powered by Jive Software

Packet tags/envelopes

Hi,

I’‘d like to chime in with the suggestion of providing for the option of “packet tagging” or enveloping in whatever protocol we’‘re using between CM and core router. One of the aspects of a CM I’‘m particularly interested in is providing pre-router services like DoS attack detection/prevention, XML validation, resource control (anti-flooding), spim filtering, etc. Essentially XMPP firewalling and content filtering based solely on packet contents. I’'ve spoken with a network hardware manufacturer and this is of interest to them as well so it could be a major win for everyone.

These tasks seem particularly well suited to a CM/core router architecture. In order for this to work well with the core router, it would be ideal for the CM to have the option of marking packets in some standard way with information the core router can use with it’'s business/routing logic. For example, we could have spamassassin-like spim scoring added that would let the core router dump, quarantine, or otherwise act on.

One protocol improvement this may suggest is some way for the CM to provide information to the core router in a way that the core router can look at the tags/envelope and skip a packet without parsing it - this seems to imply some method of providing a content length pretty early in a packet and some mechanism for the server to stop reading a partial packet without the xml parser barfing. Further optimization would to move the addresses up into the tags/envelope so that routing could be done for the most part by the core router without XML parsing (unless business logic needs to access the packet contents in which case the core router could lazily parse and load an appropriate java object).

The simplest would be something like

basically putting email like headers between each packet in the stream. It’'s not pure xml and not as consistent as a normal xmpp stream but could save the core router a LOT of processing and allow the CM to provide tons of extensible services to the CR.

Thoughts? Too radical?

-iain

There is definitely a requirement to beef up support for handling DoS et al. esp if the goal is to support large numbers of client (10k per CM).

Guess it will boil down priorites, that will be up to Matt I suppose, but sounds good to me.

Conor.

Down towards the bottom of this http://www.jivesoftware.org/community/thread.jspa?threadID=16063&tstart=0 I put together a workflow for inbound and outbound packets. It wouldn’'t be too difficult to add a stage for plugins to operate on the content.

Noah