Wednesday, August 6, 2008

Quick summary of last week

Last week I was refactoring TLS code in gajim to fit the new architecture. Debugging of XMPP over TLS on 5223 and 5222 (with negotiation) wasn't difficult because wrappers for python stdlib ssl and pyopenssl are well designed (by dkirov I think). Now I'm on securing the HTTP connections which can be non-persistent and thus more prone to error occurrence. Good handling of various TCP and SSL errors is needed.

As for the persistent connections, it's hard to categorize Connection Manager implementations because there can be different types of HTTP server on the other end - Connection Manager, proxy or port forwarding HTTP server. This calls for robust implementation of HTTP connections and for separating the HTTP from XMPP stream.

Also, I have fixing a bug Asterix discovered - authentication to ejabberd hangs when it doesn't follow immediately after init response. More info here. I believe it's an ejabberd issue because the traffic scenario is consistent with the XEP and it works with Openfire. For now I supressed sending empty bodies until some authentication module is plugged, which will result in inactivity timeout when the delay is too long. I will check with Tigase and Punjab as soon as I manage to install them.

Monday, July 28, 2008

Another progress report

I kept on improving the HTTP connections handling and now my implementation can deal with non-persistent connections to ejabberd and with keep-alive and even pipelining connection/s to Openfire (for which Safa provided me with his dev build) and I implemented acknowledgments checking and key-sequencing. I also made some modification to proxy group stored in Gajim config file. Configuration dialog for BOSH proxy slightly changed to allow optional set of HTTP proxy preceeding the Connection Manager.

Now I'm going to take a look on securing BOSH TCP connections. Gajim currently tries to estabilish SSL connection at first, and fall back to plain when SSL negotiation or handshake fails. Considering BOSH connection to Connection Manager, there's no problem as long as the client goes to CM directly - it doesn't matter whether we send XMPP or HTTP over SSL I guess (well except for the fact that there's no negotiation with in BOSH but SSL handshake should follow TCP conn estabilishment). Question is what to do when proxy is used. I checked what Firefox does when reaching HTTPS server over proxy and it just sends HTTP request with CONNECT method to the proxy, which opens a tunnel to the remote machine and SSL handshake then takes place on opened channel. I will do it in the same way because there's no other way how to tunnel HTTPS over proxy, right?
With connection opened with CONNECT, it's probably more reasonable to send the XMPP directly instead of BOSH HTTP but CONNECT is usually limited to certain port numbers so I think it should be possible with BOSH as well. (Gajim can already do XMPP via HTTP proxy with CONNECT method)

Sunday, July 13, 2008

Midterm update

After some structure changes in Gajim XMPP code I finally got to implementing HTTP connections handling and now my branch can be used with BOSH Connection Managers in ejabberd 2.0.1 and Openfire 3.5.2. You can find it in Gajim svn:

svn co svn://

In order to connect over http bindings you need to create proxy with type "BOSH" in Proxy Managing dialog (Accounts -> tab Connection -> Manage next to Proxy combobox), and put Connection Manager URI and port to text fields.
However it's still quite buggy and I haven't tried it over proxy yet. Next item on my TODO are the semantic issues of the protocol, then TLS support and config dialog. I also broke down some parts of networking code and I'll have to fix those before merging back to trunk.

Two things I noticed about Openfire - it doesn't respond to stream-restart body tag after SASL authentication and it doesn't classify iq stanzas (children of body tag) with XML namespace. Latter caused XML parser in Gajim consider the iq stanzas as of namespace because that's xmlns of parent body.

Sunday, June 15, 2008

Third week of GSoC

During last two weeks I realized the design I proposed in previous post was not good because component plugging of socket wrapper into client instance in xmpppy does not allow to use more than one wrapper per client, plus the wrapper actually does more than I need for TCP connection object. Now I am refactoring NonBlockingTcp and NonBlockingClient classes in xmpppy and next step will be doing a BOSHTransport owning one or more instances of NonBlockingTcp. BOSHTransport should be pluggable to client just like usual socket wrapper. It is still a bit likely to change so I will keep class diagram for next week.
In meantime, I wrote a template for unit testing of NonBlockingClient and installed openfire, punjab and araneo on my virtual server for testing and jwchat on localhost for traffic analysis.

You may have noticed my posts bubbling up on planet jabber. Some of them got on top of aggregated feed more than once. It happened always after editing a post and it's because
  1. Blogger adds/updates the <updated> tag in feed on each post modification.
  2. Planet reader sorts entries by time in <updated> instead of <published>.
I didn't find a way how to ignore entry updates in planet reader yet.. or how to exclude update time from Blogger feed. I'm thinking about moving to Wordpress (blog can be imported from Blogger) or doing some magic with the feed on my own. But until then, there goes the idea of maintaining info in posts (and correcting typos :( ).

The list of XMPP soft supporting BOSH can be found on wiki now. I can see there a few more tigase projects I didn't know about, cool.

Sunday, June 1, 2008

BOSH in XMPP software

Sooner or later I will have to test my code with different servers and Connection Managers so I did some research about existing HTTP Binding implementations. BOSH is described in XEP-0124 and XEP-0206. 0124 describes mechanism, syntax and error handling for reliable transfer of XML streams over HTTP in general. 0206 addresses XMPP - session negotiation, XMPP errors processing and SASL authentication.

Besides client and server, there is a Connection Manager entity in BOSH architecture. Client communicates with CM via HTTP POST requests/responses defined in mentioned XEPs and CM communicates with XMPP server either acting as a ordinary XMPP client or using component protocol. CM can be standalone HTTP server or built-in functionality (or extension) of XMPP server. If you want to connect to XMPP server via BOSH CM, you need CM URL and CM port number (e.g. "" and 80 for[in czech]) in addition to XMPP server address and port. With built-in Connection Managers, IP addresses of XMPP server and CM will be the same and just the port numbers will differ.

Follows overview of XMPP software with BOSH support.

Servers with built-in Connection Manager.
Standalone Connection Managers
Act as a proxy between client and XMMP server.
  • gloox (C++) - BOSH support done by MattJ during GSoC 2007. BOSH Connection classes are included in svn trunk and 1.0-beta2 (download page).
  • xmpp4r (Ruby)
  • xmpp4js (JavaScript)
  • JSJaC (JavaScript)
  • emite (Google Web Toolkit, Java) - XMPP library and client GUI for gwt, connecting through BOSH Connection Manager.
I wasn't able to experiment with all listed software but I will keep updating this overview during summer as I'll progress with testing. Further reading can be this post on MattJ's blog.

Saturday, May 31, 2008

First steps

It's six days after official start of GSoC coding and I should summarize what I've done so far. I will try to publish a blogpost during each weekend throughout the coding period.

My project is about extending functionality of Gajim jabber client so first thing to do was to explore and try to understand current code that takes care of XMPP communication. Gajim is using fork of xmpppy library extended by implementation of non-blocking transports meaning a lot of callbacks and queue of received and sent messages that notifies plugged objects in (on?) regular intervals. As for networking, there are three relevant layers in Gajim architecture - Connection class as interface between UI and xmpppy (one instance per jabber account), Client class that estabilish connection to XMPP server and handles authentication, and transport classes putting data to sockets in particular format (SSL, TLS, TCP, for HTTP proxy, for SOCKS5 proxy). Transport are not aware of XMPP stanzas.

In the most simple case, BOSH messages are XMPP messages wrapped by body tag with BOSH-related attributes, sent to HTTP-server/proxy-like Connection Manager instead of straight to XMPP server. Communication scheme is a bit different in order to allow server-initiated requests in HTTP (see XEP-0124). With this assumption I looked for a place to begin coding - I was deciding whether to start with Connection, Client or Transport and since the stream initiation slightly differs in XMPP over BOSH and plain XMPP, I went for a BOSHClient class, derived from NBCommonClient. In existing code, Connection object holds instance of NonBlockingClient which also derived from NBCommonClient as shown on class diagram:

The idea is to use BOSHClient instead of NonBlockingClient for accounts connecting to BOSH Connection Manager. So far, I am able to build and send initial request and receive, parse and poorly check the response. After that I would like to integrate Gajim module for SASL authentication and then send first message via BOSH.

Monday, April 21, 2008

"BOSH support in Gajim" proposal accepted for GSoC 08

Today about half an hour after 10 PM Finnish time, I found out my GSoC proposal was accepted by XMPP Standards Foundation. BOSH is a method for tunneling XMPP via HTTP. It's a feature I was missing in Gajim during my last job in summer year ago where all outgoing application traffic was blocked except for HTTP/S. It's nice to know it's gonna be there and it's even more nice to be on the way to implement it myself. Joy was replaced by confusion when I saw 200+ new messages from gsoc-student mailing list next morning (and I haven't been even subscribed to xmpp lists yet). Real avalanche :)
Anyway, it's cool to see I'm not the only one dealing with BOSH this year - there's Safa Sofuoğlu improving BOSH support in Openfire, one of server implementations I'd like to test against.
It's kinda weird feeling to have the whole summer milestoned in the middle of April, especially when there's still some snow outside :). Enjoy cliché photo of late April Finland nature (Koli National Park).