How to use Smacks Plugin + Websocket with Anonymous Domains

engesin · February 24, 2021, 5:58pm

Hi everyone,

I want to use smacks pluging with websocket. I configure prosody to be able to join anonymously but require token authentication for creating new room.

Smacks works great for autheticated users because these users reconnect with same xmpp identity.

However, if guest users try to resume, their identities are not the same as they used before. So Smack can not find correct session to resume. It returns that error…

<resume h=‘25’ previd=‘db78152f-fdf8-47db-b0b2-75d61fc9138f’ xmlns=‘urn:xmpp:sm:3’
Tried to resume non-existent session with id db78152f-fdf8-47db-b0b2-75d61fc9138f

Although there is no authentication at meet.jit.si, users keep their identity. How can I keep identity for guest users to use Smack Plugin properly.

Note: I use stable-5076 version with prosody-0.11.5. I already apply mod_websocket_smacks.patch and mod_websocket_session_event.patch

Related Link: [How To] How to enable websockets (xmpp-websocket) and smacks for Prosody

damencho · February 24, 2021, 6:37pm

The username does not matter, what matters is previd id which is passed when resuming …

Maybe something is wrong with the logic when using anonymous domain, the same there was a bug when checking for enabled services and instead of the main domain was querying the guest one … this is my guess.

saghul · February 24, 2021, 6:39pm

Can you try this? Use the token auth module, but set allow_empty_token to true. This is basically anonymous, but there is some extra code to match previd.

@damencho This was the motivation for WIP feat(prosody) detacch session resumption from token auth by saghul · Pull Request #8576 · jitsi/jitsi-meet · GitHub

damencho · February 24, 2021, 6:42pm

I see @saghul

engesin · February 24, 2021, 8:26pm

O Man!! Not all heroes wearing capes!!

I saw that code which set previd etc…

It works thank you…

engesin · February 25, 2021, 6:30am

Hi @damencho

github.com

jitsi/jitsi-meet/blob/23bb824731034155e0fde409d3878523bdd1fddd/resources/prosody-plugins/mod_smacks.lua#L559


function handle_resume(session, stanza, xmlns_sm)
	if session.full_jid then
		session.log("warn", "Tried to resume after resource binding");
		session.send(st.stanza("failed", { xmlns = xmlns_sm })
			:tag("unexpected-request", { xmlns = xmlns_errors })
		);
		return true;
	end

	local id = stanza.attr.previd;
	local original_session = session_registry.get(session.username, id);
	if not original_session then
		session.log("debug", "Tried to resume non-existent session with id %s", id);
		local old_session = old_session_registry.get(session.username, id);
		if old_session and session.username == old_session.username
		and session.host == old_session.host
		and old_session.h then
			session.send(st.stanza("failed", { xmlns = xmlns_sm, h = string.format("%d", old_session.h) })
				:tag("item-not-found", { xmlns = xmlns_errors })
			);
		else

Session.username is equal to uuid part of some-uuid@guest.meet.jitsi.com
so both session.username and previd is required.

with @saghul suggestion, when new websocket created, some-uuid@guest.meet.jitsi.com start to come with same uuid.

engesin · February 25, 2021, 8:35am

Hi again

I faced with new problem about jvb websocket after resume. After i force to resume prosody websocket, I trigger colibri websocket to reestablished also. Sometimes i faced with these errors,

Client Side:

lib-jitsi-meet.min.js?v=420:17 WebSocket connection to ‘wss://meet.com/colibri-ws/jvb-m01-ins01/9d71074c099283d0/0f42bd80?pwd=angft2hueg0537bhniv7564cm’ iled: Error during WebSocket handshake: Unexpected response code: 403
_initWebSocket @ lib-jitsi-meet.min.js?v=420:17
t @ lib-jitsi-meet.min.js?v=420:17
lib-jitsi-meet.min.js?v=420:10 2021-02-25T08:28:41.116Z [modules/RTC/BridgeChannel.js] <WebSocket.e.onclose>: Channel closed by server
lib-jitsi-meet.min.js?v=420:10 2021-02-25T08:28:41.117Z [modules/RTC/BridgeChannel.js] <WebSocket.e.onclose>: Channel closed: 1006

JVB Side:
Several logs like,
[confId=9d71074c099283d0 epId=b9922c6b gid=413976 stats_id=Viola-0g8 conf_name=enginesin@conference.meet.com] VideoParser.transform#74: Unable to find encoding matching packet! packet=RtpPacket: PT=100, Ssrc=358628010, SeqNum=53464, M=true, X=true, Ts=1460079164, encodings=MediaSourceDesc 1604882424 has encodings:#012 primary_ssrc=358628010,secondary_ssrcs{404737831=RTX},layers=subjective_quality=0,temporal_id=-1,spatial_id=-1

At that stuation, if there was a screen sharing, resumed participant can see sharing at small thumbnail but not at main video section. did you faced with that problem before?

engesin · February 25, 2021, 8:58am

After resuming, Backend send new colibri websocket url as follows,

<transport xmlns="urn:xmpp:jingle:transports:ice-udp:1" pwd="276g0gb0loos3naa8viqshb165" ufrag="4r33l1evc42cvc">
<web-socket xmlns="http://jitsi.org/protocol/colibri" url="wss://dev01.meet.com/colibri-ws/jvb-m01-ins01/9d71074c099283d0/0f42bd80?pwd=276g0gb0loos3naa8viqshb165" />

Client open this new websocket but also try to open old one also. Probably old one has invalid pwd at that moment. There is lots of failed colibri websocket exist…

Edit:
As i suspect:
jvb: WARNING: [767779] [confId=9d71074c099283d0 epId=0f42bd80 gid=413976 stats_id=Viola-0g8 conf_name=enginesin@conference.meet.bip.com] Endpoint.acceptWebSocket#969: Incoming web socket request with an invalid password. Expected: 276g0gb0loos3naa8viqshb165, received angft2hueg0537bhniv7564cm

engesin · February 26, 2021, 5:17am

Hi again,

When i update JVB to latest stable version 5390, that problem is also solved… With stable 5076, after user resumed, there is problem with jvb websocket which i mention about.

for your information

saghul · March 2, 2021, 8:32am

Good to know @engesin , cheers!

Amara · March 12, 2021, 1:16pm

After setting up ejabberd, I can enroll users from multiple devices at the same time, and also log in multiple users, and users can communicate correctly, but the problem is when I quickly enroll multiple users from one mobile device.

saghul · March 12, 2021, 2:40pm

How is that related to the discussion here?

engesin · March 24, 2021, 12:44pm

Hi again,

When 3 ping requests are timeout, smacks restores session. This makes 30 seconds to recover.

How can I shorten this duration?

Can I change ping interval or accept connection lost if 2 ping request are timeout?

thank you

damencho · March 24, 2021, 1:11pm

github.com

jitsi/lib-jitsi-meet/blob/351612321002ff6244fdf6be84f6188fe39ed458/modules/xmpp/strophe.ping.js

import { getLogger } from 'jitsi-meet-logger';
import { $iq, Strophe } from 'strophe.js';

import GlobalOnErrorHandler from '../util/GlobalOnErrorHandler';

import ConnectionPlugin from './ConnectionPlugin';


const logger = getLogger(__filename);

/**
 * Default ping every 10 sec
 */
const PING_DEFAULT_INTERVAL = 10000;

/**
 * Default ping timeout error after 5 sec of waiting.
 */
const PING_DEFAULT_TIMEOUT = 5000;

This file has been truncated. show original

You can control this with config like:

    xmppPing: {
	interval: 10000,
	timeout: 5000,
	threshold: 2
    },

engesin · March 24, 2021, 3:10pm

Thank you @damencho,

Do i need to change anything at prosody side? for example if client goes to offline, we kick that client after a while. does this change effect prosody websocket timeout?

damencho · March 24, 2021, 3:28pm

Are you using bosh or websocket for the signaling (mind that this is different than the websocket that is used for the jvb connection)?
In case of bosh you can control the timeout through property in prosody, but for it you need to use a custom lib-jitsi-meet with custom strophe.js build with a change for the timeout, cause per specs the timeout for bosh is 60 secs and that is hardcoded in the library.

For websockets there is no timeout as it is not a long poll as bosh, if the connection is dropped the session is destroyed.

engesin · March 24, 2021, 3:32pm

Ok I use Websocket.

therefore, I just need to modify strophe.ping.js

thanks.

engesin · April 15, 2021, 6:09am

Hi again,

After smacks restores session, Client connection seems to be poor.

When i investigate jvb websocket message, i see that client sends connectionQuality as 0.

So ones that recover their websockets has wrong indicator for me.

Is this a known issue?

{
“type”: “stats”,
“values”: {
“bitrate”: {
“upload”: 24,
“download”: 201,
“audio”: {
“upload”: 24,
“download”: 80
},
“video”: {
“upload”: 0,
“download”: 121
}
},
“packetLoss”: {
“total”: 0,
“download”: 0,
“upload”: 0
},
“connectionQuality”: 0,
“jvbRTT”: 12,
“maxEnabledResolution”: 1080
}
}