tcp-socket-accept — accept incoming TCP connections and spawn a program per connection
tcp-socket-accept
[--verbose] [--no-keepalives] [--no-kill-IP-options] [--no-delay] [--connection-limit number
] [--localname hostname
] {next-prog
}
tcp-socket-accept expects file descriptor 3 to be a socket that has been set up with tcp-socket-listen(1) to listen for incoming TCP connections.
It loops forever, accepting TCP connections and (for each such connection) spawning next-prog
, closing the listening socket in the child process and setting the connected socket as the child process' standard input and standard output.
next-prog
may contain its own command line options, which tcp-socket-accept will ignore.
Following the UCSPI conventions, tcp-socket-accept sets up several environment variables containing information about the TCP connection.
PROTO
This always has the value TCP
.
TCPLOCALIP
The local (server) IP address of the accepted socket, in human-readable form.
TCPLOCALPORT
The local (server) port number of the accepted socket.
TCPLOCALHOST
The value of hostname
set by the
[--localname] option; guaranteed unset if that option is not used.
TCPREMOTEIP
The remote (client) IP address of the accepted socket, in human-readable form.
TCPREMOTEPORT
The remote (server) port number of the accepted socket.
TCPREMOTEINFO
Guaranteed unset.
TCPREMOTEHOST
Guaranteed unset.
If the --verbose option is used, tcp-socket-accept logs information about processes spawned and the current and maximum number of connections. The latter is set with the --connection-limit option, which defaults to 40. If it is reached, tcp-socket-accept stops accepting new connections until one or more child processes exit. tcp-socket-accept always limits the number of connections, and has no notion of an "unlimited" number of connections.
The --no-keepalives , --no-kill-IP-options , and --no-delay command line options set options on the accepted sockets. The first disables the use of TCP keepalive probes (which are used by default to ensure that dead connections are noticed and eliminated); the second permits IP options (which are removed by default) so that clients can set source routes; and the third disables the "Nagle" delay algorithm used for slow clients.
tcp-socket-accept can be used
Accept=false
),
wait
and as long as it is chained via fdmove 0 3
), and
Together, tcp-socket-accept and tcp-socket-listen(1) replace tcpserver(1) from ucspi-tcp.
To change the process' UID and GID after a successful call to accept(2), simply chain to setuidgid(1) or setuidgid-fromenv(1). This is, however, not usually necessary because unprivileged processes can accept any connections. It is preferable to chain tcp-socket-accept from setuidgid(1) or setuidgid-fromenv(1).