Hi Damian and everyone else,
On Tue, May 23, 2023 at 03:37:53PM -0700, Damian Minkov wrote:
Hey all,
How does s2s works, isn't it supposed to have one connection per host pair?
# prosodyctl shell "s2s:show()" | wc -l
461
# prosodyctl shell "s2s:show()"
Session ID | Host | Dir | Remote
| IPv | Security | SASL | Dialback
s2sin5558e296def0 | meet.jit.si | <-> |
conference.v0.meet.ji… | IPv4 | TLSv1.3 | Succeeded | Not used
s2sin5558e3a52aa0 | meet.jit.si | <-> |
conference.v0.meet.ji… | IPv4 | TLSv1.3 | Succeeded | Not used
s2sin5558e2bce550 | meet.jit.si | <-> |
conference.v0.meet.ji… | IPv4 | TLSv1.3 | Succeeded | Not used
And so on, almost the whole list is like that. Is this leaking the
connections? Any idea what can be the reason for that?
As discussed in the chat room, this in itself isn't really abnormal.
There is no limit in XMPP on the number of connections per host pair,
only a limit in Prosody in that it can only have a single outgoing
connection per remote host. Incoming connections (as these are) can have
any number, which may be uncommon but e.g. would be normal for a
clustered setup.
Often however it can mean that connections are not closed correctly, or
time out on one side without the other side noticing, in which case they
should normally time out after some amount of time. This amount of time
can however be quite long and mostly depends on kernel settings.
Finally, as it turned out in this case, it could be that the remote
somehow opens a new connection instead of using an existing connection.
On Tue, May 23, 2023 at 03:43:19PM -0700, Damian Minkov wrote:
To update:
the configuration of prosody that is v0, v1 and so on can be seen here:
https://github.com/jitsi/jitsi-meet/blob/master/resources/extra-large-conference/prosody.cfg.lua.visitor.template
And the configuration of the main prosody is mentioned
here:
https://github.com/jitsi/jitsi-meet/blob/master/resources/extra-large-conference/README.md
The modules about s2s that are enabled are:
"s2s_bidi";
"certs_s2soutinjection";
"s2soutinjection";
"s2s_whitelist";
Based on discussions in the chat room, this appears to be a problem with
mod_s2soutinjection, which is something of a hack that likely has become
incompatible with the latest prosody developments. Unclear how.
I have published work from a while ago meant to allow for a cleaner way
to accomplish what this module does in the form of this new event:
https://hg.prosody.im/trunk/rev/d5f322dd424b and this new module using
it: https://modules.prosody.im/mod_s2sout_override.html
This works by switching out the "connection resolver" instance that is
responsible for finding targets to connect to.
--
Regards,
Zash
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prosody-dev/ZG5YtnzU9Z8d%2B4Ma%40diploria.zash.se.
