1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
78 assert(u->load_state == UNIT_STUB);
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
85 s->max_connections = 64;
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 static void socket_unwatch_control_pid(Socket *s) {
101 if (s->control_pid <= 0)
104 unit_unwatch_pid(UNIT(s), s->control_pid);
108 void socket_free_ports(Socket *s) {
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
116 sd_event_source_unref(p->event_source);
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
129 socket_free_ports(s);
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
135 socket_unwatch_control_pid(s);
137 unit_ref_unset(&s->service);
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
149 strv_free(s->symlinks);
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
157 static int socket_arm_timer(Socket *s) {
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
195 if (UNIT_DEREF(s->service) || !s->accept)
198 prefix = unit_name_to_prefix(UNIT(s)->id);
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
210 unit_ref_set(&s->service, u);
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
215 static bool have_non_accept_socket(Socket *s) {
223 LIST_FOREACH(port, p, s->ports) {
225 if (p->type != SOCKET_SOCKET)
228 if (!socket_address_can_accept(&p->address))
235 static int socket_add_mount_links(Socket *s) {
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 r = unit_require_mounts_for(UNIT(s), path);
260 static int socket_add_device_link(Socket *s) {
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
272 static int socket_add_default_dependencies(Socket *s) {
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
289 _pure_ static bool socket_has_exec(Socket *s) {
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
300 static int socket_add_extras(Socket *s) {
306 if (have_non_accept_socket(s)) {
308 if (!UNIT_DEREF(s->service)) {
311 r = unit_load_related_unit(u, ".service", &x);
315 unit_ref_set(&s->service, x);
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 r = socket_add_mount_links(s);
327 r = socket_add_device_link(s);
331 r = unit_patch_contexts(u);
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
340 r = unit_add_default_slice(u, &s->cgroup_context);
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
387 static int socket_verify(Socket *s) {
390 if (UNIT(s)->load_state != UNIT_LOADED)
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
432 assert(u->load_state == UNIT_STUB);
434 r = unit_load_fragment_and_dropin(u);
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
445 return socket_verify(s);
448 _const_ static const char* listen_lookup(int family, int type) {
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
460 assert_not_reached("Unknown socket type");
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
467 Socket *s = SOCKET(u);
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
478 "%sSocket State: %s\n"
480 "%sBindIPv6Only: %s\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
487 "%sTransparent: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
511 if (s->control_pid > 0)
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
516 if (s->bind_to_device)
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
530 if (s->priority >= 0)
533 prefix, s->priority);
535 if (s->receive_buffer > 0)
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
540 if (s->send_buffer > 0)
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
555 if (s->pipe_size > 0)
558 prefix, s->pipe_size);
565 if (s->mq_maxmsg > 0)
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
570 if (s->mq_msgsize > 0)
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
578 prefix, yes_no(s->reuse_port));
582 "%sSmackLabel: %s\n",
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
595 if (!isempty(s->user) || !isempty(s->group))
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
602 if (s->keep_alive_time > 0)
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
607 if (s->keep_alive_interval)
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
612 if (s->keep_alive_cnt)
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
622 LIST_FOREACH(port, p, s->ports) {
624 if (p->type == SOCKET_SOCKET) {
629 if ((r = socket_address_print(&p->address, &k)) < 0)
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
661 union sockaddr_union local, remote;
667 if (getsockname(fd, &local.sa, &l) < 0)
671 if (getpeername(fd, &remote.sa, &l) < 0)
674 switch (local.sa.sa_family) {
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
732 k = getpeercred(fd, &ucred);
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
753 assert_not_reached("Unhandled socket type.");
760 static void socket_close_fds(Socket *s) {
766 LIST_FOREACH(port, p, s->ports) {
768 p->event_source = sd_event_source_unref(p->event_source);
773 p->fd = safe_close(p->fd);
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
783 if (s->remove_on_stop) {
795 socket_address_unlink(&p->address);
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
809 static void socket_apply_socket_options(Socket *s, int fd) {
814 int b = s->keep_alive;
815 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
816 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
819 if (s->keep_alive_time) {
820 int value = s->keep_alive_time / USEC_PER_SEC;
821 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
825 if (s->keep_alive_interval) {
826 int value = s->keep_alive_interval / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
831 if (s->keep_alive_cnt) {
832 int value = s->keep_alive_cnt;
833 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
837 if (s->defer_accept) {
838 int value = s->defer_accept / USEC_PER_SEC;
839 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
845 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
851 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
852 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
857 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
858 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
867 if (s->priority >= 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
869 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
871 if (s->receive_buffer > 0) {
872 int value = (int) s->receive_buffer;
874 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
878 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
881 if (s->send_buffer > 0) {
882 int value = (int) s->send_buffer;
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
884 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
885 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
889 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
890 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
893 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
894 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
896 if (s->ip_ttl >= 0) {
899 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
901 if (socket_ipv6_is_supported())
902 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 errno = EAFNOSUPPORT;
909 log_warning_unit(UNIT(s)->id,
910 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
913 if (s->tcp_congestion)
914 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
915 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
918 int b = s->reuse_port;
919 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
920 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
924 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
925 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
928 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
929 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
932 static void socket_apply_fifo_options(Socket *s, int fd) {
936 if (s->pipe_size > 0)
937 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
938 log_warning_unit(UNIT(s)->id,
942 if (smack_label_fd(fd, s->smack) < 0)
943 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
946 static int fifo_address_create(
948 mode_t directory_mode,
959 mkdir_parents_label(path, directory_mode);
961 r = label_context_set(path, S_IFIFO);
965 /* Enforce the right access mode for the fifo */
966 old_mask = umask(~ socket_mode);
968 /* Include the original umask in our mask */
969 umask(~socket_mode | old_mask);
971 r = mkfifo(path, socket_mode);
974 if (r < 0 && errno != EEXIST) {
979 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
984 label_context_clear();
986 if (fstat(fd, &st) < 0) {
991 if (!S_ISFIFO(st.st_mode) ||
992 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
993 st.st_uid != getuid() ||
994 st.st_gid != getgid()) {
1004 label_context_clear();
1010 static int special_address_create(
1020 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1026 if (fstat(fd, &st) < 0) {
1031 /* Check whether this is a /proc, /sys or /dev file or char device */
1032 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1046 static int mq_address_create(
1056 struct mq_attr _attr, *attr = NULL;
1061 if (maxmsg > 0 && msgsize > 0) {
1063 _attr.mq_flags = O_NONBLOCK;
1064 _attr.mq_maxmsg = maxmsg;
1065 _attr.mq_msgsize = msgsize;
1069 /* Enforce the right access mode for the mq */
1070 old_mask = umask(~ mq_mode);
1072 /* Include the original umask in our mask */
1073 umask(~mq_mode | old_mask);
1074 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1082 if (fstat(fd, &st) < 0) {
1087 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1088 st.st_uid != getuid() ||
1089 st.st_gid != getgid()) {
1103 static int socket_symlink(Socket *s) {
1109 p = socket_find_symlink_target(s);
1113 STRV_FOREACH(i, s->symlinks)
1119 static int socket_open_fds(Socket *s) {
1123 bool know_label = false;
1127 LIST_FOREACH(port, p, s->ports) {
1132 if (p->type == SOCKET_SOCKET) {
1133 if (!know_label && s->selinux_context_from_net) {
1134 r = label_get_our_label(&label);
1138 } else if (!know_label) {
1140 r = socket_instantiate_service(s);
1144 if (UNIT_ISSET(s->service) &&
1145 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1146 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1147 if (r < 0 && r != -EPERM)
1154 r = socket_address_listen(
1156 SOCK_CLOEXEC|SOCK_NONBLOCK,
1169 socket_apply_socket_options(s, p->fd);
1172 } else if (p->type == SOCKET_SPECIAL) {
1174 r = special_address_create(
1180 } else if (p->type == SOCKET_FIFO) {
1182 r = fifo_address_create(
1190 socket_apply_fifo_options(s, p->fd);
1193 } else if (p->type == SOCKET_MQUEUE) {
1195 r = mq_address_create(
1204 assert_not_reached("Unknown port type");
1211 socket_close_fds(s);
1216 static void socket_unwatch_fds(Socket *s) {
1222 LIST_FOREACH(port, p, s->ports) {
1226 if (!p->event_source)
1229 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1231 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1235 static int socket_watch_fds(Socket *s) {
1241 LIST_FOREACH(port, p, s->ports) {
1245 if (p->event_source)
1246 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1248 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1251 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1259 socket_unwatch_fds(s);
1263 static void socket_set_state(Socket *s, SocketState state) {
1264 SocketState old_state;
1267 old_state = s->state;
1275 SOCKET_STOP_PRE_SIGTERM,
1276 SOCKET_STOP_PRE_SIGKILL,
1278 SOCKET_FINAL_SIGTERM,
1279 SOCKET_FINAL_SIGKILL)) {
1281 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1282 socket_unwatch_control_pid(s);
1283 s->control_command = NULL;
1284 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1287 if (state != SOCKET_LISTENING)
1288 socket_unwatch_fds(s);
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL))
1298 socket_close_fds(s);
1300 if (state != old_state)
1301 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1302 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1304 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1307 static int socket_coldplug(Unit *u) {
1308 Socket *s = SOCKET(u);
1312 assert(s->state == SOCKET_DEAD);
1314 if (s->deserialized_state == s->state)
1317 if (IN_SET(s->deserialized_state,
1322 SOCKET_STOP_PRE_SIGTERM,
1323 SOCKET_STOP_PRE_SIGKILL,
1325 SOCKET_FINAL_SIGTERM,
1326 SOCKET_FINAL_SIGKILL)) {
1328 if (s->control_pid <= 0)
1331 r = unit_watch_pid(UNIT(s), s->control_pid);
1335 r = socket_arm_timer(s);
1340 if (IN_SET(s->deserialized_state,
1346 SOCKET_STOP_PRE_SIGTERM,
1347 SOCKET_STOP_PRE_SIGKILL)) {
1348 r = socket_open_fds(s);
1353 if (s->deserialized_state == SOCKET_LISTENING) {
1354 r = socket_watch_fds(s);
1359 socket_set_state(s, s->deserialized_state);
1363 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1364 _cleanup_free_ char **argv = NULL;
1367 ExecParameters exec_params = {
1368 .apply_permissions = true,
1369 .apply_chroot = true,
1370 .apply_tty_stdin = true,
1377 unit_realize_cgroup(UNIT(s));
1379 r = unit_setup_exec_runtime(UNIT(s));
1383 r = socket_arm_timer(s);
1387 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1391 exec_params.argv = argv;
1392 exec_params.environment = UNIT(s)->manager->environment;
1393 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1394 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1395 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1396 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1397 exec_params.unit_id = UNIT(s)->id;
1407 r = unit_watch_pid(UNIT(s), pid);
1409 /* FIXME: we need to do something here */
1416 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1420 static int socket_chown(Socket *s, pid_t *_pid) {
1424 r = socket_arm_timer(s);
1428 /* We have to resolve the user names out-of-process, hence
1429 * let's fork here. It's messy, but well, what can we do? */
1437 uid_t uid = (uid_t) -1;
1438 gid_t gid = (gid_t) -1;
1441 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1442 ignore_signals(SIGPIPE, -1);
1445 if (!isempty(s->user)) {
1446 const char *user = s->user;
1448 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1455 if (!isempty(s->group)) {
1456 const char *group = s->group;
1458 r = get_group_creds(&group, &gid);
1465 LIST_FOREACH(port, p, s->ports) {
1466 const char *path = NULL;
1468 if (p->type == SOCKET_SOCKET)
1469 path = socket_address_get_path(&p->address);
1470 else if (p->type == SOCKET_FIFO)
1476 if (chown(path, uid, gid) < 0) {
1487 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1492 r = unit_watch_pid(UNIT(s), pid);
1500 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1504 static void socket_enter_dead(Socket *s, SocketResult f) {
1507 if (f != SOCKET_SUCCESS)
1510 exec_runtime_destroy(s->exec_runtime);
1511 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1513 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1515 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1518 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1520 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1524 if (f != SOCKET_SUCCESS)
1527 socket_unwatch_control_pid(s);
1528 s->control_command_id = SOCKET_EXEC_STOP_POST;
1529 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1531 if (s->control_command) {
1532 r = socket_spawn(s, s->control_command, &s->control_pid);
1536 socket_set_state(s, SOCKET_STOP_POST);
1538 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1543 log_warning_unit(UNIT(s)->id,
1544 "%s failed to run 'stop-post' task: %s",
1545 UNIT(s)->id, strerror(-r));
1546 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1549 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1554 if (f != SOCKET_SUCCESS)
1557 r = unit_kill_context(
1560 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1568 r = socket_arm_timer(s);
1572 socket_set_state(s, state);
1573 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1574 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1575 else if (state == SOCKET_STOP_PRE_SIGKILL)
1576 socket_enter_stop_post(s, SOCKET_SUCCESS);
1577 else if (state == SOCKET_FINAL_SIGTERM)
1578 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1580 socket_enter_dead(s, SOCKET_SUCCESS);
1585 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1587 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1588 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1590 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1593 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1597 if (f != SOCKET_SUCCESS)
1600 socket_unwatch_control_pid(s);
1601 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1602 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1604 if (s->control_command) {
1605 r = socket_spawn(s, s->control_command, &s->control_pid);
1609 socket_set_state(s, SOCKET_STOP_PRE);
1611 socket_enter_stop_post(s, SOCKET_SUCCESS);
1616 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1617 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1620 static void socket_enter_listening(Socket *s) {
1624 r = socket_watch_fds(s);
1626 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1630 socket_set_state(s, SOCKET_LISTENING);
1634 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1637 static void socket_enter_start_post(Socket *s) {
1641 socket_unwatch_control_pid(s);
1642 s->control_command_id = SOCKET_EXEC_START_POST;
1643 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1645 if (s->control_command) {
1646 r = socket_spawn(s, s->control_command, &s->control_pid);
1648 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1652 socket_set_state(s, SOCKET_START_POST);
1654 socket_enter_listening(s);
1659 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1662 static void socket_enter_start_chown(Socket *s) {
1667 r = socket_open_fds(s);
1669 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1673 if (!isempty(s->user) || !isempty(s->group)) {
1675 socket_unwatch_control_pid(s);
1676 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1677 s->control_command = NULL;
1679 r = socket_chown(s, &s->control_pid);
1681 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1685 socket_set_state(s, SOCKET_START_CHOWN);
1687 socket_enter_start_post(s);
1692 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1695 static void socket_enter_start_pre(Socket *s) {
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_PRE;
1701 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1703 if (s->control_command) {
1704 r = socket_spawn(s, s->control_command, &s->control_pid);
1706 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1710 socket_set_state(s, SOCKET_START_PRE);
1712 socket_enter_start_chown(s);
1717 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1720 static void socket_enter_running(Socket *s, int cfd) {
1721 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1726 /* We don't take connections anymore if we are supposed to
1727 * shut down anyway */
1728 if (unit_stop_pending(UNIT(s))) {
1730 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1735 /* Flush all sockets by closing and reopening them */
1736 socket_close_fds(s);
1738 r = socket_open_fds(s);
1740 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1741 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1745 r = socket_watch_fds(s);
1747 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1748 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1758 bool pending = false;
1760 /* If there's already a start pending don't bother to
1762 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1763 if (unit_active_or_pending(other)) {
1769 if (!UNIT_ISSET(s->service)) {
1770 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1775 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1780 socket_set_state(s, SOCKET_RUNNING);
1782 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1785 if (s->n_connections >= s->max_connections) {
1786 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1791 r = socket_instantiate_service(s);
1795 r = instance_from_socket(cfd, s->n_accepted, &instance);
1800 /* ENOTCONN is legitimate if TCP RST was received.
1801 * This connection is over, but the socket unit lives on. */
1806 prefix = unit_name_to_prefix(UNIT(s)->id);
1812 name = unit_name_build(prefix, instance, ".service");
1818 r = unit_add_name(UNIT_DEREF(s->service), name);
1822 service = SERVICE(UNIT_DEREF(s->service));
1823 unit_ref_unset(&s->service);
1826 UNIT(service)->no_gc = false;
1828 unit_choose_id(UNIT(service), name);
1830 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1835 s->n_connections ++;
1837 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1841 /* Notify clients about changed counters */
1842 unit_add_to_dbus_queue(UNIT(s));
1848 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1849 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1850 bus_error_message(&error, r));
1852 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1856 static void socket_run_next(Socket *s) {
1860 assert(s->control_command);
1861 assert(s->control_command->command_next);
1863 socket_unwatch_control_pid(s);
1865 s->control_command = s->control_command->command_next;
1867 r = socket_spawn(s, s->control_command, &s->control_pid);
1874 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1876 if (s->state == SOCKET_START_POST)
1877 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1878 else if (s->state == SOCKET_STOP_POST)
1879 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1881 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1884 static int socket_start(Unit *u) {
1885 Socket *s = SOCKET(u);
1889 /* We cannot fulfill this request right now, try again later
1891 if (IN_SET(s->state,
1893 SOCKET_STOP_PRE_SIGKILL,
1894 SOCKET_STOP_PRE_SIGTERM,
1896 SOCKET_FINAL_SIGTERM,
1897 SOCKET_FINAL_SIGKILL))
1900 /* Already on it! */
1901 if (IN_SET(s->state,
1907 /* Cannot run this without the service being around */
1908 if (UNIT_ISSET(s->service)) {
1911 service = SERVICE(UNIT_DEREF(s->service));
1913 if (UNIT(service)->load_state != UNIT_LOADED) {
1914 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1918 /* If the service is already active we cannot start the
1920 if (service->state != SERVICE_DEAD &&
1921 service->state != SERVICE_FAILED &&
1922 service->state != SERVICE_AUTO_RESTART) {
1923 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1928 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1930 s->result = SOCKET_SUCCESS;
1931 socket_enter_start_pre(s);
1936 static int socket_stop(Unit *u) {
1937 Socket *s = SOCKET(u);
1942 if (IN_SET(s->state,
1944 SOCKET_STOP_PRE_SIGTERM,
1945 SOCKET_STOP_PRE_SIGKILL,
1947 SOCKET_FINAL_SIGTERM,
1948 SOCKET_FINAL_SIGKILL))
1951 /* If there's already something running we go directly into
1953 if (IN_SET(s->state,
1956 SOCKET_START_POST)) {
1957 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1961 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1963 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1967 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1968 Socket *s = SOCKET(u);
1976 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1977 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1978 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1980 if (s->control_pid > 0)
1981 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1983 if (s->control_command_id >= 0)
1984 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1986 LIST_FOREACH(port, p, s->ports) {
1992 copy = fdset_put_dup(fds, p->fd);
1996 if (p->type == SOCKET_SOCKET) {
1997 _cleanup_free_ char *t = NULL;
1999 r = socket_address_print(&p->address, &t);
2003 if (socket_address_family(&p->address) == AF_NETLINK)
2004 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2006 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2008 } else if (p->type == SOCKET_SPECIAL)
2009 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2010 else if (p->type == SOCKET_MQUEUE)
2011 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2013 assert(p->type == SOCKET_FIFO);
2014 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2021 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2022 Socket *s = SOCKET(u);
2028 if (streq(key, "state")) {
2031 state = socket_state_from_string(value);
2033 log_debug_unit(u->id, "Failed to parse state value %s", value);
2035 s->deserialized_state = state;
2036 } else if (streq(key, "result")) {
2039 f = socket_result_from_string(value);
2041 log_debug_unit(u->id, "Failed to parse result value %s", value);
2042 else if (f != SOCKET_SUCCESS)
2045 } else if (streq(key, "n-accepted")) {
2048 if (safe_atou(value, &k) < 0)
2049 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2052 } else if (streq(key, "control-pid")) {
2055 if (parse_pid(value, &pid) < 0)
2056 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2058 s->control_pid = pid;
2059 } else if (streq(key, "control-command")) {
2060 SocketExecCommand id;
2062 id = socket_exec_command_from_string(value);
2064 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2066 s->control_command_id = id;
2067 s->control_command = s->exec_command[id];
2069 } else if (streq(key, "fifo")) {
2073 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2074 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2077 LIST_FOREACH(port, p, s->ports)
2078 if (p->type == SOCKET_FIFO &&
2079 streq_ptr(p->path, value+skip))
2084 p->fd = fdset_remove(fds, fd);
2088 } else if (streq(key, "special")) {
2092 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2093 log_debug_unit(u->id, "Failed to parse special value %s", value);
2096 LIST_FOREACH(port, p, s->ports)
2097 if (p->type == SOCKET_SPECIAL &&
2098 streq_ptr(p->path, value+skip))
2103 p->fd = fdset_remove(fds, fd);
2107 } else if (streq(key, "mqueue")) {
2111 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2112 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2115 LIST_FOREACH(port, p, s->ports)
2116 if (p->type == SOCKET_MQUEUE &&
2117 streq_ptr(p->path, value+skip))
2122 p->fd = fdset_remove(fds, fd);
2126 } else if (streq(key, "socket")) {
2127 int fd, type, skip = 0;
2130 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2131 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2134 LIST_FOREACH(port, p, s->ports)
2135 if (socket_address_is(&p->address, value+skip, type))
2140 p->fd = fdset_remove(fds, fd);
2144 } else if (streq(key, "netlink")) {
2148 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2149 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2152 LIST_FOREACH(port, p, s->ports)
2153 if (socket_address_is_netlink(&p->address, value+skip))
2158 p->fd = fdset_remove(fds, fd);
2162 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2167 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2168 Socket *s = SOCKET(u);
2173 LIST_FOREACH(port, p, s->ports) {
2177 if (p->type != SOCKET_SOCKET)
2183 FDSET_FOREACH(fd, fds, i) {
2184 if (socket_address_matches_fd(&p->address, fd)) {
2185 p->fd = fdset_remove(fds, fd);
2186 s->deserialized_state = SOCKET_LISTENING;
2195 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2198 return state_translation_table[SOCKET(u)->state];
2201 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2204 return socket_state_to_string(SOCKET(u)->state);
2207 const char* socket_port_type_to_string(SocketPort *p) {
2215 switch (p->address.type) {
2223 case SOCK_SEQPACKET:
2224 return "SequentialPacket";
2227 if (socket_address_family(&p->address) == AF_NETLINK)
2234 case SOCKET_SPECIAL:
2238 return "MessageQueue";
2248 _pure_ static bool socket_check_gc(Unit *u) {
2249 Socket *s = SOCKET(u);
2253 return s->n_connections > 0;
2256 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2257 SocketPort *p = userdata;
2263 if (p->socket->state != SOCKET_LISTENING)
2266 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2268 if (revents != EPOLLIN) {
2270 if (revents & EPOLLHUP)
2271 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2272 UNIT(p->socket)->id);
2274 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2275 UNIT(p->socket)->id, revents);
2280 if (p->socket->accept &&
2281 p->type == SOCKET_SOCKET &&
2282 socket_address_can_accept(&p->address)) {
2286 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2292 log_error_unit(UNIT(p->socket)->id,
2293 "Failed to accept socket: %m");
2300 socket_apply_socket_options(p->socket, cfd);
2303 socket_enter_running(p->socket, cfd);
2307 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2311 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2312 Socket *s = SOCKET(u);
2318 if (pid != s->control_pid)
2323 if (is_clean_exit(code, status, NULL))
2325 else if (code == CLD_EXITED)
2326 f = SOCKET_FAILURE_EXIT_CODE;
2327 else if (code == CLD_KILLED)
2328 f = SOCKET_FAILURE_SIGNAL;
2329 else if (code == CLD_DUMPED)
2330 f = SOCKET_FAILURE_CORE_DUMP;
2332 assert_not_reached("Unknown sigchld code");
2334 if (s->control_command) {
2335 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2337 if (s->control_command->ignore)
2341 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2343 "%s control process exited, code=%s status=%i",
2344 u->id, sigchld_code_to_string(code), status);
2346 if (f != SOCKET_SUCCESS)
2349 if (s->control_command &&
2350 s->control_command->command_next &&
2351 f == SOCKET_SUCCESS) {
2353 log_debug_unit(u->id,
2354 "%s running next command for state %s",
2355 u->id, socket_state_to_string(s->state));
2358 s->control_command = NULL;
2359 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2361 /* No further commands for this step, so let's figure
2362 * out what to do next */
2364 log_debug_unit(u->id,
2365 "%s got final SIGCHLD for state %s",
2366 u->id, socket_state_to_string(s->state));
2370 case SOCKET_START_PRE:
2371 if (f == SOCKET_SUCCESS)
2372 socket_enter_start_chown(s);
2374 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2377 case SOCKET_START_CHOWN:
2378 if (f == SOCKET_SUCCESS)
2379 socket_enter_start_post(s);
2381 socket_enter_stop_pre(s, f);
2384 case SOCKET_START_POST:
2385 if (f == SOCKET_SUCCESS)
2386 socket_enter_listening(s);
2388 socket_enter_stop_pre(s, f);
2391 case SOCKET_STOP_PRE:
2392 case SOCKET_STOP_PRE_SIGTERM:
2393 case SOCKET_STOP_PRE_SIGKILL:
2394 socket_enter_stop_post(s, f);
2397 case SOCKET_STOP_POST:
2398 case SOCKET_FINAL_SIGTERM:
2399 case SOCKET_FINAL_SIGKILL:
2400 socket_enter_dead(s, f);
2404 assert_not_reached("Uh, control process died at wrong time.");
2408 /* Notify clients about changed exit status */
2409 unit_add_to_dbus_queue(u);
2412 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2413 Socket *s = SOCKET(userdata);
2416 assert(s->timer_event_source == source);
2420 case SOCKET_START_PRE:
2421 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2422 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2425 case SOCKET_START_CHOWN:
2426 case SOCKET_START_POST:
2427 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2428 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2431 case SOCKET_STOP_PRE:
2432 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2433 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2436 case SOCKET_STOP_PRE_SIGTERM:
2437 if (s->kill_context.send_sigkill) {
2438 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2439 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2441 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2442 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2446 case SOCKET_STOP_PRE_SIGKILL:
2447 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2448 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2451 case SOCKET_STOP_POST:
2452 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2453 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2456 case SOCKET_FINAL_SIGTERM:
2457 if (s->kill_context.send_sigkill) {
2458 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2459 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2461 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2462 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2466 case SOCKET_FINAL_SIGKILL:
2467 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2468 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2472 assert_not_reached("Timeout at wrong time.");
2478 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2487 /* Called from the service code for requesting our fds */
2490 LIST_FOREACH(port, p, s->ports)
2500 if (!(rfds = new(int, rn_fds)))
2504 LIST_FOREACH(port, p, s->ports)
2508 assert(k == rn_fds);
2516 static void socket_reset_failed(Unit *u) {
2517 Socket *s = SOCKET(u);
2521 if (s->state == SOCKET_FAILED)
2522 socket_set_state(s, SOCKET_DEAD);
2524 s->result = SOCKET_SUCCESS;
2527 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2530 /* The service is dead. Dang!
2532 * This is strictly for one-instance-for-all-connections
2535 if (s->state == SOCKET_RUNNING) {
2536 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2537 if (failed_permanent)
2538 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2540 socket_enter_listening(s);
2544 void socket_connection_unref(Socket *s) {
2547 /* The service is dead. Yay!
2549 * This is strictly for one-instance-per-connection
2552 assert(s->n_connections > 0);
2555 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2558 static void socket_trigger_notify(Unit *u, Unit *other) {
2559 Socket *s = SOCKET(u);
2565 /* Don't propagate state changes from the service if we are
2566 already down or accepting connections */
2567 if ((s->state != SOCKET_RUNNING &&
2568 s->state != SOCKET_LISTENING) ||
2572 if (other->load_state != UNIT_LOADED ||
2573 other->type != UNIT_SERVICE)
2576 se = SERVICE(other);
2578 if (se->state == SERVICE_FAILED)
2579 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2581 if (se->state == SERVICE_DEAD ||
2582 se->state == SERVICE_STOP ||
2583 se->state == SERVICE_STOP_SIGTERM ||
2584 se->state == SERVICE_STOP_SIGKILL ||
2585 se->state == SERVICE_STOP_POST ||
2586 se->state == SERVICE_FINAL_SIGTERM ||
2587 se->state == SERVICE_FINAL_SIGKILL ||
2588 se->state == SERVICE_AUTO_RESTART)
2589 socket_notify_service_dead(s, false);
2591 if (se->state == SERVICE_RUNNING)
2592 socket_set_state(s, SOCKET_RUNNING);
2595 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2596 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2599 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2600 Socket *s = SOCKET(u);
2603 if (!s->timer_event_source)
2606 r = sd_event_source_get_time(s->timer_event_source, timeout);
2613 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2614 [SOCKET_DEAD] = "dead",
2615 [SOCKET_START_PRE] = "start-pre",
2616 [SOCKET_START_CHOWN] = "start-chown",
2617 [SOCKET_START_POST] = "start-post",
2618 [SOCKET_LISTENING] = "listening",
2619 [SOCKET_RUNNING] = "running",
2620 [SOCKET_STOP_PRE] = "stop-pre",
2621 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2622 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2623 [SOCKET_STOP_POST] = "stop-post",
2624 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2625 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2626 [SOCKET_FAILED] = "failed"
2629 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2631 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2632 [SOCKET_EXEC_START_PRE] = "StartPre",
2633 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2634 [SOCKET_EXEC_START_POST] = "StartPost",
2635 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2636 [SOCKET_EXEC_STOP_POST] = "StopPost"
2639 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2641 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2642 [SOCKET_SUCCESS] = "success",
2643 [SOCKET_FAILURE_RESOURCES] = "resources",
2644 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2645 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2646 [SOCKET_FAILURE_SIGNAL] = "signal",
2647 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2648 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2651 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2653 const UnitVTable socket_vtable = {
2654 .object_size = sizeof(Socket),
2655 .exec_context_offset = offsetof(Socket, exec_context),
2656 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2657 .kill_context_offset = offsetof(Socket, kill_context),
2658 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2664 .private_section = "Socket",
2666 .init = socket_init,
2667 .done = socket_done,
2668 .load = socket_load,
2670 .coldplug = socket_coldplug,
2672 .dump = socket_dump,
2674 .start = socket_start,
2675 .stop = socket_stop,
2677 .kill = socket_kill,
2679 .get_timeout = socket_get_timeout,
2681 .serialize = socket_serialize,
2682 .deserialize_item = socket_deserialize_item,
2683 .distribute_fds = socket_distribute_fds,
2685 .active_state = socket_active_state,
2686 .sub_state_to_string = socket_sub_state_to_string,
2688 .check_gc = socket_check_gc,
2690 .sigchld_event = socket_sigchld_event,
2692 .trigger_notify = socket_trigger_notify,
2694 .reset_failed = socket_reset_failed,
2696 .bus_interface = "org.freedesktop.systemd1.Socket",
2697 .bus_vtable = bus_socket_vtable,
2698 .bus_set_property = bus_socket_set_property,
2699 .bus_commit_properties = bus_socket_commit_properties,
2701 .status_message_formats = {
2702 /*.starting_stopping = {
2703 [0] = "Starting socket %s...",
2704 [1] = "Stopping socket %s...",
2706 .finished_start_job = {
2707 [JOB_DONE] = "Listening on %s.",
2708 [JOB_FAILED] = "Failed to listen on %s.",
2709 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2710 [JOB_TIMEOUT] = "Timed out starting %s.",
2712 .finished_stop_job = {
2713 [JOB_DONE] = "Closed %s.",
2714 [JOB_FAILED] = "Failed stopping %s.",
2715 [JOB_TIMEOUT] = "Timed out stopping %s.",