You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
-<refentry id="systemd-saproxy">
+<refentry id="systemd-socket-proxyd">
<refentryinfo>
- <title>systemd-saproxy</title>
+ <title>systemd-socket-proxyd</title>
<productname>systemd</productname>
<authorgroup>
<author>
</authorgroup>
</refentryinfo>
<refmeta>
- <refentrytitle>systemd-saproxy</refentrytitle>
+ <refentrytitle>systemd-socket-proxyd</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
- <refname>systemd-saproxy</refname>
+ <refname>systemd-socket-proxyd</refname>
<refpurpose>Inherit a socket. Bidirectionally
proxy.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>systemd-saproxy</command>
+ <command>systemd-socket-proxyd</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="plain"><replaceable>HOSTNAME-OR-IP</replaceable></arg>
<arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
- <command>systemd-saproxy</command>
+ <command>systemd-socket-proxyd</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
</arg>
<refsect1>
<title>Description</title>
<para>
- <command>systemd-saproxy</command> provides a proxy
+ <command>systemd-socket-proxyd</command> provides a proxy
to socket-activate services that do not yet support
native socket activation. On behalf of the daemon,
the proxy inherits the socket from systemd, accepts
data between the two.</para>
<para>This utility's behavior is similar to
<citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum> </citerefentry>.
- The main differences for <command>systemd-saproxy</command>
+ The main differences for <command>systemd-socket-proxyd</command>
are support for socket activation with
<literal>Accept=false</literal> and an event-driven
design that scales better with the number of
invoked indirectly, for
example with a shell script
rather than with
- <option>ExecStart=/usr/bin/systemd-saproxy</option>
+ <option>ExecStart=/usr/bin/systemd-socket-proxyd</option>
</para>
</listitem>
</varlistentry>
Requires=nginx.service
[Service]
-ExecStart=/usr/bin/systemd-saproxy /tmp/nginx.sock
+ExecStart=/usr/bin/systemd-socket-proxyd /tmp/nginx.sock
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
[Service]
ExecStartPre=/usr/sbin/nginx -t
-ExecStart=/usr/bin/saproxy-nginx.sh
+ExecStart=/usr/bin/socket-proxyd-nginx.sh
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
</example>
<example label="shell script">
<title>
- /usr/bin/saproxy-nginx.sh</title>
+ /usr/bin/socket-proxyd-nginx.sh</title>
<programlisting>
<![CDATA[#!/bin/sh
/usr/sbin/nginx
do
/usr/bin/inotifywait /tmp/nginx.pid
done
-/usr/bin/systemd-saproxy --ignore-env localhost 8080]]>
+/usr/bin/systemd-socket-proxyd --ignore-env localhost 8080]]>
</programlisting>
</example>
<example label="nginx configuration">
#include <sys/un.h>
#include <unistd.h>
-#include "log.h"
#include "sd-daemon.h"
#include "sd-event.h"
+#include "log.h"
#include "socket-util.h"
#include "util.h"
+#include "event-util.h"
#define BUFFER_SIZE 16384
#define _cleanup_freeaddrinfo_ _cleanup_(freeaddrinfop)
static void free_connection(struct connection *c) {
log_debug("Freeing fd=%d (conn %p).", c->fd, c);
sd_event_source_unref(c->w);
- close(c->fd);
+ close_nointr_nofail(c->fd);
free(c);
}
assert(revents & EPOLLIN);
- c_server_to_client = malloc0(sizeof(struct connection));
+ c_server_to_client = new0(struct connection, 1);
if (c_server_to_client == NULL) {
log_oom();
goto fail;
}
- c_client_to_server = malloc0(sizeof(struct connection));
+ c_client_to_server = new0(struct connection, 1);
if (c_client_to_server == NULL) {
log_oom();
goto fail;
goto fail;
}
- c_client_to_server->fd = accept(fd, (struct sockaddr *) &sa, &salen);
+ c_client_to_server->fd = accept4(fd, (struct sockaddr *) &sa, &salen, SOCK_NONBLOCK|SOCK_CLOEXEC);
if (c_client_to_server->fd < 0) {
log_error("Error accepting client connection.");
goto fail;
}
- /* Unlike on BSD, client sockets do not inherit nonblocking status
- * from the listening socket. */
- r = fd_nonblock(c_client_to_server->fd, true);
- if (r < 0) {
- log_error("Error %d marking client connection as nonblocking: %s", r, strerror(-r));
- goto fail;
- }
if (sa.sa.sa_family == AF_INET || sa.sa.sa_family == AF_INET6) {
char sa_str[INET6_ADDRSTRLEN];
finish:
/* Preserve the main loop even if a single proxy setup fails. */
- return 0;
+ return 1;
}
static int run_main_loop(struct proxy *proxy) {
+ _cleanup_event_source_unref_ sd_event_source *w_accept = NULL;
+ _cleanup_event_unref_ sd_event *e = NULL;
int r = EXIT_SUCCESS;
- struct sd_event *e = NULL;
- sd_event_source *w_accept = NULL;
r = sd_event_new(&e);
- if (r < 0)
- goto finish;
+ if (r < 0) {
+ log_error("Failed to allocate event loop: %s", strerror(-r));
+ return r;
+ }
r = fd_nonblock(proxy->listen_fd, true);
- if (r < 0)
- goto finish;
+ if (r < 0) {
+ log_error("Failed to make listen file descriptor non-blocking: %s", strerror(-r));
+ return r;
+ }
log_debug("Initializing main listener fd=%d", proxy->listen_fd);
- sd_event_add_io(e, proxy->listen_fd, EPOLLIN, accept_cb, proxy, &w_accept);
+ r = sd_event_add_io(e, proxy->listen_fd, EPOLLIN, accept_cb, proxy, &w_accept);
+ if (r < 0) {
+ log_error("Failed to add event IO source: %s", strerror(-r));
+ return r;
+ }
log_debug("Initialized main listener. Entering loop.");
- sd_event_loop(e);
-
-finish:
- sd_event_source_unref(w_accept);
- sd_event_unref(e);
-
- return r;
+ return sd_event_loop(e);
}
static int help(void) {
}
static void version(void) {
- puts(PACKAGE_STRING " saproxy");
+ puts(PACKAGE_STRING " socket-proxyd");
}
static int parse_argv(int argc, char *argv[], struct proxy *p) {
p.listen_fd = SD_LISTEN_FDS_START;
if (!p.ignore_env) {
- int n;
- n = sd_listen_fds(1);
- if (n == 0) {
- log_error("Found zero inheritable sockets. Are you sure this is running as a socket-activated service?");
- r = EXIT_FAILURE;
- goto finish;
- } else if (n < 0) {
- log_error("Error %d while finding inheritable sockets: %s", n, strerror(-n));
- r = EXIT_FAILURE;
- goto finish;
- } else if (n > 1) {
- log_error("Can't listen on more than one socket.");
- r = EXIT_FAILURE;
- goto finish;
- }
+ int n;
+ n = sd_listen_fds(1);
+ if (n == 0) {
+ log_error("Found zero inheritable sockets. Are you sure this is running as a socket-activated service?");
+ r = EXIT_FAILURE;
+ goto finish;
+ } else if (n < 0) {
+ log_error("Error %d while finding inheritable sockets: %s", n, strerror(-n));
+ r = EXIT_FAILURE;
+ goto finish;
+ } else if (n > 1) {
+ log_error("Can't listen on more than one socket.");
+ r = EXIT_FAILURE;
+ goto finish;
+ }
}
/* @TODO: Check if this proxy can work with datagram sockets. */
log_info("Starting the socket activation proxy with listener fd=%d.", p.listen_fd);
r = run_main_loop(&p);
- if (r < 0) {
- log_error("Error %d from main loop.", r);
- goto finish;
- }
finish:
- log_close();
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}