W3cubDocs

/Erlang 20

12 Distribution Protocol

This description is far from complete. It will be updated if the protocol is updated. However, the protocols, both from Erlang nodes to the Erlang Port Mapper Daemon (EPMD) and between Erlang nodes are stable since many years.

The distribution protocol can be divided into four parts:

  • Low-level socket connection (1)

  • Handshake, interchange node name, and authenticate (2)

  • Authentication (done by net_kernel(3)) (3)

  • Connected (4)

A node fetches the port number of another node through the EPMD (at the other host) to initiate a connection request.

For each host, where a distributed Erlang node is running, also an EPMD is to be running. The EPMD can be started explicitly or automatically as a result of the Erlang node startup.

By default the EPMD listens on port 4369.

(3) and (4) above are performed at the same level but the net_kernel disconnects the other node if it communicates using an invalid cookie (after 1 second).

The integers in all multibyte fields are in big-endian order.

Warning

The Erlang Distribution protocol is not by itself secure and does not aim to be so. In order to get secure distribution the distributed nodes should be configured to use distribution over tls. See the Using SSL for Erlang Distribution User's Guide for details on how to setup a secure distributed node.

12.1 EPMD Protocol

The requests served by the EPMD are summarized in the following figure.

Figure 12.1: Summary of EPMD Requests

Each request *_REQ is preceded by a 2 byte length field. Thus, the overall request format is as follows:

2 n
Length Request

Table 12.1: Request Format

Register a Node in EPMD

When a distributed node is started it registers itself in the EPMD. The message ALIVE2_REQ described below is sent from the node to the EPMD. The response from the EPMD is ALIVE2_RESP.

1 2 1 1 2 2 2 Nlen 2 Elen
120 PortNo NodeType Protocol HighestVersion LowestVersion Nlen NodeName Elen Extra

Table 12.2: ALIVE2_REQ (120)

PortNo

The port number on which the node accept connection requests.

NodeType

77 = normal Erlang node, 72 = hidden node (C-node), ...

Protocol

0 = TCP/IPv4, ...

HighestVersion

The highest distribution version that this node can handle. The value in Erlang/OTP R6B and later is 5.

LowestVersion

The lowest distribution version that this node can handle. The value in Erlang/OTP R6B and later is 5.

Nlen

The length (in bytes) of field NodeName.

NodeName

The node name as an UTF-8 encoded string of Nlen bytes.

Elen

The length of field Extra.

Extra

Extra field of Elen bytes.

The connection created to the EPMD must be kept as long as the node is a distributed node. When the connection is closed, the node is automatically unregistered from the EPMD.

The response message ALIVE2_RESP is as follows:

1 1 2
121 Result Creation

Table 12.3: ALIVE2_RESP (121)

Result = 0 -> ok, result > 0 -> error.

Unregister a Node from EPMD

A node unregisters itself from the EPMD by closing the TCP connection to EPMD established when the node was registered.

Get the Distribution Port of Another Node

When one node wants to connect to another node it starts with a PORT_PLEASE2_REQ request to the EPMD on the host where the node resides to get the distribution port that the node listens to.

1 N
122 NodeName

Table 12.4: PORT_PLEASE2_REQ (122)

where N = Length - 1.

1 1
119 Result

Table 12.5: PORT2_RESP (119) Response Indicating Error, Result > 0

or

1 1 2 1 1 2 2 2 Nlen 2 Elen
119 Result PortNo NodeType Protocol HighestVersion LowestVersion Nlen NodeName Elen >Extra

Table 12.6: PORT2_RESP, Result = 0

If Result > 0, the packet only consists of [119, Result].

The EPMD closes the socket when it has sent the information.

Get All Registered Names from EPMD

This request is used through the Erlang function net_adm:names/1,2. A TCP connection is opened to the EPMD and this request is sent.

1
110

Table 12.7: NAMES_REQ (110)

The response for a NAMES_REQ is as follows:

4
EPMDPortNo NodeInfo*

Table 12.8: NAMES_RESP

NodeInfo is a string written for each active node. When all NodeInfo has been written the connection is closed by the EPMD.

NodeInfo is, as expressed in Erlang:

io:format("name ~ts at port ~p~n", [NodeName, Port]).

Dump All Data from EPMD

This request is not really used, it is to be regarded as a debug feature.

1
100

Table 12.9: DUMP_REQ

The response for a DUMP_REQ is as follows:

4
EPMDPortNo NodeInfo*

Table 12.10: DUMP_RESP

NodeInfo is a string written for each node kept in the EPMD. When all NodeInfo has been written the connection is closed by the EPMD.

NodeInfo is, as expressed in Erlang:

io:format("active name     ~ts at port ~p, fd = ~p~n",
          [NodeName, Port, Fd]).

or

io:format("old/unused name ~ts at port ~p, fd = ~p ~n",
          [NodeName, Port, Fd]).

Kill EPMD

This request kills the running EPMD. It is almost never used.

1
107

Table 12.11: KILL_REQ

The response for a KILL_REQ is as follows:

2
OKString

Table 12.12: KILL_RESP

where OKString is "OK".

STOP_REQ (Not Used)

1 n
115 NodeName

Table 12.13: STOP_REQ

where n = Length - 1.

The current implementation of Erlang does not care if the connection to the EPMD is broken.

The response for a STOP_REQ is as follows:

7
OKString

Table 12.14: STOP_RESP

where OKString is "STOPPED".

A negative response can look as follows:

7
NOKString

Table 12.15: STOP_NOTOK_RESP

where NOKString is "NOEXIST".

12.2 Distribution Handshake

This section describes the distribution handshake protocol introduced in Erlang/OTP R6. This description was previously located in $ERL_TOP/lib/kernel/internal_doc/distribution_handshake.txt and has more or less been copied and "formatted" here. It has been almost unchanged since 1999, but the handshake has not changed much since then either.

General

The TCP/IP distribution uses a handshake that expects a connection-based protocol, that is, the protocol does not include any authentication after the handshake procedure.

This is not entirely safe, as it is vulnerable against takeover attacks, but it is a tradeoff between fair safety and performance.

The cookies are never sent in cleartext and the handshake procedure expects the client (called A) to be the first one to prove that it can generate a sufficient digest. The digest is generated with the MD5 message digest algorithm and the challenges are expected to be random numbers.

Definitions

A challenge is a 32-bit integer in big-endian order. Below the function gen_challenge() returns a random 32-bit integer used as a challenge.

A digest is a (16 bytes) MD5 hash of the challenge (as text) concatenated with the cookie (as text). Below, the function gen_digest(Challenge, Cookie) generates a digest as described above.

An out_cookie is the cookie used in outgoing communication to a certain node, so that A's out_cookie for B is to correspond with B's in_cookie for A and conversely. A's out_cookie for B and A's in_cookie for B need not be the same. Below the function out_cookie(Node) returns the current node's out_cookie for Node.

An in_cookie is the cookie expected to be used by another node when communicating with us, so that A's in_cookie for B corresponds with B's out_cookie for A. Below the function in_cookie(Node) returns the current node's in_cookie for Node.

The cookies are text strings that can be viewed as passwords.

Every message in the handshake starts with a 16-bit big-endian integer, which contains the message length (not counting the two initial bytes). In Erlang this corresponds to option {packet, 2} in gen_tcp(3). Notice that after the handshake, the distribution switches to 4 byte packet headers.

The Handshake in Detail

Imagine two nodes, A that initiates the handshake and B that accepts the connection.

1) connect/accept

A connects to B through TCP/IP and B accepts the connection.

2) send_name/receive_name

A sends an initial identification to B, which receives the message. The message looks as follows (every "square" is one byte and the packet header is removed):

+---+--------+--------+-----+-----+-----+-----+-----+-----+-...-+-----+
|'n'|Version0|Version1|Flag0|Flag1|Flag2|Flag3|Name0|Name1| ... |NameN|
+---+--------+--------+-----+-----+-----+-----+-----+-----+-... +-----+

'n' is the message tag. 'Version0' and 'Version1' is the distribution version selected by A, based on information from the EPMD. (16-bit big-endian) 'Flag0' ... 'Flag3' are capability flags, the capabilities are defined in $ERL_TOP/lib/kernel/include/dist.hrl. (32-bit big-endian) 'Name0' ... 'NameN' is the full node name of A, as a string of bytes (the packet length denotes how long it is).

3) recv_status/send_status

B sends a status message to A, which indicates if the connection is allowed. The following status codes are defined:

ok

The handshake will continue.

ok_simultaneous

The handshake will continue, but A is informed that B has another ongoing connection attempt that will be shut down (simultaneous connect where A's name is greater than B's name, compared literally).

nok

The handshake will not continue, as B already has an ongoing handshake, which it itself has initiated (simultaneous connect where B's name is greater than A's).

not_allowed

The connection is disallowed for some (unspecified) security reason.

alive

A connection to the node is already active, which either means that node A is confused or that the TCP connection breakdown of a previous node with this name has not yet reached node B. See step 3B below.

The format of the status message is as follows:

+---+-------+-------+-...-+-------+
|'s'|Status0|Status1| ... |StatusN|
+---+-------+-------+-...-+-------+

's' is the message tag. 'Status0' ... 'StatusN' is the status as a string (not terminated).

3B) send_status/recv_status

If status was alive, node A answers with another status message containing either true, which means that the connection is to continue (the old connection from this node is broken), or false, which means that the connection is to be closed (the connection attempt was a mistake.

4) recv_challenge/send_challenge

If the status was ok or ok_simultaneous, the handshake continues with B sending A another message, the challenge. The challenge contains the same type of information as the "name" message initially sent from A to B, plus a 32-bit challenge:

+---+--------+--------+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-...-+-----+
|'n'|Version0|Version1|Flag0|Flag1|Flag2|Flag3|Chal0|Chal1|Chal2|Chal3|Name0|Name1| ... |NameN|
+---+--------+--------+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-... +-----+

'Chal0' ... 'Chal3' is the challenge as a 32-bit big-endian integer and the other fields are B's version, flags, and full node name.

5) send_challenge_reply/recv_challenge_reply

Now A has generated a digest and its own challenge. Those are sent together in a package to B:

+---+-----+-----+-----+-----+-----+-----+-----+-----+-...-+------+
|'r'|Chal0|Chal1|Chal2|Chal3|Dige0|Dige1|Dige2|Dige3| ... |Dige15|
+---+-----+-----+-----+-----+-----+-----+-----+-----+-...-+------+

'r' is the tag. 'Chal0' ... 'Chal3' is A's challenge for B to handle. 'Dige0' ... 'Dige15' is the digest that A constructed from the challenge B sent in the previous step.

6) recv_challenge_ack/send_challenge_ack

B checks that the digest received from A is correct and generates a digest from the challenge received from A. The digest is then sent to A. The message is as follows:

+---+-----+-----+-----+-----+-...-+------+
|'a'|Dige0|Dige1|Dige2|Dige3| ... |Dige15|
+---+-----+-----+-----+-----+-...-+------+

'a' is the tag. 'Dige0' ... 'Dige15' is the digest calculated by B for A's challenge.

7) check

A checks the digest from B and the connection is up.

Semigraphic View

A (initiator)                                      B (acceptor)

TCP connect ------------------------------------>
                                                   TCP accept

send_name -------------------------------------->
                                                   recv_name

  <---------------------------------------------- send_status
recv_status
(if status was 'alive'
 send_status - - - - - - - - - - - - - - - - - ->
                                                   recv_status)
                                                   ChB = gen_challenge()
                          (ChB)
  <---------------------------------------------- send_challenge
recv_challenge
ChA = gen_challenge(),
OCA = out_cookie(B),
DiA = gen_digest(ChB, OCA)
                          (ChA, DiA)
send_challenge_reply --------------------------->
                                                   recv_challenge_reply
                                                   ICB = in_cookie(A),
                                                   check:
                                                   DiA == gen_digest (ChB, ICB)?
                                                   - if OK:
                                                    OCB = out_cookie(A),
                                                    DiB = gen_digest (ChA, OCB)
                          (DiB)
  <----------------------------------------------- send_challenge_ack
recv_challenge_ack                                  DONE
ICA = in_cookie(B),                                - else:
check:                                              CLOSE
DiB == gen_digest(ChA, ICA)?
- if OK:
 DONE
- else:
 CLOSE

Distribution Flags

The following capability flags are defined:

-define(DFLAG_PUBLISHED,16#1).

The node is to be published and part of the global namespace.

-define(DFLAG_ATOM_CACHE,16#2).

The node implements an atom cache (obsolete).

-define(DFLAG_EXTENDED_REFERENCES,16#4).

The node implements extended (3 × 32 bits) references. This is required today. If not present, the connection is refused.

-define(DFLAG_DIST_MONITOR,16#8).

The node implements distributed process monitoring.

-define(DFLAG_FUN_TAGS,16#10).

The node uses separate tag for funs (lambdas) in the distribution protocol.

-define(DFLAG_DIST_MONITOR_NAME,16#20).

The node implements distributed named process monitoring.

-define(DFLAG_HIDDEN_ATOM_CACHE,16#40).

The (hidden) node implements atom cache (obsolete).

-define(DFLAG_NEW_FUN_TAGS,16#80).

The node understand new fun tags.

-define(DFLAG_EXTENDED_PIDS_PORTS,16#100).

The node can handle extended pids and ports. This is required today. If not present, the connection is refused.

-define(DFLAG_EXPORT_PTR_TAG,16#200).
-define(DFLAG_BIT_BINARIES,16#400).
-define(DFLAG_NEW_FLOATS,16#800).

The node understands new float format.

-define(DFLAG_UNICODE_IO,16#1000).
-define(DFLAG_DIST_HDR_ATOM_CACHE,16#2000).

The node implements atom cache in distribution header.

-define(DFLAG_SMALL_ATOM_TAGS, 16#4000).

The node understand the SMALL_ATOM_EXT tag.

-define(DFLAG_UTF8_ATOMS, 16#10000).

The node understand UTF-8 encoded atoms.

12.3 Protocol between Connected Nodes

As from ERTS 5.7.2 the runtime system passes a distribution flag in the handshake stage that enables the use of a distribution header on all messages passed. Messages passed between nodes have in this case the following format:

4 d n m
Length DistributionHeader ControlMessage Message

Table 12.16: Format of Messages Passed between Nodes (as from ERTS 5.7.2)

Length

Equal to d + n + m.

ControlMessage

A tuple passed using the external format of Erlang.

Message

The message sent to another node using the '!' (in external format). Notice that Message is only passed in combination with a ControlMessage encoding a send ('!').

Notice that the version number is omitted from the terms that follow a distribution header.

Nodes with an ERTS version earlier than 5.7.2 does not pass the distribution flag that enables the distribution header. Messages passed between nodes have in this case the following format:

4 1 n m
Length Type ControlMessage Message

Table 12.17: Format of Messages Passed between Nodes (before ERTS 5.7.2)

Length

Equal to 1 + n + m.

Type

Equal to 112 (pass through).

ControlMessage

A tuple passed using the external format of Erlang.

Message

The message sent to another node using the '!' (in external format). Notice that Message is only passed in combination with a ControlMessage encoding a send ('!').

The ControlMessage is a tuple, where the first element indicates which distributed operation it encodes:

LINK

{1, FromPid, ToPid}

SEND

{2, Unused, ToPid}

Followed by Message.

Unused is kept for backward compatibility.

EXIT

{3, FromPid, ToPid, Reason}

UNLINK

{4, FromPid, ToPid}

NODE_LINK

{5}

REG_SEND

{6, FromPid, Unused, ToName}

Followed by Message.

Unused is kept for backward compatibility.

GROUP_LEADER

{7, FromPid, ToPid}

EXIT2

{8, FromPid, ToPid, Reason}

12.4 New Ctrlmessages for distrvsn = 1 (Erlang/OTP R4)

SEND_TT

{12, Unused, ToPid, TraceToken}

Followed by Message.

Unused is kept for backward compatibility.

EXIT_TT

{13, FromPid, ToPid, TraceToken, Reason}

REG_SEND_TT

{16, FromPid, Unused, ToName, TraceToken}

Followed by Message.

Unused is kept for backward compatibility.

EXIT2_TT

{18, FromPid, ToPid, TraceToken, Reason}

12.5 New Ctrlmessages for distrvsn = 2

distrvsn 2 was never used.

12.6 New Ctrlmessages for distrvsn = 3 (Erlang/OTP R5C)

None, but the version number was increased anyway.

12.7 New Ctrlmessages for distrvsn = 4 (Erlang/OTP R6)

These are only recognized by Erlang nodes, not by hidden nodes.

MONITOR_P

{19, FromPid, ToProc, Ref}, where FromPid = monitoring process and ToProc = monitored process pid or name (atom)

DEMONITOR_P

{20, FromPid, ToProc, Ref}, where FromPid = monitoring process and ToProc = monitored process pid or name (atom)

We include FromPid just in case we want to trace this.

MONITOR_P_EXIT

{21, FromProc, ToPid, Ref, Reason}, where FromProc = monitored process pid or name (atom), ToPid = monitoring process, and Reason = exit reason for the monitored process

© 2010–2017 Ericsson AB
Licensed under the Apache License, Version 2.0.