1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
78 assert(u->load_state == UNIT_STUB);
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
85 s->max_connections = 64;
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 static void socket_unwatch_control_pid(Socket *s) {
101 if (s->control_pid <= 0)
104 unit_unwatch_pid(UNIT(s), s->control_pid);
108 void socket_free_ports(Socket *s) {
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
116 sd_event_source_unref(p->event_source);
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
129 socket_free_ports(s);
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
135 socket_unwatch_control_pid(s);
137 unit_ref_unset(&s->service);
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
149 strv_free(s->symlinks);
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
157 static int socket_arm_timer(Socket *s) {
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
195 if (UNIT_DEREF(s->service) || !s->accept)
198 prefix = unit_name_to_prefix(UNIT(s)->id);
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
210 unit_ref_set(&s->service, u);
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
215 static bool have_non_accept_socket(Socket *s) {
223 LIST_FOREACH(port, p, s->ports) {
225 if (p->type != SOCKET_SOCKET)
228 if (!socket_address_can_accept(&p->address))
235 static int socket_add_mount_links(Socket *s) {
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 r = unit_require_mounts_for(UNIT(s), path);
260 static int socket_add_device_link(Socket *s) {
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
272 static int socket_add_default_dependencies(Socket *s) {
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
289 _pure_ static bool socket_has_exec(Socket *s) {
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
300 static int socket_add_extras(Socket *s) {
306 if (have_non_accept_socket(s)) {
308 if (!UNIT_DEREF(s->service)) {
311 r = unit_load_related_unit(u, ".service", &x);
315 unit_ref_set(&s->service, x);
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 r = socket_add_mount_links(s);
327 r = socket_add_device_link(s);
331 r = unit_patch_contexts(u);
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
340 r = unit_add_default_slice(u, &s->cgroup_context);
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
387 static int socket_verify(Socket *s) {
390 if (UNIT(s)->load_state != UNIT_LOADED)
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
432 assert(u->load_state == UNIT_STUB);
434 r = unit_load_fragment_and_dropin(u);
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
445 return socket_verify(s);
448 _const_ static const char* listen_lookup(int family, int type) {
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
460 assert_not_reached("Unknown socket type");
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
467 Socket *s = SOCKET(u);
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
478 "%sSocket State: %s\n"
480 "%sBindIPv6Only: %s\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
487 "%sTransparent: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
511 if (s->control_pid > 0)
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
516 if (s->bind_to_device)
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
530 if (s->priority >= 0)
533 prefix, s->priority);
535 if (s->receive_buffer > 0)
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
540 if (s->send_buffer > 0)
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
555 if (s->pipe_size > 0)
558 prefix, s->pipe_size);
565 if (s->mq_maxmsg > 0)
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
570 if (s->mq_msgsize > 0)
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
578 prefix, yes_no(s->reuse_port));
582 "%sSmackLabel: %s\n",
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
595 if (!isempty(s->user) || !isempty(s->group))
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
602 if (s->keep_alive_time > 0)
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
607 if (s->keep_alive_interval)
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
612 if (s->keep_alive_cnt)
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
622 LIST_FOREACH(port, p, s->ports) {
624 if (p->type == SOCKET_SOCKET) {
629 if ((r = socket_address_print(&p->address, &k)) < 0)
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
661 union sockaddr_union local, remote;
667 if (getsockname(fd, &local.sa, &l) < 0)
671 if (getpeername(fd, &remote.sa, &l) < 0)
674 switch (local.sa.sa_family) {
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
732 k = getpeercred(fd, &ucred);
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
753 assert_not_reached("Unhandled socket type.");
760 static void socket_close_fds(Socket *s) {
766 LIST_FOREACH(port, p, s->ports) {
768 p->event_source = sd_event_source_unref(p->event_source);
773 p->fd = safe_close(p->fd);
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
783 if (s->remove_on_stop) {
795 socket_address_unlink(&p->address);
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
809 static void socket_apply_socket_options(Socket *s, int fd) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
818 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
824 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
830 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
836 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
842 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
848 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
854 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
860 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
866 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
871 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
880 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
887 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
892 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
896 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
898 if (s->ip_ttl >= 0) {
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
907 errno = EAFNOSUPPORT;
911 log_warning_unit(UNIT(s)->id,
912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
917 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
920 int b = s->reuse_port;
921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
922 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
928 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_in_fd: %s", strerror(-r));
931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
934 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_out_fd: %s", strerror(-r));
938 static void socket_apply_fifo_options(Socket *s, int fd) {
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 log_warning_unit(UNIT(s)->id, "F_SETPIPE_SZ: %m");
949 r = mac_smack_apply_fd(fd, s->smack);
951 log_error_unit(UNIT(s)->id, "mac_smack_apply_fd: %s", strerror(-r));
955 static int fifo_address_create(
957 mode_t directory_mode,
968 mkdir_parents_label(path, directory_mode);
970 r = mac_selinux_context_set(path, S_IFIFO);
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
980 r = mkfifo(path, socket_mode);
983 if (r < 0 && errno != EEXIST) {
988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
993 mac_selinux_context_clear();
995 if (fstat(fd, &st) < 0) {
1000 if (!S_ISFIFO(st.st_mode) ||
1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
1013 mac_selinux_context_clear();
1019 static int special_address_create(
1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1035 if (fstat(fd, &st) < 0) {
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1055 static int mq_address_create(
1065 struct mq_attr _attr, *attr = NULL;
1070 if (maxmsg > 0 && msgsize > 0) {
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1091 if (fstat(fd, &st) < 0) {
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1112 static int socket_symlink(Socket *s) {
1118 p = socket_find_symlink_target(s);
1122 STRV_FOREACH(i, s->symlinks)
1128 static int socket_open_fds(Socket *s) {
1132 bool know_label = false;
1136 LIST_FOREACH(port, p, s->ports) {
1141 if (p->type == SOCKET_SOCKET) {
1142 if (!know_label && s->selinux_context_from_net) {
1143 r = mac_selinux_get_our_label(&label);
1147 } else if (!know_label) {
1149 r = socket_instantiate_service(s);
1153 if (UNIT_ISSET(s->service) &&
1154 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1155 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1156 if (r < 0 && r != -EPERM)
1163 r = socket_address_listen(
1165 SOCK_CLOEXEC|SOCK_NONBLOCK,
1178 socket_apply_socket_options(s, p->fd);
1181 } else if (p->type == SOCKET_SPECIAL) {
1183 r = special_address_create(
1189 } else if (p->type == SOCKET_FIFO) {
1191 r = fifo_address_create(
1199 socket_apply_fifo_options(s, p->fd);
1202 } else if (p->type == SOCKET_MQUEUE) {
1204 r = mq_address_create(
1213 assert_not_reached("Unknown port type");
1216 mac_selinux_free(label);
1220 socket_close_fds(s);
1221 mac_selinux_free(label);
1225 static void socket_unwatch_fds(Socket *s) {
1231 LIST_FOREACH(port, p, s->ports) {
1235 if (!p->event_source)
1238 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1240 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1244 static int socket_watch_fds(Socket *s) {
1250 LIST_FOREACH(port, p, s->ports) {
1254 if (p->event_source)
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1257 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1260 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1268 socket_unwatch_fds(s);
1272 static void socket_set_state(Socket *s, SocketState state) {
1273 SocketState old_state;
1276 old_state = s->state;
1284 SOCKET_STOP_PRE_SIGTERM,
1285 SOCKET_STOP_PRE_SIGKILL,
1287 SOCKET_FINAL_SIGTERM,
1288 SOCKET_FINAL_SIGKILL)) {
1290 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1291 socket_unwatch_control_pid(s);
1292 s->control_command = NULL;
1293 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1296 if (state != SOCKET_LISTENING)
1297 socket_unwatch_fds(s);
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL))
1307 socket_close_fds(s);
1309 if (state != old_state)
1310 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1311 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1313 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1316 static int socket_coldplug(Unit *u) {
1317 Socket *s = SOCKET(u);
1321 assert(s->state == SOCKET_DEAD);
1323 if (s->deserialized_state == s->state)
1326 if (IN_SET(s->deserialized_state,
1331 SOCKET_STOP_PRE_SIGTERM,
1332 SOCKET_STOP_PRE_SIGKILL,
1334 SOCKET_FINAL_SIGTERM,
1335 SOCKET_FINAL_SIGKILL)) {
1337 if (s->control_pid <= 0)
1340 r = unit_watch_pid(UNIT(s), s->control_pid);
1344 r = socket_arm_timer(s);
1349 if (IN_SET(s->deserialized_state,
1355 SOCKET_STOP_PRE_SIGTERM,
1356 SOCKET_STOP_PRE_SIGKILL)) {
1357 r = socket_open_fds(s);
1362 if (s->deserialized_state == SOCKET_LISTENING) {
1363 r = socket_watch_fds(s);
1368 socket_set_state(s, s->deserialized_state);
1372 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1373 _cleanup_free_ char **argv = NULL;
1376 ExecParameters exec_params = {
1377 .apply_permissions = true,
1378 .apply_chroot = true,
1379 .apply_tty_stdin = true,
1386 unit_realize_cgroup(UNIT(s));
1388 r = unit_setup_exec_runtime(UNIT(s));
1392 r = socket_arm_timer(s);
1396 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1400 exec_params.argv = argv;
1401 exec_params.environment = UNIT(s)->manager->environment;
1402 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1403 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1404 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1405 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1406 exec_params.unit_id = UNIT(s)->id;
1416 r = unit_watch_pid(UNIT(s), pid);
1418 /* FIXME: we need to do something here */
1425 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1429 static int socket_chown(Socket *s, pid_t *_pid) {
1433 r = socket_arm_timer(s);
1437 /* We have to resolve the user names out-of-process, hence
1438 * let's fork here. It's messy, but well, what can we do? */
1446 uid_t uid = (uid_t) -1;
1447 gid_t gid = (gid_t) -1;
1450 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1451 ignore_signals(SIGPIPE, -1);
1454 if (!isempty(s->user)) {
1455 const char *user = s->user;
1457 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1464 if (!isempty(s->group)) {
1465 const char *group = s->group;
1467 r = get_group_creds(&group, &gid);
1474 LIST_FOREACH(port, p, s->ports) {
1475 const char *path = NULL;
1477 if (p->type == SOCKET_SOCKET)
1478 path = socket_address_get_path(&p->address);
1479 else if (p->type == SOCKET_FIFO)
1485 if (chown(path, uid, gid) < 0) {
1496 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1501 r = unit_watch_pid(UNIT(s), pid);
1509 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1513 static void socket_enter_dead(Socket *s, SocketResult f) {
1516 if (f != SOCKET_SUCCESS)
1519 exec_runtime_destroy(s->exec_runtime);
1520 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1522 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1524 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1527 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1529 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1533 if (f != SOCKET_SUCCESS)
1536 socket_unwatch_control_pid(s);
1537 s->control_command_id = SOCKET_EXEC_STOP_POST;
1538 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1540 if (s->control_command) {
1541 r = socket_spawn(s, s->control_command, &s->control_pid);
1545 socket_set_state(s, SOCKET_STOP_POST);
1547 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1552 log_warning_unit(UNIT(s)->id,
1553 "%s failed to run 'stop-post' task: %s",
1554 UNIT(s)->id, strerror(-r));
1555 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1558 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1563 if (f != SOCKET_SUCCESS)
1566 r = unit_kill_context(
1569 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1577 r = socket_arm_timer(s);
1581 socket_set_state(s, state);
1582 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1583 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1584 else if (state == SOCKET_STOP_PRE_SIGKILL)
1585 socket_enter_stop_post(s, SOCKET_SUCCESS);
1586 else if (state == SOCKET_FINAL_SIGTERM)
1587 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1589 socket_enter_dead(s, SOCKET_SUCCESS);
1594 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1596 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1597 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1599 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1602 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1606 if (f != SOCKET_SUCCESS)
1609 socket_unwatch_control_pid(s);
1610 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1611 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1613 if (s->control_command) {
1614 r = socket_spawn(s, s->control_command, &s->control_pid);
1618 socket_set_state(s, SOCKET_STOP_PRE);
1620 socket_enter_stop_post(s, SOCKET_SUCCESS);
1625 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1626 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1629 static void socket_enter_listening(Socket *s) {
1633 r = socket_watch_fds(s);
1635 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1639 socket_set_state(s, SOCKET_LISTENING);
1643 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1646 static void socket_enter_start_post(Socket *s) {
1650 socket_unwatch_control_pid(s);
1651 s->control_command_id = SOCKET_EXEC_START_POST;
1652 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1654 if (s->control_command) {
1655 r = socket_spawn(s, s->control_command, &s->control_pid);
1657 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1661 socket_set_state(s, SOCKET_START_POST);
1663 socket_enter_listening(s);
1668 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1671 static void socket_enter_start_chown(Socket *s) {
1676 r = socket_open_fds(s);
1678 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1682 if (!isempty(s->user) || !isempty(s->group)) {
1684 socket_unwatch_control_pid(s);
1685 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1686 s->control_command = NULL;
1688 r = socket_chown(s, &s->control_pid);
1690 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1694 socket_set_state(s, SOCKET_START_CHOWN);
1696 socket_enter_start_post(s);
1701 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1704 static void socket_enter_start_pre(Socket *s) {
1708 socket_unwatch_control_pid(s);
1709 s->control_command_id = SOCKET_EXEC_START_PRE;
1710 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1712 if (s->control_command) {
1713 r = socket_spawn(s, s->control_command, &s->control_pid);
1715 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1719 socket_set_state(s, SOCKET_START_PRE);
1721 socket_enter_start_chown(s);
1726 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1729 static void socket_enter_running(Socket *s, int cfd) {
1730 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1735 /* We don't take connections anymore if we are supposed to
1736 * shut down anyway */
1737 if (unit_stop_pending(UNIT(s))) {
1739 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1744 /* Flush all sockets by closing and reopening them */
1745 socket_close_fds(s);
1747 r = socket_open_fds(s);
1749 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1750 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1754 r = socket_watch_fds(s);
1756 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1757 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1767 bool pending = false;
1769 /* If there's already a start pending don't bother to
1771 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1772 if (unit_active_or_pending(other)) {
1778 if (!UNIT_ISSET(s->service)) {
1779 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1784 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1789 socket_set_state(s, SOCKET_RUNNING);
1791 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1794 if (s->n_connections >= s->max_connections) {
1795 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1800 r = socket_instantiate_service(s);
1804 r = instance_from_socket(cfd, s->n_accepted, &instance);
1809 /* ENOTCONN is legitimate if TCP RST was received.
1810 * This connection is over, but the socket unit lives on. */
1815 prefix = unit_name_to_prefix(UNIT(s)->id);
1821 name = unit_name_build(prefix, instance, ".service");
1827 r = unit_add_name(UNIT_DEREF(s->service), name);
1831 service = SERVICE(UNIT_DEREF(s->service));
1832 unit_ref_unset(&s->service);
1835 UNIT(service)->no_gc = false;
1837 unit_choose_id(UNIT(service), name);
1839 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1844 s->n_connections ++;
1846 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1850 /* Notify clients about changed counters */
1851 unit_add_to_dbus_queue(UNIT(s));
1857 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1858 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1859 bus_error_message(&error, r));
1861 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1865 static void socket_run_next(Socket *s) {
1869 assert(s->control_command);
1870 assert(s->control_command->command_next);
1872 socket_unwatch_control_pid(s);
1874 s->control_command = s->control_command->command_next;
1876 r = socket_spawn(s, s->control_command, &s->control_pid);
1883 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1885 if (s->state == SOCKET_START_POST)
1886 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1887 else if (s->state == SOCKET_STOP_POST)
1888 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1890 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1893 static int socket_start(Unit *u) {
1894 Socket *s = SOCKET(u);
1898 /* We cannot fulfill this request right now, try again later
1900 if (IN_SET(s->state,
1902 SOCKET_STOP_PRE_SIGKILL,
1903 SOCKET_STOP_PRE_SIGTERM,
1905 SOCKET_FINAL_SIGTERM,
1906 SOCKET_FINAL_SIGKILL))
1909 /* Already on it! */
1910 if (IN_SET(s->state,
1916 /* Cannot run this without the service being around */
1917 if (UNIT_ISSET(s->service)) {
1920 service = SERVICE(UNIT_DEREF(s->service));
1922 if (UNIT(service)->load_state != UNIT_LOADED) {
1923 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1927 /* If the service is already active we cannot start the
1929 if (service->state != SERVICE_DEAD &&
1930 service->state != SERVICE_FAILED &&
1931 service->state != SERVICE_AUTO_RESTART) {
1932 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1937 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1939 s->result = SOCKET_SUCCESS;
1940 socket_enter_start_pre(s);
1945 static int socket_stop(Unit *u) {
1946 Socket *s = SOCKET(u);
1951 if (IN_SET(s->state,
1953 SOCKET_STOP_PRE_SIGTERM,
1954 SOCKET_STOP_PRE_SIGKILL,
1956 SOCKET_FINAL_SIGTERM,
1957 SOCKET_FINAL_SIGKILL))
1960 /* If there's already something running we go directly into
1962 if (IN_SET(s->state,
1965 SOCKET_START_POST)) {
1966 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1970 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1972 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1976 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1977 Socket *s = SOCKET(u);
1985 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1986 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1987 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1989 if (s->control_pid > 0)
1990 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1992 if (s->control_command_id >= 0)
1993 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1995 LIST_FOREACH(port, p, s->ports) {
2001 copy = fdset_put_dup(fds, p->fd);
2005 if (p->type == SOCKET_SOCKET) {
2006 _cleanup_free_ char *t = NULL;
2008 r = socket_address_print(&p->address, &t);
2012 if (socket_address_family(&p->address) == AF_NETLINK)
2013 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2015 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2017 } else if (p->type == SOCKET_SPECIAL)
2018 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2019 else if (p->type == SOCKET_MQUEUE)
2020 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2022 assert(p->type == SOCKET_FIFO);
2023 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2030 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2031 Socket *s = SOCKET(u);
2037 if (streq(key, "state")) {
2040 state = socket_state_from_string(value);
2042 log_debug_unit(u->id, "Failed to parse state value %s", value);
2044 s->deserialized_state = state;
2045 } else if (streq(key, "result")) {
2048 f = socket_result_from_string(value);
2050 log_debug_unit(u->id, "Failed to parse result value %s", value);
2051 else if (f != SOCKET_SUCCESS)
2054 } else if (streq(key, "n-accepted")) {
2057 if (safe_atou(value, &k) < 0)
2058 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2061 } else if (streq(key, "control-pid")) {
2064 if (parse_pid(value, &pid) < 0)
2065 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2067 s->control_pid = pid;
2068 } else if (streq(key, "control-command")) {
2069 SocketExecCommand id;
2071 id = socket_exec_command_from_string(value);
2073 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2075 s->control_command_id = id;
2076 s->control_command = s->exec_command[id];
2078 } else if (streq(key, "fifo")) {
2082 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2083 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2086 LIST_FOREACH(port, p, s->ports)
2087 if (p->type == SOCKET_FIFO &&
2088 streq_ptr(p->path, value+skip))
2093 p->fd = fdset_remove(fds, fd);
2097 } else if (streq(key, "special")) {
2101 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2102 log_debug_unit(u->id, "Failed to parse special value %s", value);
2105 LIST_FOREACH(port, p, s->ports)
2106 if (p->type == SOCKET_SPECIAL &&
2107 streq_ptr(p->path, value+skip))
2112 p->fd = fdset_remove(fds, fd);
2116 } else if (streq(key, "mqueue")) {
2120 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2121 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2124 LIST_FOREACH(port, p, s->ports)
2125 if (p->type == SOCKET_MQUEUE &&
2126 streq_ptr(p->path, value+skip))
2131 p->fd = fdset_remove(fds, fd);
2135 } else if (streq(key, "socket")) {
2136 int fd, type, skip = 0;
2139 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2140 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2143 LIST_FOREACH(port, p, s->ports)
2144 if (socket_address_is(&p->address, value+skip, type))
2149 p->fd = fdset_remove(fds, fd);
2153 } else if (streq(key, "netlink")) {
2157 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2158 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2161 LIST_FOREACH(port, p, s->ports)
2162 if (socket_address_is_netlink(&p->address, value+skip))
2167 p->fd = fdset_remove(fds, fd);
2171 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2176 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2177 Socket *s = SOCKET(u);
2182 LIST_FOREACH(port, p, s->ports) {
2186 if (p->type != SOCKET_SOCKET)
2192 FDSET_FOREACH(fd, fds, i) {
2193 if (socket_address_matches_fd(&p->address, fd)) {
2194 p->fd = fdset_remove(fds, fd);
2195 s->deserialized_state = SOCKET_LISTENING;
2204 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2207 return state_translation_table[SOCKET(u)->state];
2210 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2213 return socket_state_to_string(SOCKET(u)->state);
2216 const char* socket_port_type_to_string(SocketPort *p) {
2224 switch (p->address.type) {
2232 case SOCK_SEQPACKET:
2233 return "SequentialPacket";
2236 if (socket_address_family(&p->address) == AF_NETLINK)
2243 case SOCKET_SPECIAL:
2247 return "MessageQueue";
2257 _pure_ static bool socket_check_gc(Unit *u) {
2258 Socket *s = SOCKET(u);
2262 return s->n_connections > 0;
2265 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2266 SocketPort *p = userdata;
2272 if (p->socket->state != SOCKET_LISTENING)
2275 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2277 if (revents != EPOLLIN) {
2279 if (revents & EPOLLHUP)
2280 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2281 UNIT(p->socket)->id);
2283 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2284 UNIT(p->socket)->id, revents);
2289 if (p->socket->accept &&
2290 p->type == SOCKET_SOCKET &&
2291 socket_address_can_accept(&p->address)) {
2295 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2301 log_error_unit(UNIT(p->socket)->id,
2302 "Failed to accept socket: %m");
2309 socket_apply_socket_options(p->socket, cfd);
2312 socket_enter_running(p->socket, cfd);
2316 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2320 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2321 Socket *s = SOCKET(u);
2327 if (pid != s->control_pid)
2332 if (is_clean_exit(code, status, NULL))
2334 else if (code == CLD_EXITED)
2335 f = SOCKET_FAILURE_EXIT_CODE;
2336 else if (code == CLD_KILLED)
2337 f = SOCKET_FAILURE_SIGNAL;
2338 else if (code == CLD_DUMPED)
2339 f = SOCKET_FAILURE_CORE_DUMP;
2341 assert_not_reached("Unknown sigchld code");
2343 if (s->control_command) {
2344 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2346 if (s->control_command->ignore)
2350 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2352 "%s control process exited, code=%s status=%i",
2353 u->id, sigchld_code_to_string(code), status);
2355 if (f != SOCKET_SUCCESS)
2358 if (s->control_command &&
2359 s->control_command->command_next &&
2360 f == SOCKET_SUCCESS) {
2362 log_debug_unit(u->id,
2363 "%s running next command for state %s",
2364 u->id, socket_state_to_string(s->state));
2367 s->control_command = NULL;
2368 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2370 /* No further commands for this step, so let's figure
2371 * out what to do next */
2373 log_debug_unit(u->id,
2374 "%s got final SIGCHLD for state %s",
2375 u->id, socket_state_to_string(s->state));
2379 case SOCKET_START_PRE:
2380 if (f == SOCKET_SUCCESS)
2381 socket_enter_start_chown(s);
2383 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2386 case SOCKET_START_CHOWN:
2387 if (f == SOCKET_SUCCESS)
2388 socket_enter_start_post(s);
2390 socket_enter_stop_pre(s, f);
2393 case SOCKET_START_POST:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_listening(s);
2397 socket_enter_stop_pre(s, f);
2400 case SOCKET_STOP_PRE:
2401 case SOCKET_STOP_PRE_SIGTERM:
2402 case SOCKET_STOP_PRE_SIGKILL:
2403 socket_enter_stop_post(s, f);
2406 case SOCKET_STOP_POST:
2407 case SOCKET_FINAL_SIGTERM:
2408 case SOCKET_FINAL_SIGKILL:
2409 socket_enter_dead(s, f);
2413 assert_not_reached("Uh, control process died at wrong time.");
2417 /* Notify clients about changed exit status */
2418 unit_add_to_dbus_queue(u);
2421 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2422 Socket *s = SOCKET(userdata);
2425 assert(s->timer_event_source == source);
2429 case SOCKET_START_PRE:
2430 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2431 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2434 case SOCKET_START_CHOWN:
2435 case SOCKET_START_POST:
2436 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2437 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2440 case SOCKET_STOP_PRE:
2441 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2442 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2445 case SOCKET_STOP_PRE_SIGTERM:
2446 if (s->kill_context.send_sigkill) {
2447 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2448 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2450 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2451 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2455 case SOCKET_STOP_PRE_SIGKILL:
2456 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2457 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2460 case SOCKET_STOP_POST:
2461 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2462 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2465 case SOCKET_FINAL_SIGTERM:
2466 if (s->kill_context.send_sigkill) {
2467 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2468 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2470 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2471 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2475 case SOCKET_FINAL_SIGKILL:
2476 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2477 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2481 assert_not_reached("Timeout at wrong time.");
2487 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2496 /* Called from the service code for requesting our fds */
2499 LIST_FOREACH(port, p, s->ports)
2509 if (!(rfds = new(int, rn_fds)))
2513 LIST_FOREACH(port, p, s->ports)
2517 assert(k == rn_fds);
2525 static void socket_reset_failed(Unit *u) {
2526 Socket *s = SOCKET(u);
2530 if (s->state == SOCKET_FAILED)
2531 socket_set_state(s, SOCKET_DEAD);
2533 s->result = SOCKET_SUCCESS;
2536 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2539 /* The service is dead. Dang!
2541 * This is strictly for one-instance-for-all-connections
2544 if (s->state == SOCKET_RUNNING) {
2545 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2546 if (failed_permanent)
2547 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2549 socket_enter_listening(s);
2553 void socket_connection_unref(Socket *s) {
2556 /* The service is dead. Yay!
2558 * This is strictly for one-instance-per-connection
2561 assert(s->n_connections > 0);
2564 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2567 static void socket_trigger_notify(Unit *u, Unit *other) {
2568 Socket *s = SOCKET(u);
2574 /* Don't propagate state changes from the service if we are
2575 already down or accepting connections */
2576 if ((s->state != SOCKET_RUNNING &&
2577 s->state != SOCKET_LISTENING) ||
2581 if (other->load_state != UNIT_LOADED ||
2582 other->type != UNIT_SERVICE)
2585 se = SERVICE(other);
2587 if (se->state == SERVICE_FAILED)
2588 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2590 if (se->state == SERVICE_DEAD ||
2591 se->state == SERVICE_STOP ||
2592 se->state == SERVICE_STOP_SIGTERM ||
2593 se->state == SERVICE_STOP_SIGKILL ||
2594 se->state == SERVICE_STOP_POST ||
2595 se->state == SERVICE_FINAL_SIGTERM ||
2596 se->state == SERVICE_FINAL_SIGKILL ||
2597 se->state == SERVICE_AUTO_RESTART)
2598 socket_notify_service_dead(s, false);
2600 if (se->state == SERVICE_RUNNING)
2601 socket_set_state(s, SOCKET_RUNNING);
2604 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2605 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2608 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2609 Socket *s = SOCKET(u);
2612 if (!s->timer_event_source)
2615 r = sd_event_source_get_time(s->timer_event_source, timeout);
2622 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2623 [SOCKET_DEAD] = "dead",
2624 [SOCKET_START_PRE] = "start-pre",
2625 [SOCKET_START_CHOWN] = "start-chown",
2626 [SOCKET_START_POST] = "start-post",
2627 [SOCKET_LISTENING] = "listening",
2628 [SOCKET_RUNNING] = "running",
2629 [SOCKET_STOP_PRE] = "stop-pre",
2630 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2631 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2632 [SOCKET_STOP_POST] = "stop-post",
2633 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2634 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2635 [SOCKET_FAILED] = "failed"
2638 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2640 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2641 [SOCKET_EXEC_START_PRE] = "StartPre",
2642 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2643 [SOCKET_EXEC_START_POST] = "StartPost",
2644 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2645 [SOCKET_EXEC_STOP_POST] = "StopPost"
2648 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2650 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2651 [SOCKET_SUCCESS] = "success",
2652 [SOCKET_FAILURE_RESOURCES] = "resources",
2653 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2654 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2655 [SOCKET_FAILURE_SIGNAL] = "signal",
2656 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2657 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2660 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2662 const UnitVTable socket_vtable = {
2663 .object_size = sizeof(Socket),
2664 .exec_context_offset = offsetof(Socket, exec_context),
2665 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2666 .kill_context_offset = offsetof(Socket, kill_context),
2667 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2673 .private_section = "Socket",
2675 .init = socket_init,
2676 .done = socket_done,
2677 .load = socket_load,
2679 .coldplug = socket_coldplug,
2681 .dump = socket_dump,
2683 .start = socket_start,
2684 .stop = socket_stop,
2686 .kill = socket_kill,
2688 .get_timeout = socket_get_timeout,
2690 .serialize = socket_serialize,
2691 .deserialize_item = socket_deserialize_item,
2692 .distribute_fds = socket_distribute_fds,
2694 .active_state = socket_active_state,
2695 .sub_state_to_string = socket_sub_state_to_string,
2697 .check_gc = socket_check_gc,
2699 .sigchld_event = socket_sigchld_event,
2701 .trigger_notify = socket_trigger_notify,
2703 .reset_failed = socket_reset_failed,
2705 .bus_interface = "org.freedesktop.systemd1.Socket",
2706 .bus_vtable = bus_socket_vtable,
2707 .bus_set_property = bus_socket_set_property,
2708 .bus_commit_properties = bus_socket_commit_properties,
2710 .status_message_formats = {
2711 /*.starting_stopping = {
2712 [0] = "Starting socket %s...",
2713 [1] = "Stopping socket %s...",
2715 .finished_start_job = {
2716 [JOB_DONE] = "Listening on %s.",
2717 [JOB_FAILED] = "Failed to listen on %s.",
2718 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2719 [JOB_TIMEOUT] = "Timed out starting %s.",
2721 .finished_stop_job = {
2722 [JOB_DONE] = "Closed %s.",
2723 [JOB_FAILED] = "Failed stopping %s.",
2724 [JOB_TIMEOUT] = "Timed out stopping %s.",