[systemd-devel] [PATCH] add REMOTE_ADDR and REMOTE_PORT for Accept=yes
Shawn Landden
shawn at churchofgit.com
Mon Mar 9 13:09:04 PDT 2015
---
TODO | 2 -
man/systemd.socket.xml | 6 ++-
src/core/service.c | 35 +++++++++++++-
src/libsystemd/sd-resolve/test-resolve.c | 2 +-
src/shared/socket-util.c | 80 ++++++++++++++++++--------------
src/shared/socket-util.h | 4 +-
src/timesync/timesyncd-server.h | 2 +-
7 files changed, 88 insertions(+), 43 deletions(-)
diff --git a/TODO b/TODO
index ae32388..780084a 100644
--- a/TODO
+++ b/TODO
@@ -164,8 +164,6 @@ Features:
* as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html
-* set $REMOTE_IP (or $REMOTE_ADDR/$REMOTE_PORT) environment variable when doing per-connection socket activation. use format introduced by xinetd or CGI for this
-
* the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat!
* in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 3938345..20f1e0c 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -357,7 +357,11 @@
daemons designed for usage with
<citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to work unmodified with systemd socket
- activation.</para></listitem>
+ activation.</para>
+ <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
+ environment variable will be set with remote IP, and <varname>REMOTE_PORT</varname>
+ environment variable set to the remote port, similar to CGI
+ (for SOCK_RAW the port is the IP protocol).</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/core/service.c b/src/core/service.c
index cc4ea19..89feec4 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1095,7 +1095,7 @@ static int service_spawn(
if (r < 0)
goto fail;
- our_env = new0(char*, 4);
+ our_env = new0(char*, 6);
if (!our_env) {
r = -ENOMEM;
goto fail;
@@ -1119,6 +1119,39 @@ static int service_spawn(
goto fail;
}
+ if (UNIT_DEREF(s->accept_socket)) {
+ union sockaddr_union sa;
+ socklen_t salen = sizeof(sa);
+
+ r = getpeername(s->socket_fd, &sa.sa, &salen);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ if (sa.sa.sa_family == AF_INET ||
+ sa.sa.sa_family == AF_INET6) {
+ _cleanup_free_ char *addr = NULL;
+ uint16_t port = (uint16_t)sockaddr_port(&sa);
+
+ r = sockaddr_pretty(&sa.sa, salen, true, false, &addr);
+ if (r < 0)
+ goto fail;
+
+ if (!(our_env[n_env++] = strappend("REMOTE_ADDR=", addr))) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ if (asprintf(our_env + n_env++,
+ "REMOTE_PORT=%u",
+ port) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ }
+ }
+
final_env = strv_env_merge(2, UNIT(s)->manager->environment, our_env, NULL);
if (!final_env) {
r = -ENOMEM;
diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c
index 3187ce9..354a407 100644
--- a/src/libsystemd/sd-resolve/test-resolve.c
+++ b/src/libsystemd/sd-resolve/test-resolve.c
@@ -46,7 +46,7 @@ static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrin
for (i = ai; i; i = i->ai_next) {
_cleanup_free_ char *addr = NULL;
- assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, &addr) == 0);
+ assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
puts(addr);
}
diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c
index 74d90fa..d7d34f8 100644
--- a/src/shared/socket-util.c
+++ b/src/shared/socket-util.c
@@ -297,7 +297,7 @@ int socket_address_print(const SocketAddress *a, char **ret) {
return 0;
}
- return sockaddr_pretty(&a->sockaddr.sa, a->size, false, ret);
+ return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
}
bool socket_address_can_accept(const SocketAddress *a) {
@@ -466,7 +466,17 @@ bool socket_address_matches_fd(const SocketAddress *a, int fd) {
return socket_address_equal(a, &b);
}
-int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret) {
+int sockaddr_port(const union sockaddr_union *sa) {
+ assert_return(sa->sa.sa_family == AF_INET6 ||
+ sa->sa.sa_family == AF_INET,
+ -ENOTSUP);
+
+ return ntohs(sa->sa.sa_family == AF_INET6 ?
+ sa->in6.sin6_port :
+ sa->in.sin_port);
+}
+
+int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
union sockaddr_union *sa = (union sockaddr_union*) _sa;
char *p;
@@ -475,42 +485,40 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
switch (sa->sa.sa_family) {
- case AF_INET: {
- uint32_t a;
-
- a = ntohl(sa->in.sin_addr.s_addr);
-
- if (asprintf(&p,
- "%u.%u.%u.%u:%u",
- a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
- ntohs(sa->in.sin_port)) < 0)
- return -ENOMEM;
-
- break;
- }
-
+ case AF_INET:
case AF_INET6: {
- static const unsigned char ipv4_prefix[] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
- };
-
- if (translate_ipv6 && memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
- const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
+ char a[MAX(INET6_ADDRSTRLEN, INET_ADDRSTRLEN)];
+ const char *addr;
+ bool ipv4_mapped = false;
+
+ if (inet_ntop(sa->sa.sa_family,
+ /* this field of the API is kinda braindead,
+ * should take head of struct so it can be passed the union...*/
+ sa->sa.sa_family == AF_INET6 ?
+ &sa->in6.sin6_addr :
+ &sa->in.sin_addr,
+ a, sizeof(a)) == NULL)
+ return -ENOMEM;
+
+ /* glibc inet_ntop() presents v4-mapped addresses in ::ffff:a.b.c.d form */
+ if (translate_ipv6 && sa->sa.sa_family == AF_INET6 && strchr(a, '.')) {
+ ipv4_mapped = true;
+ addr = strempty(startswith(a, "::ffff:"));
+ } else
+ addr = &a[0];
+
+ if (include_port) {
+ uint16_t port = (uint16_t)sockaddr_port(sa);
if (asprintf(&p,
- "%u.%u.%u.%u:%u",
- a[0], a[1], a[2], a[3],
- ntohs(sa->in6.sin6_port)) < 0)
+ sa->sa.sa_family == AF_INET6 && !ipv4_mapped ?
+ "[%s]:%u" :
+ "%s:%u",
+ addr, port) < 0)
return -ENOMEM;
- } else {
- char a[INET6_ADDRSTRLEN];
-
- if (asprintf(&p,
- "[%s]:%u",
- inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a)),
- ntohs(sa->in6.sin6_port)) < 0)
+ } else
+ if (!(p = strdup(addr)))
return -ENOMEM;
- }
break;
}
@@ -584,7 +592,7 @@ int getpeername_pretty(int fd, char **ret) {
/* For remote sockets we translate IPv6 addresses back to IPv4
* if applicable, since that's nicer. */
- return sockaddr_pretty(&sa.sa, salen, true, ret);
+ return sockaddr_pretty(&sa.sa, salen, true, true, ret);
}
int getsockname_pretty(int fd, char **ret) {
@@ -602,7 +610,7 @@ int getsockname_pretty(int fd, char **ret) {
* listening sockets where the difference between IPv4 and
* IPv6 matters. */
- return sockaddr_pretty(&sa.sa, salen, false, ret);
+ return sockaddr_pretty(&sa.sa, salen, false, true, ret);
}
int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
@@ -616,7 +624,7 @@ int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret)
if (r != 0) {
int saved_errno = errno;
- r = sockaddr_pretty(&sa->sa, salen, true, &ret);
+ r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
if (r < 0)
return log_error_errno(r, "sockadd_pretty() failed: %m");
diff --git a/src/shared/socket-util.h b/src/shared/socket-util.h
index 2d2b902..96d1f82 100644
--- a/src/shared/socket-util.h
+++ b/src/shared/socket-util.h
@@ -97,7 +97,9 @@ const char* socket_address_get_path(const SocketAddress *a);
bool socket_ipv6_is_supported(void);
-int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret);
+int sockaddr_port(const union sockaddr_union *sa) _pure_;
+
+int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret);
int getpeername_pretty(int fd, char **ret);
int getsockname_pretty(int fd, char **ret);
diff --git a/src/timesync/timesyncd-server.h b/src/timesync/timesyncd-server.h
index 243b44a..18c4444 100644
--- a/src/timesync/timesyncd-server.h
+++ b/src/timesync/timesyncd-server.h
@@ -59,7 +59,7 @@ struct ServerName {
int server_address_new(ServerName *n, ServerAddress **ret, const union sockaddr_union *sockaddr, socklen_t socklen);
ServerAddress* server_address_free(ServerAddress *a);
static inline int server_address_pretty(ServerAddress *a, char **pretty) {
- return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, pretty);
+ return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, true, pretty);
}
int server_name_new(Manager *m, ServerName **ret, ServerType type,const char *string);
--
2.2.1.209.g41e5f3a
More information about the systemd-devel
mailing list