minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532283784
##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
// Create the pool for the server socket
serverSockPool = Pool.create(rootPool);
+
// Create the APR address that will be bound
- String addressStr = null;
- if (getAddress() != null) {
- addressStr = getAddress().getHostAddress();
- }
- int family = Socket.APR_INET;
- if (Library.APR_HAVE_IPV6) {
- if (addressStr == null) {
- if (!OS.IS_BSD) {
+ if (getPath() != null) {
+ if (Library.APR_HAVE_UNIX) {
+ hostname = getPath().toString();
+ family = Socket.APR_UNIX;
+ }
+ else {
+ throw new
Exception(sm.getString("endpoint.init.unixnotavail"));
+ }
+ }
+ else {
+
+ if (getAddress() != null) {
+ hostname = getAddress().getHostAddress();
+ }
+ family = Socket.APR_INET;
+ if (Library.APR_HAVE_IPV6) {
+ if (hostname == null) {
+ if (!OS.IS_BSD) {
+ family = Socket.APR_UNSPEC;
+ }
+ } else if (hostname.indexOf(':') >= 0) {
family = Socket.APR_UNSPEC;
}
- } else if (addressStr.indexOf(':') >= 0) {
- family = Socket.APR_UNSPEC;
}
- }
+ }
+
+ long sockAddress = Address.info(hostname, family, getPortWithOffset(),
0, rootPool);
- long inetAddress = Address.info(addressStr, family,
getPortWithOffset(), 0, rootPool);
// Create the APR server socket
- serverSock = Socket.create(Address.getInfo(inetAddress).family,
+ if (family == Socket.APR_UNIX) {
+ serverSock = Socket.create(family, Socket.SOCK_STREAM, 0,
rootPool);
+ }
+ else {
+ serverSock = Socket.create(Address.getInfo(sockAddress).family,
Socket.SOCK_STREAM,
Socket.APR_PROTO_TCP, rootPool);
- if (OS.IS_UNIX) {
- Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
- }
- if (Library.APR_HAVE_IPV6) {
- if (getIpv6v6only()) {
- Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
- } else {
- Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+ if (OS.IS_UNIX) {
+ Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+ }
+ if (Library.APR_HAVE_IPV6) {
+ if (getIpv6v6only()) {
+ Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+ } else {
+ Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+ }
}
+ // Deal with the firewalls that tend to drop the inactive sockets
+ Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
}
- // Deal with the firewalls that tend to drop the inactive sockets
- Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
// Bind the server socket
- int ret = Socket.bind(serverSock, inetAddress);
+ int ret = Socket.bind(serverSock, sockAddress);
if (ret != 0) {
throw new Exception(sm.getString("endpoint.init.bind", "" + ret,
Error.strerror(ret)));
}
+
// Start listening on the server socket
ret = Socket.listen(serverSock, getAcceptCount());
if (ret != 0) {
throw new Exception(sm.getString("endpoint.init.listen", "" + ret,
Error.strerror(ret)));
}
- if (OS.IS_WIN32 || OS.IS_WIN64) {
- // On Windows set the reuseaddr flag after the bind/listen
- Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+ if (family == Socket.APR_UNIX) {
Review comment:
Using additional directories is almost universal, this is the /var/run
directory on a CentOS8 machine:
```
[root@host run]# ls -al /var/run/
total 20
drwxr-xr-x. 37 root root 980 Nov 22 03:04 .
dr-xr-xr-x. 17 root root 248 Oct 19 22:35 ..
srw-rw-rw-. 1 root root 0 Nov 22 03:03
.heim_org.h5l.kcm-socket
drwxr-xr-x. 3 root root 100 Nov 22 03:03 NetworkManager
-rw-------. 1 root root 0 Nov 22 03:03 agetty.reload
-rw-r--r--. 1 root root 4 Nov 22 03:03 auditd.pid
drwxr-x---. 2 chrony chrony 80 Nov 30 01:08 chrony
drwxr-xr-x. 2 root root 80 Nov 22 03:03 chrony-helper
drwx--x---. 2 clamilt clamilt 60 Nov 22 03:04 clamav-milter
drwx--x---. 2 clamscan virusgroup 60 Nov 22 03:04 clamd.scan
drwxr-xr-x. 2 root root 40 Nov 22 03:03 console
----------. 1 root root 0 Nov 22 03:03 cron.reboot
drwx------. 2 root root 40 Nov 22 03:03 cryptsetup
drwxr-xr-x. 2 root root 60 Nov 22 03:03 dbus
drwxrwx---. 2 dirsrv dirsrv 80 Nov 22 03:04 dirsrv
prw-------. 1 root root 0 Nov 22 03:03 dmeventd-client
prw-------. 1 root root 0 Nov 22 03:03 dmeventd-server
drwxr-xr-x. 5 root dovecot 800 Nov 22 03:17 dovecot
drwxr-xr-x. 2 root root 40 Nov 22 03:03 faillock
drwxr-x---. 2 root root 40 Nov 22 03:03 firewalld
drwxr-xr-x. 2 root root 80 Nov 22 03:03 fsck
drwx--x---. 3 root apache 100 Nov 29 03:14 httpd
prw-------. 1 root root 0 Nov 22 03:03 initctl
drwxr-xr-x. 4 root root 120 Nov 22 03:03 initramfs
drwxr-xr-x. 5 root root 120 Nov 22 03:03 lock
drwxr-xr-x. 3 root root 60 Nov 22 03:03 log
drwx------. 4 root root 120 Nov 22 03:03 lvm
drwxr-xr-x. 2 root root 40 Nov 22 03:03 mount
drwxr-x---. 2 openarc openarc 80 Nov 22 03:03 openarc
drwxr-x---. 2 opendkim opendkim 80 Nov 22 03:03 opendkim
drwxr-x---. 2 opendmarc opendmarc 80 Nov 22 03:03 opendmarc
drwxr-xr-x. 2 root root 60 Nov 22 03:03 pcscd
drwxr-xr-x. 2 redis redis 60 Nov 22 03:03 redis
drwxr-xr-x. 2 _rspamd _rspamd 80 Nov 22 03:03 rspamd
-rw-------. 1 root root 4 Nov 22 03:03 rsyslogd.pid
drwxr-xr-x. 2 root root 40 Nov 22 03:03 samba
drwxr-xr-x. 2 root root 40 Nov 22 03:03 sepermit
drwxr-xr-x. 2 root root 40 Nov 22 03:03 setrans
srw-rw-rw-. 1 root root 0 Nov 22 03:04 slapd-beachfront.socket
-rw-r--r--. 1 root root 5 Nov 22 03:03 sshd.pid
-rw-------. 1 root root 4 Nov 22 03:03 sssd.pid
drwx--x--x. 3 root root 60 Nov 22 03:03 sudo
drwxr-xr-x. 17 root root 440 Nov 22 09:32 systemd
drwxr-xr-x. 2 root root 60 Nov 22 03:03 tmpfiles.d
drwxr-xr-x. 2 root root 60 Nov 22 03:03 tuned
drwxr-xr-x. 7 root root 160 Nov 22 03:03 udev
drwxr-xr-x. 2 unbound unbound 60 Nov 22 03:03 unbound
drwxr-xr-x. 3 root root 60 Nov 30 01:08 user
-rw-rw-r--. 1 root utmp 1920 Nov 30 01:08 utmp
```
Directories that need privacy, like openarc, are protected (contains a
socket).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
