feat: implement native Unix Domain Socket support#16877
Open
Piyush0049 wants to merge 1 commit into
Open
Conversation
- Extend listeners config to natively support UDS paths - Bypass DNS resolution for local socket paths - Fix ntoa usage across all core modules and plugins to prevent crashes - Identify UDS as a secure loopback connection to permit guest login - Add integration tests for connection lifecycles and pub/sub routing
|
Tick the box to add this pull request to the merge queue (same as
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
This PR introduces native support for Unix Domain Sockets (UDS) across the RabbitMQ core and plugin ecosystem, closing Issue #7311.
As noted by @michaelklishin and @jvary in #7311, the primary roadblock to implementing UDS previously was that various monitoring paths, CLI tools, and plugins implicitly assumed a
(hostname, port)pair, causing crashes when they received a{local, Path}tuple.To resolve this without breaking the ecosystem, this PR systematically audits and hardens those paths:
{local, _}as a recognizedloopbackconnection inrabbit_net:is_loopback/1, allowing the defaultguestuser to securely authenticate over local sockets.inet_parse:ntoawith the UDS-awarerabbit_misc:ntoainsiderabbit_cowboy_stream_h.erl. This ensures the Management UI and Prometheus endpoints no longer crash Cowboy when access logs are generated for a UDS client.listeners.ex) to gracefully handle non-IP interfaces, preventingrabbitmq-diagnostics listenersandreportfrom crashing.inet:ntoaassumptions in MQTT, Web STOMP, and HTTP Auth backends.test_uds_publish_consume) inunix_domain_socket_SUITE.erlto guarantee payload integrity over local sockets.Maintainers: As this touches several core networking and monitoring formatting paths, your review and inputs are heavily appreciated! I'm fully open to iterating on this based on your feedback.
Types of Changes
What types of changes does your code introduce to this project?
Put an
xin the boxes that applyChecklist
Put an
xin the boxes that apply.You can also fill these out after creating the PR.
This is simply a reminder of what we are going to look for before merging your code.
CONTRIBUTING.mddocumentFurther Comments
If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution
you did and what alternatives you considered, etc.