4.12. Component Instance: s2s

Just as the c2s component provides the Client (to Server) Connections service, so the s2s component provides the Server (to Server) Connections service. The XML configuration that describes the s2s component is shown in Example 4-19 and is represented in diagram form in Figure 4-15.

Figure 4-15. Diagram view of s2s component instance

Example 4-19. jabber.xml configuration for the s2s component instance

<service id="s2s">

  <load>
    <dialback>./dialback/dialback.so</dialback>
  </load>

  <dialback xmlns='jabber:config:dialback'>
    <legacy/>
    <ip port="5269"/>
    <karma>
      <init>50</init>
      <max>50</max>
      <inc>4</inc>
      <dec>1</dec>
      <penalty>-5</penalty>
      <restore>50</restore>
    </karma>
  </dialback>

</service>

4.12.1. Component Type and Identification

The component type is service, and the instance here is identified as s2s:

<service id="s2s">

4.12.2. Host Filter

Like the c2s component instance definition, no explicit host filter is set for s2s. The identification of the component instance as s2s acts as a backup host filter.

4.12.3. Custom Configuration

The configuration for the s2s is similar to that of the c2s; after all, it is about managing connections to other hosts. The configuration namespace is, however, a little odd:

<dialback xmlns="jabber:config:dialback">

Dialback? Well, in order to prevent spoofing on a connecting server's part, the s2s component implements an identity verification mechanism that is used to check that a connecting server is who it says it is. See Dialback for more details.

As the namespace for the exchange of document streams in a client-to-server connection is jabber:client, so the namespace for the exchange of document streams in a server-to-server connection is jabber:server.

There are three immediate child tags in the configuration wrapper tag:

<legacy/>

This acts as a flag that allows "legacy" Jabber servers to connect (or disallows, if it is absent). A legacy Jabber server is one that has Version 1.0 and, of more relevance, no support for the dialback mechanism. Without the tag, an incoming connection from a Version 1.0 Jabber server that didn't support dialback would be refused.

<ip/>

While a normal Jabber server listens for client connections on 5222, it listens for connections from other Jabber servers on port 5269. This is specified with the <ip/> tag, which has the same characteristics as the <ip/> tag in the c2s configuration settings (more than one tag allowed, specific IP address optional).

<karma/>

Karma is used in the s2s component to control connection traffic, just as it is used in c2s. See Section 4.13 later in this chapter for more details.

Sidebar 5. Dialback When an external Jabber server requests a connection to your Jabber server, the dialback mechanism ensures that the external Jabber server's identification can be verified. This is to prevent identity spoofing, the masquerading by one server or service under the name of another, and represents a big increase in security over earlier Jabber servers. To perform the identity check, your Jabber server "dials back" the external Jabber server to check credentials. The sequence of events in a dialback conversation involves three (logical) parties and is roughly as shown in Figure 4-16. Figure 4-16. Dialback in action Based on the validity of the key, your Jabber server can accept or refuse the incoming connection from the external Jabber server. And, of course, the tables are turned and the shoe is on the other foot, to mix metaphors, if your Jabber server is the one trying to make a connection.

4.12.4. Component Connection Method

The library load method is used to connect the s2s component to the backbone:

<load>
  <dialback>./dialback/dialback.so</dialback>
</load>

The dialback() is called in the shared library after it has been loaded.