[systemd-devel] [PATCH v4] Add sabridge for socket activation of traditional daemons

david at davidstrauss.net david at davidstrauss.net
Tue Oct 15 14:35:26 PDT 2013


From: David Strauss <david at davidstrauss.net>

---
 .gitignore               |   1 +
 Makefile-man.am          |   1 +
 Makefile.am              |  20 +-
 man/systemd-sabridge.xml | 254 ++++++++++++++++++++++
 src/sabridge/Makefile    |  28 +++
 src/sabridge/sabridge.c  | 551 +++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 854 insertions(+), 1 deletion(-)
 create mode 100644 man/systemd-sabridge.xml
 create mode 100644 src/sabridge/Makefile
 create mode 100644 src/sabridge/sabridge.c

diff --git a/.gitignore b/.gitignore
index 5e63b2a..d2d5da5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,6 +71,7 @@
 /systemd-reply-password
 /systemd-rfkill
 /systemd-run
+/systemd-sabridge
 /systemd-shutdown
 /systemd-shutdownd
 /systemd-sleep
diff --git a/Makefile-man.am b/Makefile-man.am
index 6c9b790..e78a8a2 100644
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -66,6 +66,7 @@ MANPAGES += \
 	man/systemd-nspawn.1 \
 	man/systemd-remount-fs.service.8 \
 	man/systemd-run.1 \
+	man/systemd-sabridge.1 \
 	man/systemd-shutdownd.service.8 \
 	man/systemd-sleep.conf.5 \
 	man/systemd-suspend.service.8 \
diff --git a/Makefile.am b/Makefile.am
index 7ae6a1a..2877184 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,6 +5,7 @@
 #  Copyright 2010-2012 Lennart Poettering
 #  Copyright 2010-2012 Kay Sievers
 #  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
@@ -298,7 +299,8 @@ bin_PROGRAMS = \
 	systemd-detect-virt \
 	systemd-delta \
 	systemd-analyze \
-	systemd-run
+	systemd-run \
+	systemd-sabridge
 
 dist_bin_SCRIPTS = \
 	src/kernel-install/kernel-install
@@ -3207,6 +3209,22 @@ EXTRA_DIST += \
 	units/systemd-journal-gatewayd.service.in
 
 # ------------------------------------------------------------------------------
+
+systemd_sabridge_SOURCES = \
+	src/sabridge/sabridge.c
+
+systemd_sabridge_LDADD = \
+	libsystemd-shared.la \
+	libsystemd-logs.la \
+	libsystemd-journal-internal.la \
+	libsystemd-id128-internal.la \
+	libsystemd-daemon.la \
+	libsystemd-bus.la
+
+systemd_sabridge_CFLAGS = \
+	$(AM_CFLAGS)
+
+# ------------------------------------------------------------------------------
 if ENABLE_COREDUMP
 systemd_coredump_SOURCES = \
 	src/journal/coredump.c
diff --git a/man/systemd-sabridge.xml b/man/systemd-sabridge.xml
new file mode 100644
index 0000000..abeb1a5
--- /dev/null
+++ b/man/systemd-sabridge.xml
@@ -0,0 +1,254 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+     "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+  This file is part of systemd.
+
+  Copyright 2013 David Strauss
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+<refentry id="systemd-sabridge">
+        <refentryinfo>
+                <title>systemd-sabridge</title>
+                <productname>systemd</productname>
+                <authorgroup>
+                        <author>
+                                <contrib>Developer</contrib>
+                                <firstname>David</firstname>
+                                <surname>Strauss</surname>
+                                <email>david at davidstrauss.net</email>
+                        </author>
+                </authorgroup>
+        </refentryinfo>
+        <refmeta>
+                <refentrytitle>systemd-sabridge</refentrytitle>
+                <manvolnum>1</manvolnum>
+        </refmeta>
+        <refnamediv>
+                <refname>systemd-sabridge</refname>
+                <refpurpose>Inherit a socket. Bidirectionally
+                proxy.</refpurpose>
+        </refnamediv>
+        <refsynopsisdiv>
+                <cmdsynopsis>
+                        <command>systemd-sabridge</command>
+                        <arg choice="opt" rep="repeat">OPTIONS</arg>
+                        <arg choice="plain"><replaceable>HOSTNAME-OR-IP</replaceable></arg>
+                        <arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg>
+                </cmdsynopsis>
+                <cmdsynopsis>
+                        <command>systemd-sabridge</command>
+                        <arg choice="opt" rep="repeat">OPTIONS</arg>
+                        <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
+                        </arg>
+                </cmdsynopsis>
+        </refsynopsisdiv>
+        <refsect1>
+                <title>Description</title>
+                <para>
+                <command>systemd-sabridge</command>provides a proxy
+                to socket-activate services that do not yet support
+                native socket activation. On behalf of the daemon,
+                the proxy inherits the socket from systemd, accepts
+                each client connection, opens a connection to the server
+                for each client, and then bidirectionally forwards
+                data between the two.</para>
+                <para>This utility's behavior is similar to
+                <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum> </citerefentry>.
+                The main differences for <command>systemd-sabridge</command>
+                are support for socket activation with
+                <literal>Accept=false</literal> and an event-driven
+                design that scales better with the number of
+                connections.</para>
+        </refsect1>
+        <refsect1>
+                <title>Options</title>
+                <para>The following options are understood:</para>
+                <variablelist>
+                        <varlistentry>
+                                <term><option>-h</option></term>
+                                <term><option>--help</option></term>
+                                <listitem>
+                                        <para>Prints a short help
+                                        text and exits.</para>
+                                </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                                <term><option>--version</option></term>
+                                <listitem>
+                                        <para>Prints a version
+                                        string and exits.</para>
+                                </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                                <term><option>--ignore-env</option></term>
+                                <listitem>
+                                        <para>Skips verification of
+                                        the expected PID and file
+                                        descriptor numbers. Use if
+                                        invoked indirectly, for
+                                        example with a shell script
+                                        rather than with
+                                        <option>ExecStart=/usr/bin/systemd-sabridge</option>
+                                        </para>
+                                </listitem>
+                        </varlistentry>
+                </variablelist>
+        </refsect1>
+        <refsect1>
+                <title>Exit status</title>
+                <para>On success 0 is returned, a non-zero failure
+                code otherwise.</para>
+        </refsect1>
+        <refsect1>
+                <title>Examples</title>
+                <refsect2>
+                        <title>Direct-Use Example</title>
+                        <para>Use two services with a dependency
+                        and no namespace isolation.</para>
+                        <example label="bridge socket unit">
+                                <title>/etc/systemd/system/bridge-to-nginx.socket</title>
+                                <programlisting>
+<![CDATA[[Socket]
+ListenStream=80
+
+[Install]
+WantedBy=socket.target]]>
+</programlisting>
+                        </example>
+                        <example label="bridge service unit">
+                                <title>/etc/systemd/system/bridge-to-nginx.service</title>
+                                <programlisting>
+<![CDATA[[Unit]
+After=nginx.service
+Requires=nginx.service
+
+[Service]
+ExecStart=/usr/bin/systemd-sabridge /tmp/nginx.sock
+PrivateTmp=true
+PrivateNetwork=true]]>
+</programlisting>
+                        </example>
+                        <example label="nginx configuration">
+                                <title>/etc/nginx/nginx.conf</title>
+                                <programlisting>
+<![CDATA[[...]
+server {
+    listen       unix:/tmp/nginx.sock;
+    [...]]]>
+</programlisting>
+                        </example>
+                        <example label="commands">
+                                <programlisting>
+<![CDATA[$ sudo systemctl --system daemon-reload
+$ sudo systemctl start bridge-to-nginx.socket
+$ sudo systemctl enable bridge-to-nginx.socket
+$ curl http://localhost:80/]]>
+</programlisting>
+                        </example>
+                </refsect2>
+                <refsect2>
+                        <title>Indirect-Use Example</title>
+                        <para>Use a shell script to isolate the
+                        service and bridge into the same namespace.
+                        This is particularly useful for running
+                        TCP-only daemons without the daemon
+                        affecting ports on regular
+                        interfaces.</para>
+                        <example label="combined bridge and nginx socket unit">
+
+                                <title>
+                                /etc/systemd/system/bridge-with-nginx.socket</title>
+                                <programlisting>
+<![CDATA[[Socket]
+ListenStream=80
+
+[Install]
+WantedBy=socket.target]]>
+</programlisting>
+                        </example>
+                        <example label="combined bridge and nginx service unit">
+
+                                <title>
+                                /etc/systemd/system/bridge-with-nginx.service</title>
+                                <programlisting>
+<![CDATA[[Unit]
+After=syslog.target remote-fs.target nss-lookup.target
+
+[Service]
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/bin/sabridge-nginx.sh
+PrivateTmp=true
+PrivateNetwork=true]]>
+</programlisting>
+                        </example>
+                        <example label="shell script">
+                                <title>
+                                /usr/bin/sabridge-nginx.sh</title>
+                                <programlisting>
+<![CDATA[#!/bin/sh
+/usr/sbin/nginx
+while [ ! -f /tmp/nginx.pid ]
+  do
+     /usr/bin/inotifywait /tmp/nginx.pid
+  done
+/usr/bin/systemd-sabridge --ignore-env localhost 8080]]>
+</programlisting>
+                        </example>
+                        <example label="nginx configuration">
+                                <title>
+                                /etc/nginx/nginx.conf</title>
+                                <programlisting>
+<![CDATA[[...]
+server {
+    listen       8080;
+    listen       unix:/tmp/nginx.sock;
+    [...]]]>
+</programlisting>
+                        </example>
+                        <example label="commands">
+                                <programlisting>
+<![CDATA[$ sudo systemctl --system daemon-reload
+$ sudo systemctl start bridge-with-nginx.socket
+$ sudo systemctl enable bridge-with-nginx.socket
+$ curl http://localhost:80/]]>
+</programlisting>
+                        </example>
+                </refsect2>
+        </refsect1>
+        <refsect1>
+                <title>See Also</title>
+                <para>
+                <citerefentry>
+                        <refentrytitle>
+                        systemd.service</refentrytitle>
+                        <manvolnum>5</manvolnum>
+                </citerefentry>,
+                <citerefentry>
+                        <refentrytitle>
+                        systemd.socket</refentrytitle>
+                        <manvolnum>5</manvolnum>
+                </citerefentry>,
+                <citerefentry>
+                        <refentrytitle>systemctl</refentrytitle>
+                        <manvolnum>1</manvolnum>
+                </citerefentry>,
+                <citerefentry>
+                        <refentrytitle>socat</refentrytitle>
+                        <manvolnum>1</manvolnum>
+                </citerefentry></para>
+        </refsect1>
+</refentry>
diff --git a/src/sabridge/Makefile b/src/sabridge/Makefile
new file mode 100644
index 0000000..9d07505
--- /dev/null
+++ b/src/sabridge/Makefile
@@ -0,0 +1,28 @@
+#  This file is part of systemd.
+#
+#  Copyright 2010 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# This file is a dirty trick to simplify compilation from within
+# emacs. This file is not intended to be distributed. So, don't touch
+# it, even better ignore it!
+
+all:
+	$(MAKE) -C ..
+
+clean:
+	$(MAKE) -C .. clean
+
+.PHONY: all clean
diff --git a/src/sabridge/sabridge.c b/src/sabridge/sabridge.c
new file mode 100644
index 0000000..fdeb11d
--- /dev/null
+++ b/src/sabridge/sabridge.c
@@ -0,0 +1,551 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 David Strauss
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+#include <arpa/inet.h>
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netdb.h>
+#include <sys/fcntl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "sd-daemon.h"
+#include "sd-event.h"
+#include "socket-util.h"
+#include "util.h"
+
+#define BUFFER_SIZE 4096
+#define _cleanup_freeaddrinfo_ _cleanup_(freeaddrinfop)
+
+unsigned int total_clients = 0;
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct addrinfo *, freeaddrinfo);
+
+struct proxy {
+        int listen_fd;
+        bool ignore_env;
+        bool remote_is_inet;
+        const char *remote_host;
+        const char *remote_service;
+};
+
+struct connection {
+        int fd;
+        sd_event_source *w_recv;
+        sd_event_source *w_send;
+        struct connection *c_destination;
+        size_t buffer_filled_len;
+        size_t buffer_sent_len;
+        char buffer[BUFFER_SIZE];
+};
+
+/*
+static inline void freeaddrinfop(struct addrinfo **ai) {
+        if (*ai)
+                freeaddrinfo(*ai);
+}
+*/
+
+static void free_connection(struct connection *c) {
+        sd_event_source_unref(c->w_recv);
+        sd_event_source_unref(c->w_send);
+        close(c->fd);
+        free(c);
+}
+
+static int send_buffer(struct connection *sender) {
+        struct connection *receiver = sender->c_destination;
+        ssize_t len;
+        int r = 0;
+
+        /* We cannot assume that even a partial send() indicates that
+         * the next send() will block. Loop until it does. */
+        while (sender->buffer_filled_len > sender->buffer_sent_len) {
+                len = send(receiver->fd, &sender->buffer + sender->buffer_sent_len, sender->buffer_filled_len - sender->buffer_sent_len, 0);
+                if (len < 0) {
+                        if (errno != EWOULDBLOCK && errno != EAGAIN) {
+                                log_error("Error %d in send to fd=%d: %m", errno, receiver->fd);
+                                return -errno;
+                        }
+                        else {
+                                /* send() is in a blocking state. */
+                                break;
+                        }
+                }
+
+                /* len < 0 can't occur here. len == 0 is possible but
+                 * undefined behavior for non-blocking send(). */
+                assert(len > 0);
+                sender->buffer_sent_len += len;
+        }
+
+        /* Detect a would-block state or partial send. */
+        if (sender->buffer_filled_len > sender->buffer_sent_len) {
+
+                /* If the buffer is full, mute data coming from the sender. */
+                if (sender->buffer_filled_len == BUFFER_SIZE) {
+                    r = sd_event_source_set_enabled(sender->w_recv, SD_EVENT_OFF);
+                    if (r < 0) {
+                            log_error("Error %d muting recv for fd=%d: %s", r, sender->fd, strerror(-r));
+                            return r;
+                    }
+                }
+
+                /* Watch for when the recipient can be sent data again. */
+                r = sd_event_source_set_enabled(receiver->w_send, SD_EVENT_ON);
+                if (r < 0) {
+                        log_error("Error %d unmuting send for fd=%d: %s", r, receiver->fd, strerror(-r));
+                        return r;
+                }
+                log_debug("Done with recv for fd=%d. Waiting on send for fd=%d.", sender->fd, receiver->fd);
+                return r;
+        }
+
+        /* If we sent everything without blocking, the buffer is now empty. */
+        sender->buffer_filled_len = 0;
+        sender->buffer_sent_len = 0;
+
+        /* Unmute the sender, in case the buffer was full. */
+        r = sd_event_source_set_enabled(sender->w_recv, SD_EVENT_ON);
+        if (r < 0) {
+                log_error("Error %d unmuting recv for fd=%d: %s", r, sender->fd, strerror(-r));
+                return r;
+        }
+
+        /* Mute the recipient, as we have no data to send now. */
+        r = sd_event_source_set_enabled(receiver->w_send, SD_EVENT_OFF);
+        if (r < 0) {
+                log_error("Error %d muting send for fd=%d: %s", r, receiver->fd, strerror(-r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int transfer_data_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        struct connection *c = (struct connection *) userdata;
+        int r = 0;
+        ssize_t len;
+
+        assert(revents & (EPOLLIN | EPOLLOUT));
+
+        if (revents & EPOLLIN) {
+                log_debug("About to recv up to %lu bytes from fd=%d.", BUFFER_SIZE - c->buffer_filled_len, fd);
+
+                assert(s == c->w_recv);
+                len = recv(fd, &c->buffer + c->buffer_filled_len, BUFFER_SIZE - c->buffer_filled_len, 0);
+                if (len == 0) {
+                        log_debug("Clean disconnection.");
+                        total_clients--;
+                        free_connection(c->c_destination);
+                        free_connection(c);
+                        return 0;
+                } else if (len < 0) {
+                        log_error("Error %d in recv from fd=%d: %m", errno, fd);
+                        return -1;
+                }
+
+                c->buffer_filled_len += len;
+
+                /* Try sending the data immediately. */
+                return send_buffer(c);
+        }
+        else {
+                return send_buffer(c->c_destination);
+        }
+
+        return r;
+}
+
+/* Once sending to the server is unblocked, set up the real watchers. */
+static int connected_to_server_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        struct sd_event *e = NULL;
+        struct connection *c_server_to_client = (struct connection *) userdata;
+        struct connection *c_client_to_server = c_server_to_client->c_destination;
+        int r;
+
+        assert(revents & EPOLLOUT);
+
+        e = sd_event_get(s);
+
+        /* Cancel the initial write watcher for the server. */
+        sd_event_source_unref(s);
+
+        log_debug("Connected to server. Initializing watchers for receiving data.");
+
+        /* A disabled send watcher for the server. */
+        r = sd_event_add_io(e, c_server_to_client->fd, EPOLLOUT, transfer_data_cb, c_server_to_client, &c_server_to_client->w_send);
+        if (r < 0) {
+                log_error("Error %d creating send watcher for fd=%d: %s", r, c_server_to_client->fd, strerror(-r));
+                goto fail;
+        }
+        r = sd_event_source_set_enabled(c_server_to_client->w_send, SD_EVENT_OFF);
+        if (r < 0) {
+                log_error("Error %d muting send for fd=%d: %s", r, c_server_to_client->fd, strerror(-r));
+                goto finish;
+        }
+
+        /* A recv watcher for the server. */
+        r = sd_event_add_io(e, c_server_to_client->fd, EPOLLIN, transfer_data_cb, c_server_to_client, &c_server_to_client->w_recv);
+        if (r < 0) {
+                log_error("Error %d creating recv watcher for fd=%d: %s", r, c_server_to_client->fd, strerror(-r));
+                goto fail;
+        }
+
+        /* A disabled send watcher for the client. */
+        r = sd_event_add_io(e, c_client_to_server->fd, EPOLLOUT, transfer_data_cb, c_client_to_server, &c_client_to_server->w_send);
+        if (r < 0) {
+                log_error("Error %d creating send watcher for fd=%d: %s", r, c_client_to_server->fd, strerror(-r));
+                goto fail;
+        }
+        r = sd_event_source_set_enabled(c_client_to_server->w_send, SD_EVENT_OFF);
+        if (r < 0) {
+                log_error("Error %d muting send for fd=%d: %s", r, c_client_to_server->fd, strerror(-r));
+                goto finish;
+        }
+
+        /* A recv watcher for the client. */
+        r = sd_event_add_io(e, c_client_to_server->fd, EPOLLIN, transfer_data_cb, c_client_to_server, &c_client_to_server->w_recv);
+        if (r < 0) {
+                log_error("Error %d creating recv watcher for fd=%d: %s", r, c_client_to_server->fd, strerror(-r));
+                goto fail;
+        }
+
+goto finish;
+
+fail:
+        free_connection(c_client_to_server);
+        free_connection(c_server_to_client);
+
+finish:
+        return r;
+}
+
+static int get_server_connection_fd(const struct proxy *proxy) {
+        int server_fd;
+        int r = -EBADF;
+        int len;
+
+        if (proxy->remote_is_inet) {
+                int s;
+                _cleanup_freeaddrinfo_ struct addrinfo *result = NULL;
+                struct addrinfo hints = {.ai_family = AF_UNSPEC,
+                                         .ai_socktype = SOCK_STREAM,
+                                         .ai_flags = AI_PASSIVE};
+
+                log_debug("Looking up address info for %s:%s", proxy->remote_host, proxy->remote_service);
+                s = getaddrinfo(proxy->remote_host, proxy->remote_service, &hints, &result);
+                if (s != 0) {
+                        log_error("getaddrinfo error (%d): %s", s, gai_strerror(s));
+                        return r;
+                }
+
+                if (result == NULL) {
+                        log_error("getaddrinfo: no result");
+                        return r;
+                }
+
+                /* @TODO: Try connecting to all results instead of just the first. */
+                server_fd = socket(result->ai_family, result->ai_socktype | SOCK_NONBLOCK, result->ai_protocol);
+                if (server_fd < 0) {
+                        log_error("Error %d creating socket: %m", errno);
+                        return r;
+                }
+
+                r = connect(server_fd, result->ai_addr, result->ai_addrlen);
+                /* Ignore EINPROGRESS errors because they're expected for a non-blocking socket. */
+                if (r < 0 && errno != EINPROGRESS) {
+                        log_error("Error %d while connecting to socket %s:%s: %m", errno, proxy->remote_host, proxy->remote_service);
+                        return r;
+                }
+        }
+        else {
+                struct sockaddr_un remote;
+
+                server_fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
+                if (server_fd < 0) {
+                        log_error("Error %d creating socket: %m", errno);
+                        return -EBADFD;
+                }
+
+                remote.sun_family = AF_UNIX;
+                strncpy(remote.sun_path, proxy->remote_host, sizeof(remote.sun_path));
+                len = strlen(remote.sun_path) + sizeof(remote.sun_family);
+                r = connect(server_fd, (struct sockaddr *) &remote, len);
+                if (r < 0 && errno != EINPROGRESS) {
+                        log_error("Error %d while connecting to Unix domain socket %s: %m", errno, proxy->remote_host);
+                        return -EBADFD;
+                }
+        }
+
+        log_debug("Server connection is fd=%d", server_fd);
+        return server_fd;
+}
+
+static int accept_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        struct proxy *proxy = (struct proxy *) userdata;
+        struct connection *c_server_to_client;
+        struct connection *c_client_to_server;
+        int r = 0;
+        union sockaddr_union sa;
+        socklen_t salen = sizeof(sa);
+
+        assert(revents & EPOLLIN);
+
+        c_server_to_client = malloc(sizeof(struct connection));
+        if (c_server_to_client == NULL) {
+                log_oom();
+                goto fail;
+        }
+
+        c_client_to_server = malloc(sizeof(struct connection));
+        if (c_client_to_server == NULL) {
+                log_oom();
+                goto fail;
+        }
+
+        c_server_to_client->fd = get_server_connection_fd(proxy);
+        if (c_server_to_client->fd < 0) {
+                log_error("Error initiating server connection.");
+                goto fail;
+        }
+
+        /* Sockets inheriting from the non-blocking listen socket will
+         * also be non-blocking. */
+        c_client_to_server->fd = accept(fd, (struct sockaddr *) &sa, &salen);
+        if (c_client_to_server->fd < 0) {
+                log_error("Error accepting client connection.");
+                goto fail;
+        }
+
+        if (sa.sa.sa_family == AF_INET || sa.sa.sa_family == AF_INET6) {
+                char sa_str[INET6_ADDRSTRLEN];
+                const char *success;
+
+                success = inet_ntop(sa.sa.sa_family, &sa.in6.sin6_addr, sa_str, INET6_ADDRSTRLEN);
+                if (success == NULL)
+                        log_warning("Error %d calling inet_ntop: %m", errno);
+                else
+                        log_debug("Accepted client connection from %s as fd=%d", sa_str, c_client_to_server->fd);
+        }
+        else {
+                log_debug("Accepted client connection (non-IP) as fd=%d", c_client_to_server->fd);
+        }
+
+        total_clients++;
+        log_debug("Client successfully connected. Total clients: %u", total_clients);
+
+        /* Initialize watcher for send to server; this shows connectivity. */
+        r = sd_event_add_io(sd_event_get(s), c_server_to_client->fd, EPOLLOUT, connected_to_server_cb, c_server_to_client, &c_server_to_client->w_send);
+        if (r < 0) {
+                log_error("Error %d creating connectivity watcher for fd=%d: %s", r, c_server_to_client->fd, strerror(-r));
+                goto fail;
+        }
+
+        /* Allow lookups of the opposite connection. */
+        c_server_to_client->c_destination = c_client_to_server;
+        c_client_to_server->c_destination = c_server_to_client;
+
+        goto finish;
+
+fail:
+        log_warning("Accepting a client connection or connecting to the server failed.");
+        free_connection(c_client_to_server);
+        free_connection(c_server_to_client);
+
+finish:
+        /* Preserve the main loop even if a single proxy setup fails. */
+        return 0;
+}
+
+static int run_main_loop(struct proxy *proxy) {
+        int r = EXIT_SUCCESS;
+        struct sd_event *e = NULL;
+        sd_event_source *w_accept = NULL;
+
+        r = sd_event_new(&e);
+        if (r < 0)
+                goto finish;
+
+        r = fd_nonblock(proxy->listen_fd, true);
+        if (r < 0)
+                goto finish;
+
+        log_debug("Initializing main listener fd=%d", proxy->listen_fd);
+
+        sd_event_add_io(e, proxy->listen_fd, EPOLLIN, accept_cb, proxy, &w_accept);
+
+        log_debug("Initialized main listener. Entering loop.");
+
+        sd_event_loop(e);
+
+finish:
+        sd_event_source_unref(w_accept);
+        sd_event_unref(e);
+
+        return r;
+}
+
+static int help(void) {
+
+        printf("%s hostname-or-ip port-or-service\n"
+               "%s unix-domain-socket-path\n\n"
+               "Inherit a socket. Bidirectionally proxy.\n\n"
+               "  -h --help       Show this help\n"
+               "  --version       Print version and exit\n"
+               "  --ignore-env    Ignore expected systemd environment\n",
+               program_invocation_short_name,
+               program_invocation_short_name);
+
+        return 0;
+}
+
+static void version(void) {
+        puts(PACKAGE_STRING " sabridge");
+}
+
+static int parse_argv(int argc, char *argv[], struct proxy *p) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_IGNORE_ENV
+        };
+
+        static const struct option options[] = {
+                { "help",       no_argument, NULL, 'h'           },
+                { "version",    no_argument, NULL, ARG_VERSION   },
+                { "ignore-env", no_argument, NULL, ARG_IGNORE_ENV},
+                { NULL,         0,           NULL, 0             }
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case '?':
+                        return -EINVAL;
+
+                case ARG_VERSION:
+                        version();
+                        return 0;
+
+                case ARG_IGNORE_ENV:
+                        p->ignore_env = true;
+                        continue;
+
+                default:
+                        log_error("Unknown option code %c", c);
+                        return -EINVAL;
+                }
+        }
+
+        if (optind + 1 != argc && optind + 2 != argc) {
+                log_error("Incorrect number of positional arguments.");
+                help();
+                return -EINVAL;
+        }
+
+        p->remote_host = argv[optind];
+        assert(p->remote_host);
+
+        p->remote_is_inet = p->remote_host[0] != '/';
+
+        if (optind == argc - 2) {
+                if (!p->remote_is_inet) {
+                        log_error("A port or service is not allowed for Unix socket destinations.");
+                        help();
+                        return -EINVAL;
+                }
+                p->remote_service = argv[optind + 1];
+                assert(p->remote_service);
+        } else if (p->remote_is_inet) {
+                log_error("A port or service is required for IP destinations.");
+                help();
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        struct proxy p = {};
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv, &p);
+        if (r <= 0)
+                goto finish;
+
+        p.listen_fd = SD_LISTEN_FDS_START;
+
+        if (!p.ignore_env) {
+            int n;
+            n = sd_listen_fds(1);
+            if (n == 0) {
+                    log_error("Found zero inheritable sockets. Are you sure this is running as a socket-activated service?");
+                    r = EXIT_FAILURE;
+                    goto finish;
+            } else if (n < 0) {
+                    log_error("Error %d while finding inheritable sockets: %s", n, strerror(-n));
+                    r = EXIT_FAILURE;
+                    goto finish;
+            } else if (n > 1) {
+                    log_error("Can't listen on more than one socket.");
+                    r = EXIT_FAILURE;
+                    goto finish;
+            }
+        }
+
+        /* @TODO: Check if this proxy can work with datagram sockets. */
+        r = sd_is_socket(p.listen_fd, 0, SOCK_STREAM, 1);
+        if (r < 0) {
+                log_error("Error %d while checking inherited socket: %s", r, strerror(-r));
+                goto finish;
+        }
+
+        log_info("Starting the socket activation bridge with listener fd=%d.", p.listen_fd);
+
+        r = run_main_loop(&p);
+        if (r < 0) {
+                log_error("Error %d from main loop.", r);
+                goto finish;
+        }
+
+finish:
+        log_close();
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
-- 
1.8.3.1



More information about the systemd-devel mailing list