--- httpd-2.4.28/server/listen.c.socketactivation 2017-08-16 19:48:29.000000000 +0300
+++ httpd-2.4.28/server/listen.c 2017-10-14 18:48:36.275690612 +0300
@@ -17,114 +17,107 @@
#include "apr_network_io.h"
#include "apr_strings.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include "ap_config.h"
#include "httpd.h"
#include "http_main.h"
#include "http_config.h"
#include "http_core.h"
#include "ap_listen.h"
#include "http_log.h"
#include "mpm_common.h"
#include <stdlib.h>
#if APR_HAVE_UNISTD_H
#include <unistd.h>
#endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
/* we know core's module_index is 0 */
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL;
/* Let ap_num_listen_buckets be global so that it can
* be printed by ap_log_mpm_common(), but keep the listeners
* buckets static since it is used only here to close them
* all (including duplicated) with ap_close_listeners().
*/
AP_DECLARE_DATA int ap_num_listen_buckets;
static ap_listen_rec **ap_listen_buckets;
/* Determine once, at runtime, whether or not SO_REUSEPORT
* is usable on this platform, and hence whether or not
* listeners can be duplicated (if configured).
*/
AP_DECLARE_DATA int ap_have_so_reuseport = -1;
static ap_listen_rec *old_listeners;
static int ap_listenbacklog;
static int ap_listencbratio;
static int send_buffer_size;
static int receive_buffer_size;
+#ifdef HAVE_SYSTEMD
+static int use_systemd = -1;
+#endif
/* TODO: make_sock is just begging and screaming for APR abstraction */
-static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
+static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen)
{
apr_socket_t *s = server->sd;
int one = 1;
#if APR_HAVE_IPV6
#ifdef AP_ENABLE_V4_MAPPED
int v6only_setting = 0;
#else
int v6only_setting = 1;
#endif
#endif
apr_status_t stat;
#ifndef WIN32
stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067)
"make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
server->bind_addr);
apr_socket_close(s);
return stat;
}
#endif
stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one);
if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068)
"make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)",
server->bind_addr);
apr_socket_close(s);
return stat;
}
-#if APR_HAVE_IPV6
- if (server->bind_addr->family == APR_INET6) {
- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
- "make_sock: for address %pI, apr_socket_opt_set: "
- "(IPV6_V6ONLY)",
- server->bind_addr);
- apr_socket_close(s);
- return stat;
- }
- }
-#endif
-
/*
* To send data over high bandwidth-delay connections at full
* speed we must force the TCP window to open wide enough to keep the
* pipe full. The default window size on many systems
* is only 4kB. Cross-country WAN connections of 100ms
* at 1Mb/s are not impossible for well connected sites.
* If we assume 100ms cross-country latency,
* a 4kB buffer limits throughput to 40kB/s.
*
* To avoid this problem I've added the SendBufferSize directive
* to allow the web master to configure send buffer size.
*
* The trade-off of larger buffers is that more kernel memory
* is consumed. YMMV, know your customers and your network!
*
* -John Heidemann <johnh@isi.edu> 25-Oct-96
*
* If no size is specified, use the kernel default.
*/
if (send_buffer_size) {
@@ -152,55 +145,71 @@
ap_sock_disable_nagle(s);
#endif
#if defined(SO_REUSEPORT)
if (ap_have_so_reuseport && ap_listencbratio > 0) {
int thesock;
apr_os_sock_get(&thesock, s);
if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT,
(void *)&one, sizeof(int)) < 0) {
stat = apr_get_netos_error();
ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638)
"make_sock: for address %pI, apr_socket_opt_set: "
"(SO_REUSEPORT)",
server->bind_addr);
apr_socket_close(s);
return stat;
}
}
#endif
- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
- "make_sock: could not bind to address %pI",
- server->bind_addr);
- apr_socket_close(s);
- return stat;
- }
+ if (do_bind_listen) {
+#if APR_HAVE_IPV6
+ if (server->bind_addr->family == APR_INET6) {
+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
+ "make_sock: for address %pI, apr_socket_opt_set: "
+ "(IPV6_V6ONLY)",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
+ }
+#endif
- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
- "make_sock: unable to listen for connections "
- "on address %pI",
- server->bind_addr);
- apr_socket_close(s);
- return stat;
+ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
+ "make_sock: could not bind to address %pI",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
+
+ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
+ "make_sock: unable to listen for connections "
+ "on address %pI",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
}
#ifdef WIN32
/* I seriously doubt that this would work on Unix; I have doubts that
* it entirely solves the problem on Win32. However, since setting
* reuseaddr on the listener -prior- to binding the socket has allowed
* us to attach to the same port as an already running instance of
* Apache, or even another web server, we cannot identify that this
* port was exclusively granted to this instance of Apache.
*
* So set reuseaddr, but do not attempt to do so until we have the
* parent listeners successfully bound.
*/
stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074)
"make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
server->bind_addr);
apr_socket_close(s);
return stat;
@@ -260,40 +269,159 @@
ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075)
"Failed to enable the '%s' Accept Filter",
accf);
}
#else
rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30);
if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) {
ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076)
"Failed to enable APR_TCP_DEFER_ACCEPT");
}
#endif
}
}
static apr_status_t close_listeners_on_exec(void *v)
{
ap_close_listeners();
return APR_SUCCESS;
}
+
+#ifdef HAVE_SYSTEMD
+
+static int find_systemd_socket(process_rec * process, apr_port_t port) {
+ int fdcount, fd;
+ int sdc = sd_listen_fds(0);
+
+ if (sdc < 0) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
+ sdc);
+ return -1;
+ }
+
+ if (sdc == 0) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
+ "find_systemd_socket: At least one socket must be set.");
+ return -1;
+ }
+
+ fdcount = atoi(getenv("LISTEN_FDS"));
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
+ return fd;
+ }
+ }
+
+ return -1;
+}
+
+static apr_status_t alloc_systemd_listener(process_rec * process,
+ int fd, const char *proto,
+ ap_listen_rec **out_rec)
+{
+ apr_status_t rv;
+ struct sockaddr sa;
+ socklen_t len = sizeof(struct sockaddr);
+ apr_os_sock_info_t si;
+ ap_listen_rec *rec;
+ *out_rec = NULL;
+
+ memset(&si, 0, sizeof(si));
+
+ rv = getsockname(fd, &sa, &len);
+
+ if (rv != 0) {
+ rv = apr_get_netos_error();
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489)
+ "getsockname on %d failed.", fd);
+ return rv;
+ }
+
+ si.os_sock = &fd;
+ si.family = sa.sa_family;
+ si.local = &sa;
+ si.type = SOCK_STREAM;
+ si.protocol = APR_PROTO_TCP;
+
+ rec = apr_palloc(process->pool, sizeof(ap_listen_rec));
+ rec->active = 0;
+ rec->next = 0;
+
+
+ rv = apr_os_sock_make(&rec->sd, &si, process->pool);
+ if (rv != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490)
+ "apr_os_sock_make on %d failed.", fd);
+ return rv;
+ }
+
+ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd);
+ if (rv != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491)
+ "apr_socket_addr_get on %d failed.", fd);
+ return rv;
+ }
+
+ rec->protocol = apr_pstrdup(process->pool, proto);
+
+ *out_rec = rec;
+
+ return make_sock(process->pool, rec, 0);
+}
+
+static const char *set_systemd_listener(process_rec *process, apr_port_t port,
+ const char *proto)
+{
+ ap_listen_rec *last, *new;
+ apr_status_t rv;
+ int fd = find_systemd_socket(process, port);
+ if (fd < 0) {
+ return "Systemd socket activation is used, but this port is not "
+ "configured in systemd";
+ }
+
+ last = ap_listeners;
+ while (last && last->next) {
+ last = last->next;
+ }
+
+ rv = alloc_systemd_listener(process, fd, proto, &new);
+ if (rv != APR_SUCCESS) {
+ return "Failed to setup socket passed by systemd using socket activation";
+ }
+
+ if (last == NULL) {
+ ap_listeners = last = new;
+ }
+ else {
+ last->next = new;
+ last = new;
+ }
+
+ return NULL;
+}
+
+#endif /* HAVE_SYSTEMD */
+
+
static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
const char *addr, apr_port_t port)
{
int found = 0;
while (*from) {
apr_sockaddr_t *sa = (*from)->bind_addr;
/* Some listeners are not real so they will not have a bind_addr. */
if (sa) {
ap_listen_rec *new;
apr_port_t oldport;
oldport = sa->port;
/* If both ports are equivalent, then if their names are equivalent,
* then we will re-use the existing record.
*/
if (port == oldport &&
((!addr && !sa->hostname) ||
((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) {
@@ -478,41 +606,41 @@
if (lr->bind_addr->port == cur->bind_addr->port
&& IS_IN6ADDR_ANY(cur->bind_addr)
&& apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY,
&v6only_setting) == APR_SUCCESS
&& v6only_setting == 0) {
/* Remove the current listener from the list */
previous->next = lr->next;
lr = previous; /* maintain current value of previous after
* post-loop expression is evaluated
*/
skip = 1;
break;
}
}
if (skip) {
continue;
}
}
#endif
- if (make_sock(pool, lr) == APR_SUCCESS) {
+ if (make_sock(pool, lr, 1) == APR_SUCCESS) {
++num_open;
}
else {
#if APR_HAVE_IPV6
/* If we tried to bind to ::, and the next listener is
* on 0.0.0.0 with the same port, don't give a fatal
* error. The user will still get a warning from make_sock
* though.
*/
if (lr->next != NULL
&& IS_IN6ADDR_ANY(lr->bind_addr)
&& lr->bind_addr->port == lr->next->bind_addr->port
&& IS_INADDR_ANY(lr->next->bind_addr)) {
/* Remove the current listener from the list */
if (previous) {
previous->next = lr->next;
}
else {
ap_listeners = lr->next;
@@ -590,42 +718,62 @@
* use the default for this listener.
*/
for (addr = ls->addrs; addr && !found; addr = addr->next) {
for (lr = ap_listeners; lr; lr = lr->next) {
if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
lr->bind_addr->port == addr->host_port) {
ap_set_server_protocol(ls, lr->protocol);
found = 1;
break;
}
}
}
if (!found) {
/* TODO: set protocol defaults per-Port, eg 25=smtp */
ap_set_server_protocol(ls, "http");
}
}
}
- if (open_listeners(s->process->pool)) {
- return 0;
+#ifdef HAVE_SYSTEMD
+ if (use_systemd) {
+ const char *userdata_key = "ap_open_systemd_listeners";
+ void *data;
+ /* clear the enviroment on our second run
+ * so that none of our future children get confused.
+ */
+ apr_pool_userdata_get(&data, userdata_key, s->process->pool);
+ if (!data) {
+ apr_pool_userdata_set((const void *)1, userdata_key,
+ apr_pool_cleanup_null, s->process->pool);
+ }
+ else {
+ sd_listen_fds(1);
+ }
+ }
+ else
+#endif
+ {
+ if (open_listeners(s->process->pool)) {
+ return 0;
+ }
}
for (lr = ap_listeners; lr; lr = lr->next) {
num_listeners++;
found = 0;
for (ls = s; ls && !found; ls = ls->next) {
for (addr = ls->addrs; addr && !found; addr = addr->next) {
if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
lr->bind_addr->port == addr->host_port) {
found = 1;
ap_apply_accept_filter(s->process->pool, lr, ls);
}
}
}
if (!found) {
ap_apply_accept_filter(s->process->pool, lr, s);
}
}
@@ -681,41 +829,41 @@
char *hostname;
apr_port_t port;
apr_sockaddr_t *sa;
duplr = apr_palloc(p, sizeof(ap_listen_rec));
duplr->slave = NULL;
duplr->protocol = apr_pstrdup(p, lr->protocol);
hostname = apr_pstrdup(p, lr->bind_addr->hostname);
port = lr->bind_addr->port;
apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p);
duplr->bind_addr = sa;
duplr->next = NULL;
stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family,
SOCK_STREAM, 0, p);
if (stat != APR_SUCCESS) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640)
"ap_duplicate_listeners: for address %pI, "
"cannot duplicate a new socket!",
duplr->bind_addr);
return stat;
}
- make_sock(p, duplr);
+ make_sock(p, duplr, 1);
#if AP_NONBLOCK_WHEN_MULTI_LISTEN
use_nonblock = (ap_listeners && ap_listeners->next);
stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
if (stat != APR_SUCCESS) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641)
"unable to control socket non-blocking status");
return stat;
}
#endif
ap_apply_accept_filter(p, duplr, s);
if (last == NULL) {
(*buckets)[i] = last = duplr;
}
else {
last->next = duplr;
last = duplr;
}
lr = lr->next;
}
@@ -808,71 +956,82 @@
ap_have_so_reuseport = 0;
}
}
AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
int argc, char *const argv[])
{
char *host, *scope_id, *proto;
apr_port_t port;
apr_status_t rv;
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
if (argc < 1 || argc > 2) {
return "Listen requires 1 or 2 arguments.";
}
+#ifdef HAVE_SYSTEMD
+ if (use_systemd == -1) {
+ use_systemd = sd_listen_fds(0) > 0;
+ }
+#endif
rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
if (rv != APR_SUCCESS) {
return "Invalid address or port";
}
if (host && !strcmp(host, "*")) {
host = NULL;
}
if (scope_id) {
/* XXX scope id support is useful with link-local IPv6 addresses */
return "Scope id is not supported";
}
if (!port) {
return "Port must be specified";
}
if (argc != 2) {
if (port == 443) {
proto = "https";
} else {
proto = "http";
}
}
else {
proto = apr_pstrdup(cmd->pool, argv[1]);
ap_str_tolower(proto);
}
+#ifdef HAVE_SYSTEMD
+ if (use_systemd) {
+ return set_systemd_listener(cmd->server->process, port, proto);
+ }
+#endif
+
return alloc_listener(cmd->server->process, host, port, proto, NULL);
}
AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd,
void *dummy,
const char *arg)
{
int b;
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
b = atoi(arg);
if (b < 1) {
return "ListenBacklog must be > 0";
}
ap_listenbacklog = b;
