From 681ac46aae48487a36b2b6c8310ba7e1a161cc6c Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 11 Mar 2022 20:33:03 +0000 Subject: prosodyctl: check turn: warn about external port mismatches behind NAT Some NATs don't preserve port numbers, which can cause the TURN server's reported relay address to be incorrect (the TURN server has no way to predict what the external port is, so it can't be corrected in config like an IP mismatch can). --- util/prosodyctl/check.lua | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'util') diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 354cc3c3..71bbc222 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -62,9 +62,7 @@ local function check_probe(base_url, probe_module, target) end local function check_turn_service(turn_service, ping_service) - local array = require "util.array"; local ip = require "util.ip"; - local set = require "util.set"; local stun = require "net.stun"; -- Create UDP socket for communication with the server @@ -251,9 +249,17 @@ local function check_turn_service(turn_service, ping_service) return result; end - local relayed_address_set = set.new(array.pluck(result.relayed_addresses, "address")); - if not relayed_address_set:contains(result.external_ip_pong.address) then + local relay_address_found, relay_port_matches; + for _, relayed_address in ipairs(result.relayed_addresses) do + if relayed_address.address == result.external_ip_pong.address then + relay_address_found = true; + relay_port_matches = result.external_ip_pong.port == relayed_address.port; + end + end + if not relay_address_found then table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?"); + elseif not relay_port_matches then + table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server."); end -- @@ -1284,7 +1290,7 @@ local function check(arg) end end if result.external_ip_pong then - print(("TURN external IP: %s"):format(result.external_ip_pong.address)); + print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port)); end end -- cgit v1.2.3 From 8e5fec3220ced0c1c912bf63a84fc60f777c6607 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Mar 2022 10:48:46 +0100 Subject: mod_admin_socket: Compat for luasocket prior to unix datagram support The "socket.unix" module exported only a function before https://github.com/lunarmodules/luasocket/commit/aa1b8cc9bc35e56de15eeb153c899e4c51de82a8 when datagram support was added. Fixes #1717 Thanks rsc and lucas for reporting and testing --- util/adminstream.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'util') diff --git a/util/adminstream.lua b/util/adminstream.lua index 703deb07..8611310a 100644 --- a/util/adminstream.lua +++ b/util/adminstream.lua @@ -139,6 +139,9 @@ end local function new_connection(socket_path, listeners) local have_unix, unix = pcall(require, "socket.unix"); + if have_unix and type(unix) == "function" then + unix = { stream = unix }; + end if type(unix) ~= "table" then have_unix = false; end -- cgit v1.2.3 From 7badf61246f39df241a0d47eb433dc93eb05b6a5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 16 Mar 2022 19:32:17 +0100 Subject: mod_admin_socket: Comment on LuaSocket UNIX compat code Ref #1717 --- util/adminstream.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'util') diff --git a/util/adminstream.lua b/util/adminstream.lua index 8611310a..4075aa05 100644 --- a/util/adminstream.lua +++ b/util/adminstream.lua @@ -140,6 +140,12 @@ end local function new_connection(socket_path, listeners) local have_unix, unix = pcall(require, "socket.unix"); if have_unix and type(unix) == "function" then + -- COMPAT #1717 + -- Before the introduction of datagram support, only the stream socket + -- constructor was exported instead of a module table. Due to the lack of a + -- proper release of LuaSocket, distros have settled on shipping either the + -- last RC tag or some commit since then. + -- Here we accomodate both variants. unix = { stream = unix }; end if type(unix) ~= "table" then -- cgit v1.2.3 From d0bd1e71d926424142a139eb63ac148eb888a871 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 19 Mar 2022 09:28:27 +0000 Subject: prosodyctl: check config: Skip bare JID components in orphan check --- util/prosodyctl/check.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'util') diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 71bbc222..fc12caaa 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -667,7 +667,7 @@ local function check(arg) end end end - for host, host_config in enabled_hosts() do + for host, host_config in it.filter(skip_bare_jid_hosts, enabled_hosts()) do local is_component = not not host_config.component_module; if is_component then local parent_domain = host:match("^[^.]+%.(.+)$"); -- cgit v1.2.3