{0, "sv_masterextra2", "64.22.107.125", "dpmaster.deathmask.net - default master server 2 (admin: Willis)"}, // admin: Willis
{0, "sv_masterextra3", "92.62.40.73", "dpmaster.tchr.no - default master server 3 (admin: tChr)"}, // admin: tChr
#ifdef SUPPORTIPV6
- {0, "sv_masterextra4", "[2001:41d0:2:1628::4450]:27950", "dpmaster.div0.qc.to - default master server 4 (admin: divVerent)"}, // admin: divVerent
+ {0, "sv_masterextra4", "[2a03:4000:2:225::51:334d]:27950", "dpmaster.sudo.rm-f.org - default master server 4 (admin: divVerent)"}, // admin: divVerent
#endif
{0, NULL, NULL, NULL}
};
+#ifdef CONFIG_MENU
static cvar_t sv_qwmasters [] =
{
{CVAR_SAVE, "sv_qwmaster1", "", "user-chosen qwmaster server 1"},
{0, "sv_qwmasterextra5", "qwmaster.fodquake.net:27000", "Global master server. (admin: unknown)"},
{0, NULL, NULL, NULL}
};
+#endif
static double nextheartbeattime = 0;
char cl_readstring[MAX_INPUTLINE];
char sv_readstring[MAX_INPUTLINE];
+cvar_t net_test = {0, "net_test", "0", "internal development use only, leave it alone (usually does nothing anyway)"};
+cvar_t net_usesizelimit = {0, "net_usesizelimit", "2", "use packet size limiting (0: never, 1: in non-CSQC mode, 2: always)"};
+cvar_t net_burstreserve = {0, "net_burstreserve", "0.3", "how much of the burst time to reserve for packet size spikes"};
cvar_t net_messagetimeout = {0, "net_messagetimeout","300", "drops players who have not sent any packets for this many seconds"};
cvar_t net_connecttimeout = {0, "net_connecttimeout","15", "after requesting a connection, the client must reply within this many seconds or be dropped (cuts down on connect floods). Must be above 10 seconds."};
-cvar_t net_connectfloodblockingtimeout = {0, "net_connectfloodblockingtimeout", "5", "when a connection packet is received, it will block all future connect packets from that IP address for this many seconds (cuts down on connect floods)"};
+cvar_t net_connectfloodblockingtimeout = {0, "net_connectfloodblockingtimeout", "5", "when a connection packet is received, it will block all future connect packets from that IP address for this many seconds (cuts down on connect floods). Note that this does not include retries from the same IP; these are handled earlier and let in."};
+cvar_t net_challengefloodblockingtimeout = {0, "net_challengefloodblockingtimeout", "0.5", "when a challenge packet is received, it will block all future challenge packets from that IP address for this many seconds (cuts down on challenge floods). DarkPlaces clients retry once per second, so this should be <= 1. Failure here may lead to connect attempts failing."};
+cvar_t net_getstatusfloodblockingtimeout = {0, "net_getstatusfloodblockingtimeout", "1", "when a getstatus packet is received, it will block all future getstatus packets from that IP address for this many seconds (cuts down on getstatus floods). DarkPlaces retries every 4 seconds, and qstat retries once per second, so this should be <= 1. Failure here may lead to server not showing up in the server list."};
cvar_t hostname = {CVAR_SAVE, "hostname", "UNNAMED", "server message to show in server browser"};
cvar_t developer_networking = {0, "developer_networking", "0", "prints all received and sent packets (recommended only for debugging)"};
static cvar_t net_slist_pause = {0, "net_slist_pause", "0", "when set to 1, the server list won't update until it is set back to 0"};
static cvar_t net_slist_maxtries = {0, "net_slist_maxtries", "3", "how many times to ask the same server for information (more times gives better ping reports but takes longer)"};
static cvar_t net_slist_favorites = {CVAR_SAVE | CVAR_NQUSERINFOHACK, "net_slist_favorites", "", "contains a list of IP addresses and ports to always query explicitly"};
+static cvar_t net_tos_dscp = {CVAR_SAVE, "net_tos_dscp", "32", "DiffServ Codepoint for network sockets (may need game restart to apply)"};
static cvar_t gameversion = {0, "gameversion", "0", "version of game data (mod-specific) to be sent to querying clients"};
static cvar_t gameversion_min = {0, "gameversion_min", "-1", "minimum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"};
static cvar_t gameversion_max = {0, "gameversion_max", "-1", "maximum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"};
challenge_t challenge[MAX_CHALLENGES];
+#ifdef CONFIG_MENU
/// this is only false if there are still servers left to query
static qboolean serverlist_querysleep = true;
static qboolean serverlist_paused = false;
/// reply is received, to avoid issuing queries while master replies are still
/// flooding in (which would make a mess of the ping times)
static double serverlist_querywaittime = 0;
+#endif
static int cl_numsockets;
static lhnetsocket_t *cl_sockets[16];
int sv_net_extresponse_count = 0;
int sv_net_extresponse_last = 0;
+#ifdef CONFIG_MENU
// ServerList interface
serverlist_mask_t serverlist_andmasks[SERVERLIST_ANDMASKCOUNT];
serverlist_mask_t serverlist_ormasks[SERVERLIST_ORMASKCOUNT];
{
int result = 0; // > 0 if for numbers A > B and for text if A < B
- if( serverlist_sortflags & SLSF_FAVORITESFIRST )
+ if( serverlist_sortflags & SLSF_CATEGORIES )
+ {
+ result = A->info.category - B->info.category;
+ if (result != 0)
+ return result < 0;
+ }
+
+ if( serverlist_sortflags & SLSF_FAVORITES )
{
if(A->info.isfavorite != B->info.isfavorite)
return A->info.isfavorite;
}
-
+
switch( serverlist_sortbyfield ) {
case SLIF_PING:
result = A->info.ping - B->info.ping;
case SLIF_QCSTATUS:
result = strcasecmp( B->info.qcstatus, A->info.qcstatus ); // not really THAT useful, though
break;
+ case SLIF_CATEGORY:
+ result = A->info.category - B->info.category;
+ break;
case SLIF_ISFAVORITE:
result = !!B->info.isfavorite - !!A->info.isfavorite;
break;
if( *mask->info.players
&& !_ServerList_CompareStr( info->players, mask->tests[SLIF_PLAYERS], mask->info.players ) )
return false;
+ if( !_ServerList_CompareInt( info->category, mask->tests[SLIF_CATEGORY], mask->info.category ) )
+ return false;
if( !_ServerList_CompareInt( info->isfavorite, mask->tests[SLIF_ISFAVORITE], mask->info.isfavorite ))
return false;
return true;
}
}
+ // refresh the "category"
+ entry->info.category = MR_GetServerListEntryCategory(entry);
+
// FIXME: change this to be more readable (...)
// now check whether it passes through the masks
for( start = 0 ; start < SERVERLIST_ANDMASKCOUNT && serverlist_andmasks[start].active; start++ )
NetConn_QueryMasters(querydp, queryqw);
}
+#endif
// rest
conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET;
conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes = NETGRAPH_NOPACKET;
conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes = NETGRAPH_NOPACKET;
+ conn->outgoing_netgraph[conn->outgoing_packetcounter].cleartime = conn->cleartime;
if (realtime > conn->cleartime)
return true;
else
}
}
-int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolversion_t protocol, int rate, qboolean quakesignon_suppressreliables)
+void NetConn_UpdateCleartime(double *cleartime, int rate, int burstsize, int len)
+{
+ double bursttime = burstsize / (double)rate;
+
+ // delay later packets to obey rate limit
+ if (*cleartime < realtime - bursttime)
+ *cleartime = realtime - bursttime;
+ *cleartime = *cleartime + len / (double)rate;
+
+ // limit bursts to one packet in size ("dialup mode" emulating old behaviour)
+ if (net_test.integer)
+ {
+ if (*cleartime < realtime)
+ *cleartime = realtime;
+ }
+}
+
+static int NetConn_AddCryptoFlag(crypto_t *crypto)
+{
+ // HACK: if an encrypted connection is used, randomly set some unused
+ // flags. When AES encryption is enabled, that will make resends differ
+ // from the original, so that e.g. substring filters in a router/IPS
+ // are unlikely to match a second time. See also "startkeylogger".
+ int flag = 0;
+ if (crypto->authenticated)
+ {
+ // Let's always set at least one of the bits.
+ int r = rand() % 7 + 1;
+ if (r & 1)
+ flag |= NETFLAG_CRYPTO0;
+ if (r & 2)
+ flag |= NETFLAG_CRYPTO1;
+ if (r & 4)
+ flag |= NETFLAG_CRYPTO2;
+ }
+ return flag;
+}
+
+int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolversion_t protocol, int rate, int burstsize, qboolean quakesignon_suppressreliables)
{
int totallen = 0;
unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
if (conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes == NETGRAPH_CHOKEDPACKET)
conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET;
+ conn->outgoing_netgraph[conn->outgoing_packetcounter].cleartime = conn->cleartime;
+
if (protocol == PROTOCOL_QUAKEWORLD)
{
int packetLen;
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence - 1);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
return -1;
}
- StoreBigLong(sendbuffer, packetLen | NETFLAG_UNRELIABLE);
+ StoreBigLong(sendbuffer, packetLen | NETFLAG_UNRELIABLE | NetConn_AddCryptoFlag(&conn->crypto));
StoreBigLong(sendbuffer + 4, conn->outgoing_unreliable_sequence);
memcpy(sendbuffer + NET_HEADERSIZE, data->data, data->cursize);
}
}
- // delay later packets to obey rate limit
- if (conn->cleartime < realtime - 0.1)
- conn->cleartime = realtime - 0.1;
- conn->cleartime = conn->cleartime + (double)totallen / (double)rate;
- if (conn->cleartime < realtime)
- conn->cleartime = realtime;
+ NetConn_UpdateCleartime(&conn->cleartime, cl_rate.integer, cl_rate_burstsize.integer, totallen);
return 0;
}
return conn;
}
-void NetConn_ClearConnectFlood(lhnetaddress_t *peeraddress);
+void NetConn_ClearFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength);
void NetConn_Close(netconn_t *conn)
{
netconn_t *c;
// remove connection from list
// allow the client to reconnect immediately
- NetConn_ClearConnectFlood(&(conn->peeraddress));
+ NetConn_ClearFlood(&(conn->peeraddress), sv.connectfloodaddresses, sizeof(sv.connectfloodaddresses) / sizeof(sv.connectfloodaddresses[0]));
if (conn == netconn_list)
netconn_list = conn->next;
{
int i, j;
+ // TODO add logic to automatically close sockets if needed
+ LHNET_DefaultDSCP(net_tos_dscp.integer);
+
if (cls.state != ca_dedicated)
{
if (clientport2 != cl_netport.integer)
{
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime;
+ conn->incoming_netgraph[conn->incoming_packetcounter].cleartime = conn->incoming_cleartime;
conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET;
}
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime;
+ conn->incoming_netgraph[conn->incoming_packetcounter].cleartime = conn->incoming_cleartime;
conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28;
conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET;
+ NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
+
+ // limit bursts to one packet in size ("dialup mode" emulating old behaviour)
+ if (net_test.integer)
+ {
+ if (conn->cleartime < realtime)
+ conn->cleartime = realtime;
+ }
+
if (reliable_ack == conn->qw.reliable_sequence)
{
// received, now we will be able to send another reliable message
{
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime;
+ conn->incoming_netgraph[conn->incoming_packetcounter].cleartime = conn->incoming_cleartime;
conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET;
}
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
conn->incoming_netgraph[conn->incoming_packetcounter].time = realtime;
+ conn->incoming_netgraph[conn->incoming_packetcounter].cleartime = conn->incoming_cleartime;
conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28;
conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes = NETGRAPH_NOPACKET;
conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes = NETGRAPH_NOPACKET;
+ NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
+
conn->nq.unreliableReceiveSequence = sequence + 1;
conn->lastMessageTime = realtime;
conn->timeout = realtime + newtimeout;
else if (flags & NETFLAG_ACK)
{
conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes += originallength + 28;
+ NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
+
if (sequence == (conn->nq.sendSequence - 1))
{
if (sequence == conn->nq.ackSequence)
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
{
unsigned char temppacket[8];
conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes += originallength + 28;
+ NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
+
conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes += 8 + 28;
- StoreBigLong(temppacket, 8 | NETFLAG_ACK);
+
+ StoreBigLong(temppacket, 8 | NETFLAG_ACK | NetConn_AddCryptoFlag(&conn->crypto));
StoreBigLong(temppacket + 4, sequence);
sendme = Crypto_EncryptPacket(&conn->crypto, temppacket, 8, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
if(sendme)
{
crypto_t *crypto;
cls.connect_trying = false;
+#ifdef CONFIG_MENU
M_Update_Return_Reason("");
+#endif
// the connection request succeeded, stop current connection and set up a new connection
CL_Disconnect();
// if we're connecting to a remote server, shut down any local server
}
Con_Printf("Connection accepted to %s\n", cls.netcon->address);
key_dest = key_game;
+#ifdef CONFIG_MENU
m_state = m_none;
+#endif
cls.demonum = -1; // not in the demo loop now
cls.state = ca_connected;
cls.signon = 0; // need all the signon messages before playing
msg.data = buf;
msg.maxsize = sizeof(buf);
MSG_WriteChar(&msg, clc_nop);
- NetConn_SendUnreliableMessage(cls.netcon, &msg, cls.protocol, 10000, false);
+ NetConn_SendUnreliableMessage(cls.netcon, &msg, cls.protocol, 10000, 0, false);
}
}
return false;
}
+#ifdef CONFIG_MENU
static int NetConn_ClientParsePacket_ServerList_ProcessReply(const char *addressstring)
{
int n;
serverlist_querysleep = false;
serverlist_querywaittime = realtime + 3;
}
+#endif
static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress)
{
qboolean fromserver;
int ret, c;
- const char *s;
- char *string, addressstring2[128], ipstring[32];
+ char *string, addressstring2[128];
char stringbuf[16384];
char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
size_t sendlength;
+#ifdef CONFIG_MENU
char infostringvalue[MAX_INPUTLINE];
+ char ipstring[32];
+ const char *s;
+#endif
char vabuf[1024];
// quakeworld ingame packet
char protocolnames[1400];
Protocol_Names(protocolnames, sizeof(protocolnames));
Con_DPrintf("\"%s\" received, sending connect request back to %s\n", string, addressstring2);
+#ifdef CONFIG_MENU
M_Update_Return_Reason("Got challenge response");
+#endif
// update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
// TODO: add userinfo stuff here instead of using NQ commands?
if (length == 6 && !memcmp(string, "accept", 6) && cls.connect_trying)
{
// darkplaces or quake3
+#ifdef CONFIG_MENU
M_Update_Return_Reason("Accepted");
+#endif
NetConn_ConnectionEstablished(mysocket, peeraddress, PROTOCOL_DARKPLACES3);
return true;
}
length = min(length - 7, (int)sizeof(rejectreason) - 1);
memcpy(rejectreason, string, length);
rejectreason[length] = 0;
+#ifdef CONFIG_MENU
M_Update_Return_Reason(rejectreason);
+#endif
return true;
}
+#ifdef CONFIG_MENU
if (length >= 15 && !memcmp(string, "statusResponse\x0A", 15))
{
serverlist_info_t *info;
serverlist_querywaittime = realtime + 3;
return true;
}
+#endif
if (!strncmp(string, "extResponse ", 12))
{
++cl_net_extresponse_count;
{
// challenge message
Con_Printf("challenge %s received, sending QuakeWorld connect request back to %s\n", string + 1, addressstring2);
+#ifdef CONFIG_MENU
M_Update_Return_Reason("Got QuakeWorld challenge response");
+#endif
cls.qw_qport = qport.integer;
// update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
if (length >= 1 && string[0] == 'j' && cls.connect_trying)
{
// accept message
+#ifdef CONFIG_MENU
M_Update_Return_Reason("QuakeWorld Accepted");
+#endif
NetConn_ConnectionEstablished(mysocket, peeraddress, PROTOCOL_QUAKEWORLD);
return true;
}
if (length > 2 && !memcmp(string, "n\\", 2))
{
+#ifdef CONFIG_MENU
serverlist_info_t *info;
int n;
}
NetConn_ClientParsePacket_ServerList_UpdateCache(n);
-
+#endif
return true;
}
if (string[0] == 'n')
// netquake control packets, supported for compatibility only
if (length >= 5 && BuffBigLong(data) == ((int)NETFLAG_CTL | length) && !ENCRYPTION_REQUIRED)
{
+#ifdef CONFIG_MENU
int n;
serverlist_info_t *info;
+#endif
data += 4;
length -= 4;
Con_Printf("Connected to ProQuake %.1f server, enabling precise aim\n", cls.proquake_serverversion / 10.0f);
// update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
+#ifdef CONFIG_MENU
M_Update_Return_Reason("Accepted");
+#endif
NetConn_ConnectionEstablished(mysocket, &clientportaddress, PROTOCOL_QUAKE);
}
break;
if (developer_extra.integer)
Con_DPrintf("Datagram_ParseConnectionless: received CCREP_REJECT from %s.\n", addressstring2);
cls.connect_trying = false;
+#ifdef CONFIG_MENU
M_Update_Return_Reason((char *)MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)));
+#endif
break;
case CCREP_SERVER_INFO:
if (developer_extra.integer)
Con_DPrintf("Datagram_ParseConnectionless: received CCREP_SERVER_INFO from %s.\n", addressstring2);
+#ifdef CONFIG_MENU
// LordHavoc: because the quake server may report weird addresses
// we just ignore it and keep the real address
MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring));
info->protocol = MSG_ReadByte(&cl_message);
NetConn_ClientParsePacket_ServerList_UpdateCache(n);
-
+#endif
break;
case CCREP_RCON: // RocketGuy: ProQuake rcon support
if (developer_extra.integer)
return ret;
}
+#ifdef CONFIG_MENU
void NetConn_QueryQueueFrame(void)
{
int index;
}
}
}
+#endif
void NetConn_ClientFrame(void)
{
NetConn_UpdateSockets();
if (cls.connect_trying && cls.connect_nextsendtime < realtime)
{
+#ifdef CONFIG_MENU
if (cls.connect_remainingtries == 0)
M_Update_Return_Reason("Connect: Waiting 10 seconds for reply");
+#endif
cls.connect_nextsendtime = realtime + 1;
cls.connect_remainingtries--;
if (cls.connect_remainingtries <= -10)
{
cls.connect_trying = false;
+#ifdef CONFIG_MENU
M_Update_Return_Reason("Connect: Failed");
+#endif
return;
}
// try challenge first (newer DP server or QW)
// R_TimeReport("clientparsepacket");
}
}
+#ifdef CONFIG_MENU
NetConn_QueryQueueFrame();
+#endif
if (cls.netcon && realtime > cls.netcon->timeout && !sv.active)
{
Con_Print("Connection timed out\n");
"%s%s"
"%s",
fullstatus ? "statusResponse" : "infoResponse",
- gamename, com_modname, gameversion.integer, svs.maxclients,
+ gamenetworkfiltername, com_modname, gameversion.integer, svs.maxclients,
nb_clients, nb_bots, sv.worldbasename, hostname.string, NET_PROTOCOL_VERSION,
*qcstatus ? "\\qcstatus\\" : "", qcstatus,
challenge ? "\\challenge\\" : "", challenge ? challenge : "",
*p = 0;
}
- if ((gamemode == GAME_NEXUIZ || gamemode == GAME_XONOTIC) && (teamplay.integer > 0))
+ if (IS_NEXUIZ_DERIVED(gamemode) && (teamplay.integer > 0))
{
if(cl->frags == -666) // spectator
strlcpy(teambuf, " 0", sizeof(teambuf));
return false;
}
-static qboolean NetConn_PreventConnectFlood(lhnetaddress_t *peeraddress)
+static qboolean NetConn_PreventFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength, double floodtime, qboolean renew)
{
- int floodslotnum, bestfloodslotnum;
+ size_t floodslotnum, bestfloodslotnum;
double bestfloodtime;
lhnetaddress_t noportpeeraddress;
// see if this is a connect flood
noportpeeraddress = *peeraddress;
LHNETADDRESS_SetPort(&noportpeeraddress, 0);
bestfloodslotnum = 0;
- bestfloodtime = sv.connectfloodaddresses[bestfloodslotnum].lasttime;
- for (floodslotnum = 0;floodslotnum < MAX_CONNECTFLOODADDRESSES;floodslotnum++)
+ bestfloodtime = floodlist[bestfloodslotnum].lasttime;
+ for (floodslotnum = 0;floodslotnum < floodlength;floodslotnum++)
{
- if (bestfloodtime >= sv.connectfloodaddresses[floodslotnum].lasttime)
+ if (bestfloodtime >= floodlist[floodslotnum].lasttime)
{
- bestfloodtime = sv.connectfloodaddresses[floodslotnum].lasttime;
+ bestfloodtime = floodlist[floodslotnum].lasttime;
bestfloodslotnum = floodslotnum;
}
- if (sv.connectfloodaddresses[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &sv.connectfloodaddresses[floodslotnum].address) == 0)
+ if (floodlist[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &floodlist[floodslotnum].address) == 0)
{
// this address matches an ongoing flood address
- if (realtime < sv.connectfloodaddresses[floodslotnum].lasttime + net_connectfloodblockingtimeout.value)
+ if (realtime < floodlist[floodslotnum].lasttime + floodtime)
{
- // renew the ban on this address so it does not expire
- // until the flood has subsided
- sv.connectfloodaddresses[floodslotnum].lasttime = realtime;
+ if(renew)
+ {
+ // renew the ban on this address so it does not expire
+ // until the flood has subsided
+ floodlist[floodslotnum].lasttime = realtime;
+ }
//Con_Printf("Flood detected!\n");
return true;
}
}
}
// begin a new timeout on this address
- sv.connectfloodaddresses[bestfloodslotnum].address = noportpeeraddress;
- sv.connectfloodaddresses[bestfloodslotnum].lasttime = realtime;
+ floodlist[bestfloodslotnum].address = noportpeeraddress;
+ floodlist[bestfloodslotnum].lasttime = realtime;
//Con_Printf("Flood detection initiated!\n");
return false;
}
-void NetConn_ClearConnectFlood(lhnetaddress_t *peeraddress)
+void NetConn_ClearFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength)
{
- int floodslotnum;
+ size_t floodslotnum;
lhnetaddress_t noportpeeraddress;
// see if this is a connect flood
noportpeeraddress = *peeraddress;
LHNETADDRESS_SetPort(&noportpeeraddress, 0);
- for (floodslotnum = 0;floodslotnum < MAX_CONNECTFLOODADDRESSES;floodslotnum++)
+ for (floodslotnum = 0;floodslotnum < floodlength;floodslotnum++)
{
- if (sv.connectfloodaddresses[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &sv.connectfloodaddresses[floodslotnum].address) == 0)
+ if (floodlist[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &floodlist[floodslotnum].address) == 0)
{
// this address matches an ongoing flood address
// remove the ban
- sv.connectfloodaddresses[floodslotnum].address.addresstype = LHNETADDRESSTYPE_NONE;
- sv.connectfloodaddresses[floodslotnum].lasttime = 0;
+ floodlist[floodslotnum].address.addresstype = LHNETADDRESSTYPE_NONE;
+ floodlist[floodslotnum].lasttime = 0;
//Con_Printf("Flood cleared!\n");
}
}
challenge[i].address = *peeraddress;
NetConn_BuildChallengeString(challenge[i].string, sizeof(challenge[i].string));
}
+ else
+ {
+ // flood control: drop if requesting challenge too often
+ if(challenge[i].time > realtime - net_challengefloodblockingtimeout.value)
+ return true;
+ }
challenge[i].time = realtime;
// send the challenge
dpsnprintf(response, sizeof(response), "\377\377\377\377challenge %s", challenge[i].string);
return true;
}
}
- if (client->spawned)
+ if (client->begun)
{
// client crashed and is coming back,
// keep their stuff intact
}
}
- if (NetConn_PreventConnectFlood(peeraddress))
+ if (NetConn_PreventFlood(peeraddress, sv.connectfloodaddresses, sizeof(sv.connectfloodaddresses) / sizeof(sv.connectfloodaddresses[0]), net_connectfloodblockingtimeout.value, true))
return true;
// find an empty client slot for this new client
{
const char *challenge = NULL;
+ if (NetConn_PreventFlood(peeraddress, sv.getstatusfloodaddresses, sizeof(sv.getstatusfloodaddresses) / sizeof(sv.getstatusfloodaddresses[0]), net_getstatusfloodblockingtimeout.value, false))
+ return true;
+
// If there was a challenge in the getinfo message
if (length > 8 && string[7] == ' ')
challenge = string + 8;
{
const char *challenge = NULL;
+ if (NetConn_PreventFlood(peeraddress, sv.getstatusfloodaddresses, sizeof(sv.getstatusfloodaddresses) / sizeof(sv.getstatusfloodaddresses[0]), net_getstatusfloodblockingtimeout.value, false))
+ return true;
+
// If there was a challenge in the getinfo message
if (length > 10 && string[9] == ' ')
challenge = string + 10;
// or coming back from a timeout
// (if so, keep their stuff intact)
+ crypto_t *crypto = Crypto_ServerGetInstance(peeraddress);
+ if((crypto && crypto->authenticated) || client->netconnection->crypto.authenticated)
+ {
+ if (developer_extra.integer)
+ Con_Printf("Datagram_ParseConnectionless: sending CCREP_REJECT \"Attempt to downgrade crypto.\" to %s.\n", addressstring2);
+ SZ_Clear(&sv_message);
+ // save space for the header, filled in later
+ MSG_WriteLong(&sv_message, 0);
+ MSG_WriteByte(&sv_message, CCREP_REJECT);
+ MSG_WriteString(&sv_message, "Attempt to downgrade crypto.\n");
+ StoreBigLong(sv_message.data, NETFLAG_CTL | (sv_message.cursize & NETFLAG_LENGTH_MASK));
+ NetConn_Write(mysocket, sv_message.data, sv_message.cursize, peeraddress);
+ SZ_Clear(&sv_message);
+ return true;
+ }
+
// send a reply
if (developer_extra.integer)
Con_DPrintf("Datagram_ParseConnectionless: sending duplicate CCREP_ACCEPT to %s.\n", addressstring2);
// if client is already spawned, re-send the
// serverinfo message as they'll need it to play
- if (client->spawned)
+ if (client->begun)
SV_SendServerinfo(client);
return true;
}
}
// this is a new client, check for connection flood
- if (NetConn_PreventConnectFlood(peeraddress))
+ if (NetConn_PreventFlood(peeraddress, sv.connectfloodaddresses, sizeof(sv.connectfloodaddresses) / sizeof(sv.connectfloodaddresses[0]), net_connectfloodblockingtimeout.value, true))
break;
// find a slot for the new client
Con_DPrintf("Datagram_ParseConnectionless: received CCREQ_SERVER_INFO from %s.\n", addressstring2);
if(!(islocal || sv_public.integer > -1))
break;
+
+ if (NetConn_PreventFlood(peeraddress, sv.getstatusfloodaddresses, sizeof(sv.getstatusfloodaddresses) / sizeof(sv.getstatusfloodaddresses[0]), net_getstatusfloodblockingtimeout.value, false))
+ break;
+
if (sv.active && !strcmp(MSG_ReadString(&sv_message, sv_readstring, sizeof(sv_readstring)), "QUAKE"))
{
int numclients;
Con_DPrintf("Datagram_ParseConnectionless: received CCREQ_PLAYER_INFO from %s.\n", addressstring2);
if(!(islocal || sv_public.integer > -1))
break;
+
+ if (NetConn_PreventFlood(peeraddress, sv.getstatusfloodaddresses, sizeof(sv.getstatusfloodaddresses) / sizeof(sv.getstatusfloodaddresses[0]), net_getstatusfloodblockingtimeout.value, false))
+ break;
+
if (sv.active)
{
int playerNumber, activeNumber, clientNumber;
Con_DPrintf("Datagram_ParseConnectionless: received CCREQ_RULE_INFO from %s.\n", addressstring2);
if(!(islocal || sv_public.integer > -1))
break;
+
+ // no flood check here, as it only returns one cvar for one cvar and clients may iterate quickly
+
if (sv.active)
{
char *prevCvarName;
}
if (host_client)
{
- if ((ret = NetConn_ReceivedMessage(host_client->netconnection, data, length, sv.protocol, host_client->spawned ? net_messagetimeout.value : net_connecttimeout.value)) == 2)
+ if ((ret = NetConn_ReceivedMessage(host_client->netconnection, data, length, sv.protocol, host_client->begun ? net_messagetimeout.value : net_connecttimeout.value)) == 2)
{
SV_ReadClientMessage();
return ret;
LHNET_SleepUntilPacket_Microseconds(microseconds);
}
+#ifdef CONFIG_MENU
void NetConn_QueryMasters(qboolean querydp, qboolean queryqw)
{
int i, j;
cmdname = "getservers";
extraoptions = "";
}
- dpsnprintf(request, sizeof(request), "\377\377\377\377%s %s %u empty full%s", cmdname, gamename, NET_PROTOCOL_VERSION, extraoptions);
+ dpsnprintf(request, sizeof(request), "\377\377\377\377%s %s %u empty full%s", cmdname, gamenetworkfiltername, NET_PROTOCOL_VERSION, extraoptions);
// search internet
for (masternum = 0;sv_masters[masternum].name;masternum++)
M_Update_Return_Reason("No network");
}
}
+#endif
void NetConn_Heartbeat(int priority)
{
PrintStats(conn);
}
+#ifdef CONFIG_MENU
void Net_Refresh_f(void)
{
if (m_state != m_slist) {
} else
ServerList_QueryList(true, false, true, false);
}
+#endif
void NetConn_Init(void)
{
lhnetaddress_t tempaddress;
netconn_mempool = Mem_AllocPool("network connections", 0, NULL);
Cmd_AddCommand("net_stats", Net_Stats_f, "print network statistics");
+#ifdef CONFIG_MENU
Cmd_AddCommand("net_slist", Net_Slist_f, "query dp master servers and print all server information");
Cmd_AddCommand("net_slistqw", Net_SlistQW_f, "query qw master servers and print all server information");
Cmd_AddCommand("net_refresh", Net_Refresh_f, "query dp master servers and refresh all server information");
+#endif
Cmd_AddCommand("heartbeat", Net_Heartbeat_f, "send a heartbeat to the master server (updates your server information)");
+ Cvar_RegisterVariable(&net_test);
+ Cvar_RegisterVariable(&net_usesizelimit);
+ Cvar_RegisterVariable(&net_burstreserve);
Cvar_RegisterVariable(&rcon_restricted_password);
Cvar_RegisterVariable(&rcon_restricted_commands);
Cvar_RegisterVariable(&rcon_secure_maxdiff);
Cvar_RegisterVariable(&net_slist_maxtries);
Cvar_RegisterVariable(&net_slist_favorites);
Cvar_RegisterVariable(&net_slist_pause);
+ if(LHNET_DefaultDSCP(-1) >= 0) // register cvar only if supported
+ Cvar_RegisterVariable(&net_tos_dscp);
Cvar_RegisterVariable(&net_messagetimeout);
Cvar_RegisterVariable(&net_connecttimeout);
Cvar_RegisterVariable(&net_connectfloodblockingtimeout);
+ Cvar_RegisterVariable(&net_challengefloodblockingtimeout);
+ Cvar_RegisterVariable(&net_getstatusfloodblockingtimeout);
Cvar_RegisterVariable(&cl_netlocalping);
Cvar_RegisterVariable(&cl_netpacketloss_send);
Cvar_RegisterVariable(&cl_netpacketloss_receive);
projects / xonotic / darkplaces.git / blobdiff