powered by Jive Software

S2S Bug

While testing Wildfire 2.4.2 against my own S2S implementation ive discovered a bug when trying to contact components running on Wildfire such as conference and search, when my server sends disco info requests to all three entities:

wildfire.mydomain.com

conference.wildfire.mydomain.com

search.wildfire.mydomain.com

the requests to wildfire go fine with my server establishing three incoming streams to wildfire one for each domain name, but when wildfire replies with the disco results it only establishes one stream back and only dialback authenticates for the domain in the first stanza which will come through fine, but then wildfire tries to also send the other stanzas over this connection but without using another db:result first to authenticate the sending of stanzas from this extra domain name (as the xmpp specs say it should) which results in my server responding with an stream:error</stream:error> error and disconnects the socket.

Have a look at http://www.xmpp.org/specs/rfc3920.html#dialback-protocol, 8.3.10 specifically the following section:

“After successful dialback negotiation, the Receiving Server SHOULD accept subsequent db:result/ packets (e.g., validation requests sent to a subdomain or other hostname serviced by the Receiving Server) from the Originating Server over the existing validated connection; this enables “piggybacking” of the original validated connection in one direction.”

and

“Furthermore, a server MUST verify that the ‘‘from’’ attribute of stanzas received from the other server includes a validated domain for the stream; if a stanza does not meet this restriction, the server that receives the stanza MUST generate an stream error condition and terminate both the XML stream and the underlying TCP connection.”

Either this or you need to be creating extra connections on behalf of each domain name that you are sending out from.

I have a log of the socket traffic if its helpful.

any and all logs you could provide would hopefully prove useful

Where would you like me to send it?

Where would you like me to send it? Have you looked into this bug yet? as it is pretty serious

Hey rickyd,

I would like to review the exchanged stanzas to figure out what’'s going on so feel free to send them to me by email. You can get my email from my profile.

I would also like to confirm the scenario and the problem.

Server 1 (Wildfire server) hosting domains:

wildfire.mydomain.com

conference.wildfire.mydomain.com

search.wildfire.mydomain.com

Server 2 (I don’‘t know if it’'s Wildfire or not) hosting domain:

I don’‘t know the domain but I’‘m guessing that’'s one domain

So server 2 sends 3 disco requests to server 1. Each disco request is sent to each subdomain. Three outgoing connections are being created from server 2 to server 1 (which is fine). But server 2 is creating only 1 outgoing connection to server 1 (which is fine) but it never did piggybacking for two of its subdomains. Is this correct?

Thanks,

– Gato

Hi,

Ive forwarded you some socket logs appropriate to this problem, yup server 1 is wildfire in the configuration you describe, and server 2 is my own implementation which as far as this scenario goes is one domain, this came to light while I was testing my S2S implementation against all the servers that I could.

Yup you understand the problem correctly.

Richard

Hey Richard,

The problem JM-542 has been fixed. Doing some more testings I fixed JM-543 and JM-544 too. You may find the bug fixes in the next nightly build.

Thanks,

– Gato