[xmppd-dev] Problem with s2s connections

Thomas Petersen thomas at mendo.dk
Tue Sep 15 15:51:38 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi


I'm having some annoying problems with s2s connections for some time
now. The problem is that when an ingoing s2s connection has been used
for some time jabberd can suddenly stop receiving data on the
connection. When that happens this can be seen with netstat:

tcp     3813      0 10.13.2.132:5269        209.85.162.129:3884
ESTABLISHED

In this case the remote host is gmail.com but I see the problem with
other servers too so I don't think the remote server is at fault here.
When the problem occurs data just continue to build up in the recv-q and
then after a while the connection is closed down. When the connections
closes it seems that the data in the queue is lost. The messages sent
from other users simply dissappear. They neither bounce nor get delayed.
It happens on the incoming connections, never the outgoing ones.
I know that the connections are ssl encrypted and I have a feeling that
this has an effect.
I have played around with <host name='gmail.com' tls='no'/> in the
config file but it seems to only have an effect on the outgoing
connections and not the incoming ones so it doesn't make any difference.

I'm using jabberd14-1.6.1.1. I'm using gentoo so it has a few patches
applied. They seem fairly unharmful though. What come closest to having
to do with s2s connections is a patch mio_tls.cc which adds
GNUTLS_OPENPGP_FMT_BASE64 a few places and removes the "load GnuPG
trustdb" section. I saw that in an e-mail on the mailinglist though so
it probably doesn't break anything.

I browsed around in bugzilla a bit and came across this bug:
http://webview.jabberd.org/cgi-bin/bugzilla/show_bug.cgi?id=103
It has to do with client ssl connections and messages being delayed. It
made me think if there could be a similar error in the s2s component?
Could some undecryptable data on a socket somehow block that socket from
receiving further data?

Any hints on how to further diagnose the problem would be greatly
appreciated.


- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqvm+oACgkQOaC6N60T7rzGkgCfTwrbpoNSPhuYEUGDGMO4nflt
+8cAnjF0wFequ5t/jAR53CjMjUFiz9G6
=aaiD
-----END PGP SIGNATURE-----

More information about the dev mailing list