Increase the default lifetime of temporary credentials to 12 hours.
ejabberd's built-in TURN server re-queries the temporary password from
mod_stun_disco whenever a TURN client attempts to refresh an allocation,
and mod_stun_disco will only return the password as long as the
credentials didn't expire. Therefore, the credentials lifetime
effectively limits the maximum lifetime of a TURN allocation when
ejabberd's TURN service is used, so the default value shouldn't be too
short.
Previously we only send that presence to direct presence recipients if
client also sent general self presence (without to attribute).
This should help with issue #3245
If a TCP connection was closed before the socket was handed over to a
supervised child process, let the supervisor terminate the process
rather than killing it directly. This avoids crash log entries
generated by the supervisor.
The default value for the 'max_fsm_queue' option was set to 10000 in
commit 79685da90b, and that value is still
documented to be the default. It was (probably unintentionally) changed
to 5000 in commit 03de853e4f.
It makes sense to keep it larger than the value of mod_stream_mgmt's
'max_ack_queue' option.
If the 'offer_local_services' option isn't set to 'false', log an [info]
message for each auto-discovered ejabberd_stun listener on startup (and
on configuration reload).
In some IPv6-only networks, hostnames that have no AAAA record are
resolved to an IPv6 address that's mapped to the host's IPv4 address.
This allows the IPv6-only clients to communicate with IPv4-only services
such as ejabberd's built-in STUN/TURN server. If STUN/TURN clients try
to contact the IPv4 address directly rather than using the mapped IPv6
address, the connection will fail.
Therefore, try to resolve the IP address of local ejabberd_stun services
to the hostname and announce that hostname rather than the IP address if
(and only if) the hostname resolves back to the original IP address, and
not to any additional IPv4 or IPv6 address(es).
This can (and should) be reverted once IPv6 support is added to
ejabberd's built-in STUN/TURN server.
These days, STUN/TURN authentication can be performed with ephemeral
credentials, where the REALM is irrelevant. Therefore, just log an
[info] message rather than a [warning] in the case where no
authentication REALM is configured but multiple virtual domains exist.
Add the 'mod_stun_disco' module, which allows XMPP clients to discover
STUN/TURN services and to obtain temporary credentials for using them as
per XEP-0215: External Service Discovery. The temporary credentials
handed out to clients have the format described in:
https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
Also add the new module to the example configuration file.
Closes#2947.
We really don't need those, and thanks to each individual room having
different hash (as one of hashed data is room description) we end with
lot of data that we really don't need.
Make sure modules won't be reloaded before listeners. This is necessary
to allow the (not yet committed) 'mod_stun_disco' module to parse the
listener configuration after configuration reloads.
The 'turn_ip' option validator doesn't accept an inet:ip4_address()
tuple.
While at it, change the logic to only perform the fallback address
lookup if no 'turn_ip' is configured (analogous to the fallback
mechanism for the case where the 'auth_realm' is undefined).
Try to resolve the local hostname, use the result as the default
'turn_ip', and only log a warning if that fails. Using the local
hostname's address by default is analogous to mod_proxy65's behavior.
When another connection is inserting something to spool at this same time
as we do pop_messages, it's possible that insert will happen between we
fetch messages and delete them, so we effectively will delete it without
delivering it to client. This change catch this situation and restart
transaction, so we should always have consistent results.
It looks like old version of Smack don't accept request that are have
from sent to sender jid, but are only working when jid is set to server
address. This is also how it looks in old xmpp rfc examples.
Messages that are received when no c2s is active will be stored in offline,
even when mam archived them, so i don't think we should be doing something
different in this case.
Between receiving resume request and being closed by new session, it's
possible (even if not very likely) that new messages would arrive to
process that is resumed. In that case try to reroute messages that were
received after we sent resume reply to new process.
Calling sync version of xmpp_stream_in/out:stop could lead to messages
never being processed by c2s process if they were queued in p1_server.
This could be reproduced by when having messages in offline storage,
starting sessions, enabling stream_mgmt, sending initial presence, and then immediately
</stream:stream>, messages that mod_offline would send process would not
be bounced back by stream_mgmt.
How to reproduce the problems fixed by this commit:
Create temporary room, other account subscribes, and owner leaves
Unsubscribe that account with the command: ejabberdctl unsubscribe_room ...
There is possibilty that between c2s process unregistering itself from sm
and terminating, some other process could try to send something to c2s,
which could result in messages to triggering mam/offline hooks, and causing
them not to be stored in any way.
Cockroachdb doesn't properly handle escaping of _ in like expressions,
having "like ... escape '\'" makes it work, by disabling optimization that
causes this broken behaviour
Previous method of processing files, could lead to mixing events generated
by parsers for multiple files, where we could get in inconsistant state.
After this change we gather all events generated by parser for single file,
before we start parsing any included file.
This fixes issue #3166
The 'reload_config' and 'dump_config' calls are expected to yield a
'rescode' result, which means they must return 'ok' (rather than a
tuple) on success.
Fixes#3170.
