<div dir="ltr"><div dir="ltr">On Tue, Jan 28, 2020 at 4:23 PM Tiwari, Hari Sahaya <<a href="mailto:hari-sahaya.tiwari@hpe.com">hari-sahaya.tiwari@hpe.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-GB">
<div class="gmail-m_7396009895599373125WordSection1">
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">I am trying to implement a client server program over SSL through systemd.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">Here I have a TCP systemd socket (listening on a predefined port) and its associated service.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">systemd socket file:-<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># cat /usr/lib/systemd/system/test_ssl.socket<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Unit]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Description=Test socket<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Socket]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">ListenStream=2000<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Accept=true<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">MaxConnections=900<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Install]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">WantedBy=sockets.target<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">systemd service file:-<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># cat /usr/lib/systemd/system/test_ssl@.service<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Unit]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Description= Test Service<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Requires=test_ssl.socket<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Service]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">ExecStart=/home/SSL/server
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">StandardInput=socket<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">KillMode=process<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[Install]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">WantedBy=multi-user.target<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal">The service file invoke the binary /home/SSL/server.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here is it a very simple client server program, where<u></u><u></u></p>
<p class="gmail-m_7396009895599373125MsoListParagraph"><u></u><span>1.<span style="font:7pt "Times New Roman"">
</span></span><u></u>Server binds and listens on a port number.</p></div></div></blockquote><div>You need to remove this part if you want to use socket activation. The whole point of .socket units here is that systemd binds to the socket and passes the fd over to your service. If your service ignores the received fd and tries to create its own socket, it will never be able to receive the connections.</div><div><br></div><div>By default, the service would receive the sockets as fd#3 and ahove (see <a href="https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html">https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html</a> for documentation), but because you use StandardInput=socket, it will receive the socket as fd#1.</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-GB"><div class="gmail-m_7396009895599373125WordSection1"><p class="gmail-m_7396009895599373125MsoListParagraph"><u></u><u></u></p>
<p class="gmail-m_7396009895599373125MsoListParagraph"><u></u><span>2.<span style="font:7pt "Times New Roman"">
</span></span><u></u>Client first connects to server with normal connect (server will do accept)</p></div></div></blockquote><div>Your .socket specifies Accept=true, so you should remove this part as well: the option means that systemd itself will accept the connection and only hand your server the accepted socket.</div><div> </div></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Mantas Mikulėnas</div></div></div>