int runsvdir_main(int argc UNUSED_PARAM, char **argv)
{
struct stat s;
dev_t last_dev = last_dev; /* for gcc */
ino_t last_ino = last_ino; /* for gcc */
time_t last_mtime = 0;
int wstat;
int curdir;
pid_t pid;
unsigned deadline;
unsigned now;
unsigned stampcheck;
int i;
int need_rescan = 1;
char *opt_s_argv[3];
INIT_G();
opt_complementary = "-1";
opt_s_argv[0] = NULL;
opt_s_argv[2] = NULL;
getopt32(argv, "Ps:", &opt_s_argv[0]);
argv += optind;
bb_signals(0
| (1 << SIGTERM)
| (1 << SIGHUP)
/* For busybox's init, SIGTERM == reboot,
* SIGUSR1 == halt
* SIGUSR2 == poweroff
* so we need to intercept SIGUSRn too.
* Note that we do not implement actual reboot
* (killall(TERM) + umount, etc), we just pause
* respawing and avoid exiting (-> making kernel oops).
* The user is responsible for the rest. */
| (getpid() == 1 ? ((1 << SIGUSR1) | (1 << SIGUSR2)) : 0)
, record_signo);
svdir = *argv++;
#if ENABLE_FEATURE_RUNSVDIR_LOG
/* setup log */
if (*argv) {
rplog = *argv;
rploglen = strlen(rplog);
if (rploglen < 7) {
warnx("log must have at least seven characters");
} else if (piped_pair(logpipe)) {
warnx("cannot create pipe for log");
} else {
close_on_exec_on(logpipe.rd);
close_on_exec_on(logpipe.wr);
ndelay_on(logpipe.rd);
ndelay_on(logpipe.wr);
if (dup2(logpipe.wr, 2) == -1) {
warnx("cannot set filedescriptor for log");
} else {
pfd[0].fd = logpipe.rd;
pfd[0].events = POLLIN;
stamplog = monotonic_sec();
goto run;
}
}
rplog = NULL;
warnx("log service disabled");
}
run:
#endif
curdir = open_read(".");
if (curdir == -1)
fatal2_cannot("open current directory", "");
close_on_exec_on(curdir);
stampcheck = monotonic_sec();
for (;;) {
/* collect children */
for (;;) {
pid = wait_any_nohang(&wstat);
if (pid <= 0)
break;
for (i = 0; i < svnum; i++) {
if (pid == sv[i].pid) {
/* runsv has died */
sv[i].pid = 0;
need_rescan = 1;
}
}
}
now = monotonic_sec();
if ((int)(now - stampcheck) >= 0) {
/* wait at least a second */
stampcheck = now + 1;
if (stat(svdir, &s) != -1) {
if (need_rescan || s.st_mtime != last_mtime
|| s.st_ino != last_ino || s.st_dev != last_dev
) {
/* svdir modified */
if (chdir(svdir) != -1) {
last_mtime = s.st_mtime;
last_dev = s.st_dev;
last_ino = s.st_ino;
//if (now <= mtime)
// sleep(1);
need_rescan = do_rescan();
while (fchdir(curdir) == -1) {
warn2_cannot("change directory, pausing", "");
sleep(5);
}
} else {
warn2_cannot("change directory to ", svdir);
}
}
} else {
warn2_cannot("stat ", svdir);
}
}
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (rplog) {
if ((int)(now - stamplog) >= 0) {
write(logpipe.wr, ".", 1);
stamplog = now + 900;
}
}
pfd[0].revents = 0;
#endif
deadline = (need_rescan ? 1 : 5);
sig_block(SIGCHLD);
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (rplog)
poll(pfd, 1, deadline*1000);
else
#endif
sleep(deadline);
sig_unblock(SIGCHLD);
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (pfd[0].revents & POLLIN) {
char ch;
while (read(logpipe.rd, &ch, 1) > 0) {
if (ch < ' ')
ch = ' ';
for (i = 6; i < rploglen; i++)
rplog[i-1] = rplog[i];
rplog[rploglen-1] = ch;
}
}
#endif
if (!bb_got_signal)
continue;
/* -s SCRIPT: useful if we are init.
* In this case typically script never returns,
* it halts/powers off/reboots the system. */
if (opt_s_argv[0]) {
/* Single parameter: signal# */
opt_s_argv[1] = utoa(bb_got_signal);
pid = spawn(opt_s_argv);
if (pid > 0) {
/* Remembering to wait for _any_ children,
* not just pid */
while (wait(NULL) != pid)
continue;
}
}
if (bb_got_signal == SIGHUP) {
for (i = 0; i < svnum; i++)
if (sv[i].pid)
kill(sv[i].pid, SIGTERM);
}
/* SIGHUP or SIGTERM (or SIGUSRn if we are init) */
/* Exit unless we are init */
if (getpid() != 1)
return (SIGHUP == bb_got_signal) ? 111 : EXIT_SUCCESS;
/* init continues to monitor services forever */
bb_got_signal = 0;
} /* for (;;) */
}
int runsv_main(int argc ATTRIBUTE_UNUSED, char **argv)
{
struct stat s;
int fd;
int r;
char buf[256];
INIT_G();
if (!argv[1] || argv[2])
bb_show_usage();
dir = argv[1];
xpiped_pair(selfpipe);
close_on_exec_on(selfpipe.rd);
close_on_exec_on(selfpipe.wr);
ndelay_on(selfpipe.rd);
ndelay_on(selfpipe.wr);
sig_block(SIGCHLD);
bb_signals_recursive(1 << SIGCHLD, s_child);
sig_block(SIGTERM);
bb_signals_recursive(1 << SIGTERM, s_term);
xchdir(dir);
/* bss: svd[0].pid = 0; */
if (S_DOWN) svd[0].state = S_DOWN; /* otherwise already 0 (bss) */
if (C_NOOP) svd[0].ctrl = C_NOOP;
if (W_UP) svd[0].want = W_UP;
/* bss: svd[0].islog = 0; */
/* bss: svd[1].pid = 0; */
gettimeofday_ns(&svd[0].start);
if (stat("down", &s) != -1) svd[0].want = W_DOWN;
if (stat("log", &s) == -1) {
if (errno != ENOENT)
warn_cannot("stat ./log");
} else {
if (!S_ISDIR(s.st_mode)) {
errno = 0;
warn_cannot("stat log/down: log is not a directory");
} else {
haslog = 1;
svd[1].state = S_DOWN;
svd[1].ctrl = C_NOOP;
svd[1].want = W_UP;
svd[1].islog = 1;
gettimeofday_ns(&svd[1].start);
if (stat("log/down", &s) != -1)
svd[1].want = W_DOWN;
xpiped_pair(logpipe);
close_on_exec_on(logpipe.rd);
close_on_exec_on(logpipe.wr);
}
}
if (mkdir("supervise", 0700) == -1) {
r = readlink("supervise", buf, sizeof(buf));
if (r != -1) {
if (r == sizeof(buf))
fatal2x_cannot("readlink ./supervise", ": name too long");
buf[r] = 0;
mkdir(buf, 0700);
} else {
if ((errno != ENOENT) && (errno != EINVAL))
fatal_cannot("readlink ./supervise");
}
}
svd[0].fdlock = xopen3("log/supervise/lock"+4,
O_WRONLY|O_NDELAY|O_APPEND|O_CREAT, 0600);
if (lock_exnb(svd[0].fdlock) == -1)
fatal_cannot("lock supervise/lock");
close_on_exec_on(svd[0].fdlock);
if (haslog) {
if (mkdir("log/supervise", 0700) == -1) {
r = readlink("log/supervise", buf, 256);
if (r != -1) {
if (r == 256)
fatal2x_cannot("readlink ./log/supervise", ": name too long");
buf[r] = 0;
fd = xopen(".", O_RDONLY|O_NDELAY);
xchdir("./log");
mkdir(buf, 0700);
if (fchdir(fd) == -1)
fatal_cannot("change back to service directory");
close(fd);
}
else {
if ((errno != ENOENT) && (errno != EINVAL))
fatal_cannot("readlink ./log/supervise");
}
}
svd[1].fdlock = xopen3("log/supervise/lock",
O_WRONLY|O_NDELAY|O_APPEND|O_CREAT, 0600);
if (lock_ex(svd[1].fdlock) == -1)
fatal_cannot("lock log/supervise/lock");
close_on_exec_on(svd[1].fdlock);
}
mkfifo("log/supervise/control"+4, 0600);
svd[0].fdcontrol = xopen("log/supervise/control"+4, O_RDONLY|O_NDELAY);
close_on_exec_on(svd[0].fdcontrol);
svd[0].fdcontrolwrite = xopen("log/supervise/control"+4, O_WRONLY|O_NDELAY);
close_on_exec_on(svd[0].fdcontrolwrite);
update_status(&svd[0]);
if (haslog) {
mkfifo("log/supervise/control", 0600);
svd[1].fdcontrol = xopen("log/supervise/control", O_RDONLY|O_NDELAY);
close_on_exec_on(svd[1].fdcontrol);
svd[1].fdcontrolwrite = xopen("log/supervise/control", O_WRONLY|O_NDELAY);
close_on_exec_on(svd[1].fdcontrolwrite);
update_status(&svd[1]);
}
mkfifo("log/supervise/ok"+4, 0600);
fd = xopen("log/supervise/ok"+4, O_RDONLY|O_NDELAY);
close_on_exec_on(fd);
if (haslog) {
mkfifo("log/supervise/ok", 0600);
fd = xopen("log/supervise/ok", O_RDONLY|O_NDELAY);
close_on_exec_on(fd);
}
for (;;) {
struct pollfd x[3];
unsigned deadline;
char ch;
if (haslog)
if (!svd[1].pid && svd[1].want == W_UP)
startservice(&svd[1]);
if (!svd[0].pid)
if (svd[0].want == W_UP || svd[0].state == S_FINISH)
startservice(&svd[0]);
x[0].fd = selfpipe.rd;
x[0].events = POLLIN;
x[1].fd = svd[0].fdcontrol;
x[1].events = POLLIN;
/* x[2] is used only if haslog == 1 */
x[2].fd = svd[1].fdcontrol;
x[2].events = POLLIN;
sig_unblock(SIGTERM);
sig_unblock(SIGCHLD);
poll(x, 2 + haslog, 3600*1000);
sig_block(SIGTERM);
sig_block(SIGCHLD);
while (read(selfpipe.rd, &ch, 1) == 1)
continue;
for (;;) {
int child;
int wstat;
child = wait_any_nohang(&wstat);
if (!child)
break;
if ((child == -1) && (errno != EINTR))
break;
if (child == svd[0].pid) {
svd[0].pid = 0;
pidchanged = 1;
svd[0].ctrl &=~ C_TERM;
if (svd[0].state != S_FINISH) {
fd = open_read("finish");
if (fd != -1) {
close(fd);
svd[0].state = S_FINISH;
update_status(&svd[0]);
continue;
}
}
svd[0].state = S_DOWN;
deadline = svd[0].start.tv_sec + 1;
gettimeofday_ns(&svd[0].start);
update_status(&svd[0]);
if (LESS(svd[0].start.tv_sec, deadline))
sleep(1);
}
if (haslog) {
if (child == svd[1].pid) {
svd[1].pid = 0;
pidchanged = 1;
svd[1].state = S_DOWN;
svd[1].ctrl &= ~C_TERM;
deadline = svd[1].start.tv_sec + 1;
gettimeofday_ns(&svd[1].start);
update_status(&svd[1]);
if (LESS(svd[1].start.tv_sec, deadline))
sleep(1);
}
}
} /* for (;;) */
if (read(svd[0].fdcontrol, &ch, 1) == 1)
ctrl(&svd[0], ch);
if (haslog)
if (read(svd[1].fdcontrol, &ch, 1) == 1)
ctrl(&svd[1], ch);
if (sigterm) {
ctrl(&svd[0], 'x');
sigterm = 0;
}
if (svd[0].want == W_EXIT && svd[0].state == S_DOWN) {
if (svd[1].pid == 0)
_exit(EXIT_SUCCESS);
if (svd[1].want != W_EXIT) {
svd[1].want = W_EXIT;
/* stopservice(&svd[1]); */
update_status(&svd[1]);
close(logpipe.wr);
close(logpipe.rd);
}
}
} /* for (;;) */
/* not reached */
return 0;
}
int tcpudpsvd_main(int argc UNUSED_PARAM, char **argv)
{
char *str_C, *str_t;
char *user;
struct hcc *hccp;
const char *instructs;
char *msg_per_host = NULL;
unsigned len_per_host = len_per_host; /* gcc */
#ifndef SSLSVD
struct bb_uidgid_t ugid;
#endif
bool tcp;
uint16_t local_port;
char *preset_local_hostname = NULL;
char *remote_hostname = remote_hostname; /* for compiler */
char *remote_addr = remote_addr; /* for compiler */
len_and_sockaddr *lsa;
len_and_sockaddr local, remote;
socklen_t sa_len;
int pid;
int sock;
int conn;
unsigned backlog = 20;
unsigned opts;
INIT_G();
tcp = (applet_name[0] == 't');
/* 3+ args, -i at most once, -p implies -h, -v is counter, -b N, -c N */
opt_complementary = "-3:i--i:ph:vv:b+:c+";
#ifdef SSLSVD
opts = getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:vU:/:Z:K:",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &ssluser, &root, &cert, &key, &verbose
);
#else
/* "+": stop on first non-option */
opts = getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:v",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &verbose
);
#endif
if (opts & OPT_C) { /* -C n[:message] */
max_per_host = bb_strtou(str_C, &str_C, 10);
if (str_C[0]) {
if (str_C[0] != ':')
bb_show_usage();
msg_per_host = str_C + 1;
len_per_host = strlen(msg_per_host);
}
}
if (max_per_host > cmax)
max_per_host = cmax;
if (opts & OPT_u) {
xget_uidgid(&ugid, user);
}
#ifdef SSLSVD
if (opts & OPT_U) ssluser = optarg;
if (opts & OPT_slash) root = optarg;
if (opts & OPT_Z) cert = optarg;
if (opts & OPT_K) key = optarg;
#endif
argv += optind;
if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
argv[0] = (char*)"0.0.0.0";
/* Per-IP flood protection is not thought-out for UDP */
if (!tcp)
max_per_host = 0;
bb_sanitize_stdio(); /* fd# 0,1,2 must be opened */
#ifdef SSLSVD
sslser = user;
client = 0;
if ((getuid() == 0) && !(opts & OPT_u)) {
xfunc_exitcode = 100;
bb_error_msg_and_die(bb_msg_you_must_be_root);
}
if (opts & OPT_u)
if (!uidgid_get(&sslugid, ssluser, 1)) {
if (errno) {
bb_perror_msg_and_die("can't get user/group: %s", ssluser);
}
bb_error_msg_and_die("unknown user/group %s", ssluser);
}
if (!cert) cert = "./cert.pem";
if (!key) key = cert;
if (matrixSslOpen() < 0)
fatal("can't initialize ssl");
if (matrixSslReadKeys(&keys, cert, key, 0, ca) < 0) {
if (client)
fatal("can't read cert, key, or ca file");
fatal("can't read cert or key file");
}
if (matrixSslNewSession(&ssl, keys, 0, SSL_FLAGS_SERVER) < 0)
fatal("can't create ssl session");
#endif
sig_block(SIGCHLD);
signal(SIGCHLD, sig_child_handler);
bb_signals(BB_FATAL_SIGS, sig_term_handler);
signal(SIGPIPE, SIG_IGN);
if (max_per_host)
ipsvd_perhost_init(cmax);
local_port = bb_lookup_port(argv[1], tcp ? "tcp" : "udp", 0);
lsa = xhost2sockaddr(argv[0], local_port);
argv += 2;
sock = xsocket(lsa->u.sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
sa_len = lsa->len; /* I presume sockaddr len stays the same */
xbind(sock, &lsa->u.sa, sa_len);
if (tcp) {
xlisten(sock, backlog);
close_on_exec_on(sock);
} else { /* udp: needed for recv_from_to to work: */
socket_want_pktinfo(sock);
}
/* ndelay_off(sock); - it is the default I think? */
#ifndef SSLSVD
if (opts & OPT_u) {
/* drop permissions */
xsetgid(ugid.gid);
xsetuid(ugid.uid);
}
#endif
if (verbose) {
char *addr = xmalloc_sockaddr2dotted(&lsa->u.sa);
if (opts & OPT_u)
bb_error_msg("listening on %s, starting, uid %u, gid %u", addr,
(unsigned)ugid.uid, (unsigned)ugid.gid);
else
bb_error_msg("listening on %s, starting", addr);
free(addr);
}
/* Main accept() loop */
again:
hccp = NULL;
while (cnum >= cmax)
wait_for_any_sig(); /* expecting SIGCHLD */
/* Accept a connection to fd #0 */
again1:
close(0);
again2:
sig_unblock(SIGCHLD);
local.len = remote.len = sa_len;
if (tcp) {
conn = accept(sock, &remote.u.sa, &remote.len);
} else {
/* In case recv_from_to won't be able to recover local addr.
* Also sets port - recv_from_to is unable to do it. */
local = *lsa;
conn = recv_from_to(sock, NULL, 0, MSG_PEEK,
&remote.u.sa, &local.u.sa, sa_len);
}
sig_block(SIGCHLD);
if (conn < 0) {
if (errno != EINTR)
bb_perror_msg(tcp ? "accept" : "recv");
goto again2;
}
xmove_fd(tcp ? conn : sock, 0);
if (max_per_host) {
/* Drop connection immediately if cur_per_host > max_per_host
* (minimizing load under SYN flood) */
remote_addr = xmalloc_sockaddr2dotted_noport(&remote.u.sa);
cur_per_host = ipsvd_perhost_add(remote_addr, max_per_host, &hccp);
if (cur_per_host > max_per_host) {
/* ipsvd_perhost_add detected that max is exceeded
* (and did not store ip in connection table) */
free(remote_addr);
if (msg_per_host) {
/* don't block or test for errors */
send(0, msg_per_host, len_per_host, MSG_DONTWAIT);
}
goto again1;
}
/* NB: remote_addr is not leaked, it is stored in conn table */
}
if (!tcp) {
/* Voodoo magic: making udp sockets each receive its own
* packets is not trivial, and I still not sure
* I do it 100% right.
* 1) we have to do it before fork()
* 2) order is important - is it right now? */
/* Open new non-connected UDP socket for further clients... */
sock = xsocket(lsa->u.sa.sa_family, SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
/* Make plain write/send work for old socket by supplying default
* destination address. This also restricts incoming packets
* to ones coming from this remote IP. */
xconnect(0, &remote.u.sa, sa_len);
/* hole? at this point we have no wildcard udp socket...
* can this cause clients to get "port unreachable" icmp?
* Yup, time window is very small, but it exists (is it?) */
/* ..."open new socket", continued */
xbind(sock, &lsa->u.sa, sa_len);
socket_want_pktinfo(sock);
/* Doesn't work:
* we cannot replace fd #0 - we will lose pending packet
* which is already buffered for us! And we cannot use fd #1
* instead - it will "intercept" all following packets, but child
* does not expect data coming *from fd #1*! */
#if 0
/* Make it so that local addr is fixed to localp->u.sa
* and we don't accidentally accept packets to other local IPs. */
/* NB: we possibly bind to the _very_ same_ address & port as the one
* already bound in parent! This seems to work in Linux.
* (otherwise we can move socket to fd #0 only if bind succeeds) */
close(0);
set_nport(localp, htons(local_port));
xmove_fd(xsocket(localp->u.sa.sa_family, SOCK_DGRAM, 0), 0);
setsockopt_reuseaddr(0); /* crucial */
xbind(0, &localp->u.sa, localp->len);
#endif
}
pid = vfork();
if (pid == -1) {
bb_perror_msg("vfork");
goto again;
}
if (pid != 0) {
/* Parent */
cnum++;
if (verbose)
connection_status();
if (hccp)
hccp->pid = pid;
/* clean up changes done by vforked child */
undo_xsetenv();
goto again;
}
/* Child: prepare env, log, and exec prog */
{ /* vfork alert! every xmalloc in this block should be freed! */
char *local_hostname = local_hostname; /* for compiler */
char *local_addr = NULL;
char *free_me0 = NULL;
char *free_me1 = NULL;
char *free_me2 = NULL;
if (verbose || !(opts & OPT_E)) {
if (!max_per_host) /* remote_addr is not yet known */
free_me0 = remote_addr = xmalloc_sockaddr2dotted(&remote.u.sa);
if (opts & OPT_h) {
free_me1 = remote_hostname = xmalloc_sockaddr2host_noport(&remote.u.sa);
if (!remote_hostname) {
bb_error_msg("can't look up hostname for %s", remote_addr);
remote_hostname = remote_addr;
}
}
/* Find out local IP peer connected to.
* Errors ignored (I'm not paranoid enough to imagine kernel
* which doesn't know local IP). */
if (tcp)
getsockname(0, &local.u.sa, &local.len);
/* else: for UDP it is done earlier by parent */
local_addr = xmalloc_sockaddr2dotted(&local.u.sa);
if (opts & OPT_h) {
local_hostname = preset_local_hostname;
if (!local_hostname) {
free_me2 = local_hostname = xmalloc_sockaddr2host_noport(&local.u.sa);
if (!local_hostname)
bb_error_msg_and_die("can't look up hostname for %s", local_addr);
}
/* else: local_hostname is not NULL, but is NOT malloced! */
}
}
if (verbose) {
pid = getpid();
if (max_per_host) {
bb_error_msg("concurrency %s %u/%u",
remote_addr,
cur_per_host, max_per_host);
}
bb_error_msg((opts & OPT_h)
? "start %u %s-%s (%s-%s)"
: "start %u %s-%s",
pid,
local_addr, remote_addr,
local_hostname, remote_hostname);
}
if (!(opts & OPT_E)) {
/* setup ucspi env */
const char *proto = tcp ? "TCP" : "UDP";
#ifdef SO_ORIGINAL_DST
/* Extract "original" destination addr:port
* from Linux firewall. Useful when you redirect
* an outbond connection to local handler, and it needs
* to know where it originally tried to connect */
if (tcp && getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &local.u.sa, &local.len) == 0) {
char *addr = xmalloc_sockaddr2dotted(&local.u.sa);
xsetenv_plain("TCPORIGDSTADDR", addr);
free(addr);
}
#endif
xsetenv_plain("PROTO", proto);
xsetenv_proto(proto, "LOCALADDR", local_addr);
xsetenv_proto(proto, "REMOTEADDR", remote_addr);
if (opts & OPT_h) {
xsetenv_proto(proto, "LOCALHOST", local_hostname);
xsetenv_proto(proto, "REMOTEHOST", remote_hostname);
}
//compat? xsetenv_proto(proto, "REMOTEINFO", "");
/* additional */
if (cur_per_host > 0) /* can not be true for udp */
xsetenv_plain("TCPCONCURRENCY", utoa(cur_per_host));
}
free(local_addr);
free(free_me0);
free(free_me1);
free(free_me2);
}
xdup2(0, 1);
signal(SIGPIPE, SIG_DFL); /* this one was SIG_IGNed */
/* Non-ignored signals revert to SIG_DFL on exec anyway */
/*signal(SIGCHLD, SIG_DFL);*/
sig_unblock(SIGCHLD);
#ifdef SSLSVD
strcpy(id, utoa(pid));
ssl_io(0, argv);
bb_perror_msg_and_die("can't execute '%s'", argv[0]);
#else
BB_EXECVP_or_die(argv);
#endif
}
