Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Timesheets
Builds
Packages
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1540
Deprecate `localpart@domain` component addressing (#1540)
Open
wojciech.kapcia@tigase.net opened 3 weeks ago

to-do (based on Andrzej's comment below):

  • review all places where amp is used for addressing and adjust them
  • review other/all components
  • adjust routing mechanism in MessageRouter to skip looking for components at localpart@domain (that should speed up routing).

Original issue:

[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : 1. Packet will be processed by: amp@ip-172-31-22-51.us-west-2.compute.internal, from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : My packet: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:037] [FINEST  ] [              in_7-amp ] AmpComponent.processPacket()     : processing packet = from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
[2024-08-25 18:09:52:039] [WARNING ] [              in_7-amp ] AmpComponent.processPacket()     : Not an AMP packet! from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<message xmlns="jabber:client" id="1205127" type="headline" to="amp@sure.im/750395308-tigase-85275" from="amp@sure.im"><event xmlns="http://jabber.org/protocol/pubsub#event"><items node="http://jabber.org/protocol/tune"><item id="3h1t1eetjv1g7jdlel0"><tune xmlns="http://jabber.org/protocol/tune"/></item></items></event></message>, SIZE=331, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=headline, STABLE_ID=null
Andrzej Wójcik (Tigase) commented 3 weeks ago

Did someone created account amp@sure.im?
wojciech.kapcia@tigase.net commented 3 weeks ago

Hmm... it looks like that - there was another packet with captcha that was explicitly addressed to amp@sure.im.

I think we should have "forbidden" addresses that would take into consideration configured components addressess.
Andrzej Wójcik (Tigase) commented 3 weeks ago

Yes, however, I think that the main cause was usage of localpart@domain for internal components. If we would use ie. amp.sure.im that would solve this issue and wouldn't allow it to happen - there wouldn't be anything to block. Most of the components are using "domain-only" jids as their address but some still use localpart@domain format.
wojciech.kapcia@tigase.net commented 3 weeks ago

So basically adjust:

	@ConfigField(desc = "AMP component JID", alias = AMP_JID_PROP_KEY)
	private JID ampJID = JID.jidInstanceNS("amp@" + defHost);

?

Should we rename this issue into: "make all components use domain for addressing" that would entail reviewing all components?
Andrzej Wójcik (Tigase) commented 3 weeks ago

I think that we would need to review all places where amp is used for addressing and adjust them (also changing the line you mentioned) and then review other/all components. I think this would be a better approach and with that we could adjust routing mechanism in MessageRouter to skip looking for components at localpart@domain (that should speed up routing).
wojciech.kapcia@tigase.net changed title 3 weeks ago
Previous Value Current Value 
Not an AMP packet for PEP/tune packets
 
Deprecate `localpart@domain` component addressing
wojciech.kapcia@tigase.net changed fields 3 weeks ago
Name Previous Value Current Value 
Version
 empty 
tigase-server-9.0.0, tigase-server-8.5.0
wojciech.kapcia@tigase.net added to iteration "tigase-server-9.0.0" 3 weeks ago
wojciech.kapcia@tigase.net added to iteration "tigase-server-8.5.0" 3 weeks ago
wojciech.kapcia@tigase.net commented 3 weeks ago
  • adjusted subject
  • added to-do list
  • slated for 8.5.0 (changing AMP addressing, marking as deprecated API) and 9.0.0 (removal localhost@domain addressing)
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Andrzej Wójcik (Tigase)
wojciech.kapcia@tigase.net
Version
tigase-server-9.0.0, tigase-server-8.5.0
Sprints
n/a
Customer
n/a
Iterations
Issue Votes (0)
Login to vote
Watchers (3)
Reference
tigase/_server/server-core#1540
Please wait...
Page is in error, reload to recover