Viktor Dukhovni:
> > The Postfix master creates as many sockets as needed for an inet
> > service, and sets the socket option SO_REUSEADDR on each socket,
> > and bind()s them to the desired addresses.
> >
> > With that, it may be possible for the Postfix master to create new
> > sockets, set SO_REUSEADDR on each socket, and bind() them to the
> > new addresses; if successful, close() the old sockets, otherwise
> > close() the new sockets.
>
> Yes, typically doable, by determining which bindings are unchanged,
> which new, and which old.
>
> > Am I missing something? This will have to work on all supported
> > systems, though. Not just Linux, not just *BSD.
>
> The tricky case is changing a wildcard binding to a set of non-wildcard
> bindings. When a wildcard binding is active, it is AFAIK not generally
> possible to bind non-wildcard listeners for the same port, and
> presumably the converse.
>
> Changes in explicit lists of IPs should be viable as you noted.
The configurations of interest are:
inet_interfaces = all (wildcard binding)
inet_interfaces = enumeration (non-wildcard binding)
Changes of type wildcard->wildcard are noops.
Changes of type enumeration->enumeration are partial noops if one
only touches the sockets whose addresses have changed.
That leaves wildcard->enumeration and enumeration->wildcard. Both
*should* be safe on BSD-ish (and Solaris, HP-UX) systems, given how
SO_REUSEADDR was originally implemented. See the "BSD SO_REUSEADDR"
discussion with a nice table in:
https://stackoverflow.com/questions/14388706/how-do-so-reuseaddr-and-so-reuseport-differ
This also comes with a nice test program.
With Linux the changes of type wildcard->enum and enum->wildcard
require code that is kernel version dependent. If we consider only
kernels >= 3.9 then we can keep it simple with SO_REUSEPORT.
All of this needs to be evaluated not only on an idle server where
'listen' sockets are open only in the master, but also with child
process that hold a reference to a master's listen socket as well
as connected sockets. And then it needs to deal with sockets that
are in the TIME_WAIT state.
Wietse
