-sub daemon_loop ($$$) {
- my ($refresh, $post_accept, $nntpd) = @_;
- PublicInbox::EvCleanup::enable(); # early for $refresh
- my %post_accept;
- while (my ($k, $v) = each %tls_opt) {
- if ($k =~ s!\A(?:nntps|https)://!!) {
- $post_accept{$k} = tls_start_cb($v, $post_accept);
- } elsif ($nntpd) { # STARTTLS, $k eq '' is OK
- $nntpd->{accept_tls} = $v;
+sub defer_accept ($$) {
+ my ($s, $af_name) = @_;
+ return unless defined $af_name;
+ if ($^O eq 'linux') {
+ my $TCP_DEFER_ACCEPT = 9; # Socket::TCP_DEFER_ACCEPT is in 5.14+
+ my $x = getsockopt($s, IPPROTO_TCP, $TCP_DEFER_ACCEPT);
+ return unless defined $x; # may be Unix socket
+ my $sec = unpack('i', $x);
+ return if $sec > 0; # systemd users may set a higher value
+ setsockopt($s, IPPROTO_TCP, $TCP_DEFER_ACCEPT, 1);
+ } elsif ($^O eq 'freebsd') {
+ my $x = getsockopt($s, SOL_SOCKET, $SO_ACCEPTFILTER);
+ return if defined $x; # don't change if set
+ my $accf_arg = pack('a16a240', $af_name, '');
+ setsockopt($s, SOL_SOCKET, $SO_ACCEPTFILTER, $accf_arg);
+ }
+}
+
+sub daemon_loop ($) {
+ my ($xnetd) = @_;
+ local $PublicInbox::Config::DEDUPE = {}; # enable dedupe cache
+ my $refresh = sub {
+ my ($sig) = @_;
+ %$PublicInbox::Config::DEDUPE = (); # clear cache
+ for my $xn (values %$xnetd) {
+ delete $xn->{tlsd}->{ssl_ctx}; # PublicInbox::TLS::start
+ eval { $xn->{refresh}->($sig) };
+ warn "refresh $@\n" if $@;