[tor-dev] RFC patch: systemd socket activation

Marti Raudsepp marti at juffo.org
Sun May 19 14:37:12 UTC 2013

Hi list,

The attached patch implements support for systemd socket activation.

For people who don't know what that is: systemd is an "init" system
for Linux. Socket activation means that systemd binds all the sockets
in advance, and only spawns Tor once somebody attempts to connect.

More information here: http://0pointer.de/blog/projects/socket-activation.html

I rarely use Tor, so there's no reason to have it running all the time
(wasting battery on my laptop), but it's also annoying to launch it
manually every time. Socket activation is ideal for this use case.

There are 3 changes to the startup process:
1. Before loading the configuration, Tor identifies all sockets passed
in by systemd and creates pending_socket_t objects. I considered
reusing connection_t, but that seemed to require way more modification
to the code.
2. After parsing configuration, when Tor would otherwise create new
listeners, it first tries to match up the address/port to existing
pending sockets. If a pending socket does not match, it opens a new
one as usual.
3. After configuration parsing is done, Tor closes all remaining
unmatched systemd sockets and logs a warning for each one.

This infrastructure can also be used to support "launch-on-demand"
with launchd on OS X, but I have no experience with that.

Known problems:
* TCP and UDP sockets work, but Unix sockets are not currently yet implemented.
* It's impossible to support hibernation as is for systemd sockets --
the systemd daemon still keeps a reference to the listener socket even
after we close it, and it's impossible to re-bind the port later.
* Closing unmatched sockets is a bad idea for the same reason: systemd
still keeps it open and connections hang forever. Perhaps a better
solution is to keep the socket and simply reject all connections,
ditto hibernating connections?

I have added the source of sd-daemon.c into Tor -- it's easier to
manage this way and we don't introduce any new library dependencies
(it's 804 LoC total). This approach is also encouraged by systemd
itself. The code turns into a no-op when built on Windows.

Full patch is attached, also available as individual commits from my
GitHub clone (branch "systemd"):

-------------- next part --------------
A non-text attachment was scrubbed...
Name: tor-systemd.patch
Type: application/octet-stream
Size: 40044 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130519/4a420a46/attachment-0001.obj>

More information about the tor-dev mailing list