1%% This Source Code Form is subject to the terms of the Mozilla Public 2%% License, v. 2.0. If a copy of the MPL was not distributed with this 3%% file, You can obtain one at https://mozilla.org/MPL/2.0/. 4%% 5%% Copyright (c) 2007-2021 VMware, Inc. or its affiliates. All rights reserved. 6%% 7 8-module(rabbit_net). 9-include("rabbit.hrl"). 10 11-include_lib("kernel/include/inet.hrl"). 12 13-export([is_ssl/1, ssl_info/1, controlling_process/2, getstat/2, 14 recv/1, sync_recv/2, async_recv/3, port_command/2, getopts/2, 15 setopts/2, send/2, close/1, fast_close/1, sockname/1, peername/1, 16 peercert/1, connection_string/2, socket_ends/2, is_loopback/1, 17 tcp_host/1, unwrap_socket/1, maybe_get_proxy_socket/1, 18 hostname/0, getifaddrs/0, proxy_ssl_info/2]). 19 20%%--------------------------------------------------------------------------- 21 22-export_type([socket/0, ip_port/0, hostname/0]). 23 24-type stat_option() :: 25 'recv_cnt' | 'recv_max' | 'recv_avg' | 'recv_oct' | 'recv_dvi' | 26 'send_cnt' | 'send_max' | 'send_avg' | 'send_oct' | 'send_pend'. 27-type ok_val_or_error(A) :: rabbit_types:ok_or_error2(A, any()). 28-type ok_or_any_error() :: rabbit_types:ok_or_error(any()). 29-type socket() :: port() | ssl:sslsocket(). 30-type opts() :: [{atom(), any()} | 31 {raw, non_neg_integer(), non_neg_integer(), binary()}]. 32-type hostname() :: inet:hostname(). 33-type ip_port() :: inet:port_number(). 34% -type host_or_ip() :: binary() | inet:ip_address(). 35-spec is_ssl(socket()) -> boolean(). 36-spec ssl_info(socket()) -> 'nossl' | ok_val_or_error([{atom(), any()}]). 37-spec proxy_ssl_info(socket(), ranch_proxy:proxy_socket()) -> 'nossl' | ok_val_or_error([{atom(), any()}]). 38-spec controlling_process(socket(), pid()) -> ok_or_any_error(). 39-spec getstat(socket(), [stat_option()]) -> 40 ok_val_or_error([{stat_option(), integer()}]). 41-spec recv(socket()) -> 42 {'data', [char()] | binary()} | 43 'closed' | 44 rabbit_types:error(any()) | 45 {'other', any()}. 46-spec sync_recv(socket(), integer()) -> 47 rabbit_types:ok(binary()) | 48 rabbit_types:error(any()). 49-spec async_recv(socket(), integer(), timeout()) -> 50 rabbit_types:ok(any()). 51-spec port_command(socket(), iolist()) -> 'true'. 52-spec getopts 53 (socket(), 54 [atom() | 55 {raw, non_neg_integer(), non_neg_integer(), 56 non_neg_integer() | binary()}]) -> 57 ok_val_or_error(opts()). 58-spec setopts(socket(), opts()) -> ok_or_any_error(). 59-spec send(socket(), binary() | iolist()) -> ok_or_any_error(). 60-spec close(socket()) -> ok_or_any_error(). 61-spec fast_close(socket()) -> ok_or_any_error(). 62-spec sockname(socket()) -> 63 ok_val_or_error({inet:ip_address(), ip_port()}). 64-spec peername(socket()) -> 65 ok_val_or_error({inet:ip_address(), ip_port()}). 66-spec peercert(socket()) -> 67 'nossl' | ok_val_or_error(rabbit_ssl:certificate()). 68-spec connection_string(socket(), 'inbound' | 'outbound') -> 69 ok_val_or_error(string()). 70% -spec socket_ends(socket() | ranch_proxy:proxy_socket() | ranch_proxy_ssl:ssl_socket(), 71% 'inbound' | 'outbound') -> 72% ok_val_or_error({host_or_ip(), ip_port(), 73% host_or_ip(), ip_port()}). 74-spec is_loopback(socket() | inet:ip_address()) -> boolean(). 75% -spec unwrap_socket(socket() | ranch_proxy:proxy_socket() | ranch_proxy_ssl:ssl_socket()) -> socket(). 76 77-dialyzer({nowarn_function, [socket_ends/2, unwrap_socket/1]}). 78 79%%--------------------------------------------------------------------------- 80 81-define(SSL_CLOSE_TIMEOUT, 5000). 82 83-define(IS_SSL(Sock), is_tuple(Sock) 84 andalso (tuple_size(Sock) =:= 3) 85 andalso (element(1, Sock) =:= sslsocket)). 86 87is_ssl(Sock) -> ?IS_SSL(Sock). 88 89%% Seems hackish. Is hackish. But the structure is stable and 90%% kept this way for backward compatibility reasons. We need 91%% it for two reasons: there are no ssl:getstat(Sock) function, 92%% and no ssl:close(Timeout) function. Both of them are being 93%% worked on as we speak. 94ssl_get_socket(Sock) -> 95 element(2, element(2, Sock)). 96 97ssl_info(Sock) when ?IS_SSL(Sock) -> 98 ssl:connection_information(Sock); 99ssl_info(_Sock) -> 100 nossl. 101 102proxy_ssl_info(Sock, {rabbit_proxy_socket, _, ProxyInfo}) -> 103 ConnInfo = ranch_proxy_header:to_connection_info(ProxyInfo), 104 case lists:keymember(protocol, 1, ConnInfo) andalso 105 lists:keymember(selected_cipher_suite, 1, ConnInfo) of 106 true -> 107 {ok, ConnInfo}; 108 false -> 109 ssl_info(Sock) 110 end; 111proxy_ssl_info(Sock, _) -> 112 ssl_info(Sock). 113 114 115controlling_process(Sock, Pid) when ?IS_SSL(Sock) -> 116 ssl:controlling_process(Sock, Pid); 117controlling_process(Sock, Pid) when is_port(Sock) -> 118 gen_tcp:controlling_process(Sock, Pid). 119 120getstat(Sock, Stats) when ?IS_SSL(Sock) -> 121 inet:getstat(ssl_get_socket(Sock), Stats); 122getstat(Sock, Stats) when is_port(Sock) -> 123 inet:getstat(Sock, Stats); 124%% Used by Proxy protocol support in plugins 125getstat({rabbit_proxy_socket, Sock, _}, Stats) when ?IS_SSL(Sock) -> 126 inet:getstat(ssl_get_socket(Sock), Stats); 127getstat({rabbit_proxy_socket, Sock, _}, Stats) when is_port(Sock) -> 128 inet:getstat(Sock, Stats). 129 130recv(Sock) when ?IS_SSL(Sock) -> 131 recv(Sock, {ssl, ssl_closed, ssl_error}); 132recv(Sock) when is_port(Sock) -> 133 recv(Sock, {tcp, tcp_closed, tcp_error}). 134 135recv(S, {DataTag, ClosedTag, ErrorTag}) -> 136 receive 137 {DataTag, S, Data} -> {data, Data}; 138 {ClosedTag, S} -> closed; 139 {ErrorTag, S, Reason} -> {error, Reason}; 140 Other -> {other, Other} 141 end. 142 143sync_recv(Sock, Length) when ?IS_SSL(Sock) -> 144 ssl:recv(Sock, Length); 145sync_recv(Sock, Length) -> 146 gen_tcp:recv(Sock, Length). 147 148async_recv(Sock, Length, Timeout) when ?IS_SSL(Sock) -> 149 Pid = self(), 150 Ref = make_ref(), 151 152 spawn(fun () -> Pid ! {inet_async, Sock, Ref, 153 ssl:recv(Sock, Length, Timeout)} 154 end), 155 156 {ok, Ref}; 157async_recv(Sock, Length, infinity) when is_port(Sock) -> 158 prim_inet:async_recv(Sock, Length, -1); 159async_recv(Sock, Length, Timeout) when is_port(Sock) -> 160 prim_inet:async_recv(Sock, Length, Timeout). 161 162port_command(Sock, Data) when ?IS_SSL(Sock) -> 163 case ssl:send(Sock, Data) of 164 ok -> self() ! {inet_reply, Sock, ok}, 165 true; 166 {error, Reason} -> erlang:error(Reason) 167 end; 168port_command(Sock, Data) when is_port(Sock) -> 169 erlang:port_command(Sock, Data). 170 171getopts(Sock, Options) when ?IS_SSL(Sock) -> 172 ssl:getopts(Sock, Options); 173getopts(Sock, Options) when is_port(Sock) -> 174 inet:getopts(Sock, Options). 175 176setopts(Sock, Options) when ?IS_SSL(Sock) -> 177 ssl:setopts(Sock, Options); 178setopts(Sock, Options) when is_port(Sock) -> 179 inet:setopts(Sock, Options). 180 181send(Sock, Data) when ?IS_SSL(Sock) -> ssl:send(Sock, Data); 182send(Sock, Data) when is_port(Sock) -> gen_tcp:send(Sock, Data). 183 184close(Sock) when ?IS_SSL(Sock) -> ssl:close(Sock); 185close(Sock) when is_port(Sock) -> gen_tcp:close(Sock). 186 187fast_close(Sock) when ?IS_SSL(Sock) -> 188 %% We cannot simply port_close the underlying tcp socket since the 189 %% TLS protocol is quite insistent that a proper closing handshake 190 %% should take place (see RFC 5245 s7.2.1). So we call ssl:close 191 %% instead, but that can block for a very long time, e.g. when 192 %% there is lots of pending output and there is tcp backpressure, 193 %% or the ssl_connection process has entered the the 194 %% workaround_transport_delivery_problems function during 195 %% termination, which, inexplicably, does a gen_tcp:recv(Socket, 196 %% 0), which may never return if the client doesn't send a FIN or 197 %% that gets swallowed by the network. Since there is no timeout 198 %% variant of ssl:close, we construct our own. 199 {Pid, MRef} = spawn_monitor(fun () -> ssl:close(Sock) end), 200 erlang:send_after(?SSL_CLOSE_TIMEOUT, self(), {Pid, ssl_close_timeout}), 201 receive 202 {Pid, ssl_close_timeout} -> 203 erlang:demonitor(MRef, [flush]), 204 exit(Pid, kill); 205 {'DOWN', MRef, process, Pid, _Reason} -> 206 ok 207 end, 208 catch port_close(ssl_get_socket(Sock)), 209 ok; 210fast_close(Sock) when is_port(Sock) -> 211 catch port_close(Sock), ok. 212 213sockname(Sock) when ?IS_SSL(Sock) -> ssl:sockname(Sock); 214sockname(Sock) when is_port(Sock) -> inet:sockname(Sock). 215 216peername(Sock) when ?IS_SSL(Sock) -> ssl:peername(Sock); 217peername(Sock) when is_port(Sock) -> inet:peername(Sock). 218 219peercert(Sock) when ?IS_SSL(Sock) -> ssl:peercert(Sock); 220peercert(Sock) when is_port(Sock) -> nossl. 221 222connection_string(Sock, Direction) -> 223 case socket_ends(Sock, Direction) of 224 {ok, {FromAddress, FromPort, ToAddress, ToPort}} -> 225 {ok, rabbit_misc:format( 226 "~s:~p -> ~s:~p", 227 [maybe_ntoab(FromAddress), FromPort, 228 maybe_ntoab(ToAddress), ToPort])}; 229 Error -> 230 Error 231 end. 232 233socket_ends(Sock, Direction) when ?IS_SSL(Sock); 234 is_port(Sock) -> 235 {From, To} = sock_funs(Direction), 236 case {From(Sock), To(Sock)} of 237 {{ok, {FromAddress, FromPort}}, {ok, {ToAddress, ToPort}}} -> 238 {ok, {rdns(FromAddress), FromPort, 239 rdns(ToAddress), ToPort}}; 240 {{error, _Reason} = Error, _} -> 241 Error; 242 {_, {error, _Reason} = Error} -> 243 Error 244 end; 245socket_ends({rabbit_proxy_socket, _, ProxyInfo}, _) -> 246 #{ 247 src_address := FromAddress, 248 src_port := FromPort, 249 dest_address := ToAddress, 250 dest_port := ToPort 251 } = ProxyInfo, 252 {ok, {rdns(FromAddress), FromPort, 253 rdns(ToAddress), ToPort}}. 254 255maybe_ntoab(Addr) when is_tuple(Addr) -> rabbit_misc:ntoab(Addr); 256maybe_ntoab(Host) -> Host. 257 258tcp_host({0,0,0,0}) -> 259 hostname(); 260 261tcp_host({0,0,0,0,0,0,0,0}) -> 262 hostname(); 263 264tcp_host(IPAddress) -> 265 case inet:gethostbyaddr(IPAddress) of 266 {ok, #hostent{h_name = Name}} -> Name; 267 {error, _Reason} -> rabbit_misc:ntoa(IPAddress) 268 end. 269 270hostname() -> 271 {ok, Hostname} = inet:gethostname(), 272 case inet:gethostbyname(Hostname) of 273 {ok, #hostent{h_name = Name}} -> Name; 274 {error, _Reason} -> Hostname 275 end. 276 277format_nic_attribute({Key, undefined}) -> 278 {Key, undefined}; 279format_nic_attribute({Key = flags, List}) when is_list(List) -> 280 Val = string:join(lists:map(fun rabbit_data_coercion:to_list/1, List), ", "), 281 {Key, rabbit_data_coercion:to_binary(Val)}; 282format_nic_attribute({Key, Tuple}) when is_tuple(Tuple) and (Key =:= addr orelse 283 Key =:= broadaddr orelse 284 Key =:= netmask orelse 285 Key =:= dstaddr) -> 286 Val = inet_parse:ntoa(Tuple), 287 {Key, rabbit_data_coercion:to_binary(Val)}; 288format_nic_attribute({Key = hwaddr, List}) when is_list(List) -> 289 %% [140, 133, 144, 28, 241, 121] => 8C:85:90:1C:F1:79 290 Val = string:join(lists:map(fun(N) -> integer_to_list(N, 16) end, List), ":"), 291 {Key, rabbit_data_coercion:to_binary(Val)}. 292 293getifaddrs() -> 294 {ok, AddrList} = inet:getifaddrs(), 295 Addrs0 = maps:from_list(AddrList), 296 maps:map(fun (_Key, Proplist) -> 297 lists:map(fun format_nic_attribute/1, Proplist) 298 end, Addrs0). 299 300rdns(Addr) -> 301 case application:get_env(rabbit, reverse_dns_lookups) of 302 {ok, true} -> list_to_binary(tcp_host(Addr)); 303 _ -> Addr 304 end. 305 306sock_funs(inbound) -> {fun peername/1, fun sockname/1}; 307sock_funs(outbound) -> {fun sockname/1, fun peername/1}. 308 309is_loopback(Sock) when is_port(Sock) ; ?IS_SSL(Sock) -> 310 case sockname(Sock) of 311 {ok, {Addr, _Port}} -> is_loopback(Addr); 312 {error, _} -> false 313 end; 314%% We could parse the results of inet:getifaddrs() instead. But that 315%% would be more complex and less maybe Windows-compatible... 316is_loopback({127,_,_,_}) -> true; 317is_loopback({0,0,0,0,0,0,0,1}) -> true; 318is_loopback({0,0,0,0,0,65535,AB,CD}) -> is_loopback(ipv4(AB, CD)); 319is_loopback(_) -> false. 320 321ipv4(AB, CD) -> {AB bsr 8, AB band 255, CD bsr 8, CD band 255}. 322 323unwrap_socket({rabbit_proxy_socket, Sock, _}) -> 324 Sock; 325unwrap_socket(Sock) -> 326 Sock. 327 328maybe_get_proxy_socket(Sock={rabbit_proxy_socket, _, _}) -> 329 Sock; 330maybe_get_proxy_socket(_Sock) -> 331 undefined. 332