Re: [jabberd2] Removing Cyrus SASL backend proposal

2008-10-06 Thread Mark Doliner 
On Mon, Oct 6, 2008 at 6:43 AM, Proskurin Kirill <[EMAIL PROTECTED]> wrote:
> Tomasz Sterna wrote:
>>
>> Cyrus SASL backend is currently abandoned and not maintained anymore.
>> It has known bugs with noone wanting to fix them.
>>
>> The main reason for Cyrus backend inclusion in jabberd2 was GSSAPI
>> support. GnuSASL backend has GSSAPI support now, too.
>>
>> The abandoned SCOD backend was removed lately.
>> There are no known bugs in GnuSASL backend implementation.
>> Therefore I am for removing Cyrus SASL backend.
>>
>> Before I do so, I would like to hear what the jabberd2 community thinks
>> of the change.
>
> Agreed.

+1

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Rate limiting functional.

2008-08-06 Thread Mark Doliner 
On Wed, Aug 6, 2008 at 6:33 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-08-06, śro o godzinie 02:07 -0700, Mark Doliner pisze:
>> It still wouldn't be beautifully event-driven, but it should be less
>> resource intensive.
>
> Is it really so resource intensive?
> I didn't notice any CPU consumption change on my production system.
> (It's still ~5% in peaks ;-) )

Sending this again because some people have told me they couldn't read
the first one.  I think it happens because my mail client (Google
Mail) is sending the body base64 encoded, but the jabberd2 mailing
list software is appending a link "To unsubscribe send a mail to"
which ISN'T base64 encoded.  Which results in a corrupt body.


I don't know.  We haven't tried it yet, but I'll let you know what
happens when we do.

Thanks,
Mark

Re: [jabberd2] Rate limiting functional.

2008-08-06 Thread Mark Doliner 
On Wed, Aug 6, 2008 at 6:33 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-08-06, śro o godzinie 02:07 -0700, Mark Doliner pisze:
>> It still wouldn't be beautifully event-driven, but it should be less
>> resource intensive.
>
> Is it really so resource intensive?
> I didn't notice any CPU consumption change on my production system.
> (It's still ~5% in peaks ;-) )

I don't know.  We haven't tried it yet, but I'll let you know what
happens when we do.

Thanks,
Mark
N�r��zǧu���[h���z�v��칻�&ޖ+-���F��

Re: [jabberd2] Rate limiting functional.

2008-08-06 Thread Mark Doliner 
On Sun, Jul 27, 2008 at 12:58 PM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-24, czw o godzinie 12:17 +0200, Tomasz Sterna pisze:
>> I will look at the throttling possibilities (instead of
>> disconnections)
>> during the weekend.
>> I have a hunch it is doable. :-)
>
> It's done. http://jabberd2.xiaoka.com/changeset/639/
> It was actually pretty easy - I hooked into _c2s_time_checks() and added
> reading of throttled connections there.
>
> Please test it if you may. It looks like working OK. But I may not come
> up with and tested all edge cases.

Neat!  On thing we noticed is that c2s calls _c2s_time_checks() more
often and therefore iterates through all connections more often (by
default every 5 seconds instead of never).  One change that would be a
huge improvement is to put limited connections into a linked list, and
remove them from the list when they're clear.  Then you could iterate
through the short list of throttled connections instead of the long
list of all connections.  It would probably be empty most of the time.

It still wouldn't be beautifully event-driven, but it should be less
resource intensive.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Re: Rate limiting non-functional?

2008-07-23 Thread Mark Doliner 
Hmm, two people have told me my last email was empty, so here it is again:

FYI I just added a "stanza rate limit."  Instead of limiting based on
the number of bytes it limits based on the combined number of message,
presence and iq requests (regardless of their size).

It's configurable in c2s.xml

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Re: Rate limiting non-functional?

2008-07-23 Thread Mark Doliner 
On Fri, Jul 18, 2008 at 10:42 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-18, pią o godzinie 09:31 -0700, Mark Doliner pisze:
>> That seems a little odd... I think only data read from the client
>> counts toward the limit.
>
> Disabling rate limiting helped the user that was "flooded out".
> Unfortunately I cannot look at this now.

FYI I just added a "stanza rate limit."  Instead of limiting based on
the number of bytes it limits based on the combined number of
,  and  requests (regardless of their size).

-Mark
N�r��zǧu���[h���z�v��칻�&ޖ+-���F��

Re: [jabberd2] Remove scod?

2008-07-23 Thread Mark Doliner 
On Tue, Jul 8, 2008 at 1:45 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-07, pon o godzinie 20:10 -0700, Mark Doliner pisze:
>> How do people feel about removing the "scod" code from the sx
>> directory?
>
> This is what I did for 2.1 release.
> I reincluded it back with introduction of selectable SASL backends in
> hope that someone will fix it.
> It could be useful for embedded deployments, when you do not need full
> SASL library.
>
> But since nobody seems interested in it and it does not work anyway, I'm
> +1 for removing it.

Done!

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Re: Rate limiting non-functional?

2008-07-18 Thread Mark Doliner 
On Fri, Jul 18, 2008 at 2:23 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-11, pią o godzinie 13:48 -0700, Mark Doliner pisze:
>> 1. Don't disconnect people when they hit the rate limit.  Instead,
>> stop reading from their socket until the limit has expired.  Do we
>> have a way to call a function after a certain amount of time has
>> passed?  We would need one for this.
>
> There is another problem with this reported to me today.
> If user has a lot of messages in offline storage, these get bursted to
> the client after connection, hitting the rate limit and effectively
> disconnecting the user. :-/

That seems a little odd... I think only data read from the client
counts toward the limit.

-Mark

Re: [jabberd2] External libraries: libevent and GLib

2008-07-16 Thread Mark Doliner 
On Wed, Jul 16, 2008 at 3:17 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-15, wto o godzinie 15:07 -0700, Mark Doliner pisze:
>> Anyway, probably not something we want to dive into now.  I mostly
>> just wanted to make people aware of the existence of the two
>> libraries.
>
> I wondered many times about introducing GLib into jabberd2.
> But as soon I realized that doing this would pretty much mean rewriting
> the whole thing, I decided to actually write the thing from scratch and
> started Crux http://crux.xiaoka.com/

FYI http://crux.xiaoka.com/ gives me a "forbidden" error: "WIKI_VIEW
privileges are required to perform this operation on WikiStart"

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

[jabberd2] External libraries: libevent and GLib

2008-07-15 Thread Mark Doliner 
I just thought I'd throw this idea out there... has anyone ever
thought of changing jabberd to use libevent or GLib?

libevent is an event notification library that abstracts the APIs for
poll, select, epoll, kqueue and maybe a few other things.  I guess we
would really only gain support for kqueue (the fast event polling
mechanism used on FreeBSD (and other BSDs?)), since jabberd already
has implementations for poll, select and epoll.  And I guess we would
lose support for wasync?  It's probably not worth the effort, but if
libevent existed when jabberd was first written it seems like someone
could have saved themselves a good bit of time.  And I'm always in
favor of re-using shared libraries.  I haven't used libevent, but it
seems nice.  You can find more information at
http://monkey.org/~provos/libevent/  There's also libev, which does
basically the same thing but is purportedly a tad bit faster.

GLib is a C library with lots of random and useful functions.  It
provides lots of handy string manipulation functions, a generic linked
list structure, a queue, a hash table that grows and shrinks
automatically, base64 encoding/decoding (recently), etc.  Again, we
probably wouldn't gain a whole lot from it immediately, since jabberd
has already been written with it's own implementations of a lot of
this stuff, but I'm always in favor of re-using shared libraries.
I've used GLib a lot and I love it.  It's fantastic.  You can see the
documentation at http://library.gnome.org/devel/glib/stable/

Anyway, probably not something we want to dive into now.  I mostly
just wanted to make people aware of the existence of the two
libraries.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Re: Rate limiting non-functional?

2008-07-13 Thread Mark Doliner 
On Sun, Jul 13, 2008 at 1:58 AM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-11, pią o godzinie 13:48 -0700, Mark Doliner pisze:
>> Do we
>> have a way to call a function after a certain amount of time has
>> passed?  We would need one for this.
>
> We have time checks in main loop, but this is pretty hacky.
> Using/implementing more sophisticated event loop is a good idea.

Yeah, I agree that that sounds like a good idea.  I guess it makes
sense to leave the rate limiting in router and it will become more
useful when/if someone adds some sort of timeout functionality and
then improves the rate limiting.  I don't think I'll have time to
attempt to do that right now.  But that's ok, I'm not sure my
implementation would be very good :-)

Thanks for the response,
Mark

[jabberd2] Re: Rate limiting non-functional?

2008-07-11 Thread Mark Doliner 
On Thu, Jul 10, 2008 at 5:51 PM, Mark Doliner <[EMAIL PROTECTED]> wrote:
> On Thu, Jul 10, 2008 at 5:38 PM, Mark Doliner <[EMAIL PROTECTED]> wrote:
>> On Mon, Jul 7, 2008 at 10:25 AM, Mark Doliner <[EMAIL PROTECTED]> wrote:
>>> I've been looking at the rate limiting options in c2s.xml, and looking
>>> at the code that intends to enforce those limits.  It looks like the
>>> connection rate limit would work (but I haven't tested it), but it
>>> looks like the byte limit code has a few major problems that would
>>> keep it from doing anything useful.  Has anyone successfully used byte
>>> limiting?
>>>
>>> For starters there's no call to rate_add(), which means jabberd checks
>>> if the rate has been exceeded, but it always checks if 0 > rate_limit,
>>> which will never happen.  Then there's a call to rate_left(), which I
>>> think is intended to have the recv() call only attempt to read the
>>> number of bytes that are allowed before you would be rate limited, but
>>> the return value from rate_left() is never used.
>>>
>>> Those two problems are fairly easy to fix.  The third problem I've
>>> noticed, which is more difficult, is what to do once someone has been
>>> rate limited.  Ideally jabberd would just stop reading data from that
>>> user until the desired number of seconds has elapsed.  But that's hard
>>> to do because I think our mio code uses readiness change
>>> notification/edge-triggered readiness notification instead of
>>> level-triggered readiness notification.  So we can't just not read
>>> from the socket during this function call because
>>> _c2s_client_sx_callback() won't be called again.  We could disconnect
>>> the user pretty easily, but that's a bit clunky.
>>
>> I noticed that router has similar rate limiting, but there the byte
>> rate limit is a little more effective, but I think it has the same
>> problem with ceasing to read from the socket once it gets limited.  It
>> seems weird to me that the router would limit the traffic sent between
>> the components and the rate at which new components can connect.  I'm
>> in favor of removing this limiting from router for the sake of
>> simplifying the code and simplifying router.xml.  How do other people
>> feel?
>>
>> I noticed another flaw in the rate implementation.  rate_t->bad is set
>> when rate_add() is called, and rate_t->time is only reset in
>> rate_reset().  What ends up happening is that the rate count gradually
>> increases and approaches the limit.  It eventually calls rate_add()
>> which pushes the count over the limit and you get rate limited.
>>
>> This isn't so bad, except that it happens regardless of the amount of
>> time that has elapsed since the first message.
>
> Oh, and there's another problem which is that the window doesn't
> slide.  It starts when you increment the count for the first time,
> then resets at the end of the timeout.  I guess this is a pretty minor
> problem when the window is so short, but it's possible for someone to
> be limited when they should not have been, and not limited when they
> should have been.
>
> For example, say you have two windows back to back.  If someone bursts
> a lot of traffic at the end of the first window, and then a lot of
> traffic at the beginning of the second window (but not enough to go
> over the threshold in either window), they probably SHOULD be limited
> because they've sent a lot of bytes within the time span of one
> window, but they won't be.

Sorry for replying to myself a bunch of times, I've been thinking out
loud.  I checked in a change that fixes the bigger problems here.
There are still two things that could be improved:

1. Don't disconnect people when they hit the rate limit.  Instead,
stop reading from their socket until the limit has expired.  Do we
have a way to call a function after a certain amount of time has
passed?  We would need one for this.

2. The window still doesn't slide, it just starts over.  This is
negligible if the window is small.  If you wanted to limit people to
sending no more than 100MB/hour then this might be more of an issue.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

[jabberd2] Re: Rate limiting non-functional?

2008-07-10 Thread Mark Doliner 
On Thu, Jul 10, 2008 at 5:38 PM, Mark Doliner <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 7, 2008 at 10:25 AM, Mark Doliner <[EMAIL PROTECTED]> wrote:
>> I've been looking at the rate limiting options in c2s.xml, and looking
>> at the code that intends to enforce those limits.  It looks like the
>> connection rate limit would work (but I haven't tested it), but it
>> looks like the byte limit code has a few major problems that would
>> keep it from doing anything useful.  Has anyone successfully used byte
>> limiting?
>>
>> For starters there's no call to rate_add(), which means jabberd checks
>> if the rate has been exceeded, but it always checks if 0 > rate_limit,
>> which will never happen.  Then there's a call to rate_left(), which I
>> think is intended to have the recv() call only attempt to read the
>> number of bytes that are allowed before you would be rate limited, but
>> the return value from rate_left() is never used.
>>
>> Those two problems are fairly easy to fix.  The third problem I've
>> noticed, which is more difficult, is what to do once someone has been
>> rate limited.  Ideally jabberd would just stop reading data from that
>> user until the desired number of seconds has elapsed.  But that's hard
>> to do because I think our mio code uses readiness change
>> notification/edge-triggered readiness notification instead of
>> level-triggered readiness notification.  So we can't just not read
>> from the socket during this function call because
>> _c2s_client_sx_callback() won't be called again.  We could disconnect
>> the user pretty easily, but that's a bit clunky.
>
> I noticed that router has similar rate limiting, but there the byte
> rate limit is a little more effective, but I think it has the same
> problem with ceasing to read from the socket once it gets limited.  It
> seems weird to me that the router would limit the traffic sent between
> the components and the rate at which new components can connect.  I'm
> in favor of removing this limiting from router for the sake of
> simplifying the code and simplifying router.xml.  How do other people
> feel?
>
> I noticed another flaw in the rate implementation.  rate_t->bad is set
> when rate_add() is called, and rate_t->time is only reset in
> rate_reset().  What ends up happening is that the rate count gradually
> increases and approaches the limit.  It eventually calls rate_add()
> which pushes the count over the limit and you get rate limited.
>
> This isn't so bad, except that it happens regardless of the amount of
> time that has elapsed since the first message.

Oh, and there's another problem which is that the window doesn't
slide.  It starts when you increment the count for the first time,
then resets at the end of the timeout.  I guess this is a pretty minor
problem when the window is so short, but it's possible for someone to
be limited when they should not have been, and not limited when they
should have been.

For example, say you have two windows back to back.  If someone bursts
a lot of traffic at the end of the first window, and then a lot of
traffic at the beginning of the second window (but not enough to go
over the threshold in either window), they probably SHOULD be limited
because they've sent a lot of bytes within the time span of one
window, but they won't be.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

[jabberd2] Re: Rate limiting non-functional?

2008-07-10 Thread Mark Doliner 
On Mon, Jul 7, 2008 at 10:25 AM, Mark Doliner <[EMAIL PROTECTED]> wrote:
> I've been looking at the rate limiting options in c2s.xml, and looking
> at the code that intends to enforce those limits.  It looks like the
> connection rate limit would work (but I haven't tested it), but it
> looks like the byte limit code has a few major problems that would
> keep it from doing anything useful.  Has anyone successfully used byte
> limiting?
>
> For starters there's no call to rate_add(), which means jabberd checks
> if the rate has been exceeded, but it always checks if 0 > rate_limit,
> which will never happen.  Then there's a call to rate_left(), which I
> think is intended to have the recv() call only attempt to read the
> number of bytes that are allowed before you would be rate limited, but
> the return value from rate_left() is never used.
>
> Those two problems are fairly easy to fix.  The third problem I've
> noticed, which is more difficult, is what to do once someone has been
> rate limited.  Ideally jabberd would just stop reading data from that
> user until the desired number of seconds has elapsed.  But that's hard
> to do because I think our mio code uses readiness change
> notification/edge-triggered readiness notification instead of
> level-triggered readiness notification.  So we can't just not read
> from the socket during this function call because
> _c2s_client_sx_callback() won't be called again.  We could disconnect
> the user pretty easily, but that's a bit clunky.

I noticed that router has similar rate limiting, but there the byte
rate limit is a little more effective, but I think it has the same
problem with ceasing to read from the socket once it gets limited.  It
seems weird to me that the router would limit the traffic sent between
the components and the rate at which new components can connect.  I'm
in favor of removing this limiting from router for the sake of
simplifying the code and simplifying router.xml.  How do other people
feel?

I noticed another flaw in the rate implementation.  rate_t->bad is set
when rate_add() is called, and rate_t->time is only reset in
rate_reset().  What ends up happening is that the rate count gradually
increases and approaches the limit.  It eventually calls rate_add()
which pushes the count over the limit and you get rate limited.

This isn't so bad, except that it happens regardless of the amount of
time that has elapsed since the first message.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

[jabberd2] Remove scod?

2008-07-07 Thread Mark Doliner 
How do people feel about removing the "scod" code from the sx
directory?  That's the old homegrown sasl implementation, right?  I'm
always in favor of removing older code in favor of moving forward.
And I think using shared libraries is always a step forward.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

[jabberd2] Rate limiting non-functional?

2008-07-07 Thread Mark Doliner 
I've been looking at the rate limiting options in c2s.xml, and looking
at the code that intends to enforce those limits.  It looks like the
connection rate limit would work (but I haven't tested it), but it
looks like the byte limit code has a few major problems that would
keep it from doing anything useful.  Has anyone successfully used byte
limiting?

For starters there's no call to rate_add(), which means jabberd checks
if the rate has been exceeded, but it always checks if 0 > rate_limit,
which will never happen.  Then there's a call to rate_left(), which I
think is intended to have the recv() call only attempt to read the
number of bytes that are allowed before you would be rate limited, but
the return value from rate_left() is never used.

Those two problems are fairly easy to fix.  The third problem I've
noticed, which is more difficult, is what to do once someone has been
rate limited.  Ideally jabberd would just stop reading data from that
user until the desired number of seconds has elapsed.  But that's hard
to do because I think our mio code uses readiness change
notification/edge-triggered readiness notification instead of
level-triggered readiness notification.  So we can't just not read
from the socket during this function call because
_c2s_client_sx_callback() won't be called again.  We could disconnect
the user pretty easily, but that's a bit clunky.

-Mark

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] s2s fails as resolver not able to resolve DNS

2008-01-23 Thread Mark Doliner 
On Wed, 2008-01-23 at 3:41 PM Praveen wrote:
> Hi all,
> I have 2 jabberd2 installations on my LAN, serving 2 different domains,
> domain1 and domain2. However, I'm not able to establish s2s connections
> between them. Apparently, the resolver is not able to resolve DNS queries
> for domain1 and domain2. I have made entries in /etc/hosts for the same,
> and I'm also able to ping one machine from the other.
> 
> I see this on resolver.log of machine serving domain2:
> 
> Wed Jan 23 15:15:43 2008 [notice] [domain1] could not be resolved
> 
> The same thing happens on the other machine too. Any idea?
> 
> Thanks,
> Praveen

Hey Praveen,

I think the resolver does not use the /etc/hosts file when looking up domain 
names--it only uses DNS.  Is it possible for you to add DNS entries for domain1 
and domain2?

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Fwd: Patch to allow C++ modules

2007-12-17 Thread Mark Doliner 
I'm in favor of making a change along these lines... the patch just avoids 
using variables named "private" which are reserved words in C++.  It's a pretty 
unobtrusive change to jabberd2.  I think the variable should probably be 
"private_data" instead of "privateData," though

-Mark

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:jabberd2-
> [EMAIL PROTECTED] On Behalf Of umesh sirsiwal
> Sent: Monday, December 17, 2007 3:57 PM
> To: jabberd2 development
> Subject: Re: [jabberd2] Fwd: Patch to allow C++ modules
> 
> 
> This patch does not any C++ dependency in the code. It just makes it
> possible to develop a C++ module for personal use if one desires.
> Otherwise, with every new jabber release we need to patch before we can
> use it.
> 
> -Umesh
> 
> 
> On Dec 17, 2007 6:53 PM, Tomasz Sterna <[EMAIL PROTECTED]> wrote:
>   On Pn, 2007-12-17 at 17:46 -0500, umesh sirsiwal wrote:
>   > Jabber2d is written in C and because of its choice of data
> structure
>   > variable names, only allows C modules. I want to develop my module
> in
>   > C++ simply because I like doing so.
> 
>   Your preferences is up to you.
>   Even if you had chosen The Dark Side. ;-)
> 
>   > I went around changing names of some of the variables so that they
> are
>   > safe for a C++ program. Attached patch accomplishes that.
> 
>   I will not accept any C++ dependency into jabberd codebase, so there
> is
>   no need to merge the patch into mainstream.
>   But it could be of interest for the ones, that like to develop C++
>   modules for personal use.
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Storing passwords in DB as MD5

2007-11-05 Thread Mark Doliner 
On Nov 4, 2007 at 2:11am Josh wrote:
> Is there a way to store c2s passwords in the database as MD5 hashes?  More
> to the point, is it easy to use an existing database full of usernames and
> MD5-hashed passwords?

If you want to use an existing database full of usernames and MD5-hashed 
passwords you can use the pipe authreg module and write a small script that 
implements the CHECK-PASSWORD functionality.  It should accept the username, 
password and realm as input, md5 the password, and check that it is the same as 
the version in the database.

At stated earlier, this DOES mean you can't use the digest-md5 authentication 
mechanism--you'll have to use plain.  And so it might be wise to 
require-starttls.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] asynchronous DNS and resolver component

2007-11-02 Thread Mark Doliner 
On Nov 2, 2007 at 2:42 AM Tomasz Sterna wrote:
> I had started implementing asynchronous DNS resolving in jabberd,
> to really fix problem of resolver timing out requests by accumulation.
> 
> If there are 20 requests to process at the moment, and each takes 5
> seconds to resolve (default libresolv timeout), then with 30 seconds
> request timeout (default jabberd timeout), resolver will process only 6
> first requests, with 14 failing with timeout when resolver didn't even
> try to resolv it.
> I tried to fix it by prolonging timeouts, but it hurts on the user
> experience point of view - when a request takes more than 30 seconds to
> finish, users tend to cancel it and retry. Answer after 5 mins of
> waiting is not an option.
> 
> So, the real solution is to implement asynchronous DNS resolving.
> I'm going to use UDNS http://www.corpit.ru/mjt/udns.html library.
> Is everyone OK with it?

I've never used a library for asynchronous DNS, but this one looks good to me.  
FYI Pidgin has two homegrown async DNS implementations, one forks child 
processes and talks to them with pipes, and one spawns threads.  Using this 
library seems like a better idea than implementing either of those methods 
yourself.

> And the second question arises.
> With async DNS, we are able to ditch the whole resolver component
> completely - s2s will be perfectly able to do the resolution by itself.
> Resolver component was only needed to delegate the blocking DNS
> resolution requests to another process.
> I do see a use for resolver component in big, distributed deployments,
> to do central name-resolution for all present s2s components.
> But as for now, the resolver does only resolving. The name-2-address
> mappings are cached... but in the s2s itself!
> So, with the current design, we could move the resolution to s2s and
> loose nothing. Or we could move the caching to resolver.
> The s2s based resolving could also help in split-horizon DNS cases.
> I personally am after the first option. Am I loosing something, or we
> could just go with ditching the resolver?

Getting rid of resolver seems like a good idea to me.  If big, distributed 
deployments really want to do central name-resolution they could easily run a 
caching DNS server and have all DNS queries proxied through that.

> And then, if we do left resolver behind, does it justify raising the
> minor number of jabberd version. It sure is architectural change, and I
> think we should release the ADNS branch under 2.2.x line.

Raising the minor number sounds like a good idea to me.  And it'll help people 
see that jabberd really is under active development.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

[jabberd2] Use /usr/sbin instead of /usr/bin

2007-10-30 Thread Mark Doliner 
Currently jabberd2's binary files are installed to /usr/bin.  It seems more 
customary for server binaries to go into the /usr/sbin directory instead.

Examples off servers on my system that are in /usr/sbin: crond, anacron, 
lighttpd, apache, sshd, ntpd, cupsd, sendmail, smartd

How do people feel about changing jabberd to "make install" binaries into 
/usr/sbin instead of /usr/bin?

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Location of pid file

2007-10-26 Thread Mark Doliner 
On Oct 26, 2007 at 12:34 AM, Tomasz Sterna wrote:
> Dnia 25-10-2007, Cz o godzinie 17:20 -0700, Mark Doliner pisze:
> > > ./configure --prefix=somedir HAVE to move the whole installation to
> > > 'somedir'.
> > > So we simply cannot use fixed paths. They HAVE to incorporate
> $(prefix).
> >
> > For binaries and documentation I totally agree, but does it make sense
> to do that for files created at run time?
> 
> Two examples, that should give some light to the case:
> ./configure --prefix=$HOME/test/jabberd
> ./configure --prefix=/opt/oss/jabberd
> 
> User definitely cannot keep any data outside $HOME.

True, but in that case they could always edit the config files after building.  
I think it makes more sense for the default value to be appropriate for a 
system-wide installation rather than for a user's home directory.

> And all data of /opt applications should be kept under /opt hierarchy.

I don't think files that change should be put in /opt.  The FHS describes a 
/var/opt directory and says, "Package files that are variable (change in normal 
operation) must be installed in /var/opt."

> > Isn't that MORE of a reason to put the pid files in /var/run?
> 
> It's the decision to be taken during build.
> For example, if you're packaging for standard GNU/Linux distribution,
> yes it's very reasonable to put pid files in /var/run or /var/run/jabber

And that isn't currently possible.  Even with a prefix of "/" the pidfile is 
set to /var/jabberd/pid/component.pid

> > If /usr is read-only and jabberd tries to write a pid file to
> /usr/var/run it would fail.
> 
> That's why it keeps its state data in @localstatedir@ by default, not
> in /usr.

But if the prefix is "/usr" then @localstatedir@ is set to "/usr/var" (seems 
like autoconf and the FHS don't quite agree with each other)

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Location of pid file

2007-10-25 Thread Mark Doliner 
On Oct 25, 2007 at 5:01 PM, Tomasz Sterna wrote:
> Dnia 25-10-2007, Cz o godzinie 08:27 -0700, Mark Doliner pisze:
> > 2. /var/run/jabberd/component.pid
> >
> > I realize that not all operating systems follow the FHS, but it seems
> > like either of these alternatives would at least be an improvement.
> > What do other people think?
> >
> > Similarly, how do people feel about changing the default log file from
> > '@localstatedir@/jabberd/log/component.log' to
> > '/var/log/jabberd/component.log'?
> 
> ./configure --prefix=somedir HAVE to move the whole installation to
> 'somedir'.
> So we simply cannot use fixed paths. They HAVE to incorporate $(prefix).

For binaries and documentation I totally agree, but does it make sense to do 
that for files created at run time?

> Ant this is the reason for this 'strange' paths. They are relative to
> prefix - by default set to /usr/local, which is a place to software
> specific to local installation (remember that in big Unix
> installations /usr is NFS read-only mounted from shared storage for easy
> system upgrades).

Isn't that MORE of a reason to put the pid files in /var/run?  If /usr is 
read-only and jabberd tries to write a pid file to /usr/var/run it would fail.

The FHS even says, "/usr is shareable, read-only data. That means that /usr 
should be shareable between various FHS-compliant hosts and must not be written 
to. Any information that is host-specific or varies with time is stored 
elsewhere." (http://www.pathname.com/fhs/pub/fhs-2.3.html#THEUSRHIERARCHY)

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

[jabberd2] Location of pid file

2007-10-25 Thread Mark Doliner 
By default jabberd 2 uses '@localstatedir@/jabberd/pid/component.pid' as the 
pid file for each component.  This ends up being 
'/usr/local/var/jabberd/pid/c2s.pid' for me when I don't specify a prefix.

This seems weird to me.  I don't even have a /usr/var or /usr/local/var on 
Ubuntu Linux or CentOS Linux, and I can't find any reference to it in the 
Filesystem Hierachy Standard (FHX), so I don't understand why autoconf sets 
localstatedir to be '${prefix}/var/' in the first place.  The FHS suggests that 
pid files be placed under /var/run/ 
(http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA).

Two possible improvements to this path:
1. @localstatedir@/run/jabberd/component.pid
2. /var/run/jabberd/component.pid

I realize that not all operating systems follow the FHS, but it seems like 
either of these alternatives would at least be an improvement.  What do other 
people think?

Similarly, how do people feel about changing the default log file from 
'@localstatedir@/jabberd/log/component.log' to '/var/log/jabberd/component.log'?

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Distinction between jabberd2 and jabberd14

2007-10-25 Thread Mark Doliner 
On Oct 25, 2007 at 12:31 AM Tomasz Sterna wrote:
> Dnia 25-10-2007, Cz o godzinie 00:02 -0700, Mark Doliner pisze:
> > It took me a long time to get a good feel for the distinction between
> > jabberd14 and jabberd2.  I think the names are probably confusing to
> > anyone not familiar with the projects.  It seems like it might be a
> > good idea for the jabberd2 project to use "jabberd2"  in many places
> > where it currently uses "jabberd."
> > [...]
> 
> This issue was brought many times and not only in context of jabberd.
> Apache HTTPd for example.
> 
> My standpoint is, that major rewrite of the software does not need
> renaming the project. Major version bump is enough.
> jabberd 1.x is not the same software as jabberd 2.x, like apache 1.x is
> not the same software as apache 2.x, like Die Hard 1 is not the same
> movie as Die Hard 2.
> 
> The problems you mention are local deployment issues.
> There is a problem with many current Linux and Unix distributions, that
> they do not handle many different versions of same software at the same
> time. But this is a distribution problem (deployment issue). There are
> distributions, that cope with this well.
> 
> The site name and list name are legacy of the migration. It was linked
> in many places, so I think it is too late to change it.
> 
> 
> > It just seems like it would be helpful for there to be a greater
> > distinction between jabberd14 and jabberd2.
> 
> Next release of jabberd14 will be called xmppd, so there should be no
> more confusion.

Oh I didn't realize that.  That should make things much better.  Thanks for the 
clarification!

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

[jabberd2] Distinction between jabberd2 and jabberd14

2007-10-25 Thread Mark Doliner 
It took me a long time to get a good feel for the distinction between jabberd14 
and jabberd2.  I think the names are probably confusing to anyone not familiar 
with the projects.  It seems like it might be a good idea for the jabberd2 
project to use "jabberd2"  in many places where it currently uses "jabberd."

For example, the call to AC_INIT() at the top of configure.ac, which affects 
where plugins are installed (/usr/lib/jabberd2/ instead of /usr/lib/jabberd/).  
And install config files to /etc/jabberd2/ instead of /etc/jabberd/.  
"jabberd/component" is used as the ident when using syslog.  Maybe change 
http://jabberd2.xiaoka.com/ to say "jabberd2" instead of "jabberd," etc.

One thing that I'm still confused about is Tomasz said in an email to this list 
"the name of the project is 'jabberd' not 'jabberd2'"[1]  Maybe I still don't 
really know what's going on.  It just seems like it would be helpful for there 
to be a greater distinction between jabberd14 and jabberd2.

Please let me know what you think, I hope I'm not stepping on any toes,
Mark

[1] http://lists.xiaoka.com/htdig.cgi/jabberd2-xiaoka.com/2007-June/000211.html
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] s2s.xml

2007-10-22 Thread Mark Doliner 
On Oct 21, 2007 at 7:57 PM, ?? wrote:
> What does the  in s2s.xml represent?
> The comment writes "Our ID on the network".
> I think the  should be the hostname. As does sm.xml and c2s.xml, I
> also changed the default to my hostname.
> But It's wrong . sm died.
> 
> Please explpain more details
> Thanks

The id is just a name that jabberd2 uses internally to refer to the server to 
server process.  Leaving it as the default "s2s" should be fine.  Each one of 
the five jabberd2 processes should have their own unique id--it's what they use 
to talk to each other.  Changing the s2s id to the hostname will break things 
because the sm id is supposed to be set to the hostname.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Server to Server can't connet for DNS reason

2007-10-22 Thread Mark Doliner 
On Oct 20, 2007 at 4:20 AM, ?? wrote:
> Dear Sir
> To test the S2S connection function, I installed two jabberd2 servers in
> LAN, that are Server1 and Server2.
> Because lack of DNS, I modfied the /ets/hosts in each of Linux as follows:
> ==
> 192.168.82.123  server1
> 192.168.82.122  server2.
> ==
> The first client, its jid [EMAIL PROTECTED] , logon the server1, while the
> second one [EMAIL PROTECTED] logon the server2.
> Then the first client invited the second, but nothing happened.
> In the server1's log write:" server2 can't be resolved".
> 
> I don't think the method have any problem, Why can't the two server
> communication? Is it nessary to have a DNS server?

jabberd2 currently does not use the /etc/hosts file for resolving domain 
names--it ONLY uses DNS.  There are some notes about this 
http://jabberd2.xiaoka.com/ticket/63 and http://jabberd2.xiaoka.com/wiki/OldTODO

So right now, yes, it is necessary to have a DNS server.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Clustering

2007-10-19 Thread Mark Doliner 
On 17 October 2007 at 2:20 PM, Tomasz Sterna wrote:
> Dnia 17-10-2007, Sr o godzinie 13:52 -0700, Mark Doliner pisze:
> > > When the router detects bind conflict. It tells the conflicting
> > > components to "go to the lower level".
> > 
> > And there would be a bind conflict when two sm instances try to
> > connect to router with the id "jabber.org," right?
> > And it would also happen when a single user logs in from two
> > locations using two different resources?
> 
> Exactly.
> I've described it in "Another step:" part of the example.
> 
> 
> > > > how does c2s decide which sm instance to forward the login to?
> > > 
> > > C2S needs changes in the SM tracking logic.
> > > When it receives advertisements of bare-jids, it starts routing by
> > > bare-jids, not domain. Same for full-jids.
> > 
> > When a user logs in they get assigned to one of the sm instances, right?
> 
> Right.
> The SM that responded to the session creation request.
> We need to record it in the SM. :-)
> 
> (Yes, we do crystallize the idea now. :-) )
> 
> 
> > How would c2s decide which sm instance they should be assigned to?
> > Would the router make that decision somehow?
> 
> Yes. It's router to decide which instance receives the packet addressed
> to the SM (domain) itself. Round-robin comes to mind. Or we could count
> sessions hanging on the SM and pick the less busy one.
> 
> Using the routing trees (last paragraph) it's trivial to get needed
> information.

I've uploaded an initial patch for this to 
http://jabberd2.xiaoka.com/ticket/170 .  It's not finished, but I am at least 
able to have two sm instances connect to one router, and have two clients log 
in and exchange messages.  I wrote a more detailed description in the ticket.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Clustering

2007-10-17 Thread Mark Doliner 
> -Original Message-
> From: Tomasz Sterna
> Sent: Wednesday, October 17, 2007 1:34 PM
> To: jabberd2 development
> Subject: Re: [jabberd2] Clustering
> 
> Dnia 17-10-2007, Śr o godzinie 13:05 -0700, Mark Doliner pisze:
> > Doesn't this make the router a bottleneck?
> 
> Router has almost no logic - it only passes packets through.
> I'm worried more about the fact that it is a single point of failure.
> 
> We may introduce router mesh. Set of interconnected routers that
> exchange their routing information.
> A router receiving bound name advertisement records it in the routing
> table. Same for routing method (domain/bare-jid/full-jid) change
> requests when connected router detects conflict.
> 
> Example:
> sm1 - router1 - router2 - sm2
> 
> router1 table:
> sm1  
> router2  
> sm2*  - advertisement record (presence from component)
> 
> router2 table:
> sm2  1234
> router1  2345
> sm1* 2345 - advertisement record (presence from component)
> 
> 
> 
> > Creating a clustering component [...]
> 
> I don't like the idea of introducing yet another component in the
> puzzle. The clustering functionality should be handled in the router.

Hmm, it DOES make sense to have the router do the routing...  And the router 
mesh idea seems cleaner than having a cluster component route packets from one 
cluster to another using the s2s component...

> > Also, when would sm bind to a bare jid?
> 
> When the router detects bind conflict. It tells the conflicting
> components to "go to the lower level".

And there would be a bind conflict when two sm instances try to connect to 
router with the id "jabber.org," right?  And it would also happen when a single 
user logs in from two locations using two different resources?

> > how does c2s decide which sm instance to forward the login to?
> 
> C2S needs changes in the SM tracking logic.
> When it receives advertisements of bare-jids, it starts routing by
> bare-jids, not domain. Same for full-jids.

When a user logs in they get assigned to one of the sm instances, right?  How 
would c2s decide which sm instance they should be assigned to?  Would the 
router make that decision somehow?

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

Re: [jabberd2] Clustering

2007-10-17 Thread Mark Doliner 
Doesn't this make the router a bottleneck?  Creating a clustering component as 
specified at http://jabberd2.xiaoka.com/wiki/Clustering appeals to me because 
it allows for multiple routers in addition to just multiple sm's.

It WOULD be nice to be able to take advantage of multiple processors in a 
single machine, though.

Also, when would sm bind to a bare jid?  Would it happen when the sm process is 
started?  Or would it happen after the user authenticates?  If it happens after 
authentication, how does c2s decide which sm instance to forward the login to?

-Mark

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:jabberd2-
> [EMAIL PROTECTED] On Behalf Of Tomasz Sterna
> Sent: Wednesday, October 17, 2007 11:49 AM
> To: jabberd2 development
> Subject: Re: [jabberd2] Clustering
> 
> Dnia 17-10-2007, Śr o godzinie 10:34 -0700, Mark Doliner pisze:
> > I'm interested in adding clustering support to jabberd2.
> 
> Most of us are. :-)
> 
> > We're noticing that sm is definitely a  bottleneck in our jabberd2
> installation,
> 
> Yes. SM is definitely a bottleneck for big deployments.
> 
> 
> I have an idea how to do it a flexible and efficient way.
> A way that would fix the SM problem too.
> 
> I call it "dynamic routing tables".
> The idea is similar to the way TCP network handles the network
> segmentation.
> 
> The router currently holds a list of connected components and its bound
> names. It uses this list to make a decision where to put a packet coming
> through.
> 
> componentport
> --
> c2s  1
> resolver 1
> example.com  1
> test.org 1
> test2.org1
> 
> So, when it handles packet destined to [EMAIL PROTECTED]/res it puts it
> to 1 stream. (or falls back to defaultroute)
> 
> One component is able to bind more than one name.
> 
> But no more than one component can bind a name. Logically - router would
> not know where to put the packet in.
> 
> We need to change the way, this bind conflict is handled.
> Instead of disallowing new bind of 'example.com' to a component, router
> would need to signal to the requesting component and component on port
> 1, that they need to switch to bare-jid binding from domain binding.
> 
> Then 1 and 1 would request binds of all it's bare jid's and the
> routing table would look:
> 
> component port
> ---
> c2s   1
> resolver  1
> [EMAIL PROTECTED]  1
> [EMAIL PROTECTED]  1
> [EMAIL PROTECTED]   1
> test.org  1
> test2.org 1
> [EMAIL PROTECTED]   1
> [EMAIL PROTECTED]   1
> 
> This way, router receiving packet for [EMAIL PROTECTED]/res would put it
> to 1 stream and for [EMAIL PROTECTED]/home would go to 1.
> Packets to SM itself would go to one of the shared routes - for load
> balancing. round-robin?
> 
> Another step: component on port 1 requests bind of [EMAIL PROTECTED]
> (user connected with another resource) generating conflict with
> component on port 1. Router would then to signal to both components,
> that they need to switch to full-jid binding from bare-jid binding.
> 
> After components bind all full JIDs the routing table would look like:
> 
> component port
> ---
> c2s1
> resolver   1
> [EMAIL PROTECTED]/cl1
> [EMAIL PROTECTED]/res   1
> [EMAIL PROTECTED]/res1
> [EMAIL PROTECTED]/res1
> test.org   1
> test2.org  1
> [EMAIL PROTECTED]/home   1
> [EMAIL PROTECTED]/work   1
> 
> And router can do a routing for [EMAIL PROTECTED]/res to 1 stream.
> On this level we would need to track resource priorities too, but this
> is a minor.
> 
> This dynamically expanding router tables would allow us to plug many SM
> processes handling same domain even on single host. That would
> distribute load to many OS processes.
> 
> Balancer code could be reused to implement more than one default route
> S2S processes. Not only for incoming, but outgoing connections too.
> (When more than one component requests default bind.)
> 
> 
> Implementation note:
> This routing table would rather be a routing tree with domains on first
> level, bare-jids on the second and full jids on the third.
> 
> --
>   /\_./o__ Tomasz Sterna
>  (/^/(_^^'  Xiaoka.com
> ._.(_.)_  XMPP: [EMAIL PROTECTED]
> 
> ___
> Jabberd2 mailing list
> Jabberd2@lists.xiaoka.com
> http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com

[jabberd2] Clustering

2007-10-17 Thread Mark Doliner 
Hi!

I'm interested in adding clustering support to jabberd2.  We're noticing that 
sm is definitely a  bottleneck in our jabberd2 installation, and we think 
clustering would eliminate this.  I've read through all the clustering pages on 
the wiki and think I have a pretty good idea of what needs to be done.

Has anyone done any work on this?  Or have any suggestions or advice?  I saw 
that there's a patch from Bruce Campbell at 
http://jabberd2.xiaoka.com/ticket/25 for some minor changes to sm.

-Mark
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com