diff options
| author | Matthew Wild <mwild1@gmail.com> | 2021-05-07 17:03:49 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2021-05-07 17:03:49 +0100 |
| commit | 4c4e764e23cd7d103868a73a0cdb5a7bdcaa4bea (patch) | |
| tree | 7aef7341dcea6d08c8fb676712d77982054b289c | |
| parent | 4c7989e7e4c95ccfbdc189abc5bdea9aa9e90b02 (diff) | |
| download | prosody-4c4e764e23cd7d103868a73a0cdb5a7bdcaa4bea.tar.gz prosody-4c4e764e23cd7d103868a73a0cdb5a7bdcaa4bea.zip | |
mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB.
These values are aligned with ejabberd's default settings, which should reduce
issues related to inconsistent size limits between servers on the XMPP network.
The previous default (10MB) is excessive for any production server, and allows
significant memory usage by even unauthenticated sessions.
| -rw-r--r-- | plugins/mod_bosh.lua | 3 | ||||
| -rw-r--r-- | plugins/mod_c2s.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_component.lua | 3 | ||||
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_websocket.lua | 2 |
5 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 52168670..db7ae03e 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -45,6 +45,7 @@ local bosh_max_wait = module:get_option_number("bosh_max_wait", 120); local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure"); local cross_domain = module:get_option("cross_domain_bosh", false); +local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024*256); if cross_domain == true then cross_domain = "*"; end if type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end @@ -115,7 +116,7 @@ function handle_POST(event) local body = request.body; local context = { request = request, response = response, notopen = true }; - local stream = new_xmpp_stream(context, stream_callbacks); + local stream = new_xmpp_stream(context, stream_callbacks, stanza_size_limit); response.context = context; local headers = response.headers; diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 8d4dcfb8..f19f9df5 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -26,7 +26,7 @@ local log = module._log; local c2s_timeout = module:get_option_number("c2s_timeout", 300); local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local opt_keepalives = module:get_option_boolean("c2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); -local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) +local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024*256); local measure_connections = module:measure("connections", "amount"); local measure_ipv6 = module:measure("ipv6", "amount"); diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index b41204a2..51d731c7 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -27,6 +27,7 @@ local hosts = prosody.hosts; local log = module._log; local opt_keepalives = module:get_option_boolean("component_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); +local stanza_size_limit = module:get_option_number("component_stanza_size_limit", module:get_option_number("s2s_stanza_size_limit", 1024*512)); local sessions = module:shared("sessions"); @@ -297,7 +298,7 @@ function listener.onconnect(conn) session.log("info", "Incoming Jabber component connection"); - local stream = new_xmpp_stream(session, stream_callbacks); + local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); session.stream = stream; session.notopen = true; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 8e398f56..b2376b97 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -37,7 +37,7 @@ local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One local secure_domains, insecure_domains = module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; local require_encryption = module:get_option_boolean("s2s_require_encryption", false); -local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) +local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512); local measure_connections = module:measure("connections", "amount"); local measure_ipv6 = module:measure("ipv6", "amount"); diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index a613672b..60c76605 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -28,7 +28,7 @@ local parse_close = websocket_frames.parse_close; local t_concat = table.concat; -local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 10 * 1024 * 1024); +local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024 * 256); local frame_buffer_limit = module:get_option_number("websocket_frame_buffer_limit", 2 * stanza_size_limit); local frame_fragment_limit = module:get_option_number("websocket_frame_fragment_limit", 8); local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); |