroup_delegate
= s
->cgroup_context
.delegate
;
1430 exec_params
.runtime_prefix
= manager_get_runtime_prefix(UNIT(s
)->manager
);
1432 r
= exec_spawn(UNIT(s
),
1441 r
= unit_watch_pid(UNIT(s
), pid
);
1443 /* FIXME: we need to do something here */
1450 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1454 static int socket_chown(Socket
*s
, pid_t
*_pid
) {
1458 r
= socket_arm_timer(s
);
1462 /* We have to resolve the user names out-of-process, hence
1463 * let's fork here. It's messy, but well, what can we do? */
1471 uid_t uid
= UID_INVALID
;
1472 gid_t gid
= GID_INVALID
;
1475 default_signals(SIGNALS_CRASH_HANDLER
, SIGNALS_IGNORE
, -1);
1476 ignore_signals(SIGPIPE
, -1);
1479 if (!isempty(s
->user
)) {
1480 const char *user
= s
->user
;
1482 r
= get_user_creds(&user
, &uid
, &gid
, NULL
, NULL
);
1489 if (!isempty(s
->group
)) {
1490 const char *group
= s
->group
;
1492 r
= get_group_creds(&group
, &gid
);
1499 LIST_FOREACH(port
, p
, s
->ports
) {
1500 const char *path
= NULL
;
1502 if (p
->type
== SOCKET_SOCKET
)
1503 path
= socket_address_get_path(&p
->address
);
1504 else if (p
->type
== SOCKET_FIFO
)
1510 if (chown(path
, uid
, gid
) < 0) {
1521 log_error_errno(r
, "Failed to chown socket at step %s: %m", exit_status_to_string(ret
, EXIT_STATUS_SYSTEMD
));
1526 r
= unit_watch_pid(UNIT(s
), pid
);
1534 s
->timer_event_source
= sd_event_source_unref(s
->timer_event_source
);
1538 static void socket_enter_dead(Socket
*s
, SocketResult f
) {
1541 if (f
!= SOCKET_SUCCESS
)
1544 exec_runtime_destroy(s
->exec_runtime
);
1545 s
->exec_runtime
= exec_runtime_unref(s
->exec_runtime
);
1547 exec_context_destroy_runtime_directory(&s
->exec_context
, manager_get_runtime_prefix(UNIT(s
)->manager
));
1549 socket_set_state(s
, s
->result
!= SOCKET_SUCCESS
? SOCKET_FAILED
: SOCKET_DEAD
);
1552 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
);
1554 static void socket_enter_stop_post(Socket
*s
, SocketResult f
) {
1558 if (f
!= SOCKET_SUCCESS
)
1561 socket_unwatch_control_pid(s
);
1562 s
->control_command_id
= SOCKET_EXEC_STOP_POST
;
1563 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_POST
];
1565 if (s
->control_command
) {
1566 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1570 socket_set_state(s
, SOCKET_STOP_POST
);
1572 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_SUCCESS
);
1577 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-post' task: %m");
1578 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1581 static void socket_enter_signal(Socket
*s
, SocketState state
, SocketResult f
) {
1586 if (f
!= SOCKET_SUCCESS
)
1589 r
= unit_kill_context(
1592 (state
!= SOCKET_STOP_PRE_SIGTERM
&& state
!= SOCKET_FINAL_SIGTERM
) ?
1593 KILL_KILL
: KILL_TERMINATE
,
1601 r
= socket_arm_timer(s
);
1605 socket_set_state(s
, state
);
1606 } else if (state
== SOCKET_STOP_PRE_SIGTERM
)
1607 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_SUCCESS
);
1608 else if (state
== SOCKET_STOP_PRE_SIGKILL
)
1609 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1610 else if (state
== SOCKET_FINAL_SIGTERM
)
1611 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_SUCCESS
);
1613 socket_enter_dead(s
, SOCKET_SUCCESS
);
1618 log_unit_warning_errno(UNIT(s
), r
, "Failed to kill processes: %m");
1620 if (state
== SOCKET_STOP_PRE_SIGTERM
|| state
== SOCKET_STOP_PRE_SIGKILL
)
1621 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1623 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1626 static void socket_enter_stop_pre(Socket
*s
, SocketResult f
) {
1630 if (f
!= SOCKET_SUCCESS
)
1633 socket_unwatch_control_pid(s
);
1634 s
->control_command_id
= SOCKET_EXEC_STOP_PRE
;
1635 s
->control_command
= s
->exec_command
[SOCKET_EXEC_STOP_PRE
];
1637 if (s
->control_command
) {
1638 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1642 socket_set_state(s
, SOCKET_STOP_PRE
);
1644 socket_enter_stop_post(s
, SOCKET_SUCCESS
);
1649 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'stop-pre' task: %m");
1650 socket_enter_stop_post(s
, SOCKET_FAILURE_RESOURCES
);
1653 static void socket_enter_listening(Socket
*s
) {
1657 r
= socket_watch_fds(s
);
1659 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1663 socket_set_state(s
, SOCKET_LISTENING
);
1667 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1670 static void socket_enter_start_post(Socket
*s
) {
1674 socket_unwatch_control_pid(s
);
1675 s
->control_command_id
= SOCKET_EXEC_START_POST
;
1676 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_POST
];
1678 if (s
->control_command
) {
1679 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1681 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-post' task: %m");
1685 socket_set_state(s
, SOCKET_START_POST
);
1687 socket_enter_listening(s
);
1692 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1695 static void socket_enter_start_chown(Socket
*s
) {
1700 r
= socket_open_fds(s
);
1702 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1706 if (!isempty(s
->user
) || !isempty(s
->group
)) {
1708 socket_unwatch_control_pid(s
);
1709 s
->control_command_id
= SOCKET_EXEC_START_CHOWN
;
1710 s
->control_command
= NULL
;
1712 r
= socket_chown(s
, &s
->control_pid
);
1714 log_unit_warning_errno(UNIT(s
), r
, "Failed to fork 'start-chown' task: %m");
1718 socket_set_state(s
, SOCKET_START_CHOWN
);
1720 socket_enter_start_post(s
);
1725 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1728 static void socket_enter_start_pre(Socket
*s
) {
1732 socket_unwatch_control_pid(s
);
1733 s
->control_command_id
= SOCKET_EXEC_START_PRE
;
1734 s
->control_command
= s
->exec_command
[SOCKET_EXEC_START_PRE
];
1736 if (s
->control_command
) {
1737 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1739 log_unit_warning_errno(UNIT(s
), r
, "Failed to run 'start-pre' task: %m");
1743 socket_set_state(s
, SOCKET_START_PRE
);
1745 socket_enter_start_chown(s
);
1750 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1753 static void socket_enter_running(Socket
*s
, int cfd
) {
1754 _cleanup_bus_error_free_ sd_bus_error error
= SD_BUS_ERROR_NULL
;
1759 /* We don't take connections anymore if we are supposed to
1760 * shut down anyway */
1761 if (unit_stop_pending(UNIT(s
))) {
1763 log_unit_debug(UNIT(s
), "Suppressing connection request since unit stop is scheduled.");
1768 /* Flush all sockets by closing and reopening them */
1769 socket_close_fds(s
);
1771 r
= socket_open_fds(s
);
1773 log_unit_warning_errno(UNIT(s
), r
, "Failed to listen on sockets: %m");
1774 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1778 r
= socket_watch_fds(s
);
1780 log_unit_warning_errno(UNIT(s
), r
, "Failed to watch sockets: %m");
1781 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1791 bool pending
= false;
1793 /* If there's already a start pending don't bother to
1795 SET_FOREACH(other
, UNIT(s
)->dependencies
[UNIT_TRIGGERS
], i
)
1796 if (unit_active_or_pending(other
)) {
1802 if (!UNIT_ISSET(s
->service
)) {
1803 log_unit_error(UNIT(s
), "Service to activate vanished, refusing activation.");
1808 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT_DEREF(s
->service
), JOB_REPLACE
, true, &error
, NULL
);
1813 socket_set_state(s
, SOCKET_RUNNING
);
1815 _cleanup_free_
char *prefix
= NULL
, *instance
= NULL
, *name
= NULL
;
1818 if (s
->n_connections
>= s
->max_connections
) {
1819 log_unit_warning(UNIT(s
), "Too many incoming connections (%u)", s
->n_connections
);
1824 r
= socket_instantiate_service(s
);
1828 r
= instance_from_socket(cfd
, s
->n_accepted
, &instance
);
1833 /* ENOTCONN is legitimate if TCP RST was received.
1834 * This connection is over, but the socket unit lives on. */
1839 r
= unit_name_to_prefix(UNIT(s
)->id
, &prefix
);
1843 r
= unit_name_build(prefix
, instance
, ".service", &name
);
1847 r
= unit_add_name(UNIT_DEREF(s
->service
), name
);
1851 service
= SERVICE(UNIT_DEREF(s
->service
));
1852 unit_ref_unset(&s
->service
);
1855 UNIT(service
)->no_gc
= false;
1857 unit_choose_id(UNIT(service
), name
);
1859 r
= service_set_socket_fd(service
, cfd
, s
, s
->selinux_context_from_net
);
1864 s
->n_connections
++;
1866 r
= manager_add_job(UNIT(s
)->manager
, JOB_START
, UNIT(service
), JOB_REPLACE
, true, &error
, NULL
);
1870 /* Notify clients about changed counters */
1871 unit_add_to_dbus_queue(UNIT(s
));
1877 log_unit_warning(UNIT(s
), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1878 cfd
>= 0 ? "template" : "non-template",
1879 bus_error_message(&error
, r
));
1881 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1885 static void socket_run_next(Socket
*s
) {
1889 assert(s
->control_command
);
1890 assert(s
->control_command
->command_next
);
1892 socket_unwatch_control_pid(s
);
1894 s
->control_command
= s
->control_command
->command_next
;
1896 r
= socket_spawn(s
, s
->control_command
, &s
->control_pid
);
1903 log_unit_warning_errno(UNIT(s
), r
, "Failed to run next task: %m");
1905 if (s
->state
== SOCKET_START_POST
)
1906 socket_enter_stop_pre(s
, SOCKET_FAILURE_RESOURCES
);
1907 else if (s
->state
== SOCKET_STOP_POST
)
1908 socket_enter_dead(s
, SOCKET_FAILURE_RESOURCES
);
1910 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_RESOURCES
);
1913 static int socket_start(Unit
*u
) {
1914 Socket
*s
= SOCKET(u
);
1918 /* We cannot fulfill this request right now, try again later
1920 if (IN_SET(s
->state
,
1922 SOCKET_STOP_PRE_SIGKILL
,
1923 SOCKET_STOP_PRE_SIGTERM
,
1925 SOCKET_FINAL_SIGTERM
,
1926 SOCKET_FINAL_SIGKILL
))
1929 /* Already on it! */
1930 if (IN_SET(s
->state
,
1936 /* Cannot run this without the service being around */
1937 if (UNIT_ISSET(s
->service
)) {
1940 service
= SERVICE(UNIT_DEREF(s
->service
));
1942 if (UNIT(service
)->load_state
!= UNIT_LOADED
) {
1943 log_unit_error(u
, "Socket service %s not loaded, refusing.", UNIT(service
)->id
);
1947 /* If the service is already active we cannot start the
1949 if (service
->state
!= SERVICE_DEAD
&&
1950 service
->state
!= SERVICE_FAILED
&&
1951 service
->state
!= SERVICE_AUTO_RESTART
) {
1952 log_unit_error(u
, "Socket service %s already active, refusing.", UNIT(service
)->id
);
1957 assert(s
->state
== SOCKET_DEAD
|| s
->state
== SOCKET_FAILED
);
1959 s
->result
= SOCKET_SUCCESS
;
1960 s
->reset_cpu_usage
= true;
1962 socket_enter_start_pre(s
);
1967 static int socket_stop(Unit
*u
) {
1968 Socket
*s
= SOCKET(u
);
1973 if (IN_SET(s
->state
,
1975 SOCKET_STOP_PRE_SIGTERM
,
1976 SOCKET_STOP_PRE_SIGKILL
,
1978 SOCKET_FINAL_SIGTERM
,
1979 SOCKET_FINAL_SIGKILL
))
1982 /* If there's already something running we go directly into
1984 if (IN_SET(s
->state
,
1987 SOCKET_START_POST
)) {
1988 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_SUCCESS
);
1992 assert(s
->state
== SOCKET_LISTENING
|| s
->state
== SOCKET_RUNNING
);
1994 socket_enter_stop_pre(s
, SOCKET_SUCCESS
);
1998 static int socket_serialize(Unit
*u
, FILE *f
, FDSet
*fds
) {
1999 Socket
*s
= SOCKET(u
);
2007 unit_serialize_item(u
, f
, "state", socket_state_to_string(s
->state
));
2008 unit_serialize_item(u
, f
, "result", socket_result_to_string(s
->result
));
2009 unit_serialize_item_format(u
, f
, "n-accepted", "%u", s
->n_accepted
);
2011 if (s
->control_pid
> 0)
2012 unit_serialize_item_format(u
, f
, "control-pid", PID_FMT
, s
->control_pid
);
2014 if (s
->control_command_id
>= 0)
2015 unit_serialize_item(u
, f
, "control-command", socket_exec_command_to_string(s
->control_command_id
));
2017 LIST_FOREACH(port
, p
, s
->ports
) {
2023 copy
= fdset_put_dup(fds
, p
->fd
);
2027 if (p
->type
== SOCKET_SOCKET
) {
2028 _cleanup_free_
char *t
= NULL
;
2030 r
= socket_address_print(&p
->address
, &t
);
2034 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2035 unit_serialize_item_format(u
, f
, "netlink", "%i %s", copy
, t
);
2037 unit_serialize_item_format(u
, f
, "socket", "%i %i %s", copy
, p
->address
.type
, t
);
2039 } else if (p
->type
== SOCKET_SPECIAL
)
2040 unit_serialize_item_format(u
, f
, "special", "%i %s", copy
, p
->path
);
2041 else if (p
->type
== SOCKET_MQUEUE
)
2042 unit_serialize_item_format(u
, f
, "mqueue", "%i %s", copy
, p
->path
);
2044 assert(p
->type
== SOCKET_FIFO
);
2045 unit_serialize_item_format(u
, f
, "fifo", "%i %s", copy
, p
->path
);
2052 static int socket_deserialize_item(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
) {
2053 Socket
*s
= SOCKET(u
);
2059 if (streq(key
, "state")) {
2062 state
= socket_state_from_string(value
);
2064 log_unit_debug(u
, "Failed to parse state value: %s", value
);
2066 s
->deserialized_state
= state
;
2067 } else if (streq(key
, "result")) {
2070 f
= socket_result_from_string(value
);
2072 log_unit_debug(u
, "Failed to parse result value: %s", value
);
2073 else if (f
!= SOCKET_SUCCESS
)
2076 } else if (streq(key
, "n-accepted")) {
2079 if (safe_atou(value
, &k
) < 0)
2080 log_unit_debug(u
, "Failed to parse n-accepted value: %s", value
);
2083 } else if (streq(key
, "control-pid")) {
2086 if (parse_pid(value
, &pid
) < 0)
2087 log_unit_debug(u
, "Failed to parse control-pid value: %s", value
);
2089 s
->control_pid
= pid
;
2090 } else if (streq(key
, "control-command")) {
2091 SocketExecCommand id
;
2093 id
= socket_exec_command_from_string(value
);
2095 log_unit_debug(u
, "Failed to parse exec-command value: %s", value
);
2097 s
->control_command_id
= id
;
2098 s
->control_command
= s
->exec_command
[id
];
2100 } else if (streq(key
, "fifo")) {
2104 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2105 log_unit_debug(u
, "Failed to parse fifo value: %s", value
);
2108 LIST_FOREACH(port
, p
, s
->ports
)
2109 if (p
->type
== SOCKET_FIFO
&&
2110 path_equal_or_files_same(p
->path
, value
+skip
))
2115 p
->fd
= fdset_remove(fds
, fd
);
2119 } else if (streq(key
, "special")) {
2123 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2124 log_unit_debug(u
, "Failed to parse special value: %s", value
);
2127 LIST_FOREACH(port
, p
, s
->ports
)
2128 if (p
->type
== SOCKET_SPECIAL
&&
2129 path_equal_or_files_same(p
->path
, value
+skip
))
2134 p
->fd
= fdset_remove(fds
, fd
);
2138 } else if (streq(key
, "mqueue")) {
2142 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2143 log_unit_debug(u
, "Failed to parse mqueue value: %s", value
);
2146 LIST_FOREACH(port
, p
, s
->ports
)
2147 if (p
->type
== SOCKET_MQUEUE
&&
2148 streq(p
->path
, value
+skip
))
2153 p
->fd
= fdset_remove(fds
, fd
);
2157 } else if (streq(key
, "socket")) {
2158 int fd
, type
, skip
= 0;
2161 if (sscanf(value
, "%i %i %n", &fd
, &type
, &skip
) < 2 || fd
< 0 || type
< 0 || !fdset_contains(fds
, fd
))
2162 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2165 LIST_FOREACH(port
, p
, s
->ports
)
2166 if (socket_address_is(&p
->address
, value
+skip
, type
))
2171 p
->fd
= fdset_remove(fds
, fd
);
2175 } else if (streq(key
, "netlink")) {
2179 if (sscanf(value
, "%i %n", &fd
, &skip
) < 1 || fd
< 0 || !fdset_contains(fds
, fd
))
2180 log_unit_debug(u
, "Failed to parse socket value: %s", value
);
2183 LIST_FOREACH(port
, p
, s
->ports
)
2184 if (socket_address_is_netlink(&p
->address
, value
+skip
))
2189 p
->fd
= fdset_remove(fds
, fd
);
2193 log_unit_debug(UNIT(s
), "Unknown serialization key: %s", key
);
2198 static int socket_distribute_fds(Unit
*u
, FDSet
*fds
) {
2199 Socket
*s
= SOCKET(u
);
2204 LIST_FOREACH(port
, p
, s
->ports
) {
2208 if (p
->type
!= SOCKET_SOCKET
)
2214 FDSET_FOREACH(fd
, fds
, i
) {
2215 if (socket_address_matches_fd(&p
->address
, fd
)) {
2216 p
->fd
= fdset_remove(fds
, fd
);
2217 s
->deserialized_state
= SOCKET_LISTENING
;
2226 _pure_
static UnitActiveState
socket_active_state(Unit
*u
) {
2229 return state_translation_table
[SOCKET(u
)->state
];
2232 _pure_
static const char *socket_sub_state_to_string(Unit
*u
) {
2235 return socket_state_to_string(SOCKET(u
)->state
);
2238 const char* socket_port_type_to_string(SocketPort
*p
) {
2246 switch (p
->address
.type
) {
2254 case SOCK_SEQPACKET
:
2255 return "SequentialPacket";
2258 if (socket_address_family(&p
->address
) == AF_NETLINK
)
2265 case SOCKET_SPECIAL
:
2269 return "MessageQueue";
2279 _pure_
static bool socket_check_gc(Unit
*u
) {
2280 Socket
*s
= SOCKET(u
);
2284 return s
->n_connections
> 0;
2287 static int socket_dispatch_io(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2288 SocketPort
*p
= userdata
;
2294 if (p
->socket
->state
!= SOCKET_LISTENING
)
2297 log_unit_debug(UNIT(p
->socket
), "Incoming traffic");
2299 if (revents
!= EPOLLIN
) {
2301 if (revents
& EPOLLHUP
)
2302 log_unit_error(UNIT(p
->socket
), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2304 log_unit_error(UNIT(p
->socket
), "Got unexpected poll event (0x%x) on socket.", revents
);
2309 if (p
->socket
->accept
&&
2310 p
->type
== SOCKET_SOCKET
&&
2311 socket_address_can_accept(&p
->address
)) {
2315 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
);
2321 log_unit_error_errno(UNIT(p
->socket
), errno
, "Failed to accept socket: %m");
2328 socket_apply_socket_options(p
->socket
, cfd
);
2331 socket_enter_running(p
->socket
, cfd
);
2335 socket_enter_stop_pre(p
->socket
, SOCKET_FAILURE_RESOURCES
);
2339 static void socket_sigchld_event(Unit
*u
, pid_t pid
, int code
, int status
) {
2340 Socket
*s
= SOCKET(u
);
2346 if (pid
!= s
->control_pid
)
2351 if (is_clean_exit(code
, status
, NULL
))
2353 else if (code
== CLD_EXITED
)
2354 f
= SOCKET_FAILURE_EXIT_CODE
;
2355 else if (code
== CLD_KILLED
)
2356 f
= SOCKET_FAILURE_SIGNAL
;
2357 else if (code
== CLD_DUMPED
)
2358 f
= SOCKET_FAILURE_CORE_DUMP
;
2360 assert_not_reached("Unknown sigchld code");
2362 if (s
->control_command
) {
2363 exec_status_exit(&s
->control_command
->exec_status
, &s
->exec_context
, pid
, code
, status
);
2365 if (s
->control_command
->ignore
)
2369 log_unit_full(u
, f
== SOCKET_SUCCESS
? LOG_DEBUG
: LOG_NOTICE
, 0,
2370 "Control process exited, code=%s status=%i",
2371 sigchld_code_to_string(code
), status
);
2373 if (f
!= SOCKET_SUCCESS
)
2376 if (s
->control_command
&&
2377 s
->control_command
->command_next
&&
2378 f
== SOCKET_SUCCESS
) {
2380 log_unit_debug(u
, "Running next command for state %s", socket_state_to_string(s
->state
));
2383 s
->control_command
= NULL
;
2384 s
->control_command_id
= _SOCKET_EXEC_COMMAND_INVALID
;
2386 /* No further commands for this step, so let's figure
2387 * out what to do next */
2389 log_unit_debug(u
, "Got final SIGCHLD for state %s", socket_state_to_string(s
->state
));
2393 case SOCKET_START_PRE
:
2394 if (f
== SOCKET_SUCCESS
)
2395 socket_enter_start_chown(s
);
2397 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, f
);
2400 case SOCKET_START_CHOWN
:
2401 if (f
== SOCKET_SUCCESS
)
2402 socket_enter_start_post(s
);
2404 socket_enter_stop_pre(s
, f
);
2407 case SOCKET_START_POST
:
2408 if (f
== SOCKET_SUCCESS
)
2409 socket_enter_listening(s
);
2411 socket_enter_stop_pre(s
, f
);
2414 case SOCKET_STOP_PRE
:
2415 case SOCKET_STOP_PRE_SIGTERM
:
2416 case SOCKET_STOP_PRE_SIGKILL
:
2417 socket_enter_stop_post(s
, f
);
2420 case SOCKET_STOP_POST
:
2421 case SOCKET_FINAL_SIGTERM
:
2422 case SOCKET_FINAL_SIGKILL
:
2423 socket_enter_dead(s
, f
);
2427 assert_not_reached("Uh, control process died at wrong time.");
2431 /* Notify clients about changed exit status */
2432 unit_add_to_dbus_queue(u
);
2435 static int socket_dispatch_timer(sd_event_source
*source
, usec_t usec
, void *userdata
) {
2436 Socket
*s
= SOCKET(userdata
);
2439 assert(s
->timer_event_source
== source
);
2443 case SOCKET_START_PRE
:
2444 log_unit_warning(UNIT(s
), "Starting timed out. Terminating.");
2445 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2448 case SOCKET_START_CHOWN
:
2449 case SOCKET_START_POST
:
2450 log_unit_warning(UNIT(s
), "Starting timed out. Stopping.");
2451 socket_enter_stop_pre(s
, SOCKET_FAILURE_TIMEOUT
);
2454 case SOCKET_STOP_PRE
:
2455 log_unit_warning(UNIT(s
), "Stopping timed out. Terminating.");
2456 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2459 case SOCKET_STOP_PRE_SIGTERM
:
2460 if (s
->kill_context
.send_sigkill
) {
2461 log_unit_warning(UNIT(s
), "Stopping timed out. Killing.");
2462 socket_enter_signal(s
, SOCKET_STOP_PRE_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2464 log_unit_warning(UNIT(s
), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2465 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2469 case SOCKET_STOP_PRE_SIGKILL
:
2470 log_unit_warning(UNIT(s
), "Processes still around after SIGKILL. Ignoring.");
2471 socket_enter_stop_post(s
, SOCKET_FAILURE_TIMEOUT
);
2474 case SOCKET_STOP_POST
:
2475 log_unit_warning(UNIT(s
), "Stopping timed out (2). Terminating.");
2476 socket_enter_signal(s
, SOCKET_FINAL_SIGTERM
, SOCKET_FAILURE_TIMEOUT
);
2479 case SOCKET_FINAL_SIGTERM
:
2480 if (s
->kill_context
.send_sigkill
) {
2481 log_unit_warning(UNIT(s
), "Stopping timed out (2). Killing.");
2482 socket_enter_signal(s
, SOCKET_FINAL_SIGKILL
, SOCKET_FAILURE_TIMEOUT
);
2484 log_unit_warning(UNIT(s
), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2485 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2489 case SOCKET_FINAL_SIGKILL
:
2490 log_unit_warning(UNIT(s
), "Still around after SIGKILL (2). Entering failed mode.");
2491 socket_enter_dead(s
, SOCKET_FAILURE_TIMEOUT
);
2495 assert_not_reached("Timeout at wrong time.");
2501 int socket_collect_fds(Socket
*s
, int **fds
, unsigned *n_fds
) {
2510 /* Called from the service code for requesting our fds */
2513 LIST_FOREACH(port
, p
, s
->ports
)
2523 rfds
= new(int, rn_fds
);
2528 LIST_FOREACH(port
, p
, s
->ports
)
2532 assert(k
== rn_fds
);
2540 static void socket_reset_failed(Unit
*u
) {
2541 Socket
*s
= SOCKET(u
);
2545 if (s
->state
== SOCKET_FAILED
)
2546 socket_set_state(s
, SOCKET_DEAD
);
2548 s
->result
= SOCKET_SUCCESS
;
2551 static void socket_notify_service_dead(Socket
*s
, bool failed_permanent
) {
2554 /* The service is dead. Dang!
2556 * This is strictly for one-instance-for-all-connections
2559 if (s
->state
== SOCKET_RUNNING
) {
2560 log_unit_debug(UNIT(s
), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent
));
2561 if (failed_permanent
)
2562 socket_enter_stop_pre(s
, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
);
2564 socket_enter_listening(s
);
2568 void socket_connection_unref(Socket
*s
) {
2571 /* The service is dead. Yay!
2573 * This is strictly for one-instance-per-connection
2576 assert(s
->n_connections
> 0);
2579 log_unit_debug(UNIT(s
), "One connection closed, %u left.", s
->n_connections
);
2582 static void socket_trigger_notify(Unit
*u
, Unit
*other
) {
2583 Socket
*s
= SOCKET(u
);
2589 /* Don't propagate state changes from the service if we are
2590 already down or accepting connections */
2591 if ((s
->state
!= SOCKET_RUNNING
&&
2592 s
->state
!= SOCKET_LISTENING
) ||
2596 if (other
->load_state
!= UNIT_LOADED
||
2597 other
->type
!= UNIT_SERVICE
)
2600 se
= SERVICE(other
);
2602 if (se
->state
== SERVICE_FAILED
)
2603 socket_notify_service_dead(s
, se
->result
== SERVICE_FAILURE_START_LIMIT
);
2605 if (se
->state
== SERVICE_DEAD
||
2606 se
->state
== SERVICE_FINAL_SIGTERM
||
2607 se
->state
== SERVICE_FINAL_SIGKILL
||
2608 se
->state
== SERVICE_AUTO_RESTART
)
2609 socket_notify_service_dead(s
, false);
2611 if (se
->state
== SERVICE_RUNNING
)
2612 socket_set_state(s
, SOCKET_RUNNING
);
2615 static int socket_kill(Unit
*u
, KillWho who
, int signo
, sd_bus_error
*error
) {
2616 return unit_kill_common(u
, who
, signo
, -1, SOCKET(u
)->control_pid
, error
);
2619 static int socket_get_timeout(Unit
*u
, uint64_t *timeout
) {
2620 Socket
*s
= SOCKET(u
);
2623 if (!s
->timer_event_source
)
2626 r
= sd_event_source_get_time(s
->timer_event_source
, timeout
);
2633 static const char* const socket_state_table
[_SOCKET_STATE_MAX
] = {
2634 [SOCKET_DEAD
] = "dead",
2635 [SOCKET_START_PRE
] = "start-pre",
2636 [SOCKET_START_CHOWN
] = "start-chown",
2637 [SOCKET_START_POST
] = "start-post",
2638 [SOCKET_LISTENING
] = "listening",
2639 [SOCKET_RUNNING
] = "running",
2640 [SOCKET_STOP_PRE
] = "stop-pre",
2641 [SOCKET_STOP_PRE_SIGTERM
] = "stop-pre-sigterm",
2642 [SOCKET_STOP_PRE_SIGKILL
] = "stop-pre-sigkill",
2643 [SOCKET_STOP_POST
] = "stop-post",
2644 [SOCKET_FINAL_SIGTERM
] = "final-sigterm",
2645 [SOCKET_FINAL_SIGKILL
] = "final-sigkill",
2646 [SOCKET_FAILED
] = "failed"
2649 DEFINE_STRING_TABLE_LOOKUP(socket_state
, SocketState
);
2651 static const char* const socket_exec_command_table
[_SOCKET_EXEC_COMMAND_MAX
] = {
2652 [SOCKET_EXEC_START_PRE
] = "StartPre",
2653 [SOCKET_EXEC_START_CHOWN
] = "StartChown",
2654 [SOCKET_EXEC_START_POST
] = "StartPost",
2655 [SOCKET_EXEC_STOP_PRE
] = "StopPre",
2656 [SOCKET_EXEC_STOP_POST
] = "StopPost"
2659 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command
, SocketExecCommand
);
2661 static const char* const socket_result_table
[_SOCKET_RESULT_MAX
] = {
2662 [SOCKET_SUCCESS
] = "success",
2663 [SOCKET_FAILURE_RESOURCES
] = "resources",
2664 [SOCKET_FAILURE_TIMEOUT
] = "timeout",
2665 [SOCKET_FAILURE_EXIT_CODE
] = "exit-code",
2666 [SOCKET_FAILURE_SIGNAL
] = "signal",
2667 [SOCKET_FAILURE_CORE_DUMP
] = "core-dump",
2668 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT
] = "service-failed-permanent"
2671 DEFINE_STRING_TABLE_LOOKUP(socket_result
, SocketResult
);
2673 const UnitVTable socket_vtable
= {
2674 .object_size
= sizeof(Socket
),
2675 .exec_context_offset
= offsetof(Socket
, exec_context
),
2676 .cgroup_context_offset
= offsetof(Socket
, cgroup_context
),
2677 .kill_context_offset
= offsetof(Socket
, kill_context
),
2678 .exec_runtime_offset
= offsetof(Socket
, exec_runtime
),
2684 .private_section
= "Socket",
2686 .init
= socket_init
,
2687 .done
= socket_done
,
2688 .load
= socket_load
,
2690 .coldplug
= socket_coldplug
,
2692 .dump
= socket_dump
,
2694 .start
= socket_start
,
2695 .stop
= socket_stop
,
2697 .kill
= socket_kill
,
2699 .get_timeout
= socket_get_timeout
,
2701 .serialize
= socket_serialize
,
2702 .deserialize_item
= socket_deserialize_item
,
2703 .distribute_fds
= socket_distribute_fds
,
2705 .active_state
= socket_active_state
,
2706 .sub_state_to_string
= socket_sub_state_to_string
,
2708 .check_gc
= socket_check_gc
,
2710 .sigchld_event
= socket_sigchld_event
,
2712 .trigger_notify
= socket_trigger_notify
,
2714 .reset_failed
= socket_reset_failed
,
2716 .bus_interface
= "org.freedesktop.systemd1.Socket",
2717 .bus_vtable
= bus_socket_vtable
,
2718 .bus_set_property
= bus_socket_set_property
,
2719 .bus_commit_properties
= bus_socket_commit_properties
,
2721 .status_message_formats
= {
2722 /*.starting_stopping = {
2723 [0] = "Starting socket %s...",
2724 [1] = "Stopping socket %s...",
2726 .finished_start_job
= {
2727 [JOB_DONE
] = "Listening on %s.",
2728 [JOB_FAILED
] = "Failed to listen on %s.",
2729 [JOB_DEPENDENCY
] = "Dependency failed for %s.",
2730 [JOB_TIMEOUT
] = "Timed out starting %s.",
2732 .finished_stop_job
= {
2733 [JOB_DONE
] = "Closed %s.",
2734 [JOB_FAILED
] = "Failed stopping %s.",
2735 [JOB_TIMEOUT
] = "Timed out stopping %s.",