ssl_scan 0.0.1

data/lib/ssl_scan/socket.rb

@@ -0,0 +1,773 @@
+# -*- coding: binary -*-
+require 'socket'
+require 'thread'
+require 'resolv'
+require 'ssl_scan/exceptions'
+
+module SSLScan
+
+###
+#
+# Base class for all sockets.
+#
+###
+module Socket
+
+  module Comm
+  end
+
+  require 'ssl_scan/socket/parameters'
+  require 'ssl_scan/socket/tcp'
+  require 'ssl_scan/socket/tcp_server'
+
+  require 'ssl_scan/socket/comm'
+  require 'ssl_scan/socket/comm/local'
+
+  require 'ssl_scan/socket/switch_board'
+  require 'ssl_scan/socket/subnet_walker'
+  require 'ssl_scan/socket/range_walker'
+
+  ##
+  #
+  # Factory methods
+  #
+  ##
+
+  #
+  # Create a socket instance using the supplied parameter hash.
+  #
+  def self.create(opts = {})
+    return create_param(SSLScan::Socket::Parameters.from_hash(opts))
+  end
+
+  #
+  # Create a socket using the supplied SSLScan::Socket::Parameter instance.
+  #
+  def self.create_param(param)
+    return param.comm.create(param)
+  end
+
+  #
+  # Create a TCP socket using the supplied parameter hash.
+  #
+  def self.create_tcp(opts = {})
+    return create_param(SSLScan::Socket::Parameters.from_hash(opts.merge('Proto' => 'tcp')))
+  end
+
+  #
+  # Create a TCP server socket using the supplied parameter hash.
+  #
+  def self.create_tcp_server(opts = {})
+    return create_tcp(opts.merge('Server' => true))
+  end
+
+  #
+  # Create a UDP socket using the supplied parameter hash.
+  #
+  def self.create_udp(opts = {})
+    return create_param(SSLScan::Socket::Parameters.from_hash(opts.merge('Proto' => 'udp')))
+  end
+
+  #
+  # Create a IP socket using the supplied parameter hash.
+  #
+  def self.create_ip(opts = {})
+    return create_param(SSLScan::Socket::Parameters.from_hash(opts.merge('Proto' => 'ip')))
+  end
+
+
+  #
+  # Common Regular Expressions
+  #
+
+  MATCH_IPV6 = /^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/
+
+  MATCH_IPV4 = /^\s*(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))\s*$/
+
+  MATCH_IPV4_PRIVATE = /^\s*(?:10\.|192\.168|172.(?:1[6-9]|2[0-9]|3[01])\.|169\.254)/
+
+  ##
+  #
+  # Serialization
+  #
+  ##
+
+
+  # Cache our IPv6 support flag
+  @@support_ipv6 = nil
+
+  #
+  # Determine whether we support IPv6
+  #
+  def self.support_ipv6?
+    return @@support_ipv6 if not @@support_ipv6.nil?
+
+    @@support_ipv6 = false
+
+    if (::Socket.const_defined?('AF_INET6'))
+      begin
+        s = ::Socket.new(::Socket::AF_INET6, ::Socket::SOCK_DGRAM, ::Socket::IPPROTO_UDP)
+        s.close
+        @@support_ipv6 = true
+      rescue
+      end
+    end
+
+    return @@support_ipv6
+  end
+
+  #
+  # Determine whether this is an IPv4 address
+  #
+  def self.is_ipv4?(addr)
+    ( addr =~ MATCH_IPV4 ) ? true : false
+  end
+
+  #
+  # Determine whether this is an IPv6 address
+  #
+  def self.is_ipv6?(addr)
+    ( addr =~ MATCH_IPV6 ) ? true : false
+  end
+
+  #
+  # Checks to see if the supplied address is in "dotted" form
+  #
+  def self.dotted_ip?(addr)
+    # Match IPv6
+    return true if (support_ipv6? and addr =~ MATCH_IPV6)
+
+    # Match IPv4
+    return true if (addr =~ MATCH_IPV4)
+
+    false
+  end
+
+  #
+  # Return true if +addr+ is within the ranges specified in RFC1918, or
+  # RFC5735/RFC3927
+  #
+  def self.is_internal?(addr)
+    if self.dotted_ip?(addr)
+      addr =~ MATCH_IPV4_PRIVATE
+    else
+      false
+    end
+  end
+
+  # Get the first address returned by a DNS lookup for +hostname+.
+  #
+  # @see .getaddresses
+  #
+  # @param (see .getaddresses)
+  # @return [String] ASCII IP address
+  def self.getaddress(hostname, accept_ipv6 = true)
+    getaddresses(hostname, accept_ipv6).first
+  end
+
+  #
+  # Wrapper for +::Socket.gethostbyname+ that takes special care to see if the
+  # supplied address is already an ASCII IP address.  This is necessary to
+  # prevent blocking while waiting on a DNS reverse lookup when we already
+  # have what we need.
+  #
+  # @param hostname [String] A hostname or ASCII IP address
+  # @return [Array<String>]
+  def self.getaddresses(hostname, accept_ipv6 = true)
+    if hostname =~ MATCH_IPV4 or (accept_ipv6 and hostname =~ MATCH_IPV6)
+      return [hostname]
+    end
+
+    res = ::Socket.gethostbyname(hostname)
+    return [] if not res
+
+    # Shift the first three elements out, leaving just the list of
+    # addresses
+    res.shift # name
+    res.shift # alias hostnames
+    res.shift # address_family
+
+    # Rubinius has a bug where gethostbyname returns dotted quads instead of
+    # NBO, but that's what we want anyway, so just short-circuit here.
+    if res[0] =~ MATCH_IPV4 || res[0] =~ MATCH_IPV6
+      unless accept_ipv6
+        res.reject!{ |ascii| ascii =~ MATCH_IPV6 }
+      end
+    else
+      unless accept_ipv6
+        res.reject!{ |nbo| nbo.length != 4 }
+      end
+      res.map!{ |nbo| self.addr_ntoa(nbo) }
+    end
+
+    res
+  end
+
+  #
+  # Wrapper for Socket.gethostbyname which takes into account whether or not
+  # an IP address is supplied.  If it is, then reverse DNS resolution does
+  # not occur.  This is done in order to prevent delays, such as would occur
+  # on Windows.
+  #
+  def self.gethostbyname(host)
+    if (is_ipv4?(host))
+      return [ host, [], 2, host.split('.').map{ |c| c.to_i }.pack("C4") ]
+    end
+
+    if is_ipv6?(host)
+      # pop off the scopeid since gethostbyname isn't smart enough to
+      # deal with it.
+      host, _ = host.split('%', 2)
+    end
+
+    ::Socket.gethostbyname(host)
+  end
+
+  #
+  # Create a sockaddr structure using the supplied IP address, port, and
+  # address family
+  #
+  def self.to_sockaddr(ip, port)
+
+    if (ip == '::ffff:0.0.0.0')
+      ip = support_ipv6?() ? '::' : '0.0.0.0'
+    end
+
+    return ::Socket.pack_sockaddr_in(port, ip)
+  end
+
+  #
+  # Returns the address family, host, and port of the supplied sockaddr as
+  # [ af, host, port ]
+  #
+  def self.from_sockaddr(saddr)
+    port, host = ::Socket::unpack_sockaddr_in(saddr)
+    af = ::Socket::AF_INET
+    if (support_ipv6?() and is_ipv6?(host))
+      af = ::Socket::AF_INET6
+    end
+    return [ af, host, port ]
+  end
+
+  #
+  # Resolves a host to raw network-byte order.
+  #
+  def self.resolv_nbo(host)
+    self.gethostbyname( SSLScan::Socket.getaddress(host, true) )[3]
+  end
+
+  #
+  # Resolves a host to raw network-byte order.
+  #
+  def self.resolv_nbo_list(host)
+    SSLScan::Socket.getaddresses(host).map{|addr| self.gethostbyname(addr)[3] }
+  end
+
+  #
+  # Resolves a host to a network-byte order ruby integer.
+  #
+  def self.resolv_nbo_i(host)
+    addr_ntoi(resolv_nbo(host))
+  end
+
+  #
+  # Resolves a host to a list of network-byte order ruby integers.
+  #
+  def self.resolv_nbo_i_list(host)
+    resolv_nbo_list(host).map{|addr| addr_ntoi(addr) }
+  end
+
+  #
+  # Converts an ASCII IP address to a CIDR mask. Returns
+  # nil if it's not convertable.
+  #
+  def self.addr_atoc(mask)
+    mask_i = resolv_nbo_i(mask)
+    cidr = nil
+    0.upto(32) do |i|
+      if ((1 << i)-1) << (32-i) == mask_i
+        cidr = i
+        break
+      end
+    end
+    return cidr
+  end
+
+  #
+  # Resolves a CIDR bitmask into a dotted-quad. Returns
+  # nil if it's not convertable.
+  #
+  def self.addr_ctoa(cidr)
+    return nil unless (0..32) === cidr.to_i
+    addr_itoa(((1 << cidr)-1) << 32-cidr)
+  end
+
+  #
+  # Resolves a host to a dotted address.
+  #
+  def self.resolv_to_dotted(host)
+    addr_ntoa(addr_aton(host))
+  end
+
+  #
+  # Converts a ascii address into an integer
+  #
+  def self.addr_atoi(addr)
+    resolv_nbo_i(addr)
+  end
+
+  #
+  # Converts a ascii address into a list of addresses
+  #
+  def self.addr_atoi_list(addr)
+    resolv_nbo_i_list(addr)
+  end
+
+  #
+  # Converts an integer address into ascii
+  #
+  # @param (see #addr_iton)
+  # @return (see #addr_ntoa)
+  def self.addr_itoa(addr, v6=false)
+    nboa = addr_iton(addr, v6)
+
+    addr_ntoa(nboa)
+  end
+
+  #
+  # Converts a ascii address to network byte order
+  #
+  def self.addr_aton(addr)
+    resolv_nbo(addr)
+  end
+
+  #
+  # Converts a network byte order address to ascii
+  #
+  # @param addr [String] Packed network-byte-order address
+  # @return [String] Human readable IP address.
+  def self.addr_ntoa(addr)
+    # IPv4
+    if (addr.length == 4)
+      return addr.unpack('C4').join('.')
+    end
+
+    # IPv6
+    if (addr.length == 16)
+      return compress_address(addr.unpack('n8').map{ |c| "%x" % c }.join(":"))
+    end
+
+    raise RuntimeError, "Invalid address format"
+  end
+
+  #
+  # Implement zero compression for IPv6 addresses.
+  # Uses the compression method from Marco Ceresa's IPAddress GEM
+  #
+  # @see https://github.com/bluemonk/ipaddress/blob/master/lib/ipaddress/ipv6.rb
+  #
+  # @param addr [String] Human readable IPv6 address
+  # @return [String] Human readable IPv6 address with runs of 0s removed
+  def self.compress_address(addr)
+    return addr unless is_ipv6?(addr)
+    addr = addr.dup
+    while true
+      break if addr.sub!(/\A0:0:0:0:0:0:0:0\Z/, '::')
+      break if addr.sub!(/\b0:0:0:0:0:0:0\b/, ':')
+      break if addr.sub!(/\b0:0:0:0:0:0\b/, ':')
+      break if addr.sub!(/\b0:0:0:0:0\b/, ':')
+      break if addr.sub!(/\b0:0:0:0\b/, ':')
+      break if addr.sub!(/\b0:0:0\b/, ':')
+      break if addr.sub!(/\b0:0\b/, ':')
+      break
+    end
+    addr.sub(/:{3,}/, '::')
+  end
+
+  #
+  # Converts a network byte order address to an integer
+  #
+  def self.addr_ntoi(addr)
+
+    bits = addr.unpack("N*")
+
+    if (bits.length == 1)
+      return bits[0]
+    end
+
+    if (bits.length == 4)
+      val = 0
+      bits.each_index { |i| val += (  bits[i] << (96 - (i * 32)) ) }
+      return val
+    end
+
+    raise RuntimeError, "Invalid address format"
+  end
+
+  #
+  # Converts an integer into a network byte order address
+  #
+  # @param addr [Numeric] The address as a number
+  # @param v6 [Boolean] Whether +addr+ is IPv6
+  def self.addr_iton(addr, v6=false)
+    if(addr < 0x100000000 && !v6)
+      return [addr].pack('N')
+    else
+      w    = []
+      w[0] = (addr >> 96) & 0xffffffff
+      w[1] = (addr >> 64) & 0xffffffff
+      w[2] = (addr >> 32) & 0xffffffff
+      w[3] = addr & 0xffffffff
+      return w.pack('N4')
+    end
+  end
+
+  #
+  # Converts a colon-delimited MAC address into a 6-byte binary string
+  #
+  def self.eth_aton(mac)
+    mac.split(":").map{|c| c.to_i(16) }.pack("C*")
+  end
+
+  #
+  # Converts a 6-byte binary string into a colon-delimited MAC address
+  #
+  def self.eth_ntoa(bin)
+    bin.unpack("C6").map{|x| "%.2x" % x }.join(":").upcase
+  end
+
+  #
+  # Converts a CIDR subnet into an array (base, bcast)
+  #
+  def self.cidr_crack(cidr, v6=false)
+    tmp = cidr.split('/')
+
+    tst,scope = tmp[0].split("%",2)
+    scope     = "%" + scope if scope
+    scope   ||= ""
+
+    addr = addr_atoi(tst)
+
+    bits = 32
+    mask = 0
+    use6 = false
+
+    if (addr > 0xffffffff or v6 or cidr =~ /:/)
+      use6 = true
+      bits = 128
+    end
+
+    mask = (2 ** bits) - (2 ** (bits - tmp[1].to_i))
+    base = addr & mask
+
+    stop = base + (2 ** (bits - tmp[1].to_i)) - 1
+    return [self.addr_itoa(base, use6) + scope, self.addr_itoa(stop, use6) + scope]
+  end
+
+  #
+  # Converts a netmask (255.255.255.240) into a bitmask (28).  This is the
+  # lame kid way of doing it.
+  #
+  def self.net2bitmask(netmask)
+
+    nmask = resolv_nbo(netmask)
+    imask = addr_ntoi(nmask)
+    bits  = 32
+
+    if (imask > 0xffffffff)
+      bits = 128
+    end
+
+    0.upto(bits-1) do |bit|
+      p = 2 ** bit
+      return (bits - bit) if ((imask & p) == p)
+    end
+
+    0
+  end
+
+  #
+  # Converts a bitmask (28) into a netmask (255.255.255.240)
+  #
+  def self.bit2netmask(bitmask, ipv6=false)
+    if bitmask > 32 or ipv6
+      i = ((~((2 ** (128 - bitmask)) - 1)) & (2**128-1))
+      n = SSLScan::Socket.addr_iton(i, true)
+      return SSLScan::Socket.addr_ntoa(n)
+    else
+      [ (~((2 ** (32 - bitmask)) - 1)) & 0xffffffff ].pack('N').unpack('CCCC').join('.')
+    end
+  end
+
+
+  def self.portspec_crack(pspec)
+    portspec_to_portlist(pspec)
+  end
+
+  #
+  # Converts a port specification like "80,21-23,443" into a sorted,
+  # unique array of valid port numbers like [21,22,23,80,443]
+  #
+  def self.portspec_to_portlist(pspec)
+    ports = []
+
+    # Build ports array from port specification
+    pspec.split(/,/).each do |item|
+      start, stop = item.split(/-/).map { |p| p.to_i }
+
+      start ||= 0
+      stop ||= item.match(/-/) ? 65535 : start
+
+      start, stop = stop, start if stop < start
+
+      start.upto(stop) { |p| ports << p }
+    end
+
+    # Sort, and remove dups and invalid ports
+    ports.sort.uniq.delete_if { |p| p < 1 or p > 65535 }
+  end
+
+  #
+  # Converts a port list like [1,2,3,4,5,100] into a
+  # range specification like "1-5,100"
+  #
+  def self.portlist_to_portspec(parr)
+    ranges = []
+    range  = []
+    lastp  = nil
+
+    parr.uniq.sort{|a,b| a<=>b}.map{|a| a.to_i}.each do |n|
+      next if (n < 1 or n > 65535)
+      if not lastp
+        range = [n]
+        lastp = n
+        next
+      end
+
+      if lastp == n - 1
+        range << n
+      else
+        ranges << range
+        range = [n]
+      end
+      lastp = n
+    end
+
+    ranges << range
+    ranges.delete(nil)
+    ranges.uniq.map{|x| x.length == 1 ? "#{x[0]}" : "#{x[0]}-#{x[-1]}"}.join(",")
+  end
+
+  ##
+  #
+  # Utility class methods
+  #
+  ##
+
+  #
+  # This method does NOT send any traffic to the destination, instead, it uses a
+  # "bound" UDP socket to determine what source address we would use to
+  # communicate with the specified destination. The destination defaults to
+  # Google's DNS server to make the standard behavior determine which IP
+  # we would use to communicate with the internet.
+  #
+  def self.source_address(dest='8.8.8.8', comm = ::SSLScan::Socket::Comm::Local)
+    begin
+      s = self.create_udp(
+        'PeerHost' => dest,
+        'PeerPort' => 31337,
+        'Comm'     => comm
+      )
+      r = s.getsockname[1]
+      s.close
+
+      # Trim off the trailing interface ID for link-local IPv6
+      return r.split('%').first
+    rescue ::Exception
+      return '127.0.0.1'
+    end
+  end
+
+  #
+  # Identifies the link-local address of a given interface (if IPv6 is enabled)
+  #
+  def self.ipv6_link_address(intf)
+    r = source_address("FF02::1%#{intf}")
+    return nil if r.nil? || r !~ /^fe80/i
+    r
+  end
+
+  #
+  # Identifies the mac address of a given interface (if IPv6 is enabled)
+  #
+  def self.ipv6_mac(intf)
+    r = ipv6_link_address(intf)
+    return if not r
+    raw = addr_aton(r)[-8, 8]
+    (raw[0,3] + raw[5,3]).unpack("C*").map{|c| "%.2x" % c}.join(":")
+  end
+
+  #
+  # Create a TCP socket pair.
+  #
+  # sf: This create a socket pair using native ruby sockets and will work
+  # on Windows where ::Socket.pair is not implemented.
+  # Note: OpenSSL requires native ruby sockets for its io.
+  #
+  # Note: Even though sub-threads are smashing the parent threads local, there
+  #       is no concurrent use of the same locals and this is safe.
+  def self.tcp_socket_pair
+    lsock   = nil
+    rsock   = nil
+    laddr   = '127.0.0.1'
+    lport   = 0
+    threads = []
+    mutex   = ::Mutex.new
+
+    threads << SSLScan::ThreadFactory.spawn('TcpSocketPair', false) {
+      server = nil
+      mutex.synchronize {
+        threads << SSLScan::ThreadFactory.spawn('TcpSocketPairClient', false) {
+          mutex.synchronize {
+            rsock = ::TCPSocket.new( laddr, lport )
+          }
+        }
+        server = ::TCPServer.new(laddr, 0)
+        if (server.getsockname =~ /127\.0\.0\.1:/)
+          # JRuby ridiculousness
+          caddr, lport = server.getsockname.split(":")
+          caddr = caddr[1,caddr.length]
+          lport = lport.to_i
+        else
+          # Sane implementations where Socket#getsockname returns a
+          # sockaddr
+          lport, caddr = ::Socket.unpack_sockaddr_in( server.getsockname )
+        end
+      }
+      lsock, _ = server.accept
+      server.close
+    }
+
+    threads.each { |t| t.join }
+
+    return [lsock, rsock]
+  end
+
+  #
+  # Create a UDP socket pair using native ruby UDP sockets.
+  #
+  def self.udp_socket_pair
+    laddr = '127.0.0.1'
+
+    lsock = ::UDPSocket.new
+    lsock.bind( laddr, 0 )
+
+    rsock = ::UDPSocket.new
+    rsock.bind( laddr, 0 )
+
+    rsock.connect( *lsock.addr.values_at(3,1) )
+
+    lsock.connect( *rsock.addr.values_at(3,1) )
+
+    return [lsock, rsock]
+  end
+
+
+  ##
+  #
+  # Class initialization
+  #
+  ##
+
+  #
+  # Initialize general socket parameters.
+  #
+  def initsock(params = nil)
+    if (params)
+      self.peerhost  = params.peerhost
+      self.peerport  = params.peerport
+      self.localhost = params.localhost
+      self.localport = params.localport
+      self.context   = params.context || {}
+      self.ipv       = params.v6 ? 6 : 4
+    end
+  end
+
+  #
+  # By default, all sockets are themselves selectable file descriptors.
+  #
+  def fd
+    self
+  end
+
+  #
+  # Returns local connection information.
+  #
+  def getsockname
+    Socket.from_sockaddr(super)
+  end
+
+  #
+  # Wrapper around getsockname
+  #
+  def getlocalname
+    getsockname
+  end
+
+  #
+  # Return peer connection information.
+  #
+  def getpeername
+    return Socket.from_sockaddr(super)
+  end
+
+  #
+  # Returns a string that indicates the type of the socket, such as 'tcp'.
+  #
+  def type?
+    raise NotImplementedError, "Socket type is not supported."
+  end
+
+  #
+  # The peer host of the connected socket.
+  #
+  attr_reader :peerhost
+  #
+  # The peer port of the connected socket.
+  #
+  attr_reader :peerport
+  #
+  # The local host of the connected socket.
+  #
+  attr_reader :localhost
+  #
+  # The local port of the connected socket.
+  #
+  attr_reader :localport
+  #
+  # The IP version of the socket
+  #
+  attr_reader :ipv
+  #
+  # Contextual information that describes the source and other
+  # instance-specific attributes.  This comes from the param.context
+  # attribute.
+  #
+  attr_reader :context
+
+protected
+
+  attr_writer :peerhost, :peerport, :localhost, :localport # :nodoc:
+  attr_writer :context # :nodoc:
+  attr_writer :ipv # :nodoc:
+
+end
+
+end
+
+#
+# Globalized socket constants
+#
+SHUT_RDWR = ::Socket::SHUT_RDWR
+SHUT_RD   = ::Socket::SHUT_RD
+SHUT_WR   = ::Socket::SHUT_WR