[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

Sun, 29 Nov 2020 15:12:59 -0800 


minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532283784



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       Using additional directories is almost universal, this is the /var/run 
directory on a CentOS8 machine:
   
   ```
   [root@host run]# ls -al /var/run/
   total 20
   drwxr-xr-x. 37 root      root        980 Nov 22 03:04 .
   dr-xr-xr-x. 17 root      root        248 Oct 19 22:35 ..
   srw-rw-rw-.  1 root      root          0 Nov 22 03:03 
.heim_org.h5l.kcm-socket
   drwxr-xr-x.  3 root      root        100 Nov 22 03:03 NetworkManager
   -rw-------.  1 root      root          0 Nov 22 03:03 agetty.reload
   -rw-r--r--.  1 root      root          4 Nov 22 03:03 auditd.pid
   drwxr-x---.  2 chrony    chrony       80 Nov 30 01:08 chrony
   drwxr-xr-x.  2 root      root         80 Nov 22 03:03 chrony-helper
   drwx--x---.  2 clamilt   clamilt      60 Nov 22 03:04 clamav-milter
   drwx--x---.  2 clamscan  virusgroup   60 Nov 22 03:04 clamd.scan
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 console
   ----------.  1 root      root          0 Nov 22 03:03 cron.reboot
   drwx------.  2 root      root         40 Nov 22 03:03 cryptsetup
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 dbus
   drwxrwx---.  2 dirsrv    dirsrv       80 Nov 22 03:04 dirsrv
   prw-------.  1 root      root          0 Nov 22 03:03 dmeventd-client
   prw-------.  1 root      root          0 Nov 22 03:03 dmeventd-server
   drwxr-xr-x.  5 root      dovecot     800 Nov 22 03:17 dovecot
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 faillock
   drwxr-x---.  2 root      root         40 Nov 22 03:03 firewalld
   drwxr-xr-x.  2 root      root         80 Nov 22 03:03 fsck
   drwx--x---.  3 root      apache      100 Nov 29 03:14 httpd
   prw-------.  1 root      root          0 Nov 22 03:03 initctl
   drwxr-xr-x.  4 root      root        120 Nov 22 03:03 initramfs
   drwxr-xr-x.  5 root      root        120 Nov 22 03:03 lock
   drwxr-xr-x.  3 root      root         60 Nov 22 03:03 log
   drwx------.  4 root      root        120 Nov 22 03:03 lvm
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 mount
   drwxr-x---.  2 openarc   openarc      80 Nov 22 03:03 openarc
   drwxr-x---.  2 opendkim  opendkim     80 Nov 22 03:03 opendkim
   drwxr-x---.  2 opendmarc opendmarc    80 Nov 22 03:03 opendmarc
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 pcscd
   drwxr-xr-x.  2 redis     redis        60 Nov 22 03:03 redis
   drwxr-xr-x.  2 _rspamd   _rspamd      80 Nov 22 03:03 rspamd
   -rw-------.  1 root      root          4 Nov 22 03:03 rsyslogd.pid
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 samba
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 sepermit
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 setrans
   srw-rw-rw-.  1 root      root          0 Nov 22 03:04 slapd-beachfront.socket
   -rw-r--r--.  1 root      root          5 Nov 22 03:03 sshd.pid
   -rw-------.  1 root      root          4 Nov 22 03:03 sssd.pid
   drwx--x--x.  3 root      root         60 Nov 22 03:03 sudo
   drwxr-xr-x. 17 root      root        440 Nov 22 09:32 systemd
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 tmpfiles.d
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 tuned
   drwxr-xr-x.  7 root      root        160 Nov 22 03:03 udev
   drwxr-xr-x.  2 unbound   unbound      60 Nov 22 03:03 unbound
   drwxr-xr-x.  3 root      root         60 Nov 30 01:08 user
   -rw-rw-r--.  1 root      utmp       1920 Nov 30 01:08 utmp
   ```
   
   Directories that need privacy, like openarc, are protected (contains a 
socket).
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to