1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
78 assert(u->load_state == UNIT_STUB);
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
85 s->max_connections = 64;
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 static void socket_unwatch_control_pid(Socket *s) {
101 if (s->control_pid <= 0)
104 unit_unwatch_pid(UNIT(s), s->control_pid);
108 void socket_free_ports(Socket *s) {
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
116 sd_event_source_unref(p->event_source);
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
129 socket_free_ports(s);
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
135 socket_unwatch_control_pid(s);
137 unit_ref_unset(&s->service);
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
149 strv_free(s->symlinks);
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
157 static int socket_arm_timer(Socket *s) {
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
195 if (UNIT_DEREF(s->service) || !s->accept)
198 prefix = unit_name_to_prefix(UNIT(s)->id);
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
210 unit_ref_set(&s->service, u);
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
215 static bool have_non_accept_socket(Socket *s) {
223 LIST_FOREACH(port, p, s->ports) {
225 if (p->type != SOCKET_SOCKET)
228 if (!socket_address_can_accept(&p->address))
235 static int socket_add_mount_links(Socket *s) {
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 r = unit_require_mounts_for(UNIT(s), path);
260 static int socket_add_device_link(Socket *s) {
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
272 static int socket_add_default_dependencies(Socket *s) {
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
289 _pure_ static bool socket_has_exec(Socket *s) {
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
300 static int socket_add_extras(Socket *s) {
306 if (have_non_accept_socket(s)) {
308 if (!UNIT_DEREF(s->service)) {
311 r = unit_load_related_unit(u, ".service", &x);
315 unit_ref_set(&s->service, x);
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 r = socket_add_mount_links(s);
327 r = socket_add_device_link(s);
331 r = unit_patch_contexts(u);
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
340 r = unit_add_default_slice(u, &s->cgroup_context);
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
387 static int socket_verify(Socket *s) {
390 if (UNIT(s)->load_state != UNIT_LOADED)
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
432 assert(u->load_state == UNIT_STUB);
434 r = unit_load_fragment_and_dropin(u);
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
445 return socket_verify(s);
448 _const_ static const char* listen_lookup(int family, int type) {
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
460 assert_not_reached("Unknown socket type");
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
467 Socket *s = SOCKET(u);
474 prefix2 = strappenda(prefix, "\t");
477 "%sSocket State: %s\n"
479 "%sBindIPv6Only: %s\n"
481 "%sSocketMode: %04o\n"
482 "%sDirectoryMode: %04o\n"
486 "%sTransparent: %s\n"
488 "%sPassCredentials: %s\n"
489 "%sPassSecurity: %s\n"
490 "%sTCPCongestion: %s\n"
491 "%sRemoveOnStop: %s\n",
492 prefix, socket_state_to_string(s->state),
493 prefix, socket_result_to_string(s->result),
494 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
496 prefix, s->socket_mode,
497 prefix, s->directory_mode,
498 prefix, yes_no(s->keep_alive),
499 prefix, yes_no(s->no_delay),
500 prefix, yes_no(s->free_bind),
501 prefix, yes_no(s->transparent),
502 prefix, yes_no(s->broadcast),
503 prefix, yes_no(s->pass_cred),
504 prefix, yes_no(s->pass_sec),
505 prefix, strna(s->tcp_congestion),
506 prefix, yes_no(s->remove_on_stop));
508 if (s->control_pid > 0)
510 "%sControl PID: "PID_FMT"\n",
511 prefix, s->control_pid);
513 if (s->bind_to_device)
515 "%sBindToDevice: %s\n",
516 prefix, s->bind_to_device);
521 "%sNConnections: %u\n"
522 "%sMaxConnections: %u\n",
523 prefix, s->n_accepted,
524 prefix, s->n_connections,
525 prefix, s->max_connections);
527 if (s->priority >= 0)
530 prefix, s->priority);
532 if (s->receive_buffer > 0)
534 "%sReceiveBuffer: %zu\n",
535 prefix, s->receive_buffer);
537 if (s->send_buffer > 0)
539 "%sSendBuffer: %zu\n",
540 prefix, s->send_buffer);
552 if (s->pipe_size > 0)
555 prefix, s->pipe_size);
562 if (s->mq_maxmsg > 0)
564 "%sMessageQueueMaxMessages: %li\n",
565 prefix, s->mq_maxmsg);
567 if (s->mq_msgsize > 0)
569 "%sMessageQueueMessageSize: %li\n",
570 prefix, s->mq_msgsize);
575 prefix, yes_no(s->reuse_port));
579 "%sSmackLabel: %s\n",
584 "%sSmackLabelIPIn: %s\n",
585 prefix, s->smack_ip_in);
589 "%sSmackLabelIPOut: %s\n",
590 prefix, s->smack_ip_out);
592 if (!isempty(s->user) || !isempty(s->group))
595 "%sOwnerGroup: %s\n",
596 prefix, strna(s->user),
597 prefix, strna(s->group));
599 if(s->keep_alive_time)
601 "%sKeepAliveTime: %s\n",
602 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
603 s->keep_alive_time, USEC_PER_SEC));
605 if(s->keep_alive_interval)
607 "%sKeepAliveInterval: %s\n",
608 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
609 s->keep_alive_interval, USEC_PER_SEC));
611 if(s->keep_alive_cnt)
613 "%sKeepAliveProbes: %u\n",
614 prefix, s->keep_alive_cnt);
618 "%sDeferAccept: %s\n",
619 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX,
620 s->defer_accept, USEC_PER_SEC));
622 LIST_FOREACH(port, p, s->ports) {
624 if (p->type == SOCKET_SOCKET) {
629 if ((r = socket_address_print(&p->address, &k)) < 0)
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
661 union sockaddr_union local, remote;
667 if (getsockname(fd, &local.sa, &l) < 0)
671 if (getpeername(fd, &remote.sa, &l) < 0)
674 switch (local.sa.sa_family) {
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
732 k = getpeercred(fd, &ucred);
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
753 assert_not_reached("Unhandled socket type.");
760 static void socket_close_fds(Socket *s) {
766 LIST_FOREACH(port, p, s->ports) {
768 p->event_source = sd_event_source_unref(p->event_source);
773 p->fd = safe_close(p->fd);
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
783 if (s->remove_on_stop) {
795 socket_address_unlink(&p->address);
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
809 static void socket_apply_socket_options(Socket *s, int fd) {
814 int b = s->keep_alive;
815 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
816 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
819 if (s->keep_alive_time) {
820 int value = s->keep_alive_time / USEC_PER_SEC;
821 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
825 if (s->keep_alive_interval) {
826 int value = s->keep_alive_interval / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
831 if (s->keep_alive_cnt) {
832 int value = s->keep_alive_cnt;
833 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
837 if (s->defer_accept) {
838 int value = s->defer_accept / USEC_PER_SEC;
839 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
845 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
851 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
852 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
857 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
858 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
867 if (s->priority >= 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
869 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
871 if (s->receive_buffer > 0) {
872 int value = (int) s->receive_buffer;
874 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
878 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
881 if (s->send_buffer > 0) {
882 int value = (int) s->send_buffer;
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
884 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
885 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
889 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
890 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
893 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
894 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
896 if (s->ip_ttl >= 0) {
899 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
901 if (socket_ipv6_is_supported())
902 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 errno = EAFNOSUPPORT;
909 log_warning_unit(UNIT(s)->id,
910 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
913 if (s->tcp_congestion)
914 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
915 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
918 int b = s->reuse_port;
919 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
920 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
924 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
925 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
928 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
929 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
932 static void socket_apply_fifo_options(Socket *s, int fd) {
936 if (s->pipe_size > 0)
937 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
938 log_warning_unit(UNIT(s)->id,
942 if (smack_label_fd(fd, s->smack) < 0)
943 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
946 static int fifo_address_create(
948 mode_t directory_mode,
959 mkdir_parents_label(path, directory_mode);
961 r = label_context_set(path, S_IFIFO);
965 /* Enforce the right access mode for the fifo */
966 old_mask = umask(~ socket_mode);
968 /* Include the original umask in our mask */
969 umask(~socket_mode | old_mask);
971 r = mkfifo(path, socket_mode);
974 if (r < 0 && errno != EEXIST) {
979 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
984 label_context_clear();
986 if (fstat(fd, &st) < 0) {
991 if (!S_ISFIFO(st.st_mode) ||
992 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
993 st.st_uid != getuid() ||
994 st.st_gid != getgid()) {
1004 label_context_clear();
1010 static int special_address_create(
1020 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1026 if (fstat(fd, &st) < 0) {
1031 /* Check whether this is a /proc, /sys or /dev file or char device */
1032 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1046 static int mq_address_create(
1056 struct mq_attr _attr, *attr = NULL;
1061 if (maxmsg > 0 && msgsize > 0) {
1063 _attr.mq_flags = O_NONBLOCK;
1064 _attr.mq_maxmsg = maxmsg;
1065 _attr.mq_msgsize = msgsize;
1069 /* Enforce the right access mode for the mq */
1070 old_mask = umask(~ mq_mode);
1072 /* Include the original umask in our mask */
1073 umask(~mq_mode | old_mask);
1074 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1082 if (fstat(fd, &st) < 0) {
1087 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1088 st.st_uid != getuid() ||
1089 st.st_gid != getgid()) {
1103 static int socket_symlink(Socket *s) {
1109 p = socket_find_symlink_target(s);
1113 STRV_FOREACH(i, s->symlinks)
1119 static int socket_open_fds(Socket *s) {
1123 bool know_label = false;
1127 LIST_FOREACH(port, p, s->ports) {
1132 if (p->type == SOCKET_SOCKET) {
1136 r = socket_instantiate_service(s);
1140 if (UNIT_ISSET(s->service) &&
1141 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1142 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1143 if (r < 0 && r != -EPERM)
1150 r = socket_address_listen(
1152 SOCK_CLOEXEC|SOCK_NONBLOCK,
1165 socket_apply_socket_options(s, p->fd);
1168 } else if (p->type == SOCKET_SPECIAL) {
1170 r = special_address_create(
1176 } else if (p->type == SOCKET_FIFO) {
1178 r = fifo_address_create(
1186 socket_apply_fifo_options(s, p->fd);
1189 } else if (p->type == SOCKET_MQUEUE) {
1191 r = mq_address_create(
1200 assert_not_reached("Unknown port type");
1207 socket_close_fds(s);
1212 static void socket_unwatch_fds(Socket *s) {
1218 LIST_FOREACH(port, p, s->ports) {
1222 if (!p->event_source)
1225 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1227 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1231 static int socket_watch_fds(Socket *s) {
1237 LIST_FOREACH(port, p, s->ports) {
1241 if (p->event_source)
1242 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1244 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1247 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1255 socket_unwatch_fds(s);
1259 static void socket_set_state(Socket *s, SocketState state) {
1260 SocketState old_state;
1263 old_state = s->state;
1271 SOCKET_STOP_PRE_SIGTERM,
1272 SOCKET_STOP_PRE_SIGKILL,
1274 SOCKET_FINAL_SIGTERM,
1275 SOCKET_FINAL_SIGKILL)) {
1277 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1278 socket_unwatch_control_pid(s);
1279 s->control_command = NULL;
1280 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1283 if (state != SOCKET_LISTENING)
1284 socket_unwatch_fds(s);
1292 SOCKET_STOP_PRE_SIGTERM,
1293 SOCKET_STOP_PRE_SIGKILL))
1294 socket_close_fds(s);
1296 if (state != old_state)
1297 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1298 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1300 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1303 static int socket_coldplug(Unit *u) {
1304 Socket *s = SOCKET(u);
1308 assert(s->state == SOCKET_DEAD);
1310 if (s->deserialized_state == s->state)
1313 if (IN_SET(s->deserialized_state,
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL,
1321 SOCKET_FINAL_SIGTERM,
1322 SOCKET_FINAL_SIGKILL)) {
1324 if (s->control_pid <= 0)
1327 r = unit_watch_pid(UNIT(s), s->control_pid);
1331 r = socket_arm_timer(s);
1336 if (IN_SET(s->deserialized_state,
1342 SOCKET_STOP_PRE_SIGTERM,
1343 SOCKET_STOP_PRE_SIGKILL)) {
1344 r = socket_open_fds(s);
1349 if (s->deserialized_state == SOCKET_LISTENING) {
1350 r = socket_watch_fds(s);
1355 socket_set_state(s, s->deserialized_state);
1359 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1360 _cleanup_free_ char **argv = NULL;
1368 unit_realize_cgroup(UNIT(s));
1370 r = unit_setup_exec_runtime(UNIT(s));
1374 r = socket_arm_timer(s);
1378 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1386 UNIT(s)->manager->environment,
1390 UNIT(s)->manager->confirm_spawn,
1391 UNIT(s)->manager->cgroup_supported,
1392 UNIT(s)->cgroup_path,
1393 manager_get_runtime_prefix(UNIT(s)->manager),
1402 r = unit_watch_pid(UNIT(s), pid);
1404 /* FIXME: we need to do something here */
1411 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1415 static int socket_chown(Socket *s, pid_t *_pid) {
1419 r = socket_arm_timer(s);
1423 /* We have to resolve the user names out-of-process, hence
1424 * let's fork here. It's messy, but well, what can we do? */
1432 uid_t uid = (uid_t) -1;
1433 gid_t gid = (gid_t) -1;
1436 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1437 ignore_signals(SIGPIPE, -1);
1440 if (!isempty(s->user)) {
1441 const char *user = s->user;
1443 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1450 if (!isempty(s->group)) {
1451 const char *group = s->group;
1453 r = get_group_creds(&group, &gid);
1460 LIST_FOREACH(port, p, s->ports) {
1461 const char *path = NULL;
1463 if (p->type == SOCKET_SOCKET)
1464 path = socket_address_get_path(&p->address);
1465 else if (p->type == SOCKET_FIFO)
1471 if (chown(path, uid, gid) < 0) {
1482 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1487 r = unit_watch_pid(UNIT(s), pid);
1495 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1499 static void socket_enter_dead(Socket *s, SocketResult f) {
1502 if (f != SOCKET_SUCCESS)
1505 exec_runtime_destroy(s->exec_runtime);
1506 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1508 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1510 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1513 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1515 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1519 if (f != SOCKET_SUCCESS)
1522 socket_unwatch_control_pid(s);
1523 s->control_command_id = SOCKET_EXEC_STOP_POST;
1524 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1526 if (s->control_command) {
1527 r = socket_spawn(s, s->control_command, &s->control_pid);
1531 socket_set_state(s, SOCKET_STOP_POST);
1533 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1538 log_warning_unit(UNIT(s)->id,
1539 "%s failed to run 'stop-post' task: %s",
1540 UNIT(s)->id, strerror(-r));
1541 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1544 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1549 if (f != SOCKET_SUCCESS)
1552 r = unit_kill_context(
1555 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1563 r = socket_arm_timer(s);
1567 socket_set_state(s, state);
1568 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1569 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1570 else if (state == SOCKET_STOP_PRE_SIGKILL)
1571 socket_enter_stop_post(s, SOCKET_SUCCESS);
1572 else if (state == SOCKET_FINAL_SIGTERM)
1573 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1575 socket_enter_dead(s, SOCKET_SUCCESS);
1580 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1582 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1583 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1585 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1588 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1592 if (f != SOCKET_SUCCESS)
1595 socket_unwatch_control_pid(s);
1596 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1597 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1599 if (s->control_command) {
1600 r = socket_spawn(s, s->control_command, &s->control_pid);
1604 socket_set_state(s, SOCKET_STOP_PRE);
1606 socket_enter_stop_post(s, SOCKET_SUCCESS);
1611 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1615 static void socket_enter_listening(Socket *s) {
1619 r = socket_watch_fds(s);
1621 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1625 socket_set_state(s, SOCKET_LISTENING);
1629 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1632 static void socket_enter_start_post(Socket *s) {
1636 socket_unwatch_control_pid(s);
1637 s->control_command_id = SOCKET_EXEC_START_POST;
1638 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1640 if (s->control_command) {
1641 r = socket_spawn(s, s->control_command, &s->control_pid);
1643 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1647 socket_set_state(s, SOCKET_START_POST);
1649 socket_enter_listening(s);
1654 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1657 static void socket_enter_start_chown(Socket *s) {
1662 r = socket_open_fds(s);
1664 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1668 if (!isempty(s->user) || !isempty(s->group)) {
1670 socket_unwatch_control_pid(s);
1671 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1672 s->control_command = NULL;
1674 r = socket_chown(s, &s->control_pid);
1676 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1680 socket_set_state(s, SOCKET_START_CHOWN);
1682 socket_enter_start_post(s);
1687 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1690 static void socket_enter_start_pre(Socket *s) {
1694 socket_unwatch_control_pid(s);
1695 s->control_command_id = SOCKET_EXEC_START_PRE;
1696 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1698 if (s->control_command) {
1699 r = socket_spawn(s, s->control_command, &s->control_pid);
1701 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1705 socket_set_state(s, SOCKET_START_PRE);
1707 socket_enter_start_chown(s);
1712 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1715 static void socket_enter_running(Socket *s, int cfd) {
1716 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1721 /* We don't take connections anymore if we are supposed to
1722 * shut down anyway */
1723 if (unit_stop_pending(UNIT(s))) {
1725 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1730 /* Flush all sockets by closing and reopening them */
1731 socket_close_fds(s);
1733 r = socket_open_fds(s);
1735 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1736 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1740 r = socket_watch_fds(s);
1742 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1743 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1753 bool pending = false;
1755 /* If there's already a start pending don't bother to
1757 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1758 if (unit_active_or_pending(other)) {
1764 if (!UNIT_ISSET(s->service)) {
1765 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1770 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1775 socket_set_state(s, SOCKET_RUNNING);
1777 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1780 if (s->n_connections >= s->max_connections) {
1781 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1786 r = socket_instantiate_service(s);
1790 r = instance_from_socket(cfd, s->n_accepted, &instance);
1795 /* ENOTCONN is legitimate if TCP RST was received.
1796 * This connection is over, but the socket unit lives on. */
1801 prefix = unit_name_to_prefix(UNIT(s)->id);
1807 name = unit_name_build(prefix, instance, ".service");
1813 r = unit_add_name(UNIT_DEREF(s->service), name);
1817 service = SERVICE(UNIT_DEREF(s->service));
1818 unit_ref_unset(&s->service);
1821 UNIT(service)->no_gc = false;
1823 unit_choose_id(UNIT(service), name);
1825 r = service_set_socket_fd(service, cfd, s);
1830 s->n_connections ++;
1832 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1836 /* Notify clients about changed counters */
1837 unit_add_to_dbus_queue(UNIT(s));
1843 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1844 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1845 bus_error_message(&error, r));
1847 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1851 static void socket_run_next(Socket *s) {
1855 assert(s->control_command);
1856 assert(s->control_command->command_next);
1858 socket_unwatch_control_pid(s);
1860 s->control_command = s->control_command->command_next;
1862 r = socket_spawn(s, s->control_command, &s->control_pid);
1869 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1871 if (s->state == SOCKET_START_POST)
1872 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1873 else if (s->state == SOCKET_STOP_POST)
1874 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1876 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1879 static int socket_start(Unit *u) {
1880 Socket *s = SOCKET(u);
1884 /* We cannot fulfill this request right now, try again later
1886 if (IN_SET(s->state,
1888 SOCKET_STOP_PRE_SIGKILL,
1889 SOCKET_STOP_PRE_SIGTERM,
1891 SOCKET_FINAL_SIGTERM,
1892 SOCKET_FINAL_SIGKILL))
1895 /* Already on it! */
1896 if (IN_SET(s->state,
1902 /* Cannot run this without the service being around */
1903 if (UNIT_ISSET(s->service)) {
1906 service = SERVICE(UNIT_DEREF(s->service));
1908 if (UNIT(service)->load_state != UNIT_LOADED) {
1909 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1913 /* If the service is already active we cannot start the
1915 if (service->state != SERVICE_DEAD &&
1916 service->state != SERVICE_FAILED &&
1917 service->state != SERVICE_AUTO_RESTART) {
1918 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1923 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1925 s->result = SOCKET_SUCCESS;
1926 socket_enter_start_pre(s);
1931 static int socket_stop(Unit *u) {
1932 Socket *s = SOCKET(u);
1937 if (IN_SET(s->state,
1939 SOCKET_STOP_PRE_SIGTERM,
1940 SOCKET_STOP_PRE_SIGKILL,
1942 SOCKET_FINAL_SIGTERM,
1943 SOCKET_FINAL_SIGKILL))
1946 /* If there's already something running we go directly into
1948 if (IN_SET(s->state,
1951 SOCKET_START_POST)) {
1952 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1956 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1958 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1962 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1963 Socket *s = SOCKET(u);
1971 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1972 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1973 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1975 if (s->control_pid > 0)
1976 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1978 if (s->control_command_id >= 0)
1979 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1981 LIST_FOREACH(port, p, s->ports) {
1987 copy = fdset_put_dup(fds, p->fd);
1991 if (p->type == SOCKET_SOCKET) {
1992 _cleanup_free_ char *t = NULL;
1994 r = socket_address_print(&p->address, &t);
1998 if (socket_address_family(&p->address) == AF_NETLINK)
1999 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2001 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2003 } else if (p->type == SOCKET_SPECIAL)
2004 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2005 else if (p->type == SOCKET_MQUEUE)
2006 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2008 assert(p->type == SOCKET_FIFO);
2009 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2016 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2017 Socket *s = SOCKET(u);
2023 if (streq(key, "state")) {
2026 state = socket_state_from_string(value);
2028 log_debug_unit(u->id, "Failed to parse state value %s", value);
2030 s->deserialized_state = state;
2031 } else if (streq(key, "result")) {
2034 f = socket_result_from_string(value);
2036 log_debug_unit(u->id, "Failed to parse result value %s", value);
2037 else if (f != SOCKET_SUCCESS)
2040 } else if (streq(key, "n-accepted")) {
2043 if (safe_atou(value, &k) < 0)
2044 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2047 } else if (streq(key, "control-pid")) {
2050 if (parse_pid(value, &pid) < 0)
2051 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2053 s->control_pid = pid;
2054 } else if (streq(key, "control-command")) {
2055 SocketExecCommand id;
2057 id = socket_exec_command_from_string(value);
2059 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2061 s->control_command_id = id;
2062 s->control_command = s->exec_command[id];
2064 } else if (streq(key, "fifo")) {
2068 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2069 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2072 LIST_FOREACH(port, p, s->ports)
2073 if (p->type == SOCKET_FIFO &&
2074 streq_ptr(p->path, value+skip))
2079 p->fd = fdset_remove(fds, fd);
2083 } else if (streq(key, "special")) {
2087 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2088 log_debug_unit(u->id, "Failed to parse special value %s", value);
2091 LIST_FOREACH(port, p, s->ports)
2092 if (p->type == SOCKET_SPECIAL &&
2093 streq_ptr(p->path, value+skip))
2098 p->fd = fdset_remove(fds, fd);
2102 } else if (streq(key, "mqueue")) {
2106 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2107 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2110 LIST_FOREACH(port, p, s->ports)
2111 if (p->type == SOCKET_MQUEUE &&
2112 streq_ptr(p->path, value+skip))
2117 p->fd = fdset_remove(fds, fd);
2121 } else if (streq(key, "socket")) {
2122 int fd, type, skip = 0;
2125 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2126 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2129 LIST_FOREACH(port, p, s->ports)
2130 if (socket_address_is(&p->address, value+skip, type))
2135 p->fd = fdset_remove(fds, fd);
2139 } else if (streq(key, "netlink")) {
2143 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2144 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2147 LIST_FOREACH(port, p, s->ports)
2148 if (socket_address_is_netlink(&p->address, value+skip))
2153 p->fd = fdset_remove(fds, fd);
2157 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2162 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2163 Socket *s = SOCKET(u);
2168 LIST_FOREACH(port, p, s->ports) {
2172 if (p->type != SOCKET_SOCKET)
2178 FDSET_FOREACH(fd, fds, i) {
2179 if (socket_address_matches_fd(&p->address, fd)) {
2180 p->fd = fdset_remove(fds, fd);
2181 s->deserialized_state = SOCKET_LISTENING;
2190 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2193 return state_translation_table[SOCKET(u)->state];
2196 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2199 return socket_state_to_string(SOCKET(u)->state);
2202 const char* socket_port_type_to_string(SocketPort *p) {
2210 switch (p->address.type) {
2218 case SOCK_SEQPACKET:
2219 return "SequentialPacket";
2222 if (socket_address_family(&p->address) == AF_NETLINK)
2229 case SOCKET_SPECIAL:
2233 return "MessageQueue";
2243 _pure_ static bool socket_check_gc(Unit *u) {
2244 Socket *s = SOCKET(u);
2248 return s->n_connections > 0;
2251 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2252 SocketPort *p = userdata;
2258 if (p->socket->state != SOCKET_LISTENING)
2261 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2263 if (revents != EPOLLIN) {
2265 if (revents & EPOLLHUP)
2266 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2267 UNIT(p->socket)->id);
2269 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2270 UNIT(p->socket)->id, revents);
2275 if (p->socket->accept &&
2276 p->type == SOCKET_SOCKET &&
2277 socket_address_can_accept(&p->address)) {
2281 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2287 log_error_unit(UNIT(p->socket)->id,
2288 "Failed to accept socket: %m");
2295 socket_apply_socket_options(p->socket, cfd);
2298 socket_enter_running(p->socket, cfd);
2302 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2306 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2307 Socket *s = SOCKET(u);
2313 if (pid != s->control_pid)
2318 if (is_clean_exit(code, status, NULL))
2320 else if (code == CLD_EXITED)
2321 f = SOCKET_FAILURE_EXIT_CODE;
2322 else if (code == CLD_KILLED)
2323 f = SOCKET_FAILURE_SIGNAL;
2324 else if (code == CLD_DUMPED)
2325 f = SOCKET_FAILURE_CORE_DUMP;
2327 assert_not_reached("Unknown sigchld code");
2329 if (s->control_command) {
2330 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2332 if (s->control_command->ignore)
2336 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2338 "%s control process exited, code=%s status=%i",
2339 u->id, sigchld_code_to_string(code), status);
2341 if (f != SOCKET_SUCCESS)
2344 if (s->control_command &&
2345 s->control_command->command_next &&
2346 f == SOCKET_SUCCESS) {
2348 log_debug_unit(u->id,
2349 "%s running next command for state %s",
2350 u->id, socket_state_to_string(s->state));
2353 s->control_command = NULL;
2354 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2356 /* No further commands for this step, so let's figure
2357 * out what to do next */
2359 log_debug_unit(u->id,
2360 "%s got final SIGCHLD for state %s",
2361 u->id, socket_state_to_string(s->state));
2365 case SOCKET_START_PRE:
2366 if (f == SOCKET_SUCCESS)
2367 socket_enter_start_chown(s);
2369 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2372 case SOCKET_START_CHOWN:
2373 if (f == SOCKET_SUCCESS)
2374 socket_enter_start_post(s);
2376 socket_enter_stop_pre(s, f);
2379 case SOCKET_START_POST:
2380 if (f == SOCKET_SUCCESS)
2381 socket_enter_listening(s);
2383 socket_enter_stop_pre(s, f);
2386 case SOCKET_STOP_PRE:
2387 case SOCKET_STOP_PRE_SIGTERM:
2388 case SOCKET_STOP_PRE_SIGKILL:
2389 socket_enter_stop_post(s, f);
2392 case SOCKET_STOP_POST:
2393 case SOCKET_FINAL_SIGTERM:
2394 case SOCKET_FINAL_SIGKILL:
2395 socket_enter_dead(s, f);
2399 assert_not_reached("Uh, control process died at wrong time.");
2403 /* Notify clients about changed exit status */
2404 unit_add_to_dbus_queue(u);
2407 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2408 Socket *s = SOCKET(userdata);
2411 assert(s->timer_event_source == source);
2415 case SOCKET_START_PRE:
2416 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2417 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2420 case SOCKET_START_CHOWN:
2421 case SOCKET_START_POST:
2422 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2423 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2426 case SOCKET_STOP_PRE:
2427 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2428 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2431 case SOCKET_STOP_PRE_SIGTERM:
2432 if (s->kill_context.send_sigkill) {
2433 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2434 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2436 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2437 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2441 case SOCKET_STOP_PRE_SIGKILL:
2442 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2443 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2446 case SOCKET_STOP_POST:
2447 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2448 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2451 case SOCKET_FINAL_SIGTERM:
2452 if (s->kill_context.send_sigkill) {
2453 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2454 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2456 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2457 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2461 case SOCKET_FINAL_SIGKILL:
2462 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2463 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2467 assert_not_reached("Timeout at wrong time.");
2473 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2482 /* Called from the service code for requesting our fds */
2485 LIST_FOREACH(port, p, s->ports)
2495 if (!(rfds = new(int, rn_fds)))
2499 LIST_FOREACH(port, p, s->ports)
2503 assert(k == rn_fds);
2511 static void socket_reset_failed(Unit *u) {
2512 Socket *s = SOCKET(u);
2516 if (s->state == SOCKET_FAILED)
2517 socket_set_state(s, SOCKET_DEAD);
2519 s->result = SOCKET_SUCCESS;
2522 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2525 /* The service is dead. Dang!
2527 * This is strictly for one-instance-for-all-connections
2530 if (s->state == SOCKET_RUNNING) {
2531 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2532 if (failed_permanent)
2533 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2535 socket_enter_listening(s);
2539 void socket_connection_unref(Socket *s) {
2542 /* The service is dead. Yay!
2544 * This is strictly for one-instance-per-connection
2547 assert(s->n_connections > 0);
2550 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2553 static void socket_trigger_notify(Unit *u, Unit *other) {
2554 Socket *s = SOCKET(u);
2560 /* Don't propagate state changes from the service if we are
2561 already down or accepting connections */
2562 if ((s->state != SOCKET_RUNNING &&
2563 s->state != SOCKET_LISTENING) ||
2567 if (other->load_state != UNIT_LOADED ||
2568 other->type != UNIT_SERVICE)
2571 se = SERVICE(other);
2573 if (se->state == SERVICE_FAILED)
2574 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2576 if (se->state == SERVICE_DEAD ||
2577 se->state == SERVICE_STOP ||
2578 se->state == SERVICE_STOP_SIGTERM ||
2579 se->state == SERVICE_STOP_SIGKILL ||
2580 se->state == SERVICE_STOP_POST ||
2581 se->state == SERVICE_FINAL_SIGTERM ||
2582 se->state == SERVICE_FINAL_SIGKILL ||
2583 se->state == SERVICE_AUTO_RESTART)
2584 socket_notify_service_dead(s, false);
2586 if (se->state == SERVICE_RUNNING)
2587 socket_set_state(s, SOCKET_RUNNING);
2590 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2591 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2594 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2595 Socket *s = SOCKET(u);
2598 if (!s->timer_event_source)
2601 r = sd_event_source_get_time(s->timer_event_source, timeout);
2608 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2609 [SOCKET_DEAD] = "dead",
2610 [SOCKET_START_PRE] = "start-pre",
2611 [SOCKET_START_CHOWN] = "start-chown",
2612 [SOCKET_START_POST] = "start-post",
2613 [SOCKET_LISTENING] = "listening",
2614 [SOCKET_RUNNING] = "running",
2615 [SOCKET_STOP_PRE] = "stop-pre",
2616 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2617 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2618 [SOCKET_STOP_POST] = "stop-post",
2619 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2620 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2621 [SOCKET_FAILED] = "failed"
2624 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2626 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2627 [SOCKET_EXEC_START_PRE] = "StartPre",
2628 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2629 [SOCKET_EXEC_START_POST] = "StartPost",
2630 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2631 [SOCKET_EXEC_STOP_POST] = "StopPost"
2634 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2636 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2637 [SOCKET_SUCCESS] = "success",
2638 [SOCKET_FAILURE_RESOURCES] = "resources",
2639 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2640 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2641 [SOCKET_FAILURE_SIGNAL] = "signal",
2642 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2643 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2646 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2648 const UnitVTable socket_vtable = {
2649 .object_size = sizeof(Socket),
2650 .exec_context_offset = offsetof(Socket, exec_context),
2651 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2652 .kill_context_offset = offsetof(Socket, kill_context),
2653 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2659 .private_section = "Socket",
2661 .init = socket_init,
2662 .done = socket_done,
2663 .load = socket_load,
2665 .coldplug = socket_coldplug,
2667 .dump = socket_dump,
2669 .start = socket_start,
2670 .stop = socket_stop,
2672 .kill = socket_kill,
2674 .get_timeout = socket_get_timeout,
2676 .serialize = socket_serialize,
2677 .deserialize_item = socket_deserialize_item,
2678 .distribute_fds = socket_distribute_fds,
2680 .active_state = socket_active_state,
2681 .sub_state_to_string = socket_sub_state_to_string,
2683 .check_gc = socket_check_gc,
2685 .sigchld_event = socket_sigchld_event,
2687 .trigger_notify = socket_trigger_notify,
2689 .reset_failed = socket_reset_failed,
2691 .bus_interface = "org.freedesktop.systemd1.Socket",
2692 .bus_vtable = bus_socket_vtable,
2693 .bus_set_property = bus_socket_set_property,
2694 .bus_commit_properties = bus_socket_commit_properties,
2696 .status_message_formats = {
2697 /*.starting_stopping = {
2698 [0] = "Starting socket %s...",
2699 [1] = "Stopping socket %s...",
2701 .finished_start_job = {
2702 [JOB_DONE] = "Listening on %s.",
2703 [JOB_FAILED] = "Failed to listen on %s.",
2704 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2705 [JOB_TIMEOUT] = "Timed out starting %s.",
2707 .finished_stop_job = {
2708 [JOB_DONE] = "Closed %s.",
2709 [JOB_FAILED] = "Failed stopping %s.",
2710 [JOB_TIMEOUT] = "Timed out stopping %s.",