diff options
Diffstat (limited to 'plugins/mod_s2s.lua')
| -rw-r--r-- | plugins/mod_s2s.lua | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 88b73eba..04fd5bc3 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -43,6 +43,12 @@ local secure_domains, insecure_domains = local require_encryption = module:get_option_boolean("s2s_require_encryption", true); local stanza_size_limit = module:get_option_integer("s2s_stanza_size_limit", 1024*512, 10000); +local advertised_idle_timeout = 14*60; -- default in all net.server implementations +local network_settings = module:get_option("network_settings"); +if type(network_settings) == "table" and type(network_settings.read_timeout) == "number" then + advertised_idle_timeout = network_settings.read_timeout; +end + local measure_connections_inbound = module:metric( "gauge", "connections_inbound", "", "Established incoming s2s connections", @@ -258,10 +264,15 @@ function module.add_host(module) module:hook("route/remote", route_to_existing_session, -1); module:hook("route/remote", route_to_new_session, -10); module:hook("s2sout-stream-features", function (event) + if not (stanza_size_limit or advertised_idle_timeout) then return end + local limits = event.features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" }) if stanza_size_limit then - event.features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" }) - :text_tag("max-bytes", string.format("%d", stanza_size_limit)):up(); + limits:text_tag("max-bytes", string.format("%d", stanza_size_limit)); end + if advertised_idle_timeout then + limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout)); + end + limits:up(); end); module:hook_tag("urn:xmpp:bidi", "bidi", function(session, stanza) -- Advertising features on bidi connections where no <stream:features> is sent in the other direction @@ -551,10 +562,16 @@ function stream_callbacks._streamopened(session, attr) end if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then - if stanza_size_limit then + if stanza_size_limit or advertised_idle_timeout then + features:reset(); + local limits = features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" }); + if stanza_size_limit then + limits:text_tag("max-bytes", string.format("%d", stanza_size_limit)); + end + if advertised_idle_timeout then + limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout)); + end features:reset(); - features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" }) - :text_tag("max-bytes", string.format("%d", stanza_size_limit)):up(); end log("debug", "Sending stream features: %s", features); @@ -969,7 +986,7 @@ end -- Complete the sentence "Your certificate " with what's wrong local function friendly_cert_error(session) --> string if session.cert_chain_status == "invalid" then - if session.cert_chain_errors then + if type(session.cert_chain_errors) == "table" then local cert_errors = set.new(session.cert_chain_errors[1]); if cert_errors:contains("certificate has expired") then return "has expired"; @@ -989,6 +1006,7 @@ local function friendly_cert_error(session) --> string return "does not match any DANE TLSA records"; end end + -- TODO cert_chain_errors can be a string, handle that return "is not trusted"; -- for some other reason elseif session.cert_identity_status == "invalid" then return "is not valid for this name"; |