Add support for LOCAL proxy header

Loïc Hoguin · mergify[bot] · commit b7fe3647189f · 2023-06-23T11:55:18.000Z
This is what the proxy uses for health checks. In those cases we use the socket's IP/ports for the connection name as we have nothing else we can use. (cherry picked from commit 610af30) (cherry picked from commit 78a953a)
diff --git a/deps/rabbit/test/proxy_protocol_SUITE.erl b/deps/rabbit/test/proxy_protocol_SUITE.erl
@@ -21,8 +21,9 @@ all() ->
 
 groups() -> [
         {sequential_tests, [], [
-            proxy_protocol,
-            proxy_protocol_tls
+            proxy_protocol_v1,
+            proxy_protocol_v1_tls,
+            proxy_protocol_v2_local
         ]}
     ].
 
@@ -55,7 +56,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
         [binary, {active, false}, {packet, raw}]),
@@ -68,7 +69,7 @@ proxy_protocol(Config) ->
     gen_tcp:close(Socket),
     ok.
 
-proxy_protocol_tls(Config) ->
+proxy_protocol_v1_tls(Config) ->
     app_utils:start_applications([asn1, crypto, public_key, ssl]),
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp_tls),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
@@ -83,6 +84,23 @@ proxy_protocol_tls(Config) ->
     gen_tcp:close(Socket),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+    Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp),
+    {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
+        [binary, {active, false}, {packet, raw}]),
+    ok = inet:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+    ok = inet:send(Socket, <<"AMQP", 0, 0, 9, 1>>),
+    {ok, _Packet} = gen_tcp:recv(Socket, 0, ?TIMEOUT),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0,
+        ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    gen_tcp:close(Socket),
+    ok.
+
 connection_name() ->
     Pids = pg_local:get_members(rabbit_connections),
     Pid = lists:nth(1, Pids),
diff --git a/deps/rabbit_common/src/rabbit_net.erl b/deps/rabbit_common/src/rabbit_net.erl
@@ -269,15 +269,21 @@ socket_ends(Sock, Direction) when ?IS_SSL(Sock);
         {_, {error, _Reason} = Error} ->
             Error
     end;
-socket_ends({rabbit_proxy_socket, _, ProxyInfo}, _) ->
-    #{
-      src_address := FromAddress,
-      src_port := FromPort,
-      dest_address := ToAddress,
-      dest_port := ToPort
-     } = ProxyInfo,
-    {ok, {rdns(FromAddress), FromPort,
-          rdns(ToAddress),   ToPort}}.
+socket_ends({rabbit_proxy_socket, Sock, ProxyInfo}, Direction) ->
+    case ProxyInfo of
+        %% LOCAL header: we take the IP/ports from the socket.
+        #{command := local} ->
+            socket_ends(Sock, Direction);
+        %% PROXY header: use the IP/ports from the proxy header.
+        #{
+          src_address := FromAddress,
+          src_port := FromPort,
+          dest_address := ToAddress,
+          dest_port := ToPort
+         } ->
+            {ok, {rdns(FromAddress), FromPort,
+                  rdns(ToAddress),   ToPort}}
+    end.
 
 maybe_ntoab(Addr) when is_tuple(Addr) -> rabbit_misc:ntoab(Addr);
 maybe_ntoab(Host)                     -> Host.
diff --git a/deps/rabbitmq_amqp1_0/test/proxy_protocol_SUITE.erl b/deps/rabbitmq_amqp1_0/test/proxy_protocol_SUITE.erl
@@ -20,8 +20,9 @@ all() ->
 
 groups() -> [
         {sequential_tests, [], [
-            proxy_protocol,
-            proxy_protocol_tls
+            proxy_protocol_v1,
+            proxy_protocol_v1_tls,
+            proxy_protocol_v2_local
         ]}
     ].
 
@@ -54,7 +55,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
         [binary, {active, false}, {packet, raw}]),
@@ -68,7 +69,7 @@ proxy_protocol(Config) ->
     gen_tcp:close(Socket),
     ok.
 
-proxy_protocol_tls(Config) ->
+proxy_protocol_v1_tls(Config) ->
     app_utils:start_applications([asn1, crypto, public_key, ssl]),
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp_tls),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
@@ -85,6 +86,25 @@ proxy_protocol_tls(Config) ->
     gen_tcp:close(Socket),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+    Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp),
+    {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
+        [binary, {active, false}, {packet, raw}]),
+    ok = inet:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+    [ok = inet:send(Socket, amqp_1_0_frame(FrameType))
+        || FrameType <- [header_sasl, sasl_init, header_amqp, open, 'begin']],
+    {ok, _Packet} = gen_tcp:recv(Socket, 0, ?TIMEOUT),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0,
+        ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    gen_tcp:close(Socket),
+    ok.
+
+
 %% hex frames to send to have the connection recorded in RabbitMQ
 %% use wireshark with one of the Java tests to record those
 amqp_1_0_frame(header_sasl) ->
diff --git a/deps/rabbitmq_mqtt/test/proxy_protocol_SUITE.erl b/deps/rabbitmq_mqtt/test/proxy_protocol_SUITE.erl
@@ -20,8 +20,9 @@ all() ->
 groups() ->
     [
         {non_parallel_tests, [], [
-            proxy_protocol,
-            proxy_protocol_tls
+            proxy_protocol_v1,
+            proxy_protocol_v1_tls,
+            proxy_protocol_v2_local
         ]}
     ].
 
@@ -59,7 +60,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_mqtt),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
         [binary, {active, false}, {packet, raw}]),
@@ -72,7 +73,7 @@ proxy_protocol(Config) ->
     gen_tcp:close(Socket),
     ok.
 
-proxy_protocol_tls(Config) ->
+proxy_protocol_v1_tls(Config) ->
     app_utils:start_applications([asn1, crypto, public_key, ssl]),
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_mqtt_tls),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
@@ -87,6 +88,23 @@ proxy_protocol_tls(Config) ->
     gen_tcp:close(Socket),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+    Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_mqtt),
+    {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
+        [binary, {active, false}, {packet, raw}]),
+    ok = inet:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+    ok = inet:send(Socket, mqtt_3_1_1_connect_packet()),
+    {ok, _Packet} = gen_tcp:recv(Socket, 0, ?TIMEOUT),
+    timer:sleep(10),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0, ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    gen_tcp:close(Socket),
+    ok.
+
 connection_name() ->
     Connections = ets:tab2list(connection_created),
     {_Key, Values} = lists:nth(1, Connections),
diff --git a/deps/rabbitmq_stomp/test/proxy_protocol_SUITE.erl b/deps/rabbitmq_stomp/test/proxy_protocol_SUITE.erl
@@ -21,8 +21,9 @@ all() ->
 groups() ->
     [
         {non_parallel_tests, [], [
-            proxy_protocol,
-            proxy_protocol_tls
+            proxy_protocol_v1,
+            proxy_protocol_v1_tls,
+            proxy_protocol_v2_local
         ]}
     ].
 
@@ -59,7 +60,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_stomp),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
         [binary, {active, false}, {packet, raw}]),
@@ -72,7 +73,7 @@ proxy_protocol(Config) ->
     gen_tcp:close(Socket),
     ok.
 
-proxy_protocol_tls(Config) ->
+proxy_protocol_v1_tls(Config) ->
     app_utils:start_applications([asn1, crypto, public_key, ssl]),
     Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_stomp_tls),
     {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
@@ -87,6 +88,23 @@ proxy_protocol_tls(Config) ->
     gen_tcp:close(Socket),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+    Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_stomp),
+    {ok, Socket} = gen_tcp:connect({127,0,0,1}, Port,
+        [binary, {active, false}, {packet, raw}]),
+    ok = inet:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+    ok = inet:send(Socket, stomp_connect_frame()),
+    {ok, _Packet} = gen_tcp:recv(Socket, 0, ?TIMEOUT),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0,
+        ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    gen_tcp:close(Socket),
+    ok.
+
 connection_name() ->
     Connections = ets:tab2list(connection_created),
     {_Key, Values} = lists:nth(1, Connections),
diff --git a/deps/rabbitmq_web_mqtt/test/proxy_protocol_SUITE.erl b/deps/rabbitmq_web_mqtt/test/proxy_protocol_SUITE.erl
@@ -26,7 +26,8 @@ all() ->
 
 groups() ->
     Tests = [
-        proxy_protocol
+        proxy_protocol_v1,
+        proxy_protocol_v2_local
     ],
     [%{https_tests, [], Tests},
      {http_tests, [], Tests}].
@@ -78,7 +79,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     PortStr = rabbit_ws_test_util:get_web_mqtt_port_str(Config),
 
     Protocol = ?config(protocol, Config),
@@ -98,6 +99,26 @@ proxy_protocol(Config) ->
     {close, _} = rfc6455_client:close(WS),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+
+    PortStr = rabbit_ws_test_util:get_web_mqtt_port_str(Config),
+
+    Protocol = ?config(protocol, Config),
+    WS = rfc6455_client:new(Protocol ++ "://127.0.0.1:" ++ PortStr ++ "/ws", self(),
+        undefined, ["mqtt"], ranch_proxy_header:header(ProxyInfo)),
+    {ok, _} = rfc6455_client:open(WS),
+    rfc6455_client:send_binary(WS, rabbit_ws_test_util:mqtt_3_1_1_connect_packet()),
+    {binary, _P} = rfc6455_client:recv(WS),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0,
+        ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    {close, _} = rfc6455_client:close(WS),
+    ok.
+
 connection_name() ->
     Connections = ets:tab2list(connection_created),
     {_Key, Values} = lists:nth(1, Connections),
diff --git a/deps/rabbitmq_web_stomp/test/proxy_protocol_SUITE.erl b/deps/rabbitmq_web_stomp/test/proxy_protocol_SUITE.erl
@@ -26,7 +26,8 @@ all() ->
 
 groups() ->
     Tests = [
-        proxy_protocol
+        proxy_protocol_v1,
+        proxy_protocol_v2_local
     ],
     [{https_tests, [], Tests},
      {http_tests, [], Tests}].
@@ -78,7 +79,7 @@ init_per_testcase(Testcase, Config) ->
 end_per_testcase(Testcase, Config) ->
     rabbit_ct_helpers:testcase_finished(Config, Testcase).
 
-proxy_protocol(Config) ->
+proxy_protocol_v1(Config) ->
     Port = list_to_integer(rabbit_ws_test_util:get_web_stomp_port_str(Config)),
     PortStr = integer_to_list(Port),
 
@@ -95,6 +96,28 @@ proxy_protocol(Config) ->
     {close, _} = rfc6455_client:close(WS),
     ok.
 
+proxy_protocol_v2_local(Config) ->
+    ProxyInfo = #{
+        command => local,
+        version => 2
+    },
+
+    Port = list_to_integer(rabbit_ws_test_util:get_web_stomp_port_str(Config)),
+    PortStr = integer_to_list(Port),
+
+    Protocol = ?config(protocol, Config),
+    WS = rfc6455_client:new(Protocol ++ "://127.0.0.1:" ++ PortStr ++ "/ws", self(),
+        undefined, [], ranch_proxy_header:header(ProxyInfo)),
+    {ok, _} = rfc6455_client:open(WS),
+    Frame = stomp:marshal("CONNECT", [{"login","guest"}, {"passcode", "guest"}], <<>>),
+    rfc6455_client:send(WS, Frame),
+    {ok, _P} = rfc6455_client:recv(WS),
+    ConnectionName = rabbit_ct_broker_helpers:rpc(Config, 0,
+        ?MODULE, connection_name, []),
+    match = re:run(ConnectionName, <<"^127.0.0.1:\\d+ -> 127.0.0.1:\\d+$">>, [{capture, none}]),
+    {close, _} = rfc6455_client:close(WS),
+    ok.
+
 connection_name() ->
     Connections = ets:tab2list(connection_created),
     {_Key, Values} = lists:nth(1, Connections),
