From 175a3d25d0e8596d4ba0759aea3f89ee228e7d6d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 6 Nov 2013 22:30:35 +0100 Subject: [PATCH 1/1] active: rework make_socket_fd() to be based on socket_address_listen() Among other things this makes sure we set SO_REUSEADDR which is immensely useful. --- Makefile.am | 1 + src/activate/activate.c | 30 +++++++++++++++++++++ src/core/socket.c | 55 +++++++++++++++++++++------------------ src/shared/socket-label.c | 44 ++++++++++++++++--------------- src/shared/socket-util.c | 39 --------------------------- src/shared/socket-util.h | 6 ++--- 6 files changed, 86 insertions(+), 89 deletions(-) diff --git a/Makefile.am b/Makefile.am index afae87a97..d0366c96d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2859,6 +2859,7 @@ systemd_activate_SOURCES = \ src/activate/activate.c systemd_activate_LDADD = \ + libsystemd-label.la \ libsystemd-shared.la \ libsystemd-daemon.la diff --git a/src/activate/activate.c b/src/activate/activate.c index 738cd83c5..cf8c5cebd 100644 --- a/src/activate/activate.c +++ b/src/activate/activate.c @@ -91,6 +91,35 @@ static int print_socket(const char* desc, int fd) { return 0; } +static int make_socket_fd(const char* address, int flags) { + _cleanup_free_ char *p = NULL; + SocketAddress a; + int fd, r; + + r = socket_address_parse(&a, address); + if (r < 0) { + log_error("Failed to parse socket: %s", strerror(-r)); + return r; + } + + fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT, NULL, false, false, 0755, 0644, NULL); + if (fd < 0) { + log_error("Failed to listen: %s", strerror(-r)); + return fd; + } + + r = socket_address_print(&a, &p); + if (r < 0) { + log_error("socket_address_print(): %s", strerror(-r)); + close_nointr_nofail(fd); + return r; + } + + log_info("Listening on %s", p); + + return fd; +} + static int open_sockets(int *epoll_fd, bool accept) { int n, fd, r; int count = 0; @@ -129,6 +158,7 @@ static int open_sockets(int *epoll_fd, bool accept) { return fd; } + assert(fd == SD_LISTEN_FDS_START + count); count ++; } diff --git a/src/core/socket.c b/src/core/socket.c index 887ea00fb..03b8f927b 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -993,46 +993,51 @@ static int socket_open_fds(Socket *s) { know_label = true; } - if ((r = socket_address_listen( - &p->address, - s->backlog, - s->bind_ipv6_only, - s->bind_to_device, - s->free_bind, - s->transparent, - s->directory_mode, - s->socket_mode, - label, - &p->fd)) < 0) + r = socket_address_listen( + &p->address, + SOCK_CLOEXEC|SOCK_NONBLOCK, + s->backlog, + s->bind_ipv6_only, + s->bind_to_device, + s->free_bind, + s->transparent, + s->directory_mode, + s->socket_mode, + label); + if (r < 0) goto rollback; + p->fd = r; socket_apply_socket_options(s, p->fd); } else if (p->type == SOCKET_SPECIAL) { - if ((r = special_address_create( - p->path, - &p->fd)) < 0) + r = special_address_create( + p->path, + &p->fd); + if (r < 0) goto rollback; } else if (p->type == SOCKET_FIFO) { - if ((r = fifo_address_create( - p->path, - s->directory_mode, - s->socket_mode, - &p->fd)) < 0) + r = fifo_address_create( + p->path, + s->directory_mode, + s->socket_mode, + &p->fd); + if (r < 0) goto rollback; socket_apply_fifo_options(s, p->fd); } else if (p->type == SOCKET_MQUEUE) { - if ((r = mq_address_create( - p->path, - s->socket_mode, - s->mq_maxmsg, - s->mq_msgsize, - &p->fd)) < 0) + r = mq_address_create( + p->path, + s->socket_mode, + s->mq_maxmsg, + s->mq_msgsize, + &p->fd); + if (r < 0) goto rollback; } else assert_not_reached("Unknown port type"); diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index ff212de82..c8be17a1d 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -41,6 +41,7 @@ int socket_address_listen( const SocketAddress *a, + int flags, int backlog, SocketAddressBindIPv6Only only, const char *bind_to_device, @@ -48,27 +49,31 @@ int socket_address_listen( bool transparent, mode_t directory_mode, mode_t socket_mode, - const char *label, - int *ret) { + const char *label) { + + _cleanup_close_ int fd = -1; + int r, one; - int r, fd, one; assert(a); - assert(ret); - if ((r = socket_address_verify(a)) < 0) + r = socket_address_verify(a); + if (r < 0) return r; if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported()) return -EAFNOSUPPORT; - r = label_socket_set(label); - if (r < 0) - return r; + if (label) { + r = label_socket_set(label); + if (r < 0) + return r; + } - fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol); + fd = socket(socket_address_family(a), a->type | flags, a->protocol); r = fd < 0 ? -errno : 0; - label_socket_clear(); + if (label) + label_socket_clear(); if (r < 0) return r; @@ -77,13 +82,13 @@ int socket_address_listen( int flag = only == SOCKET_ADDRESS_IPV6_ONLY; if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0) - goto fail; + return -errno; } if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) { if (bind_to_device) if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0) - goto fail; + return -errno; if (free_bind) { one = 1; @@ -100,7 +105,7 @@ int socket_address_listen( one = 1; if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) - goto fail; + return -errno; if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) { mode_t old_mask; @@ -108,7 +113,7 @@ int socket_address_listen( /* Create parents */ mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode); - /* Enforce the right access mode for the socket*/ + /* Enforce the right access mode for the socket */ old_mask = umask(~ socket_mode); /* Include the original umask in our mask */ @@ -127,17 +132,14 @@ int socket_address_listen( r = bind(fd, &a->sockaddr.sa, a->size); if (r < 0) - goto fail; + return -errno; if (socket_address_can_accept(a)) if (listen(fd, backlog) < 0) - goto fail; + return -errno; - *ret = fd; - return 0; + r = fd; + fd = -1; -fail: - r = -errno; - close_nointr_nofail(fd); return r; } diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c index 954686f97..1175795d7 100644 --- a/src/shared/socket-util.c +++ b/src/shared/socket-util.c @@ -568,45 +568,6 @@ bool socket_address_matches_fd(const SocketAddress *a, int fd) { return false; } -int make_socket_fd(const char* address, int flags) { - SocketAddress a; - int fd, r; - _cleanup_free_ char *p = NULL; - - r = socket_address_parse(&a, address); - if (r < 0) { - log_error("failed to parse socket: %s", strerror(-r)); - return r; - } - - fd = socket(socket_address_family(&a), flags, 0); - if (fd < 0) { - log_error("socket(): %m"); - return -errno; - } - - r = socket_address_print(&a, &p); - if (r < 0) { - log_error("socket_address_print(): %s", strerror(-r)); - return r; - } - log_info("Listening on %s", p); - - r = bind(fd, &a.sockaddr.sa, a.size); - if (r < 0) { - log_error("bind to %s: %m", address); - return -errno; - } - - r = listen(fd, SOMAXCONN); - if (r < 0) { - log_error("listen on %s: %m", address); - return -errno; - } - - return fd; -} - static const char* const netlink_family_table[] = { [NETLINK_ROUTE] = "route", [NETLINK_FIREWALL] = "firewall", diff --git a/src/shared/socket-util.h b/src/shared/socket-util.h index e0b85adf9..0b9bf2fef 100644 --- a/src/shared/socket-util.h +++ b/src/shared/socket-util.h @@ -73,6 +73,7 @@ bool socket_address_can_accept(const SocketAddress *a) _pure_; int socket_address_listen( const SocketAddress *a, + int flags, int backlog, SocketAddressBindIPv6Only only, const char *bind_to_device, @@ -80,16 +81,13 @@ int socket_address_listen( bool transparent, mode_t directory_mode, mode_t socket_mode, - const char *label, - int *ret); + const char *label); bool socket_address_is(const SocketAddress *a, const char *s, int type); bool socket_address_is_netlink(const SocketAddress *a, const char *s); bool socket_address_matches_fd(const SocketAddress *a, int fd); -int make_socket_fd(const char* address, int flags); - bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) _pure_; const char* socket_address_get_path(const SocketAddress *a); -- 2.30.2