[ejabberd] Dialback settings for ejabberd_s2s_in

Shaun Kruger shaun.kruger at gmail.com
Sat Oct 8 22:08:01 MSD 2011


I'm working with ejabberd and I have a proxy server terminating and
routing my xmpp sessions.  The proxy is protocol aware, but I seem to
be running into a problem verifying the connection.

I am trying to talk to get s2s communication working between my chat
server and the gmail.com xmpp domain.  I am able to connect just fine
and send messages to my @gmail.com user.  However I can't get it to
validate the other way.  I have already determined that it is because
the stream id sent by the proxy server (ID_Proxy) is different than
the stream id that is sent by ejabberd (ID_Ejabberd) when the proxy
connects to ejabberd.  When ejabberd sends the <db:verify> stanza back
to gmail.com it sets the id=ID_Ejabberd, but the verify fails because
the stanza needs id=ID_Proxy in order for gmail.com to validate.

I would send ID_Ejabberd along to the originating gmail.com server if
it was known at the time.  When the originating server establishes a
connection it opens a stream and I also open a stream which requires
me to define ID_Proxy.  Once I have opened my proxy stream the
originating server sends a <db:result> stanza which then informs the
proxy which ejabberd domain it needs to connect to (this impacts which
server is selected by the proxy).  The proxy opens a stream to
ejabberd and ejabberd opens a stream back to the proxy which is the
point where ID_Ejabberd is defined.

Based on these observations I believe there are two options for me to
get this proxy setup working.

1. Turn off dialback validation in ejabberd and do it on the proxy.
This will require ejabberd to just trust the s2s connection without
doing its own dialback.

I am wondering if there is a configuration option that implements this
behavior so that ejabberd always sends a <result type='valid'> in
response to receiving a dialback key.

2. Tell ejabberd what the value of ID_Proxy is so that it can send
that value with the <db:verify> stanza.  This option feels far more
involved and may justify suggesting an XMPP protocol extension
depending on what is determined to be the best/most secure way of
telling ejabberd what the value of ID_Proxy is.

I am far more excited about option 1 so my question is this:  Is there
a configuration option for ejabberd_s2s_in to turn off dialback
verification and just trust all <db:result> stanzas that come in?  If
not, and I modify s2s_in to add this configuration option, would that
be a patch that would be considered for ejabberd3?

Shaun


More information about the ejabberd mailing list