From f18e33228d3ca99be0c45fc1084ccd4f27d3ef87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Wed, 21 Apr 2021 17:11:58 +0200 Subject: s2s et al.: Add counters for connection state transitions --- plugins/mod_dialback.lua | 6 +++--- plugins/mod_s2s.lua | 51 ++++++++++++++++++++++++++++++++++++++++++------ plugins/mod_saslauth.lua | 4 ++-- 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index f580d948..7396e07e 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -115,7 +115,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event) return elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); - module:fire_event("s2s-authenticated", { session = origin, host = from }); + module:fire_event("s2s-authenticated", { session = origin, host = from, mechanism = "dialback" }); return true; end end @@ -151,7 +151,7 @@ module:hook("stanza/jabber:server:dialback:verify", function(event) if dialback_verifying and attr.from == origin.to_host then local valid; if attr.type == "valid" then - module:fire_event("s2s-authenticated", { session = dialback_verifying, host = attr.from }); + module:fire_event("s2s-authenticated", { session = dialback_verifying, host = attr.from, mechanism = "dialback" }); valid = "valid"; else -- Warn the original connection that is was not verified successfully @@ -188,7 +188,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event) return true; end if stanza.attr.type == "valid" then - module:fire_event("s2s-authenticated", { session = origin, host = attr.from }); + module:fire_event("s2s-authenticated", { session = origin, host = attr.from, mechanism = "dialback" }); else origin:close("not-authorized", "dialback authentication failed"); end diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 20c8403a..679f97e9 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -52,6 +52,26 @@ local measure_connections_outbound = module:metric( {"host", "type", "ip_family"} ); +local m_accepted_tcp_connections = module:metric( + "counter", "accepted_tcp", "", + "Accepted incoming connections on the TCP layer" +); +local m_authn_connections = module:metric( + "counter", "authenticated", "", + "Authenticated incoming connections", + {"host", "direction", "mechanism"} +); +local m_initiated_connections = module:metric( + "counter", "initiated", "", + "Initiated outbound connections", + {"host"} +); +local m_closed_connections = module:metric( + "counter", "closed", "", + "Closed connections", + {"host", "direction", "error"} +); + local sessions = module:shared("sessions"); local runner_callbacks = {}; @@ -190,6 +210,7 @@ function route_to_new_session(event) host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; log("debug", "stanza [%s] queued until connection complete", stanza.name); connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session }); + m_initiated_connections:with_labels(from_host):add(1) return true; end @@ -310,6 +331,9 @@ function make_authenticated(event) end session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); + local local_host = session.direction == "incoming" and session.to_host or session.from_host + m_authn_connections:with_labels(local_host, session.direction, event.mechanism or "other"):add(1) + if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then -- Stream either used dialback for authentication or is an incoming stream. mark_connected(session); @@ -528,25 +552,39 @@ local function session_close(session, reason, remote_reason, bounce_reason) session:open_stream(session.from_host, session.to_host); end end + + local this_host = session.direction == "incoming" and session.to_host or session.from_host + if reason then -- nil == no err, initiated by us, false == initiated by remote local stream_error; + local condition, text, extra if type(reason) == "string" then -- assume stream error - stream_error = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); + condition = reason elseif type(reason) == "table" and not st.is_stanza(reason) then - stream_error = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); - if reason.text then - stream_error:tag("text", stream_xmlns_attr):text(reason.text):up(); + condition = reason.condition or "undefined-condition" + text = reason.text + extra = reason.extra + end + if condition then + stream_error = st.stanza("stream:error"):tag(condition, stream_xmlns_attr):up(); + if text then + stream_error:tag("text", stream_xmlns_attr):text(text):up(); end - if reason.extra then - stream_error:add_child(reason.extra); + if extra then + stream_error:add_child(extra); end end + if this_host and condition then + m_closed_connections:with_labels(this_host, session.direction, condition):add(1) + end if st.is_stanza(stream_error) then -- to and from are never unknown on outgoing connections log("debug", "Disconnecting %s->%s[%s], is: %s", session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); session.sends2s(stream_error); end + else + m_closed_connections:with_labels(this_host, session.direction, reason == false and ":remote-choice" or ":local-choice"):add(1) end session.sends2s(""); @@ -690,6 +728,7 @@ function listener.onconnect(conn) sessions[conn] = session; session.log("debug", "Incoming s2s connection"); initialize_session(session); + m_accepted_tcp_connections:with_labels():add(1) else -- Outgoing session connected session:open_stream(session.from_host, session.to_host); end diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 97186325..212b977a 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -91,7 +91,7 @@ module:hook_tag(xmlns_sasl, "success", function (session) session:reset_stream(); session:open_stream(session.from_host, session.to_host); - module:fire_event("s2s-authenticated", { session = session, host = session.to_host }); + module:fire_event("s2s-authenticated", { session = session, host = session.to_host, mechanism = "EXTERNAL" }); return true; end) @@ -192,7 +192,7 @@ local function s2s_external_auth(session, stanza) session.external_auth = "succeeded"; session.sends2s(build_reply("success")); module:log("info", "Accepting SASL EXTERNAL identity from %s", session.from_host); - module:fire_event("s2s-authenticated", { session = session, host = session.from_host }); + module:fire_event("s2s-authenticated", { session = session, host = session.from_host, mechanism = mechanism }); session:reset_stream(); return true; end -- cgit v1.2.3