search

matrix-org / matrix-federation-tester

Tester for matrix federation written in golang.
83 stars 17 forks source link

Federation tester fails to parse well-known if response spans multiple tcp segments #153

Closed meramsey closed 2 weeks ago

meramsey commented 4 weeks ago

I know there was another issue https://github.com/matrix-org/fed-tester-ui/issues/36 was closed which is similiar.

This should still be address because the federation tester is just trying IP:8448 no matter what the well known delegation says which it should be trying vs just resolving the domain to IP and trying IP:8448 https://element-hq.github.io/synapse/latest/delegate.html#delegation-of-incoming-federation-traffic

Federation test seems to always resolve to the IP:8448 even with /.well-known/matrix/client

{
  "io.element.e2ee": {
    "secure_backup_required": false,
    "secure_backup_setup_methods": ["passphrase"]
  },
  "m.homeserver": {
      "base_url": "https://matrix.mydomain.com"
  }
}

/.well-known/matrix/server

{
    "m.server": "matrix.mydomain.com:443"
}

homeserver.yaml

server_name: "matrix.mydomain.com"
public_baseurl: "https://matrix.mydomain.com/"
report_stats: false
pid_file: "/var/run/matrix-synapse.pid"
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names: [client, federation]
        compress: false
database:
  name: psycopg2
  args:
    user: dbadmin
    password: redacted
    database: synapse
    host: 127.0.0.1
    cp_min: 5
    cp_max: 10
log_config: "/etc/matrix-synapse/log.yaml"
media_store_path: /var/lib/matrix-synapse/media
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
enable_registration: true
registration_requires_token: true
registration_shared_secret: "redacted"
trusted_key_servers:
  - server_name: ""
turn_uris: [ ]
turn_allow_guests: false
next_link_domain_whitelist: []
#federation_domain_whitelist: []
serve_server_wellknown: true
default_identity_server: ""
enable_federation: true
allow_public_rooms_over_federation: true
allow_profile_lookup_over_federation: true
enable_3pid_lookup: false
allow_guest_access: false
encryption_enabled_by_default_for_room_type: all
password_config:
  pepper: "redacted"
max_upload_size: 1500M
user-directory:
  enabled: true
  prefer_local_users: true
  search_all_users: true
auto_join_rooms:
  - "#community:matrix.mydomain.com"
autocreate_auto_join_rooms: true
autocreate_auto_join_rooms_federated: false
ip_range_whitelist:
  - '127.0.0.1'
  - '0.0.0.0/0'
app_service_config_files:
   - '/etc/matrix-synapse/mautrix-signal-registration.yaml'

I did on a dynamic domain and took screenshots for reference It complained and never followed the delegation which is properly configured and it should have been following Screenshot from 2024-10-29 11-35-10 Screenshot from 2024-10-29 11-22-46

Can see /.well-known/matrix/client and /.well-known/matrix/server were properly working and responding and also if it had followed delegation it would have been able to resolve the other urls properly too. Screenshot from 2024-10-29 11-22-16 Screenshot from 2024-10-29 11-22-25 Screenshot from 2024-10-29 11-23-09 Screenshot from 2024-10-29 11-23-49

richvdh commented 4 weeks ago

This should still be address because the federation tester is just trying IP:8448 no matter what the well known delegation says which it should be trying vs just resolving the domain to IP and trying IP:8448

I don't understand this sentence, and I don't understand what you're trying to say more generally.

Are you saying that the federation tester always connects to port 8448, even if you have a .well-known/matrix/server file that points to a different port? I don't think that is correct. For example, matrix.org's .well-known file (https://matrix.org/.well-known/matrix/server) points to port 443, and https://federationtester.matrix.org/#matrix.org correctly connects to port 443.

richvdh commented 4 weeks ago

Ok so I see there is a problem parsing the .well-known response from poisonous-ducks-hug-ruthlessly.azurewebsites.net, which can be seen at https://federationtester.matrix.org/api/report?server_name=poisonous-ducks-hug-ruthlessly.azurewebsites.net:

"unexpected end of JSON input"

This seems to be be a bug in the underlying gomatrixserverlib

richvdh commented 4 weeks ago

Filed a bug against the underlying library as https://github.com/matrix-org/gomatrixserverlib/issues/440

meramsey commented 4 weeks ago

Just as a sanity heads up i am rebuilding that one url a few times today testing different things so it might be intermittently offline today between tearing down and resetting up fresh instances and offline after today for good but I appreciate the follow through

richvdh commented 1 week ago

I have now deployed an updated version to federationtester.matrix.org