From 522f448b356cf7f5b11e9af228e0aa64fd8fa27d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Sep 2016 15:01:16 +0200 Subject: mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval --- plugins/mod_c2s.lua | 8 +++----- plugins/mod_s2s/mod_s2s.lua | 13 +++---------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 1b5dd91a..041eb1f2 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -27,7 +27,7 @@ local c2s_timeout = module:get_option_number("c2s_timeout"); local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local opt_keepalives = module:get_option_boolean("c2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); -local measure_connections = module:measure("connections", "counter"); +local measure_connections = module:measure("connections", "amount"); local sessions = module:shared("sessions"); local core_process_stanza = prosody.core_process_stanza; @@ -36,7 +36,7 @@ local hosts = prosody.hosts; local stream_callbacks = { default_ns = "jabber:client" }; local listener = {}; -do +module:hook("stats-update", function () -- Connection counter resets to 0 on load and reload -- Bump it up to current value local count = 0; @@ -44,7 +44,7 @@ do count = count + 1; end measure_connections(count); -end +end); --- Stream events handlers local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; @@ -207,7 +207,6 @@ end, 200); --- Port listener function listener.onconnect(conn) - measure_connections(1); local session = sm_new_session(conn); sessions[conn] = session; @@ -276,7 +275,6 @@ function listener.onincoming(conn, data) end function listener.ondisconnect(conn, err) - measure_connections(-1); local session = sessions[conn]; if session then (session.log or log)("info", "Client disconnected: %s", err or "connection closed"); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ae9a746a..d190d631 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -37,13 +37,13 @@ local secure_domains, insecure_domains = module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; local require_encryption = module:get_option_boolean("s2s_require_encryption", false); -local measure_connections = module:measure("connections", "counter"); +local measure_connections = module:measure("connections", "amount"); local sessions = module:shared("sessions"); local log = module._log; -do +module:hook("stats-update", function () -- Connection counter resets to 0 on load and reload -- Bump it up to current value local count = 0; @@ -51,7 +51,7 @@ do count = count + 1; end measure_connections(count); -end +end); --- Handle stanzas to remote domains @@ -588,7 +588,6 @@ local function initialize_session(session) end function listener.onconnect(conn) - measure_connections(1); conn:setoption("keepalive", opt_keepalives); local session = sessions[conn]; if not session then -- New incoming connection @@ -619,13 +618,7 @@ function listener.onstatus(conn, status) end end -function listener.ontimeout(conn) - -- Called instead of onconnect when the connection times out - measure_connections(1); -end - function listener.ondisconnect(conn, err) - measure_connections(-1); local session = sessions[conn]; if session then sessions[conn] = nil; -- cgit v1.2.3 From b421c1992ef67364a3abc0469a5b90ba26110c61 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Sep 2016 15:49:24 +0200 Subject: core.certmanager: Split cipher list into array with comments explaining each part --- core/certmanager.lua | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index c286a901..3872bd9a 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -103,7 +103,16 @@ local core_defaults = { }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; - ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL"; + ciphers = { -- Enabled ciphers in order of preference: + "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set + "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange + "HIGH", -- Other "High strength" ciphers + -- Disabled cipher suites: + "!PSK", -- Pre-Shared Key - not used for XMPP + "!SRP", -- Secure Remote Password - not used for XMPP + "!3DES", -- 3DES - slow and of questionable security + "!aNULL", -- Ciphers that does not authenticate the connection + }; } local path_options = { -- These we pass through resolve_path() key = true, certificate = true, cafile = true, capath = true, dhparam = true -- cgit v1.2.3 From 503a9c65cd8e53dfd721e2fcc9797649299b1e75 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Sep 2016 16:08:34 +0200 Subject: core.statsmanager: Use correct variable for config validation [luacheck] --- core/statsmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/statsmanager.lua b/core/statsmanager.lua index 67702dd9..237b1dd5 100644 --- a/core/statsmanager.lua +++ b/core/statsmanager.lua @@ -6,7 +6,7 @@ local fire_event = prosody.events.fire_event; local stats_interval_config = config.get("*", "statistics_interval"); local stats_interval = tonumber(stats_interval_config); -if stats_config and not stats_interval then +if stats_interval_config and not stats_interval then log("error", "Invalid 'statistics_interval' setting, statistics will be disabled"); end -- cgit v1.2.3 From cd10e4439e1c9b6209f87bb6c77e51fb2f7992fc Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 12 Sep 2016 22:30:37 +0100 Subject: mod_component: Fire 'component-disconnected' event on host, to maintain consistency - sessions with no host never authenticated. Fixes #737 --- plugins/mod_component.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index eebaaf3e..0de4d23f 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -314,7 +314,9 @@ function listener.ondisconnect(conn, err) local session = sessions[conn]; if session then (session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err)); - module:fire_event("component-disconnected", { session = session, reason = err }); + if session.host then + module:context(session.host):fire_event("component-disconnected", { session = session, reason = err }); + end if session.on_destroy then session:on_destroy(err); end sessions[conn] = nil; for k in pairs(session) do -- cgit v1.2.3