Mercurial > prosody-modules

view mod_tcpproxy/README.markdown @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 3804332c204e
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'TCP-over-XMPP :)'
...

Introduction
============

It happens occasionally that I would like to use the XMPP server as a
generic proxy for connecting to another service. It is especially
awkward in some environments, and impossible in (for example) Javascript
inside a web browser.

Details
=======

Using mod\_tcpproxy an XMPP client (including those using BOSH) can
initiate a pipe to a given TCP/IP address and port. This implementation
uses the [In-Band Bytestreams](http://xmpp.org/extensions/xep-0047.html)
XEP, simply extended with 2 new attributes in a new namespace, host and
port.

An example Javascript client can be found in the web/ directory of
mod\_tcpproxy in the repository.

Configuration
=============

Just add tcpproxy as a component, for example:

`Component "tcp.example.com" "tcpproxy"`

Protocol
========

A new stream is opened like this:

``` {.xml}
<iq type="set" id="newconn1" to="tcp.example.com">
  <open xmlns='http://jabber.org/protocol/ibb'
        sid='connection1'
        block-size='4096'
        stanza='message'
        xmlns:tcp='http://prosody.im/protocol/tcpproxy'
        tcp:host='example.com'
        tcp:port='80' />
</iq>
```

The stanza attribute (currently) MUST be 'message', and block-size is
(currently) ignored.

In response to this stanza you will receive a result upon connection
success, or an error if the connection failed. You can then send to the
connection by sending message stanzas as described in the IBB XEP.
Incoming data will likewise be delivered as messages.

Compatibility
=============

  ----- --------------
  0.7   Works
  0.6   Doesn't work
  ----- --------------

Todo
====

-   ACLs (restrict to certain JIDs, and/or certain target hosts/ports)
-   Honour block-size
-   Support iq stanzas for data transmission
-   Signal to start SSL/TLS on a connection