1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
35 #include <selinux/selinux.h>
40 #include "load-dropin.h"
41 #include "load-fragment.h"
44 #include "path-util.h"
45 #include "unit-name.h"
46 #include "unit-printf.h"
50 #include "exit-status.h"
52 #include "smack-util.h"
54 #include "bus-error.h"
55 #include "dbus-socket.h"
59 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
60 [SOCKET_DEAD] = UNIT_INACTIVE,
61 [SOCKET_START_PRE] = UNIT_ACTIVATING,
62 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
63 [SOCKET_START_POST] = UNIT_ACTIVATING,
64 [SOCKET_LISTENING] = UNIT_ACTIVE,
65 [SOCKET_RUNNING] = UNIT_ACTIVE,
66 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
67 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
70 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
71 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
72 [SOCKET_FAILED] = UNIT_FAILED
75 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
76 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
78 static void socket_init(Unit *u) {
79 Socket *s = SOCKET(u);
82 assert(u->load_state == UNIT_STUB);
84 s->backlog = SOMAXCONN;
85 s->timeout_usec = u->manager->default_timeout_start_usec;
86 s->directory_mode = 0755;
87 s->socket_mode = 0666;
89 s->max_connections = 64;
96 s->exec_context.std_output = u->manager->default_std_output;
97 s->exec_context.std_error = u->manager->default_std_error;
99 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
102 static void socket_unwatch_control_pid(Socket *s) {
105 if (s->control_pid <= 0)
108 unit_unwatch_pid(UNIT(s), s->control_pid);
112 void socket_free_ports(Socket *s) {
117 while ((p = s->ports)) {
118 LIST_REMOVE(port, s->ports, p);
120 sd_event_source_unref(p->event_source);
128 static void socket_done(Unit *u) {
129 Socket *s = SOCKET(u);
133 socket_free_ports(s);
135 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
136 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
137 s->control_command = NULL;
139 socket_unwatch_control_pid(s);
141 unit_ref_unset(&s->service);
143 free(s->tcp_congestion);
144 s->tcp_congestion = NULL;
146 free(s->bind_to_device);
147 s->bind_to_device = NULL;
150 free(s->smack_ip_in);
151 free(s->smack_ip_out);
153 strv_free(s->symlinks);
158 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
161 static int socket_arm_timer(Socket *s) {
166 if (s->timeout_usec <= 0) {
167 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
171 if (s->timer_event_source) {
172 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
176 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
179 return sd_event_add_time(
180 UNIT(s)->manager->event,
181 &s->timer_event_source,
183 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
184 socket_dispatch_timer, s);
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
199 if (UNIT_DEREF(s->service) || !s->accept)
202 prefix = unit_name_to_prefix(UNIT(s)->id);
206 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
209 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
214 unit_ref_set(&s->service, u);
216 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
219 static bool have_non_accept_socket(Socket *s) {
227 LIST_FOREACH(port, p, s->ports) {
229 if (p->type != SOCKET_SOCKET)
232 if (!socket_address_can_accept(&p->address))
239 static int socket_add_mount_links(Socket *s) {
245 LIST_FOREACH(port, p, s->ports) {
246 const char *path = NULL;
248 if (p->type == SOCKET_SOCKET)
249 path = socket_address_get_path(&p->address);
250 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
256 r = unit_require_mounts_for(UNIT(s), path);
264 static int socket_add_device_link(Socket *s) {
269 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
272 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
273 return unit_add_node_link(UNIT(s), t, false);
276 static int socket_add_default_dependencies(Socket *s) {
280 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
285 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
293 _pure_ static bool socket_has_exec(Socket *s) {
297 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
298 if (s->exec_command[i])
304 static int socket_add_extras(Socket *s) {
310 if (have_non_accept_socket(s)) {
312 if (!UNIT_DEREF(s->service)) {
315 r = unit_load_related_unit(u, ".service", &x);
319 unit_ref_set(&s->service, x);
322 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 r = socket_add_mount_links(s);
331 r = socket_add_device_link(s);
335 r = unit_patch_contexts(u);
339 if (socket_has_exec(s)) {
340 r = unit_add_exec_dependencies(u, &s->exec_context);
344 r = unit_add_default_slice(u, &s->cgroup_context);
349 if (u->default_dependencies) {
350 r = socket_add_default_dependencies(s);
358 static const char *socket_find_symlink_target(Socket *s) {
359 const char *found = NULL;
362 LIST_FOREACH(port, p, s->ports) {
363 const char *f = NULL;
372 if (p->address.sockaddr.un.sun_path[0] != 0)
373 f = p->address.sockaddr.un.sun_path;
391 static int socket_verify(Socket *s) {
394 if (UNIT(s)->load_state != UNIT_LOADED)
398 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
402 if (s->accept && have_non_accept_socket(s)) {
403 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
408 if (s->accept && s->max_connections <= 0) {
409 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
413 if (s->accept && UNIT_DEREF(s->service)) {
414 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
418 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
419 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
423 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
424 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
431 static int socket_load(Unit *u) {
432 Socket *s = SOCKET(u);
436 assert(u->load_state == UNIT_STUB);
438 r = unit_load_fragment_and_dropin(u);
442 if (u->load_state == UNIT_LOADED) {
443 /* This is a new unit? Then let's add in some extras */
444 r = socket_add_extras(s);
449 return socket_verify(s);
452 _const_ static const char* listen_lookup(int family, int type) {
454 if (family == AF_NETLINK)
455 return "ListenNetlink";
457 if (type == SOCK_STREAM)
458 return "ListenStream";
459 else if (type == SOCK_DGRAM)
460 return "ListenDatagram";
461 else if (type == SOCK_SEQPACKET)
462 return "ListenSequentialPacket";
464 assert_not_reached("Unknown socket type");
468 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
469 char time_string[FORMAT_TIMESPAN_MAX];
471 Socket *s = SOCKET(u);
478 prefix2 = strappenda(prefix, "\t");
481 "%sSocket State: %s\n"
483 "%sBindIPv6Only: %s\n"
485 "%sSocketMode: %04o\n"
486 "%sDirectoryMode: %04o\n"
490 "%sTransparent: %s\n"
492 "%sPassCredentials: %s\n"
493 "%sPassSecurity: %s\n"
494 "%sTCPCongestion: %s\n"
495 "%sRemoveOnStop: %s\n"
496 "%sSELinuxLabelViaNet: %s\n",
497 prefix, socket_state_to_string(s->state),
498 prefix, socket_result_to_string(s->result),
499 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
501 prefix, s->socket_mode,
502 prefix, s->directory_mode,
503 prefix, yes_no(s->keep_alive),
504 prefix, yes_no(s->no_delay),
505 prefix, yes_no(s->free_bind),
506 prefix, yes_no(s->transparent),
507 prefix, yes_no(s->broadcast),
508 prefix, yes_no(s->pass_cred),
509 prefix, yes_no(s->pass_sec),
510 prefix, strna(s->tcp_congestion),
511 prefix, yes_no(s->remove_on_stop),
512 prefix, yes_no(s->selinux_label_via_net));
514 if (s->control_pid > 0)
516 "%sControl PID: "PID_FMT"\n",
517 prefix, s->control_pid);
519 if (s->bind_to_device)
521 "%sBindToDevice: %s\n",
522 prefix, s->bind_to_device);
527 "%sNConnections: %u\n"
528 "%sMaxConnections: %u\n",
529 prefix, s->n_accepted,
530 prefix, s->n_connections,
531 prefix, s->max_connections);
533 if (s->priority >= 0)
536 prefix, s->priority);
538 if (s->receive_buffer > 0)
540 "%sReceiveBuffer: %zu\n",
541 prefix, s->receive_buffer);
543 if (s->send_buffer > 0)
545 "%sSendBuffer: %zu\n",
546 prefix, s->send_buffer);
558 if (s->pipe_size > 0)
561 prefix, s->pipe_size);
568 if (s->mq_maxmsg > 0)
570 "%sMessageQueueMaxMessages: %li\n",
571 prefix, s->mq_maxmsg);
573 if (s->mq_msgsize > 0)
575 "%sMessageQueueMessageSize: %li\n",
576 prefix, s->mq_msgsize);
581 prefix, yes_no(s->reuse_port));
585 "%sSmackLabel: %s\n",
590 "%sSmackLabelIPIn: %s\n",
591 prefix, s->smack_ip_in);
595 "%sSmackLabelIPOut: %s\n",
596 prefix, s->smack_ip_out);
598 if (!isempty(s->user) || !isempty(s->group))
601 "%sOwnerGroup: %s\n",
602 prefix, strna(s->user),
603 prefix, strna(s->group));
605 if(s->keep_alive_time)
607 "%sKeepAliveTime: %s\n",
608 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
609 s->keep_alive_time, USEC_PER_SEC));
611 if(s->keep_alive_interval)
613 "%sKeepAliveInterval: %s\n",
614 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
615 s->keep_alive_interval, USEC_PER_SEC));
617 if(s->keep_alive_cnt)
619 "%sKeepAliveProbes: %u\n",
620 prefix, s->keep_alive_cnt);
624 "%sDeferAccept: %s\n",
625 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
626 s->defer_accept, USEC_PER_SEC));
628 LIST_FOREACH(port, p, s->ports) {
630 if (p->type == SOCKET_SOCKET) {
635 if ((r = socket_address_print(&p->address, &k)) < 0)
640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
650 exec_context_dump(&s->exec_context, f, prefix);
651 kill_context_dump(&s->kill_context, f, prefix);
653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
654 if (!s->exec_command[c])
657 fprintf(f, "%s-> %s:\n",
658 prefix, socket_exec_command_to_string(c));
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
664 static int instance_from_socket(int fd, unsigned nr, char **instance) {
667 union sockaddr_union local, remote;
673 if (getsockname(fd, &local.sa, &l) < 0)
677 if (getpeername(fd, &remote.sa, &l) < 0)
680 switch (local.sa.sa_family) {
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
700 static const unsigned char ipv4_prefix[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
738 k = getpeercred(fd, &ucred);
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
759 assert_not_reached("Unhandled socket type.");
766 static void socket_close_fds(Socket *s) {
772 LIST_FOREACH(port, p, s->ports) {
774 p->event_source = sd_event_source_unref(p->event_source);
779 p->fd = safe_close(p->fd);
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
789 if (s->remove_on_stop) {
801 socket_address_unlink(&p->address);
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
815 static void socket_apply_socket_options(Socket *s, int fd) {
820 int b = s->keep_alive;
821 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
822 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
825 if (s->keep_alive_time) {
826 int value = s->keep_alive_time / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
831 if (s->keep_alive_interval) {
832 int value = s->keep_alive_interval / USEC_PER_SEC;
833 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
837 if (s->keep_alive_cnt) {
838 int value = s->keep_alive_cnt;
839 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
843 if (s->defer_accept) {
844 int value = s->defer_accept / USEC_PER_SEC;
845 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
851 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
852 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
857 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
858 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
869 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
870 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
873 if (s->priority >= 0)
874 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
875 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
877 if (s->receive_buffer > 0) {
878 int value = (int) s->receive_buffer;
880 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
882 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
883 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
884 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
887 if (s->send_buffer > 0) {
888 int value = (int) s->send_buffer;
889 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
890 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
891 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
895 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
896 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
899 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
900 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
902 if (s->ip_ttl >= 0) {
905 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
907 if (socket_ipv6_is_supported())
908 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 errno = EAFNOSUPPORT;
915 log_warning_unit(UNIT(s)->id,
916 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
919 if (s->tcp_congestion)
920 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
921 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
924 int b = s->reuse_port;
925 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
926 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
930 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
931 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
934 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
935 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
938 static void socket_apply_fifo_options(Socket *s, int fd) {
942 if (s->pipe_size > 0)
943 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
944 log_warning_unit(UNIT(s)->id,
948 if (smack_label_fd(fd, s->smack) < 0)
949 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
952 static int fifo_address_create(
954 mode_t directory_mode,
965 mkdir_parents_label(path, directory_mode);
967 r = label_context_set(path, S_IFIFO);
971 /* Enforce the right access mode for the fifo */
972 old_mask = umask(~ socket_mode);
974 /* Include the original umask in our mask */
975 umask(~socket_mode | old_mask);
977 r = mkfifo(path, socket_mode);
980 if (r < 0 && errno != EEXIST) {
985 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
990 label_context_clear();
992 if (fstat(fd, &st) < 0) {
997 if (!S_ISFIFO(st.st_mode) ||
998 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
999 st.st_uid != getuid() ||
1000 st.st_gid != getgid()) {
1010 label_context_clear();
1016 static int special_address_create(
1026 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1032 if (fstat(fd, &st) < 0) {
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1052 static int mq_address_create(
1062 struct mq_attr _attr, *attr = NULL;
1067 if (maxmsg > 0 && msgsize > 0) {
1069 _attr.mq_flags = O_NONBLOCK;
1070 _attr.mq_maxmsg = maxmsg;
1071 _attr.mq_msgsize = msgsize;
1075 /* Enforce the right access mode for the mq */
1076 old_mask = umask(~ mq_mode);
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode | old_mask);
1080 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1088 if (fstat(fd, &st) < 0) {
1093 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1094 st.st_uid != getuid() ||
1095 st.st_gid != getgid()) {
1109 static int socket_symlink(Socket *s) {
1115 p = socket_find_symlink_target(s);
1119 STRV_FOREACH(i, s->symlinks)
1125 static int socket_open_fds(Socket *s) {
1129 bool know_label = false;
1133 LIST_FOREACH(port, p, s->ports) {
1138 if (p->type == SOCKET_SOCKET) {
1140 if (!know_label && s->selinux_label_via_net) {
1149 r = socket_instantiate_service(s);
1153 if (UNIT_ISSET(s->service) &&
1154 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1155 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1156 if (r < 0 && r != -EPERM)
1163 r = socket_address_listen(
1165 SOCK_CLOEXEC|SOCK_NONBLOCK,
1178 socket_apply_socket_options(s, p->fd);
1181 } else if (p->type == SOCKET_SPECIAL) {
1183 r = special_address_create(
1189 } else if (p->type == SOCKET_FIFO) {
1191 r = fifo_address_create(
1199 socket_apply_fifo_options(s, p->fd);
1202 } else if (p->type == SOCKET_MQUEUE) {
1204 r = mq_address_create(
1213 assert_not_reached("Unknown port type");
1220 socket_close_fds(s);
1225 static void socket_unwatch_fds(Socket *s) {
1231 LIST_FOREACH(port, p, s->ports) {
1235 if (!p->event_source)
1238 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1240 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1244 static int socket_watch_fds(Socket *s) {
1250 LIST_FOREACH(port, p, s->ports) {
1254 if (p->event_source)
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1257 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1260 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1268 socket_unwatch_fds(s);
1272 static void socket_set_state(Socket *s, SocketState state) {
1273 SocketState old_state;
1276 old_state = s->state;
1284 SOCKET_STOP_PRE_SIGTERM,
1285 SOCKET_STOP_PRE_SIGKILL,
1287 SOCKET_FINAL_SIGTERM,
1288 SOCKET_FINAL_SIGKILL)) {
1290 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1291 socket_unwatch_control_pid(s);
1292 s->control_command = NULL;
1293 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1296 if (state != SOCKET_LISTENING)
1297 socket_unwatch_fds(s);
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL))
1307 socket_close_fds(s);
1309 if (state != old_state)
1310 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1311 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1313 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1316 static int socket_coldplug(Unit *u) {
1317 Socket *s = SOCKET(u);
1321 assert(s->state == SOCKET_DEAD);
1323 if (s->deserialized_state == s->state)
1326 if (IN_SET(s->deserialized_state,
1331 SOCKET_STOP_PRE_SIGTERM,
1332 SOCKET_STOP_PRE_SIGKILL,
1334 SOCKET_FINAL_SIGTERM,
1335 SOCKET_FINAL_SIGKILL)) {
1337 if (s->control_pid <= 0)
1340 r = unit_watch_pid(UNIT(s), s->control_pid);
1344 r = socket_arm_timer(s);
1349 if (IN_SET(s->deserialized_state,
1355 SOCKET_STOP_PRE_SIGTERM,
1356 SOCKET_STOP_PRE_SIGKILL)) {
1357 r = socket_open_fds(s);
1362 if (s->deserialized_state == SOCKET_LISTENING) {
1363 r = socket_watch_fds(s);
1368 socket_set_state(s, s->deserialized_state);
1372 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1373 _cleanup_free_ char **argv = NULL;
1381 unit_realize_cgroup(UNIT(s));
1383 r = unit_setup_exec_runtime(UNIT(s));
1387 r = socket_arm_timer(s);
1391 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1399 UNIT(s)->manager->environment,
1403 UNIT(s)->manager->confirm_spawn,
1404 UNIT(s)->manager->cgroup_supported,
1405 UNIT(s)->cgroup_path,
1406 manager_get_runtime_prefix(UNIT(s)->manager),
1415 r = unit_watch_pid(UNIT(s), pid);
1417 /* FIXME: we need to do something here */
1424 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1428 static int socket_chown(Socket *s, pid_t *_pid) {
1432 r = socket_arm_timer(s);
1436 /* We have to resolve the user names out-of-process, hence
1437 * let's fork here. It's messy, but well, what can we do? */
1445 uid_t uid = (uid_t) -1;
1446 gid_t gid = (gid_t) -1;
1449 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1450 ignore_signals(SIGPIPE, -1);
1453 if (!isempty(s->user)) {
1454 const char *user = s->user;
1456 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1463 if (!isempty(s->group)) {
1464 const char *group = s->group;
1466 r = get_group_creds(&group, &gid);
1473 LIST_FOREACH(port, p, s->ports) {
1474 const char *path = NULL;
1476 if (p->type == SOCKET_SOCKET)
1477 path = socket_address_get_path(&p->address);
1478 else if (p->type == SOCKET_FIFO)
1484 if (chown(path, uid, gid) < 0) {
1495 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1500 r = unit_watch_pid(UNIT(s), pid);
1508 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1512 static void socket_enter_dead(Socket *s, SocketResult f) {
1515 if (f != SOCKET_SUCCESS)
1518 exec_runtime_destroy(s->exec_runtime);
1519 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1521 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1523 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1526 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1528 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1532 if (f != SOCKET_SUCCESS)
1535 socket_unwatch_control_pid(s);
1536 s->control_command_id = SOCKET_EXEC_STOP_POST;
1537 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1539 if (s->control_command) {
1540 r = socket_spawn(s, s->control_command, &s->control_pid);
1544 socket_set_state(s, SOCKET_STOP_POST);
1546 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1551 log_warning_unit(UNIT(s)->id,
1552 "%s failed to run 'stop-post' task: %s",
1553 UNIT(s)->id, strerror(-r));
1554 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1557 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1562 if (f != SOCKET_SUCCESS)
1565 r = unit_kill_context(
1568 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1576 r = socket_arm_timer(s);
1580 socket_set_state(s, state);
1581 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1582 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1583 else if (state == SOCKET_STOP_PRE_SIGKILL)
1584 socket_enter_stop_post(s, SOCKET_SUCCESS);
1585 else if (state == SOCKET_FINAL_SIGTERM)
1586 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1588 socket_enter_dead(s, SOCKET_SUCCESS);
1593 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1595 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1596 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1598 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1601 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1605 if (f != SOCKET_SUCCESS)
1608 socket_unwatch_control_pid(s);
1609 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1610 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1612 if (s->control_command) {
1613 r = socket_spawn(s, s->control_command, &s->control_pid);
1617 socket_set_state(s, SOCKET_STOP_PRE);
1619 socket_enter_stop_post(s, SOCKET_SUCCESS);
1624 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1625 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1628 static void socket_enter_listening(Socket *s) {
1632 r = socket_watch_fds(s);
1634 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1638 socket_set_state(s, SOCKET_LISTENING);
1642 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1645 static void socket_enter_start_post(Socket *s) {
1649 socket_unwatch_control_pid(s);
1650 s->control_command_id = SOCKET_EXEC_START_POST;
1651 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1653 if (s->control_command) {
1654 r = socket_spawn(s, s->control_command, &s->control_pid);
1656 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1660 socket_set_state(s, SOCKET_START_POST);
1662 socket_enter_listening(s);
1667 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1670 static void socket_enter_start_chown(Socket *s) {
1675 r = socket_open_fds(s);
1677 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1681 if (!isempty(s->user) || !isempty(s->group)) {
1683 socket_unwatch_control_pid(s);
1684 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1685 s->control_command = NULL;
1687 r = socket_chown(s, &s->control_pid);
1689 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1693 socket_set_state(s, SOCKET_START_CHOWN);
1695 socket_enter_start_post(s);
1700 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1703 static void socket_enter_start_pre(Socket *s) {
1707 socket_unwatch_control_pid(s);
1708 s->control_command_id = SOCKET_EXEC_START_PRE;
1709 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1711 if (s->control_command) {
1712 r = socket_spawn(s, s->control_command, &s->control_pid);
1714 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1718 socket_set_state(s, SOCKET_START_PRE);
1720 socket_enter_start_chown(s);
1725 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1728 static void socket_enter_running(Socket *s, int cfd) {
1729 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1734 /* We don't take connections anymore if we are supposed to
1735 * shut down anyway */
1736 if (unit_stop_pending(UNIT(s))) {
1738 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1743 /* Flush all sockets by closing and reopening them */
1744 socket_close_fds(s);
1746 r = socket_open_fds(s);
1748 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1749 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1753 r = socket_watch_fds(s);
1755 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1756 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1766 bool pending = false;
1768 /* If there's already a start pending don't bother to
1770 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1771 if (unit_active_or_pending(other)) {
1777 if (!UNIT_ISSET(s->service)) {
1778 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1783 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1788 socket_set_state(s, SOCKET_RUNNING);
1790 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1793 if (s->n_connections >= s->max_connections) {
1794 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1799 r = socket_instantiate_service(s);
1803 r = instance_from_socket(cfd, s->n_accepted, &instance);
1808 /* ENOTCONN is legitimate if TCP RST was received.
1809 * This connection is over, but the socket unit lives on. */
1814 prefix = unit_name_to_prefix(UNIT(s)->id);
1820 name = unit_name_build(prefix, instance, ".service");
1826 r = unit_add_name(UNIT_DEREF(s->service), name);
1830 service = SERVICE(UNIT_DEREF(s->service));
1831 unit_ref_unset(&s->service);
1834 UNIT(service)->no_gc = false;
1836 unit_choose_id(UNIT(service), name);
1838 r = service_set_socket_fd(service, cfd, s);
1843 s->n_connections ++;
1845 if (s->selinux_label_via_net)
1846 service->exec_context.selinux_label_via_net = true;
1848 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1852 /* Notify clients about changed counters */
1853 unit_add_to_dbus_queue(UNIT(s));
1859 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1860 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1861 bus_error_message(&error, r));
1863 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1867 static void socket_run_next(Socket *s) {
1871 assert(s->control_command);
1872 assert(s->control_command->command_next);
1874 socket_unwatch_control_pid(s);
1876 s->control_command = s->control_command->command_next;
1878 r = socket_spawn(s, s->control_command, &s->control_pid);
1885 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1887 if (s->state == SOCKET_START_POST)
1888 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1889 else if (s->state == SOCKET_STOP_POST)
1890 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1892 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1895 static int socket_start(Unit *u) {
1896 Socket *s = SOCKET(u);
1900 /* We cannot fulfill this request right now, try again later
1902 if (IN_SET(s->state,
1904 SOCKET_STOP_PRE_SIGKILL,
1905 SOCKET_STOP_PRE_SIGTERM,
1907 SOCKET_FINAL_SIGTERM,
1908 SOCKET_FINAL_SIGKILL))
1911 /* Already on it! */
1912 if (IN_SET(s->state,
1918 /* Cannot run this without the service being around */
1919 if (UNIT_ISSET(s->service)) {
1922 service = SERVICE(UNIT_DEREF(s->service));
1924 if (UNIT(service)->load_state != UNIT_LOADED) {
1925 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1929 /* If the service is already active we cannot start the
1931 if (service->state != SERVICE_DEAD &&
1932 service->state != SERVICE_FAILED &&
1933 service->state != SERVICE_AUTO_RESTART) {
1934 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1939 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1941 s->result = SOCKET_SUCCESS;
1942 socket_enter_start_pre(s);
1947 static int socket_stop(Unit *u) {
1948 Socket *s = SOCKET(u);
1953 if (IN_SET(s->state,
1955 SOCKET_STOP_PRE_SIGTERM,
1956 SOCKET_STOP_PRE_SIGKILL,
1958 SOCKET_FINAL_SIGTERM,
1959 SOCKET_FINAL_SIGKILL))
1962 /* If there's already something running we go directly into
1964 if (IN_SET(s->state,
1967 SOCKET_START_POST)) {
1968 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1972 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1974 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1978 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1979 Socket *s = SOCKET(u);
1987 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1988 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1989 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1991 if (s->control_pid > 0)
1992 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1994 if (s->control_command_id >= 0)
1995 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1997 LIST_FOREACH(port, p, s->ports) {
2003 copy = fdset_put_dup(fds, p->fd);
2007 if (p->type == SOCKET_SOCKET) {
2008 _cleanup_free_ char *t = NULL;
2010 r = socket_address_print(&p->address, &t);
2014 if (socket_address_family(&p->address) == AF_NETLINK)
2015 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2017 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2019 } else if (p->type == SOCKET_SPECIAL)
2020 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2021 else if (p->type == SOCKET_MQUEUE)
2022 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2024 assert(p->type == SOCKET_FIFO);
2025 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2032 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2033 Socket *s = SOCKET(u);
2039 if (streq(key, "state")) {
2042 state = socket_state_from_string(value);
2044 log_debug_unit(u->id, "Failed to parse state value %s", value);
2046 s->deserialized_state = state;
2047 } else if (streq(key, "result")) {
2050 f = socket_result_from_string(value);
2052 log_debug_unit(u->id, "Failed to parse result value %s", value);
2053 else if (f != SOCKET_SUCCESS)
2056 } else if (streq(key, "n-accepted")) {
2059 if (safe_atou(value, &k) < 0)
2060 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2063 } else if (streq(key, "control-pid")) {
2066 if (parse_pid(value, &pid) < 0)
2067 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2069 s->control_pid = pid;
2070 } else if (streq(key, "control-command")) {
2071 SocketExecCommand id;
2073 id = socket_exec_command_from_string(value);
2075 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2077 s->control_command_id = id;
2078 s->control_command = s->exec_command[id];
2080 } else if (streq(key, "fifo")) {
2084 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2085 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2088 LIST_FOREACH(port, p, s->ports)
2089 if (p->type == SOCKET_FIFO &&
2090 streq_ptr(p->path, value+skip))
2095 p->fd = fdset_remove(fds, fd);
2099 } else if (streq(key, "special")) {
2103 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2104 log_debug_unit(u->id, "Failed to parse special value %s", value);
2107 LIST_FOREACH(port, p, s->ports)
2108 if (p->type == SOCKET_SPECIAL &&
2109 streq_ptr(p->path, value+skip))
2114 p->fd = fdset_remove(fds, fd);
2118 } else if (streq(key, "mqueue")) {
2122 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2123 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2126 LIST_FOREACH(port, p, s->ports)
2127 if (p->type == SOCKET_MQUEUE &&
2128 streq_ptr(p->path, value+skip))
2133 p->fd = fdset_remove(fds, fd);
2137 } else if (streq(key, "socket")) {
2138 int fd, type, skip = 0;
2141 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2142 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2145 LIST_FOREACH(port, p, s->ports)
2146 if (socket_address_is(&p->address, value+skip, type))
2151 p->fd = fdset_remove(fds, fd);
2155 } else if (streq(key, "netlink")) {
2159 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2160 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2163 LIST_FOREACH(port, p, s->ports)
2164 if (socket_address_is_netlink(&p->address, value+skip))
2169 p->fd = fdset_remove(fds, fd);
2173 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2178 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2179 Socket *s = SOCKET(u);
2184 LIST_FOREACH(port, p, s->ports) {
2188 if (p->type != SOCKET_SOCKET)
2194 FDSET_FOREACH(fd, fds, i) {
2195 if (socket_address_matches_fd(&p->address, fd)) {
2196 p->fd = fdset_remove(fds, fd);
2197 s->deserialized_state = SOCKET_LISTENING;
2206 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2209 return state_translation_table[SOCKET(u)->state];
2212 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2215 return socket_state_to_string(SOCKET(u)->state);
2218 const char* socket_port_type_to_string(SocketPort *p) {
2226 switch (p->address.type) {
2234 case SOCK_SEQPACKET:
2235 return "SequentialPacket";
2238 if (socket_address_family(&p->address) == AF_NETLINK)
2245 case SOCKET_SPECIAL:
2249 return "MessageQueue";
2259 _pure_ static bool socket_check_gc(Unit *u) {
2260 Socket *s = SOCKET(u);
2264 return s->n_connections > 0;
2267 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2268 SocketPort *p = userdata;
2274 if (p->socket->state != SOCKET_LISTENING)
2277 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2279 if (revents != EPOLLIN) {
2281 if (revents & EPOLLHUP)
2282 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2283 UNIT(p->socket)->id);
2285 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2286 UNIT(p->socket)->id, revents);
2291 if (p->socket->accept &&
2292 p->type == SOCKET_SOCKET &&
2293 socket_address_can_accept(&p->address)) {
2297 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2303 log_error_unit(UNIT(p->socket)->id,
2304 "Failed to accept socket: %m");
2311 socket_apply_socket_options(p->socket, cfd);
2314 socket_enter_running(p->socket, cfd);
2318 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2322 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2323 Socket *s = SOCKET(u);
2329 if (pid != s->control_pid)
2334 if (is_clean_exit(code, status, NULL))
2336 else if (code == CLD_EXITED)
2337 f = SOCKET_FAILURE_EXIT_CODE;
2338 else if (code == CLD_KILLED)
2339 f = SOCKET_FAILURE_SIGNAL;
2340 else if (code == CLD_DUMPED)
2341 f = SOCKET_FAILURE_CORE_DUMP;
2343 assert_not_reached("Unknown sigchld code");
2345 if (s->control_command) {
2346 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2348 if (s->control_command->ignore)
2352 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2354 "%s control process exited, code=%s status=%i",
2355 u->id, sigchld_code_to_string(code), status);
2357 if (f != SOCKET_SUCCESS)
2360 if (s->control_command &&
2361 s->control_command->command_next &&
2362 f == SOCKET_SUCCESS) {
2364 log_debug_unit(u->id,
2365 "%s running next command for state %s",
2366 u->id, socket_state_to_string(s->state));
2369 s->control_command = NULL;
2370 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2372 /* No further commands for this step, so let's figure
2373 * out what to do next */
2375 log_debug_unit(u->id,
2376 "%s got final SIGCHLD for state %s",
2377 u->id, socket_state_to_string(s->state));
2381 case SOCKET_START_PRE:
2382 if (f == SOCKET_SUCCESS)
2383 socket_enter_start_chown(s);
2385 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2388 case SOCKET_START_CHOWN:
2389 if (f == SOCKET_SUCCESS)
2390 socket_enter_start_post(s);
2392 socket_enter_stop_pre(s, f);
2395 case SOCKET_START_POST:
2396 if (f == SOCKET_SUCCESS)
2397 socket_enter_listening(s);
2399 socket_enter_stop_pre(s, f);
2402 case SOCKET_STOP_PRE:
2403 case SOCKET_STOP_PRE_SIGTERM:
2404 case SOCKET_STOP_PRE_SIGKILL:
2405 socket_enter_stop_post(s, f);
2408 case SOCKET_STOP_POST:
2409 case SOCKET_FINAL_SIGTERM:
2410 case SOCKET_FINAL_SIGKILL:
2411 socket_enter_dead(s, f);
2415 assert_not_reached("Uh, control process died at wrong time.");
2419 /* Notify clients about changed exit status */
2420 unit_add_to_dbus_queue(u);
2423 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2424 Socket *s = SOCKET(userdata);
2427 assert(s->timer_event_source == source);
2431 case SOCKET_START_PRE:
2432 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2433 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2436 case SOCKET_START_CHOWN:
2437 case SOCKET_START_POST:
2438 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2439 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2442 case SOCKET_STOP_PRE:
2443 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2444 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2447 case SOCKET_STOP_PRE_SIGTERM:
2448 if (s->kill_context.send_sigkill) {
2449 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2450 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2452 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2453 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2457 case SOCKET_STOP_PRE_SIGKILL:
2458 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2459 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2462 case SOCKET_STOP_POST:
2463 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2464 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2467 case SOCKET_FINAL_SIGTERM:
2468 if (s->kill_context.send_sigkill) {
2469 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2470 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2472 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2473 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2477 case SOCKET_FINAL_SIGKILL:
2478 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2479 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2483 assert_not_reached("Timeout at wrong time.");
2489 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2498 /* Called from the service code for requesting our fds */
2501 LIST_FOREACH(port, p, s->ports)
2511 if (!(rfds = new(int, rn_fds)))
2515 LIST_FOREACH(port, p, s->ports)
2519 assert(k == rn_fds);
2527 static void socket_reset_failed(Unit *u) {
2528 Socket *s = SOCKET(u);
2532 if (s->state == SOCKET_FAILED)
2533 socket_set_state(s, SOCKET_DEAD);
2535 s->result = SOCKET_SUCCESS;
2538 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2541 /* The service is dead. Dang!
2543 * This is strictly for one-instance-for-all-connections
2546 if (s->state == SOCKET_RUNNING) {
2547 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2548 if (failed_permanent)
2549 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2551 socket_enter_listening(s);
2555 void socket_connection_unref(Socket *s) {
2558 /* The service is dead. Yay!
2560 * This is strictly for one-instance-per-connection
2563 assert(s->n_connections > 0);
2566 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2569 static void socket_trigger_notify(Unit *u, Unit *other) {
2570 Socket *s = SOCKET(u);
2576 /* Don't propagate state changes from the service if we are
2577 already down or accepting connections */
2578 if ((s->state != SOCKET_RUNNING &&
2579 s->state != SOCKET_LISTENING) ||
2583 if (other->load_state != UNIT_LOADED ||
2584 other->type != UNIT_SERVICE)
2587 se = SERVICE(other);
2589 if (se->state == SERVICE_FAILED)
2590 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2592 if (se->state == SERVICE_DEAD ||
2593 se->state == SERVICE_STOP ||
2594 se->state == SERVICE_STOP_SIGTERM ||
2595 se->state == SERVICE_STOP_SIGKILL ||
2596 se->state == SERVICE_STOP_POST ||
2597 se->state == SERVICE_FINAL_SIGTERM ||
2598 se->state == SERVICE_FINAL_SIGKILL ||
2599 se->state == SERVICE_AUTO_RESTART)
2600 socket_notify_service_dead(s, false);
2602 if (se->state == SERVICE_RUNNING)
2603 socket_set_state(s, SOCKET_RUNNING);
2606 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2607 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2610 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2611 Socket *s = SOCKET(u);
2614 if (!s->timer_event_source)
2617 r = sd_event_source_get_time(s->timer_event_source, timeout);
2624 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2625 [SOCKET_DEAD] = "dead",
2626 [SOCKET_START_PRE] = "start-pre",
2627 [SOCKET_START_CHOWN] = "start-chown",
2628 [SOCKET_START_POST] = "start-post",
2629 [SOCKET_LISTENING] = "listening",
2630 [SOCKET_RUNNING] = "running",
2631 [SOCKET_STOP_PRE] = "stop-pre",
2632 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2633 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2634 [SOCKET_STOP_POST] = "stop-post",
2635 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2636 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2637 [SOCKET_FAILED] = "failed"
2640 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2642 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2643 [SOCKET_EXEC_START_PRE] = "StartPre",
2644 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2645 [SOCKET_EXEC_START_POST] = "StartPost",
2646 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2647 [SOCKET_EXEC_STOP_POST] = "StopPost"
2650 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2652 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2653 [SOCKET_SUCCESS] = "success",
2654 [SOCKET_FAILURE_RESOURCES] = "resources",
2655 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2656 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2657 [SOCKET_FAILURE_SIGNAL] = "signal",
2658 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2659 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2662 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2664 const UnitVTable socket_vtable = {
2665 .object_size = sizeof(Socket),
2666 .exec_context_offset = offsetof(Socket, exec_context),
2667 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2668 .kill_context_offset = offsetof(Socket, kill_context),
2669 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2675 .private_section = "Socket",
2677 .init = socket_init,
2678 .done = socket_done,
2679 .load = socket_load,
2681 .coldplug = socket_coldplug,
2683 .dump = socket_dump,
2685 .start = socket_start,
2686 .stop = socket_stop,
2688 .kill = socket_kill,
2690 .get_timeout = socket_get_timeout,
2692 .serialize = socket_serialize,
2693 .deserialize_item = socket_deserialize_item,
2694 .distribute_fds = socket_distribute_fds,
2696 .active_state = socket_active_state,
2697 .sub_state_to_string = socket_sub_state_to_string,
2699 .check_gc = socket_check_gc,
2701 .sigchld_event = socket_sigchld_event,
2703 .trigger_notify = socket_trigger_notify,
2705 .reset_failed = socket_reset_failed,
2707 .bus_interface = "org.freedesktop.systemd1.Socket",
2708 .bus_vtable = bus_socket_vtable,
2709 .bus_set_property = bus_socket_set_property,
2710 .bus_commit_properties = bus_socket_commit_properties,
2712 .status_message_formats = {
2713 /*.starting_stopping = {
2714 [0] = "Starting socket %s...",
2715 [1] = "Stopping socket %s...",
2717 .finished_start_job = {
2718 [JOB_DONE] = "Listening on %s.",
2719 [JOB_FAILED] = "Failed to listen on %s.",
2720 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2721 [JOB_TIMEOUT] = "Timed out starting %s.",
2723 .finished_stop_job = {
2724 [JOB_DONE] = "Closed %s.",
2725 [JOB_FAILED] = "Failed stopping %s.",
2726 [JOB_TIMEOUT] = "Timed out stopping %s.",