systemd / systemd / 18066640619

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <arpa/inet.h>

#include <fcntl.h>

#include <linux/sctp.h>

#include <mqueue.h>

#include <netinet/tcp.h>

#include <sys/stat.h>

#include <unistd.h>

#include "sd-bus.h"

#include "alloc-util.h"

#include "bpf-program.h"

#include "bus-common-errors.h"

#include "bus-error.h"

#include "copy.h"

#include "dbus-socket.h"

#include "dbus-unit.h"

#include "errno-list.h"

#include "errno-util.h"

#include "exit-status.h"

#include "extract-word.h"

#include "fd-util.h"

#include "fdset.h"

#include "format-util.h"

#include "fs-util.h"

#include "glyph-util.h"

#include "in-addr-util.h"

#include "io-util.h"

#include "ip-protocol-list.h"

#include "log.h"

#include "manager.h"

#include "mkdir-label.h"

#include "namespace-util.h"

#include "parse-util.h"

#include "path-util.h"

#include "pidfd-util.h"

#include "process-util.h"

#include "recurse-dir.h"

#include "selinux-util.h"

#include "serialize.h"

#include "service.h"

#include "set.h"

#include "siphash24.h"

#include "smack-util.h"

#include "socket.h"

#include "socket-netlink.h"

#include "special.h"

#include "string-table.h"

#include "string-util.h"

#include "strv.h"

#include "unit.h"

#include "unit-name.h"

#include "user-util.h"

typedef struct SocketPeer {

        unsigned n_ref;

        Socket *socket;

        union sockaddr_union peer;

        socklen_t peer_salen;

        struct ucred peer_cred;

} SocketPeer;

static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {

        [SOCKET_DEAD]             = UNIT_INACTIVE,

        [SOCKET_START_PRE]        = UNIT_ACTIVATING,

        [SOCKET_START_OPEN]       = UNIT_ACTIVATING,

        [SOCKET_START_CHOWN]      = UNIT_ACTIVATING,

        [SOCKET_START_POST]       = UNIT_ACTIVATING,

        [SOCKET_LISTENING]        = UNIT_ACTIVE,

        [SOCKET_DEFERRED]         = UNIT_ACTIVE,

        [SOCKET_RUNNING]          = UNIT_ACTIVE,

        [SOCKET_STOP_PRE]         = UNIT_DEACTIVATING,

        [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,

        [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,

        [SOCKET_STOP_POST]        = UNIT_DEACTIVATING,

        [SOCKET_FINAL_SIGTERM]    = UNIT_DEACTIVATING,

        [SOCKET_FINAL_SIGKILL]    = UNIT_DEACTIVATING,

        [SOCKET_FAILED]           = UNIT_FAILED,

        [SOCKET_CLEANING]         = UNIT_MAINTENANCE,

};

static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);

static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);

                      SOCKET_START_PRE,

                      SOCKET_START_CHOWN,

                      SOCKET_START_POST,

                      SOCKET_STOP_PRE,

                      SOCKET_STOP_PRE_SIGTERM,

                      SOCKET_STOP_PRE_SIGKILL,

                      SOCKET_STOP_POST,

                      SOCKET_FINAL_SIGTERM,

                      SOCKET_FINAL_SIGKILL,

                      SOCKET_CLEANING);

}

        /* If unit_active_state() reports inactive/failed then it's all good, otherwise we need to

         * manually exclude SERVICE_AUTO_RESTART and SERVICE_AUTO_RESTART_QUEUED, in which cases

         * the start job hasn't been enqueued/run, but are only placeholders in order to allow

         * canceling auto restart. */

                return false;

                return false;

        return true;

}

                return NULL;

}

}

                return true;

                        return true;

                        return true;

        }

        return false;

}

                        return r;

        }

        return 0;

}

                return 0;

}

                return 0;

                return r;

                        return r;

        }

}

                        return true;

        return false;

}

        /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit

         * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()

         * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly

         * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic

         * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to

         * process whatever is queued in one go, and thus should normally never have to be started frequently. This is

         * different for Accept=yes where each connection is processed by a new service instance, and thus frequent

         * service starts are typical.

         *

         * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to

         * trigger this earlier. */

                }

                        return r;

        }

                return r;

                return r;

                return r;

                        return r;

        }

                return r;

        return 0;

}

                default:

                        f = NULL;

                }

                                return NULL;

                        found = f;

                }

        }

        return found;

}

        return 0;

}

        else

        }

}

DEFINE_PRIVATE_HASH_OPS(peer_address_hash_ops, SocketPeer, peer_address_hash_func, peer_address_compare_func);

                return r;

                return 0;

        /* This is a new unit? Then let's add in some extras */

                return r;

}

                return NULL;

                .n_ref = 1,

        };

}

}

                .peer_salen = sizeof(union sockaddr_union),

                .peer_cred = UCRED_INVALID,

        }, *i;

        case AF_INET:

        case AF_INET6:

        case AF_VSOCK:

                break;

                break;

        }

        }

}

                return "ListenNetlink";

                return "ListenStream";

                return "ListenDatagram";

                return "ListenSequentialPacket";

}

                "%sSocket State: %s\n"

                "%sResult: %s\n"

                "%sClean Result: %s\n"

                "%sBindIPv6Only: %s\n"

                "%sBacklog: %u\n"

                "%sSocketMode: %04o\n"

                "%sDirectoryMode: %04o\n"

                "%sKeepAlive: %s\n"

                "%sNoDelay: %s\n"

                "%sFreeBind: %s\n"

                "%sTransparent: %s\n"

                "%sBroadcast: %s\n"

                "%sPassCredentials: %s\n"

                "%sPassPIDFD: %s\n"

                "%sPassSecurity: %s\n"

                "%sPassPacketInfo: %s\n"

                "%sAcceptFileDescriptors: %s\n"

                "%sTCPCongestion: %s\n"

                "%sRemoveOnStop: %s\n"

                "%sWritable: %s\n"

                "%sFileDescriptorName: %s\n"

                "%sPassFileDescriptorsToExec: %s\n"

                "%sSELinuxContextFromNet: %s\n",

                prefix, socket_state_to_string(s->state),

                prefix, socket_result_to_string(s->result),

                prefix, socket_result_to_string(s->clean_result),

                prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),

                prefix, s->backlog,

                prefix, s->socket_mode,

                prefix, s->directory_mode,

                prefix, socket_fdname(s),

                        "%sTimestamping: %s\n",

                        prefix, socket_timestamping_to_string(s->timestamping));

        if (pidref_is_set(&s->control_pid))

                        "%sControl PID: "PID_FMT"\n",

                        prefix, s->control_pid.pid);

                        "%sBindToDevice: %s\n",

                        prefix, s->bind_to_device);

                        "%sAccepted: %u\n"

                        "%sNConnections: %u\n"

                        "%sMaxConnections: %u\n"

                        "%sMaxConnectionsPerSource: %u\n",

                        prefix, s->n_accepted,

                        prefix, s->n_connections,

                        prefix, s->max_connections,

                        prefix, s->max_connections_per_source);

        else

                        "%sFlushPending: %s\n"

                        "%sDeferTrigger: %s\n"

                        "%sDeferTriggerMaxSec: %s\n",

                        prefix, socket_defer_trigger_to_string(s->defer_trigger),

                        "%sPriority: %i\n",

                        prefix, s->priority);

                        "%sReceiveBuffer: %zu\n",

                        prefix, s->receive_buffer);

                        "%sSendBuffer: %zu\n",

                        prefix, s->send_buffer);

                        "%sIPTOS: %i\n",

                        prefix, s->ip_tos);

                        "%sIPTTL: %i\n",

                        prefix, s->ip_ttl);

                        "%sPipeSize: %zu\n",

                        prefix, s->pipe_size);

                        "%sMark: %i\n",

                        prefix, s->mark);

                        "%sMessageQueueMaxMessages: %li\n",

                        prefix, s->mq_maxmsg);

                        "%sMessageQueueMessageSize: %li\n",

                        prefix, s->mq_msgsize);

                        "%sReusePort: %s\n",

                         prefix, yes_no(s->reuse_port));

                        "%sSmackLabel: %s\n",

                        prefix, s->smack);

                        "%sSmackLabelIPIn: %s\n",

                        prefix, s->smack_ip_in);

                        "%sSmackLabelIPOut: %s\n",

                        prefix, s->smack_ip_out);

                        "%sSocketUser: %s\n"

                        "%sSocketGroup: %s\n",

                        "%sKeepAliveTimeSec: %s\n",

                        "%sKeepAliveIntervalSec: %s\n",

                        "%sKeepAliveProbes: %u\n",

                        prefix, s->keep_alive_cnt);

                        "%sDeferAcceptSec: %s\n",

                        } else

                }

                        break;

                        break;

                        break;

                }

        }

                "%sTriggerLimitIntervalSec: %s\n"

                "%sTriggerLimitBurst: %u\n"

                "%sPollLimitIntervalSec: %s\n"

                "%sPollLimitBurst: %u\n",

                prefix, s->trigger_limit.burst,

                prefix, s->poll_limit.burst);

        }

                "%sTimeoutSec: %s\n",

                        prefix, glyph(GLYPH_ARROW_RIGHT), socket_exec_command_to_string(c));

        }

                int fd,

                unsigned nr,

                char **ret) {

                return r;

                             "%u-%" PRIu64 "-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",

                             nr,

                             cookie,

                             a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,

                             b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,

                        return -ENOMEM;

                break;

        }

                        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF

                };

                                     "%u-%" PRIu64 "-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",

                                     nr,

                                     cookie,

                                return -ENOMEM;

                } else {

                                     "%u-%" PRIu64 "-%s:%u-%s:%u",

                                     nr,

                                     cookie,

                }

                break;

        }