[Whonix-devel] [Install] for static systemd unit file?
Patrick Schleizer
patrick-mailinglists at whonix.org
Thu Mar 2 18:51:00 CET 2017
Felipe Sateler:
> On Wed, Mar 1, 2017 at 11:39 PM, Patrick Schleizer
> <patrick-mailinglists at whonix.org> wrote:
>> Felipe Sateler:
>>> On Wed, Mar 1, 2017 at 9:50 PM, Patrick Schleizer
>>> <patrick-mailinglists at whonix.org> wrote:
>>>> Felipe Sateler:
>>>>> On Wed, Mar 1, 2017 at 5:51 PM, Patrick Schleizer
>>>>> <patrick-mailinglists at whonix.org> wrote:
>>>>>> Michael Biebl:
>>>>>>> Am 01.03.2017 um 21:35 schrieb Patrick Schleizer:
>>>>>>>> Hi!
>>>>>>>>
>>>>>>>> TLDR:
>>>>>>>>
>>>>>>>> How should the [Install] section for static systemd unit file look like?
>>>>>>>
>>>>>>> The obvious question is: why does this service need to be statically
>>>>>>> enabled?
>>>>>>
>>>>>> Given the example... With this socket / service file combination, I
>>>>>> wouldn't know how to enable the service non-statically.
>>>>>
>>>>> WantedBy=multi-user.target
>>>>>
>>>>>> In the current
>>>>>> implementation it looks to me right, and works.
>>>>>>
>>>>>> I am still interested to do things the right way. Hence, I am asking
>>>>>> here for advice.
>>>>>
>>>>> Is there a reason you *don't* want to start your service until it is
>>>>> activated?
>>>>
>>>> Right.
>>>>
>>>> (And the reason is, there will be many such redirection sockets /
>>>> services. Many ports will not be used ever by lots of users. This saves
>>>> some RAM and perhaps boot speed. Also reduces noise from 'ps' (not loads
>>>> of duplicate systemd-socket-proxyd processes). Apparently '.socket'
>>>> files, systemd socket activation and systemd-socket-proxyd is fast. No
>>>> noticeable performance penalty in this use case.)
>>>
>>> Then you should make sure the service stops when there is no more
>>> input coming in for a while. The socket will continue listening, and
>>> when new traffic arrives, your service will be restarted.
>>
>> That makes a lot sense. I would like to do that.
>>
>> Apparently systemd-socket-proxyd has no timeout option.
>>
>> https://www.freedesktop.org/software/systemd/man/systemd-socket-proxyd.html
>>
>> I wouldn't know how to do that.
>
> If your real server closes the connection, and the client does too, it
> the socket proxy should shut itself down. I'm not 100% sure but that's
> what I read from a quick look at the sources.
The client is apt-get. The server on the remote side is Tor.
apt-get closes the connection. So should Tor be doing. However, Tor on
the remote side will keep listening. (Even when I shut stop Tor on the
remote side, the redirection service keeps running.)
> BTW, I see no relation from your proxy unit and the real unit. In
> particular, adding Requires= is very useful:
>
> 1. This means the target unit will be started if not already running
> (I think you already want this).
> 2. If the target unit exits, it brings down the socket proxy (that is,
> systemd also stops the socket proxy).
Added that. Thanks!
More information about the Whonix-devel
mailing list