From 8d1bbdba561110896a7c1357a2a8cc50395996f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 5 Jan 2014 16:24:16 -0500 Subject: [PATCH] Fix Distribute=n documentation --- man/systemd.socket.xml | 73 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 26 deletions(-) diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 46efdaa..5a1503c 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -405,23 +405,24 @@ listening sockets themselves are passed to the started service unit, and only one service unit is spawned - for all connections (also see - above). This value is ignored for - datagram sockets and FIFOs where a - single service unit unconditionally - handles all incoming traffic. Defaults - to . For + for all connections (also see above). + This value is ignored for datagram + sockets and FIFOs where a single + service unit unconditionally handles + all incoming traffic. Defaults to + . For performance reasons, it is recommended to write new daemons only in a way that is suitable for . A - daemon listening on an AF_UNIX socket + daemon listening on an + AF_UNIX socket may, but does not need to, call close2 - on the received socket before - exiting. However, it must not unlink - the socket from a file system. It - should not invoke + on the received socket before exiting. + However, it must not unlink the socket + from a file system. It should not + invoke shutdown2 on sockets it got with Accept=false, but @@ -433,7 +434,9 @@ inetd8 to work unmodified with systemd socket activation. Incompatible with - Distribute= + Distribute=n, + for non-zero n. + @@ -537,26 +540,44 @@ + Distribute= + Takes an integer + value. If positive, systemd will spawn + up to that many instances of the service, + all listening on the same port. In + this case the triggered service must + be a template unit (name ending in + @.service). If zero + (the default), just one, + non-instantiated service will be + started. + + This would normally be used with + ReusePort=true (see + below). Incompatible with + Accept=true. + + + + ReusePort= Takes a boolean value. If true, allows multiple bind2s to this TCP or UDP port. This controls the SO_REUSEPORT socket - option. See + option. Defaults to true if + Distribute=n + with n > 0 + is used, false otherwise. See socket7 - for details. - - - - Distribute= - Takes an integer - value. Systemd will spawn up to - given number of instances of service each - listening to the same socket. Default is 0. - Setting this requires corresponding service to - be an instansiated service (name ends with @.service). - Useful with ReusePort= above. - Incompatible with Accept=true. + for details. + + Note: when true, more than one + process of the same user may bind to + this port. This means that the + traditional defense against port + highjacking by listening on the port + is defeated. -- 1.8.4.2