Code commits
Openfire (master)
-
daryl herzmann c7e4bc511c0cb172de77aa19c75c84b8f071fa72
Merge pull request #3232 from guusdk/OF-3176_Schedule-dont-drop-s2s-stanza-after-async-connection-closure
OF-3176: Fix stanza loss during outgoing S2S session teardown -
daryl herzmann 920ef5651b473433937fc4aeb41fcba34e3ffd7e
Merge pull request #3127 from guusdk/OF-3170_Rate-Limit-New-Connections
OF-3170: Implement basic rate limiting for new connections (C2S and S2S) -
Guus der Kinderen da9b79727674313021a4a64ad07addf3a1ce6b19
Update xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version da9b79727674313021a4a64ad07addf3a1ce6b19)
-
Guus der Kinderen a0a36bf57f2ff4e2ad635762c6cc8cd4aba3fc73
OF-3176: Fix stanza loss during outgoing S2S session teardown
When an outgoing server-to-server (S2S) connection closes, the connection is marked closed immediately, but route removal from the routing table happens asynchronously during teardown. This creates a short race window where routing can still send stanzas to a closing session, which then sees a closed connection and drops the stanza.
This change fixes that behavior by waiting for teardown to fully complete before re-routing a stanza that reached a closed outgoing session. Waiting for close completion ensures stale route cleanup has finished, after which normal routing can use an existing replacement session or create a new one.
A new system property, xmpp.server.session.redelivery-timeout (default: 30 seconds), controls how long Openfire waits for teardown completion before returning an error to the sender.- i18n/src/main/resources/openfire_i18n.properties (version a0a36bf57f2ff4e2ad635762c6cc8cd4aba3fc73)
- i18n/src/main/resources/openfire_i18n_nl.properties (version a0a36bf57f2ff4e2ad635762c6cc8cd4aba3fc73)
- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version a0a36bf57f2ff4e2ad635762c6cc8cd4aba3fc73)
-
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> e420222a6fe6791218ad5c076fde9c8fd861ab8a
chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin
Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.14.0 to 3.15.0.
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.15.0)
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
dependency-version: 3.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>- plugins/pom.xml (version e420222a6fe6791218ad5c076fde9c8fd861ab8a)
- pom.xml (version e420222a6fe6791218ad5c076fde9c8fd861ab8a)
-
Guus der Kinderen 929ea930801cc6afb66226c3fd5d5b50ff7d5520
CI: Attempt to reduce flaky results of LocalOutgoingServerSessionTest
This test fails inconsistently in CI. This commit has some changes that may help make it more stable:
- Harden test timing to tolerate CI jitter
- Remove cross-test/global TLS side effects from the remote dummy- xmppserver/src/test/java/org/jivesoftware/openfire/session/LocalOutgoingServerSessionTest.java (version 929ea930801cc6afb66226c3fd5d5b50ff7d5520)
- xmppserver/src/test/java/org/jivesoftware/openfire/session/RemoteReceivingServerDummy.java (version 929ea930801cc6afb66226c3fd5d5b50ff7d5520)
-
Guus der Kinderen d09f1004c494288c6a274e5ddf720acff0c26900 m
OF-3172: Add admin UI for connection rate limiting settings
Expose new-connection rate limiting settings on the C2S and S2S connection settings pages.- i18n/src/main/resources/openfire_i18n.properties (version d09f1004c494288c6a274e5ddf720acff0c26900)
- i18n/src/main/resources/openfire_i18n_nl.properties (version d09f1004c494288c6a274e5ddf720acff0c26900)
- xmppserver/src/main/webapp/connection-settings-socket-c2s.jsp (version d09f1004c494288c6a274e5ddf720acff0c26900)
- xmppserver/src/main/webapp/connection-settings-socket-s2s.jsp (version d09f1004c494288c6a274e5ddf720acff0c26900)
-
Guus der Kinderen 8352e089517efdea42fd6c8f2b74dd3752cd02ce m
OF-3171: Implement basic rate limiting for new connections (C2S and S2S)
- Introduce NewConnectionLimiterRegistry to track new connections per type.
- Add per-group rate limiting: client-to-server (C2S) and server-to-server (S2S).
- By default, rate limiting is disabled for both C2S and S2S.
- Support dynamic updates via system properties for permits per second, max burst, and enabled flag.
- Add optional logging for rejected connections with configurable suppression interval.
- Ensure unsupported connection types receive unlimited limiters while still collecting metrics.
This lays the foundation for controlling the rate of new connections, without yet exposing admin console configuration or statistics.- i18n/src/main/resources/openfire_i18n.properties (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- i18n/src/main/resources/openfire_i18n_nl.properties (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindServlet.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/main/java/org/jivesoftware/openfire/nio/NettyConnectionHandler.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/main/java/org/jivesoftware/openfire/ratelimit/NewConnectionLimiterRegistry.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/main/java/org/jivesoftware/openfire/websocket/OpenfireWebSocketServlet.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/main/java/org/jivesoftware/util/TokenBucketRateLimiter.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/test/java/org/jivesoftware/openfire/ratelimit/NewConnectionLimiterRegistryTest.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
- xmppserver/src/test/java/org/jivesoftware/util/TokenBucketRateLimiterTest.java (version 8352e089517efdea42fd6c8f2b74dd3752cd02ce)
-
Guus der Kinderen 3c566f8bd29c5fab2876cc1efc2728a4a9cc4adc m
OF-3173: Use new fake clock in TokenBucketRateLimiter tests
Replace Thread.sleep-based timing in unit tests with the new FakeNanoClock to make tests deterministic, faster, and less flaky.- xmppserver/src/test/java/org/jivesoftware/util/TokenBucketRateLimiterTest.java (version 3c566f8bd29c5fab2876cc1efc2728a4a9cc4adc)
-
Guus der Kinderen b036b2af93afa01f8597e0111ebdacebbe394aee m
OF-3171: Fix token bucket refill precision and clarify refill logic
Preserve fractional refill time in TokenBucketRateLimiter by carrying sub-token remainder across refill cycles, instead of discarding it when whole tokens are added.- xmppserver/src/main/java/org/jivesoftware/util/TokenBucketRateLimiter.java (version b036b2af93afa01f8597e0111ebdacebbe394aee)
- xmppserver/src/test/java/org/jivesoftware/util/TokenBucketRateLimiterTest.java (version b036b2af93afa01f8597e0111ebdacebbe394aee)
-
Guus der Kinderen 47593f39e5c80f4a370630085c8c8042a874e70a m
OF-3171: Fix thread safety, overflow, and unlimited correctness in TokenBucketRateLimiter
Replace AtomicLong/LongAdder with plain longs guarded by synchronized methods, fixing a race condition between refill and consume.
Fix overflow in refillIfNeeded for large elapsed times and capacity values.
Fix unlimited() instances eventually exhausting by introducing a dedicated code path that bypasses token accounting.
Expand test coverage accordingly.- xmppserver/src/main/java/org/jivesoftware/util/TokenBucketRateLimiter.java (version 47593f39e5c80f4a370630085c8c8042a874e70a)
- xmppserver/src/test/java/org/jivesoftware/util/TokenBucketRateLimiterTest.java (version 47593f39e5c80f4a370630085c8c8042a874e70a)
-
Guus der Kinderen 99dd7d14c12910925f52a0d0b59f90abf7660597 m
OF-3171: Enforce connection rate limiting before pipeline initialization
Add NewConnectionRateLimitHandler, a @Sharable ChannelInboundHandlerAdapter that intercepts channelActive at the head of the child channel pipeline.
Rejected connections are now closed before any downstream handler runs, avoiding TLS negotiation, XML parser allocation, and session scaffolding for connections that would be discarded anyway.- xmppserver/src/main/java/org/jivesoftware/openfire/nio/NettyConnectionHandler.java (version 99dd7d14c12910925f52a0d0b59f90abf7660597)
- xmppserver/src/main/java/org/jivesoftware/openfire/nio/NewConnectionRateLimitHandler.java (version 99dd7d14c12910925f52a0d0b59f90abf7660597)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/NettyServerInitializer.java (version 99dd7d14c12910925f52a0d0b59f90abf7660597)
-
Guus der Kinderen 0af0873a8ed3af68d398dee4f76f22f02b00ba7d m
OF-3173: Expose rate-limiting statistics via Statistics API
Integrate rate-limiting counters into Openfire's Statistics API so they are automatically available via JMX and the Monitoring plugin.
This adds real-time, thread-safe statistics for rate limiters used for all connection types (eg: socket_c2s, socket_s2s), tracking accepted and rejected connection attempts. Metrics are incremented on every connection attempt, but reset after rate limit configuration changes.
Acceptance ratio is intentionally not exposed. Ratios would be derived from cumulative totals since the last rate-limiter reset, causing them to converge over time and potentially mislead users expecting a time-windowed value. Consumers can derive meaningful ratios themselves from the provided accepted and rejected counters.- i18n/src/main/resources/openfire_i18n.properties (version 0af0873a8ed3af68d398dee4f76f22f02b00ba7d)
- i18n/src/main/resources/openfire_i18n_nl.properties (version 0af0873a8ed3af68d398dee4f76f22f02b00ba7d)
- xmppserver/src/main/java/org/jivesoftware/openfire/ratelimit/NewConnectionLimiterRegistry.java (version 0af0873a8ed3af68d398dee4f76f22f02b00ba7d)