/*
=================
CL_ReadyToSendPacket
Returns qfalse if we are over the maxpackets limit
and should choke back the bandwidth a bit by not sending
a packet this frame. All the commands will still get
delivered in the next packet, but saving a header and
getting more delta compression will reduce total bandwidth.
=================
*/
qboolean
CL_ReadyToSendPacket(void)
{
int oldPacketNum;
int delta;
// don't send anything if playing back a demo
if (clc.demoplaying || clc.state == CA_CINEMATIC)
{
return qfalse;
}
// If we are downloading, we send no less than 50ms between packets
if (*clc.downloadTempName && cls.realtime - clc.lastPacketSentTime < 50)
{
return qfalse;
}
// if we don't have a valid gamestate yet, only send
// one packet a second
if (clc.state != CA_ACTIVE &&
clc.state != CA_PRIMED &&
!*clc.downloadTempName && cls.realtime - clc.lastPacketSentTime < 1000)
{
return qfalse;
}
// send every frame for loopbacks
if (clc.netchan.remoteAddress.type == NA_LOOPBACK)
{
return qtrue;
}
// send every frame for LAN
if (cl_lanForcePackets->integer
&& Sys_IsLANAddress(clc.netchan.remoteAddress))
{
return qtrue;
}
// check for exceeding cl_maxpackets
if (cl_maxpackets->integer < 15)
{
Cvar_Set("cl_maxpackets", "15");
}
else if (cl_maxpackets->integer > 125)
{
Cvar_Set("cl_maxpackets", "125");
}
oldPacketNum = (clc.netchan.outgoingSequence - 1) & PACKET_MASK;
delta = cls.realtime - cl.outPackets[oldPacketNum].p_realtime;
if (delta < 1000 / cl_maxpackets->integer)
{
// the accumulated commands will go out in the next packet
return qfalse;
}
return qtrue;
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val=NULL, *ip=NULL;
int i=0, len=0;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 && sv_lanForceRate->integer == 1 ) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
// snaps command
//Note: cl->snapshotMsec is also validated in sv_main.cpp -> SV_CheckCvars if sv_fps, sv_snapsMin or sv_snapsMax is changed
int minSnaps = Com_Clampi( 1, sv_snapsMax->integer, sv_snapsMin->integer ); // between 1 and sv_snapsMax ( 1 <-> 40 )
int maxSnaps = min( sv_fps->integer, sv_snapsMax->integer ); // can't produce more than sv_fps snapshots/sec, but can send less than sv_fps snapshots/sec
val = Info_ValueForKey( cl->userinfo, "snaps" );
cl->wishSnaps = atoi( val );
i = Com_Clampi( minSnaps, maxSnaps, cl->wishSnaps );
cl->snapshotMsec = 1000/i;
// TTimo
// maintain the IP information
// the banning code relies on this being consistently present
if( NET_IsLocalAddress(cl->netchan.remoteAddress) )
ip = "localhost";
else
ip = (char*)NET_AdrToString( cl->netchan.remoteAddress );
val = Info_ValueForKey( cl->userinfo, "ip" );
if( val[0] )
len = strlen( ip ) - strlen( val ) + strlen( cl->userinfo );
else
len = strlen( ip ) + 4 + strlen( cl->userinfo );
if( len >= MAX_INFO_STRING )
SV_DropClient( cl, "userinfo string length exceeded" );
else
Info_SetValueForKey( cl->userinfo, "ip", ip );
}
void SV_GetChallenge( netadr_t from )
{
if ( SV_Private(ServerPrivate::LanOnly) && !Sys_IsLANAddress(from) )
{
return;
}
auto challenge = ChallengeManager::GenerateChallenge( from );
Net::OutOfBandPrint( netsrc_t::NS_SERVER, from, "challengeResponse %s", challenge );
}
/*
=================
SV_GetChallenge
A "getchallenge" OOB command has been received
Returns a challenge number that can be used
in a subsequent connectResponse command.
We do this to prevent denial of service attacks that
flood the server with invalid connection IPs. With a
challenge, they must give a valid IP address.
If we are authorizing, a challenge request will cause a packet
to be sent to the authorize server.
When an authorizeip is returned, a challenge response will be
sent to that ip.
=================
*/
void SV_GetChallenge( netadr_t from ) {
int i;
int oldest;
int oldestTime;
challenge_t *challenge;
// ignore if we are in single player
/*
if ( Cvar_VariableValue( "g_gametype" ) == GT_SINGLE_PLAYER || Cvar_VariableValue("ui_singlePlayerActive")) {
return;
}
*/
if (Cvar_VariableValue("ui_singlePlayerActive"))
{
return;
}
oldest = 0;
oldestTime = 0x7fffffff;
// see if we already have a challenge for this ip
challenge = &svs.challenges[0];
for (i = 0 ; i < MAX_CHALLENGES ; i++, challenge++) {
if ( !challenge->connected && NET_CompareAdr( from, challenge->adr ) ) {
break;
}
if ( challenge->time < oldestTime ) {
oldestTime = challenge->time;
oldest = i;
}
}
if (i == MAX_CHALLENGES) {
// this is the first time this client has asked for a challenge
challenge = &svs.challenges[oldest];
challenge->challenge = ( (rand() << 16) ^ rand() ) ^ svs.time;
challenge->adr = from;
challenge->firstTime = svs.time;
challenge->time = svs.time;
challenge->connected = qfalse;
i = oldest;
}
// if they are on a lan address, send the challengeResponse immediately
if ( Sys_IsLANAddress( from ) ) {
challenge->pingTime = svs.time;
NET_OutOfBandPrint( NS_SERVER, from, "challengeResponse %i", challenge->challenge );
return;
}
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val;
int i;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 ) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if (strlen(val)) {
i = atoi(val);
if ( i < 1 ) {
i = 1;
} else if ( i > 30 ) {
i = 30;
}
cl->snapshotMsec = 1000/i;
} else {
cl->snapshotMsec = 50;
}
}
/*
=======================
SV_SendClientMessages
=======================
*/
void SV_SendClientMessages( void )
{
int i;
client_t* c;
// send a message to each connected client
for ( i = 0; i < sv_maxclients->integer; i++ )
{
c = &svs.clients[i];
if ( !c->state )
continue; // not connected
if ( *c->downloadName )
continue; // Client is downloading, don't send snapshots
if ( c->netchan.unsentFragments || c->netchan_start_queue )
{
c->rateDelayed = true;
continue; // Drop this snapshot if the packet queue is still full or delta compression will break
}
if ( !( c->netchan.remoteAddress.type == NA_LOOPBACK ||
( sv_lanForceRate->integer && Sys_IsLANAddress( c->netchan.remoteAddress ) ) ) )
{
// rate control for clients not on LAN
if ( svs.time - c->lastSnapshotTime < c->snapshotMsec * com_timescale->value )
continue; // It's not time yet
if ( SV_RateMsec( c ) > 0 )
{
// Not enough time since last packet passed through the line
c->rateDelayed = true;
continue;
}
}
// generate and send a new message
SV_SendClientSnapshot( c );
c->lastSnapshotTime = svs.time;
c->rateDelayed = false;
}
}
/*
=================
SV_GetChallenge
A "getchallenge" OOB command has been received
Returns a challenge number that can be used
in a subsequent connectResponse command.
We do this to prevent denial of service attacks that
flood the server with invalid connection IPs. With a
challenge, they must give a valid IP address.
If we are authorizing, a challenge request will cause a packet
to be sent to the authorize server.
When an authorizeip is returned, a challenge response will be
sent to that ip.
=================
*/
void SV_GetChallenge( netadr_t from ) {
int i;
int oldest;
int oldestTime;
challenge_t *challenge;
// ignore if we are in single player
if ( Cvar_VariableValue( "g_gametype" ) == GT_SINGLE_PLAYER || Cvar_VariableValue("ui_singlePlayerActive")) {
return;
}
oldest = 0;
oldestTime = 0x7fffffff;
// see if we already have a challenge for this ip
challenge = &svs.challenges[0];
for (i = 0 ; i < MAX_CHALLENGES ; i++, challenge++) {
if ( !challenge->connected && NET_CompareAdr( from, challenge->adr ) ) {
break;
}
if ( challenge->time < oldestTime ) {
oldestTime = challenge->time;
oldest = i;
}
}
if (i == MAX_CHALLENGES) {
// this is the first time this client has asked for a challenge
challenge = &svs.challenges[oldest];
challenge->challenge = ( (rand() << 16) ^ rand() ) ^ svs.time;
challenge->adr = from;
challenge->firstTime = svs.time;
challenge->time = svs.time;
challenge->connected = qfalse;
i = oldest;
}
// if they are on a lan address, send the challengeResponse immediately
if ( Sys_IsLANAddress( from ) ) {
challenge->pingTime = svs.time;
NET_OutOfBandPrint( NS_SERVER, from, "challengeResponse %i", challenge->challenge );
return;
}
// look up the authorize server's IP
if ( !svs.authorizeAddress.ip[0] && svs.authorizeAddress.type != NA_BAD ) {
Com_Printf( "Resolving %s\n", AUTHORIZE_SERVER_NAME );
if ( !NET_StringToAdr( AUTHORIZE_SERVER_NAME, &svs.authorizeAddress ) ) {
Com_Printf( "Couldn't resolve address\n" );
return;
}
svs.authorizeAddress.port = BigShort( PORT_AUTHORIZE );
Com_Printf( "%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME,
svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1],
svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3],
BigShort( svs.authorizeAddress.port ) );
}
// if they have been challenging for a long time and we
// haven't heard anything from the authorize server, go ahead and
// let them in, assuming the id server is down
if ( svs.time - challenge->firstTime > AUTHORIZE_TIMEOUT ) {
Com_DPrintf( "authorize server timed out\n" );
challenge->pingTime = svs.time;
NET_OutOfBandPrint( NS_SERVER, challenge->adr,
"challengeResponse %i", challenge->challenge );
return;
}
// otherwise send their ip to the authorize server
if ( svs.authorizeAddress.type != NA_BAD ) {
cvar_t *fs;
char game[1024];
Com_DPrintf( "sending getIpAuthorize for %s\n", NET_AdrToString( from ));
strcpy(game, BASEGAME);
fs = Cvar_Get ("fs_game", "", CVAR_INIT|CVAR_SYSTEMINFO );
if (fs && fs->string[0] != 0) {
strcpy(game, fs->string);
}
// the 0 is for backwards compatibility with obsolete sv_allowanonymous flags
// getIpAuthorize <challenge> <IP> <game> 0 <auth-flag>
NET_OutOfBandPrint( NS_SERVER, svs.authorizeAddress,
"getIpAuthorize %i %i.%i.%i.%i %s 0 %s", svs.challenges[i].challenge,
from.ip[0], from.ip[1], from.ip[2], from.ip[3], game, sv_strictAuth->string );
}
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl )
{
const char *val;
int i;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey( cl->userinfo, "name" ), sizeof( cl->name ) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// Internet server, assume that they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress )
&& SV_Private(ServerPrivate::LanOnly)
&& sv_lanForceRate->integer == 1 )
{
cl->rate = 99999; // lans should not rate limit
}
else
{
val = Info_ValueForKey( cl->userinfo, "rate" );
if ( strlen( val ) )
{
i = atoi( val );
cl->rate = i;
if ( cl->rate < 1000 )
{
cl->rate = 1000;
}
else if ( cl->rate > 90000 )
{
cl->rate = 90000;
}
}
else
{
cl->rate = 5000;
}
}
// snaps command
val = Info_ValueForKey( cl->userinfo, "snaps" );
if ( strlen( val ) )
{
i = atoi( val );
if ( i < 1 )
{
i = 1;
}
else if ( i > sv_fps->integer )
{
i = sv_fps->integer;
}
cl->snapshotMsec = 1000 / i;
}
else
{
cl->snapshotMsec = 50;
}
// TTimo
// maintain the IP information
// this is set in SV_DirectConnect (directly on the server, not transmitted), may be lost when client updates its userinfo
// the banning code relies on this being consistently present
// zinx - modified to always keep this consistent, instead of only
// when "ip" is 0-length, so users can't supply their own IP address
//Log::Debug("Maintain IP address in userinfo for '%s'", cl->name);
if ( !NET_IsLocalAddress( cl->netchan.remoteAddress ) )
{
Info_SetValueForKey( cl->userinfo, "ip", NET_AdrToString( cl->netchan.remoteAddress ), false );
#ifdef HAVE_GEOIP
Info_SetValueForKey( cl->userinfo, "geoip", NET_GeoIP_Country( &cl->netchan.remoteAddress ), false );
#endif
}
else
{
// force the "ip" info key to "loopback" for local clients
Info_SetValueForKey( cl->userinfo, "ip", "loopback", false );
#ifdef HAVE_GEOIP
Info_SetValueForKey( cl->userinfo, "geoip", nullptr, false );
#endif
}
}
/*
==================
SV_DirectConnect
A "connect" OOB command has been received
==================
*/
void SV_DirectConnect( netadr_t from ) {
char userinfo[MAX_INFO_STRING];
int i;
client_t *cl, *newcl;
MAC_STATIC client_t temp;
sharedEntity_t *ent;
int clientNum;
int version;
int qport;
int challenge;
char *password;
int startIndex;
char *denied;
int count;
char *ip;
#ifdef _XBOX
bool reconnect = false;
#endif
Com_DPrintf ("SVC_DirectConnect ()\n");
Q_strncpyz( userinfo, Cmd_Argv(1), sizeof(userinfo) );
version = atoi( Info_ValueForKey( userinfo, "protocol" ) );
if ( version != PROTOCOL_VERSION ) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nServer uses protocol version %i.\n", PROTOCOL_VERSION );
Com_DPrintf (" rejected connect from version %i\n", version);
return;
}
challenge = atoi( Info_ValueForKey( userinfo, "challenge" ) );
qport = atoi( Info_ValueForKey( userinfo, "qport" ) );
// quick reject
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
/* This was preventing sv_reconnectlimit from working. It seems like commenting this
out has solved the problem. HOwever, if there is a future problem then it could
be this.
if ( cl->state == CS_FREE ) {
continue;
}
*/
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
if (( svs.time - cl->lastConnectTime)
< (sv_reconnectlimit->integer * 1000)) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nReconnect rejected : too soon\n" );
Com_DPrintf ("%s:reconnect rejected : too soon\n", NET_AdrToString (from));
return;
}
break;
}
}
// don't let "ip" overflow userinfo string
if ( NET_IsLocalAddress (from) )
ip = "localhost";
else
ip = (char *)NET_AdrToString( from );
if( ( strlen( ip ) + strlen( userinfo ) + 4 ) >= MAX_INFO_STRING ) {
NET_OutOfBandPrint( NS_SERVER, from,
"print\nUserinfo string length exceeded. "
"Try removing setu cvars from your config.\n" );
return;
}
Info_SetValueForKey( userinfo, "ip", ip );
// see if the challenge is valid (LAN clients don't need to challenge)
if ( !NET_IsLocalAddress (from) ) {
int ping;
for (i=0 ; i<MAX_CHALLENGES ; i++) {
if (NET_CompareAdr(from, svs.challenges[i].adr)) {
if ( challenge == svs.challenges[i].challenge ) {
break; // good
}
}
}
if (i == MAX_CHALLENGES) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nNo or bad challenge for address.\n" );
return;
}
ping = svs.time - svs.challenges[i].pingTime;
Com_Printf( SE_GetString("MP_SVGAME", "CLIENT_CONN_WITH_PING"), i, ping);//"Client %i connecting with %i challenge ping\n", i, ping );
svs.challenges[i].connected = qtrue;
// never reject a LAN client based on ping
if ( !Sys_IsLANAddress( from ) ) {
if ( sv_minPing->value && ping < sv_minPing->value ) {
// don't let them keep trying until they get a big delay
NET_OutOfBandPrint( NS_SERVER, from, va("print\n%s\n", SE_GetString("MP_SVGAME", "SERVER_FOR_HIGH_PING")));//Server is for high pings only\n" );
Com_DPrintf (SE_GetString("MP_SVGAME", "CLIENT_REJECTED_LOW_PING"), i);//"Client %i rejected on a too low ping\n", i);
// reset the address otherwise their ping will keep increasing
// with each connect message and they'd eventually be able to connect
svs.challenges[i].adr.port = 0;
return;
}
if ( sv_maxPing->value && ping > sv_maxPing->value ) {
NET_OutOfBandPrint( NS_SERVER, from, va("print\n%s\n", SE_GetString("MP_SVGAME", "SERVER_FOR_LOW_PING")));//Server is for low pings only\n" );
Com_DPrintf (SE_GetString("MP_SVGAME", "CLIENT_REJECTED_HIGH_PING"), i);//"Client %i rejected on a too high ping\n", i);
return;
}
}
} else {
// force the "ip" info key to "localhost"
Info_SetValueForKey( userinfo, "ip", "localhost" );
}
newcl = &temp;
Com_Memset (newcl, 0, sizeof(client_t));
// if there is already a slot for this ip, reuse it
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( cl->state == CS_FREE ) {
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
Com_Printf ("%s:reconnect\n", NET_AdrToString (from));
newcl = cl;
#ifdef _XBOX
reconnect = true;
#endif
// VVFIXME - both SOF2 and Wolf remove this call, claiming it blows away the user's info
// disconnect the client from the game first so any flags the
// player might have are dropped
VM_Call( gvm, GAME_CLIENT_DISCONNECT, newcl - svs.clients );
//
goto gotnewcl;
}
}
// find a client slot
// if "sv_privateClients" is set > 0, then that number
// of client slots will be reserved for connections that
// have "password" set to the value of "sv_privatePassword"
// Info requests will report the maxclients as if the private
// slots didn't exist, to prevent people from trying to connect
// to a full server.
// This is to allow us to reserve a couple slots here on our
// servers so we can play without having to kick people.
// check for privateClient password
password = Info_ValueForKey( userinfo, "password" );
if ( !strcmp( password, sv_privatePassword->string ) ) {
startIndex = 0;
} else {
// skip past the reserved slots
startIndex = sv_privateClients->integer;
}
newcl = NULL;
for ( i = startIndex; i < sv_maxclients->integer ; i++ ) {
cl = &svs.clients[i];
if (cl->state == CS_FREE) {
newcl = cl;
break;
}
}
if ( !newcl ) {
if ( NET_IsLocalAddress( from ) ) {
count = 0;
for ( i = startIndex; i < sv_maxclients->integer ; i++ ) {
cl = &svs.clients[i];
if (cl->netchan.remoteAddress.type == NA_BOT) {
count++;
}
}
// if they're all bots
if (count >= sv_maxclients->integer - startIndex) {
SV_DropClient(&svs.clients[sv_maxclients->integer - 1], "only bots on server");
newcl = &svs.clients[sv_maxclients->integer - 1];
}
else {
Com_Error( ERR_FATAL, "server is full on local connect\n" );
return;
}
}
else {
const char *SV_GetStringEdString(char *refSection, char *refName);
NET_OutOfBandPrint( NS_SERVER, from, va("print\n%s\n", SV_GetStringEdString("MP_SVGAME","SERVER_IS_FULL")));
Com_DPrintf ("Rejected a connection.\n");
return;
}
}
// we got a newcl, so reset the reliableSequence and reliableAcknowledge
cl->reliableAcknowledge = 0;
cl->reliableSequence = 0;
gotnewcl:
// build a new connection
// accept the new client
// this is the only place a client_t is ever initialized
*newcl = temp;
clientNum = newcl - svs.clients;
ent = SV_GentityNum( clientNum );
newcl->gentity = ent;
// save the challenge
newcl->challenge = challenge;
// save the address
Netchan_Setup (NS_SERVER, &newcl->netchan , from, qport);
// save the userinfo
Q_strncpyz( newcl->userinfo, userinfo, sizeof(newcl->userinfo) );
// get the game a chance to reject this connection or modify the userinfo
denied = (char *)VM_Call( gvm, GAME_CLIENT_CONNECT, clientNum, qtrue, qfalse ); // firstTime = qtrue
if ( denied ) {
// we can't just use VM_ArgPtr, because that is only valid inside a VM_Call
denied = (char *)VM_ExplicitArgPtr( gvm, (int)denied );
NET_OutOfBandPrint( NS_SERVER, from, "print\n%s\n", denied );
Com_DPrintf ("Game rejected a connection: %s.\n", denied);
return;
}
SV_UserinfoChanged( newcl );
// send the connect packet to the client
NET_OutOfBandPrint( NS_SERVER, from, "connectResponse" );
Com_DPrintf( "Going from CS_FREE to CS_CONNECTED for %s\n", newcl->name );
newcl->state = CS_CONNECTED;
newcl->nextSnapshotTime = svs.time;
newcl->lastPacketTime = svs.time;
newcl->lastConnectTime = svs.time;
// when we receive the first packet from the client, we will
// notice that it is from a different serverid and that the
// gamestate message was not just sent, forcing a retransmit
newcl->gamestateMessageNum = -1;
newcl->lastUserInfoChange = 0; //reset the delay
newcl->lastUserInfoCount = 0; //reset the count
// if this was the first client on the server, or the last client
// the server can hold, send a heartbeat to the master.
count = 0;
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( svs.clients[i].state >= CS_CONNECTED ) {
count++;
}
}
if ( count == 1 || count == sv_maxclients->integer ) {
SV_Heartbeat_f();
}
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val;
char *ip;
int i;
int len;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 ) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if (strlen(val)) {
i = atoi(val);
if ( i < 1 ) {
i = 1;
} else if ( i > 30 ) {
i = 30;
}
cl->snapshotMsec = 1000/i;
} else {
cl->snapshotMsec = 50;
}
// TTimo
// maintain the IP information
// the banning code relies on this being consistently present
if( NET_IsLocalAddress(cl->netchan.remoteAddress) )
ip = "localhost";
else
ip = (char*)NET_AdrToString( cl->netchan.remoteAddress );
val = Info_ValueForKey( cl->userinfo, "ip" );
if( val[0] )
len = strlen( ip ) - strlen( val ) + strlen( cl->userinfo );
else
len = strlen( ip ) + 4 + strlen( cl->userinfo );
if( len >= MAX_INFO_STRING )
SV_DropClient( cl, "userinfo string length exceeded" );
else
Info_SetValueForKey( cl->userinfo, "ip", ip );
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val;
int i;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 && sv_lanForceRate->integer == 1) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if (strlen(val)) {
i = atoi(val);
if ( i < 1 ) {
i = 1;
} else if ( i > sv_fps->integer ) {
i = sv_fps->integer;
}
cl->snapshotMsec = 1000/i;
} else {
cl->snapshotMsec = 50;
}
// TTimo
// maintain the IP information
// this is set in SV_DirectConnect (directly on the server, not transmitted), may be lost when client updates it's userinfo
// the banning code relies on this being consistently present
val = Info_ValueForKey (cl->userinfo, "ip");
if (!val[0])
{
//Com_DPrintf("Maintain IP in userinfo for '%s'\n", cl->name);
if ( !NET_IsLocalAddress(cl->netchan.remoteAddress) )
Info_SetValueForKey( cl->userinfo, "ip", NET_AdrToString( cl->netchan.remoteAddress ) );
else
// force the "ip" info key to "localhost" for local clients
Info_SetValueForKey( cl->userinfo, "ip", "localhost" );
}
}
/*
===============
SVC_RemoteCommand
An rcon packet arrived from the network.
Shift down the remaining args
Redirect all printfs
===============
*/
void SVC_RemoteCommand( netadr_t from, msg_t *msg ) {
qboolean valid;
unsigned int time;
char remaining[1024];
// TTimo - scaled down to accumulate, but not overflow anything network wise, print wise etc.
// (OOB messages are the bottleneck here)
#define SV_OUTPUTBUF_LENGTH (1024 - 16)
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
static unsigned int lasttime = 0;
char *cmd_aux;
// TTimo - https://zerowing.idsoftware.com/bugzilla/show_bug.cgi?id=534
// I believe that this code (and the dead link above) are to address a brute
// force attack that guesses the rcon password.
time = Com_Milliseconds();
if ( !strlen( sv_rconPassword->string ) ||
strcmp (Cmd_Argv(1), sv_rconPassword->string) ) {
if ( (unsigned)( time - lasttime ) < 500u ) {
return;
}
valid = qfalse;
if (sv_logRconArgs->integer > 0) {
Com_Printf("Bad rcon from %s\n", NET_AdrToString(from));
}
else {
Com_Printf("Bad rcon from %s:\n%s\n", NET_AdrToString(from), Cmd_Argv(2));
}
} else {
if (!Sys_IsLANAddress(from) && (unsigned) (time - lasttime) < 100u) {
return;
}
valid = qtrue;
remaining[0] = 0;
// https://zerowing.idsoftware.com/bugzilla/show_bug.cgi?id=543
// get the command directly, "rcon <pass> <command>" to avoid quoting issues
// extract the command by walking
// since the cmd formatting can fuckup (amount of spaces), using a dumb step by step parsing
cmd_aux = Cmd_Cmd();
cmd_aux+=4;
while(cmd_aux[0]==' ')
cmd_aux++;
while(cmd_aux[0] && cmd_aux[0]!=' ') // password
cmd_aux++;
while(cmd_aux[0]==' ')
cmd_aux++;
Q_strcat( remaining, sizeof(remaining), cmd_aux);
if (sv_logRconArgs->integer > 0) {
Com_Printf("Rcon from %s: %s\n", NET_AdrToString(from), remaining);
}
else {
Com_Printf("Rcon from %s:\n%s\n", NET_AdrToString(from), Cmd_Argv(2));
}
}
lasttime = time;
// start redirecting all print outputs to the packet
svs.redirectAddress = from;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_FlushRedirect);
if ( !strlen( sv_rconPassword->string ) ) {
Com_Printf ("No rconpassword set on the server.\n");
} else if ( !valid ) {
Com_Printf ("Bad rconpassword.\n");
} else {
Cmd_ExecuteString (remaining);
}
Com_EndRedirect ();
}
/*
=======================
SV_SendMessageToClient
Called by SV_SendClientSnapshot and SV_SendClientGameState
=======================
*/
__cdecl void SV_SendMessageToClient( msg_t *msg, client_t *client ) {
int rateMsec;
int len;
*(int32_t*)0x13f39080 = *(int32_t*)msg->data;
len = MSG_WriteBitsCompress( 0, msg->data + 4 ,(byte*)0x13f39084 , msg->cursize - 4);
// SV_TrackHuffmanCompression(len, msg->cursize - 4);
len += 4;
if(client->delayDropMsg){
SV_DropClient(client, client->delayDropMsg);
}
if(client->demorecording && !client->demowaiting)
SV_WriteDemoMessageForClient((byte*)0x13f39080, len, client);
// record information about the message
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSize = len;
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSent = Sys_Milliseconds();
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageAcked = 0xFFFFFFFF;
// send the datagram
SV_Netchan_Transmit( client, (byte*)0x13f39080, len );
// set nextSnapshotTime based on rate and requested number of updates
// local clients get snapshots every frame
// TTimo - show_bug.cgi?id=491
// added sv_lanForceRate check
if(client->state == CS_ACTIVE && client->deltaMessage >= 0 && client->netchan.outgoingSequence - client->deltaMessage > 28){
client->nextSnapshotTime = svs.time + client->snapshotMsec * irand();
if(client->unknown6 +1 > 8)
{
client->unknown6 = 8;
}
}
client->unknown6 = 0;
if ( client->netchan.remoteAddress.type == NA_LOOPBACK || Sys_IsLANAddress( &client->netchan.remoteAddress )) {
client->nextSnapshotTime = svs.time - 1;
return;
}
// normal rate / snapshotMsec calculation
rateMsec = SV_RateMsec( client, msg->cursize );
// TTimo - during a download, ignore the snapshotMsec
// the update server on steroids, with this disabled and sv_fps 60, the download can reach 30 kb/s
// on a regular server, we will still top at 20 kb/s because of sv_fps 20
if ( !*client->downloadName && rateMsec < client->snapshotMsec ) {
// never send more packets than this, no matter what the rate is at
rateMsec = client->snapshotMsec;
client->rateDelayed = qfalse;
} else {
client->rateDelayed = qtrue;
}
client->nextSnapshotTime = svs.time + rateMsec;
// don't pile up empty snapshots while connecting
if ( client->state != CS_ACTIVE && !*client->downloadName) {
// a gigantic connection message may have already put the nextSnapshotTime
// more than a second away, so don't shorten it
// do shorten if client is downloading
if ( client->nextSnapshotTime < svs.time + 1000 ) {
client->nextSnapshotTime = svs.time + 1000;
}
}
sv.bpsTotalBytes += len ;
}
/*
=======================
SV_SendMessageToClient
Called by SV_SendClientSnapshot and SV_SendClientGameState
=======================
*/
void SV_SendMessageToClient( msg_t *msg, client_t *client ) {
int rateMsec;
// MW - my attempt to fix illegible server message errors caused by
// packet fragmentation of initial snapshot.
while(client->state&&client->netchan.unsentFragments)
{
// send additional message fragments if the last message
// was too large to send at once
Com_Printf ("[ISM]SV_SendClientGameState() [1] for %s, writing out old fragments\n", client->name);
SV_Netchan_TransmitNextFragment(&client->netchan);
}
// record information about the message
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSize = msg->cursize;
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSent = svs.time;
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageAcked = -1;
// send the datagram
SV_Netchan_Transmit( client, msg ); //msg->cursize, msg->data );
// set nextSnapshotTime based on rate and requested number of updates
// local clients get snapshots every frame
if ( client->netchan.remoteAddress.type == NA_LOOPBACK || Sys_IsLANAddress (client->netchan.remoteAddress) ) {
client->nextSnapshotTime = svs.time - 1;
return;
}
// normal rate / snapshotMsec calculation
rateMsec = SV_RateMsec( client, msg->cursize );
if ( rateMsec < client->snapshotMsec ) {
// never send more packets than this, no matter what the rate is at
rateMsec = client->snapshotMsec;
client->rateDelayed = qfalse;
} else {
client->rateDelayed = qtrue;
}
client->nextSnapshotTime = svs.time + rateMsec;
// don't pile up empty snapshots while connecting
if ( client->state != CS_ACTIVE ) {
// a gigantic connection message may have already put the nextSnapshotTime
// more than a second away, so don't shorten it
// do shorten if client is downloading
#ifdef _XBOX // No downloads on Xbox
if ( client->nextSnapshotTime < svs.time + 1000 ) {
#else
if ( !*client->downloadName && client->nextSnapshotTime < svs.time + 1000 ) {
#endif
client->nextSnapshotTime = svs.time + 1000;
}
}
}
/*
=======================
SV_SendClientSnapshot
Also called by SV_FinalMessage
=======================
*/
extern cvar_t *fs_gamedirvar;
void SV_SendClientSnapshot( client_t *client ) {
byte msg_buf[MAX_MSGLEN];
msg_t msg;
if (!client->sentGamedir)
{ //rww - if this is the case then make sure there is an svc_setgame sent before this snap
int i = 0;
MSG_Init (&msg, msg_buf, sizeof(msg_buf));
//have to include this for each message.
MSG_WriteLong( &msg, client->lastClientCommand );
MSG_WriteByte (&msg, svc_setgame);
while (fs_gamedirvar->string[i])
{
MSG_WriteByte(&msg, fs_gamedirvar->string[i]);
i++;
}
MSG_WriteByte(&msg, 0);
// MW - my attempt to fix illegible server message errors caused by
// packet fragmentation of initial snapshot.
//rww - reusing this code here
while(client->state&&client->netchan.unsentFragments)
{
// send additional message fragments if the last message
// was too large to send at once
Com_Printf ("[ISM]SV_SendClientGameState() [1] for %s, writing out old fragments\n", client->name);
SV_Netchan_TransmitNextFragment(&client->netchan);
}
// record information about the message
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSize = msg.cursize;
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageSent = svs.time;
client->frames[client->netchan.outgoingSequence & PACKET_MASK].messageAcked = -1;
// send the datagram
SV_Netchan_Transmit( client, &msg ); //msg->cursize, msg->data );
client->sentGamedir = qtrue;
}
// build the snapshot
SV_BuildClientSnapshot( client );
// bots need to have their snapshots build, but
// the query them directly without needing to be sent
if ( client->gentity && client->gentity->r.svFlags & SVF_BOT ) {
return;
}
MSG_Init (&msg, msg_buf, sizeof(msg_buf));
msg.allowoverflow = qtrue;
// NOTE, MRE: all server->client messages now acknowledge
// let the client know which reliable clientCommands we have received
MSG_WriteLong( &msg, client->lastClientCommand );
// (re)send any reliable server commands
SV_UpdateServerCommandsToClient( client, &msg );
// send over all the relevant entityState_t
// and the playerState_t
SV_WriteSnapshotToClient( client, &msg );
// Add any download data if the client is downloading
#ifndef _XBOX // No downloads on Xbox
SV_WriteDownloadToClient( client, &msg );
#endif
// check for overflow
if ( msg.overflowed ) {
Com_Printf ("WARNING: msg overflowed for %s\n", client->name);
MSG_Clear (&msg);
}
SV_SendMessageToClient( &msg, client );
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
const char *ip;
char *val;
int i;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 ) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if (strlen(val)) {
i = atoi(val);
if ( i < 1 ) {
i = 1;
} else if ( i > 30 ) {
i = 30;
}
cl->snapshotMsec = 1000/i;
} else {
cl->snapshotMsec = 50;
}
if (mv_fixnamecrash->integer && !(sv.fixes & MVFIX_NAMECRASH)) {
char name[61], cleanedName[61]; // 60 because some mods increased this
Q_strncpyz(name, Info_ValueForKey(cl->userinfo, "name"), sizeof(name));
int count = 0;
for (int i = 0; i < (int)strlen(name); i++) {
char ch = name[i];
if (isascii(ch) ||
ch == '\x0A' || // underscore cursor (console only)
ch == '\x0B' || // block cursor (console only)
ch == '\xB7' || // section sign (§)
ch == '\xB4' || // accute accent (´)
ch == '\xC4' || // A umlaut (Ä)
ch == '\xD6' || // O umlaut (Ö)
ch == '\xDC' || // U umlaut (Ü)
ch == '\xDF' || // sharp S (ß)
ch == '\xE4' || // a umlaut (ä)
ch == '\xF6' || // o umlaut (ö)
ch == '\xFC') // u umlaut (ü)
{
cleanedName[count++] = ch;
}
}
cleanedName[count] = 0;
Info_SetValueForKey(cl->userinfo, "name", cleanedName);
}
// forcecrash fix
if (mv_fixforcecrash->integer && !(sv.fixes & MVFIX_FORCECRASH)) {
char forcePowers[30];
Q_strncpyz(forcePowers, Info_ValueForKey(cl->userinfo, "forcepowers"), sizeof(forcePowers));
int len = (int)strlen(forcePowers);
bool badForce = false;
if (len >= 22 && len <= 24) {
byte seps = 0;
for (int i = 0; i < len; i++) {
if (forcePowers[i] != '-' && (forcePowers[i] < '0' || forcePowers[i] > '9')) {
badForce = true;
break;
}
if (forcePowers[i] == '-' && (i < 1 || i > 5)) {
badForce = true;
break;
}
if (i && forcePowers[i - 1] == '-' && forcePowers[i] == '-') {
badForce = true;
break;
}
if (forcePowers[i] == '-') {
seps++;
}
}
if (seps != 2) {
badForce = true;
}
} else {
badForce = true;
}
if (badForce) {
Q_strncpyz(forcePowers, "7-1-030000000000003332", sizeof(forcePowers));
}
if ( !Info_SetValueForKey(cl->userinfo, "forcepowers", forcePowers) )
{
{
SV_DropClient( cl, "userinfo string length exceeded");
return;
}
}
}
// serverside galaking fix
if (mv_fixgalaking->integer && !(sv.fixes & MVFIX_GALAKING)) {
char model[80];
Q_strncpyz(model, Info_ValueForKey(cl->userinfo, "model"), sizeof(model));
if (!Q_stricmp(model, "galak_mech") || !Q_stricmpn(model, "galak_mech/", 11))
{
if ( !Info_SetValueForKey(cl->userinfo, "model", "galak/default") )
{
SV_DropClient( cl, "userinfo string length exceeded");
return;
}
}
Q_strncpyz(model, Info_ValueForKey(cl->userinfo, "team_model"), sizeof(model));
if (!Q_stricmp(model, "galak_mech") || !Q_stricmpn(model, "galak_mech/", 11))
{
if ( !Info_SetValueForKey(cl->userinfo, "team_model", "galak/default") )
{
SV_DropClient( cl, "userinfo string length exceeded");
return;
}
}
}
// serverside broken models fix (head only model)
if (mv_fixbrokenmodels->integer && !(sv.fixes & MVFIX_BROKENMODEL)) {
char model[80];
Q_strncpyz(model, Info_ValueForKey(cl->userinfo, "model"), sizeof(model));
if (!Q_stricmpn(model, "kyle/fpls", 9) || !Q_stricmp(model, "morgan") || (!Q_stricmpn(model, "morgan/", 7) && (Q_stricmp(model, "morgan/default_mp") && Q_stricmp(model, "morgan/red") && Q_stricmp(model, "morgan/blue"))))
{
if ( !Info_SetValueForKey(cl->userinfo, "model", "kyle/default") )
{
SV_DropClient( cl, "userinfo string length exceeded");
return;
}
}
}
// TTimo
// maintain the IP information
// the banning code relies on this being consistently present
if( NET_IsLocalAddress(cl->netchan.remoteAddress) )
ip = "localhost";
else
ip = NET_AdrToString( cl->netchan.remoteAddress );
if ( !Info_SetValueForKey(cl->userinfo, "ip", ip) )
SV_DropClient( cl, "userinfo string length exceeded" );
}
void SV_DirectConnect( netadr_t from ) {
char userinfo[MAX_INFO_STRING];
int i;
client_t *cl, *newcl;
client_t temp;
sharedEntity_t *ent;
int clientNum;
int version;
int qport;
int challenge;
char *password;
int startIndex;
intptr_t denied;
int count;
char *ip;
const char *stringEd;
#ifdef LEGACY_PROTOCOL
qboolean compat = qfalse;
#endif
Com_DPrintf ("SVC_DirectConnect ()\n");
// Check whether this client is banned.
if(SV_IsBanned(&from, qfalse))
{
NET_OutOfBandPrint(NS_SERVER, from, "print\nYou are banned from this server.\n");
return;
}
Q_strncpyz( userinfo, Cmd_Argv(1), sizeof(userinfo) );
version = atoi(Info_ValueForKey(userinfo, "protocol"));
#ifdef LEGACY_PROTOCOL
if(version > 0 && com_legacyprotocol->integer == version)
compat = qtrue;
else
#endif
{
if(version != com_protocol->integer)
{
NET_OutOfBandPrint(NS_SERVER, from, "print\nServer uses protocol version %i "
"(yours is %i).\n", com_protocol->integer, version);
Com_DPrintf(" rejected connect from version %i\n", version);
return;
}
}
challenge = atoi( Info_ValueForKey( userinfo, "challenge" ) );
qport = atoi( Info_ValueForKey( userinfo, "qport" ) );
// quick reject
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( cl->state == CS_FREE ) {
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
if (( svs.time - cl->lastConnectTime)
< (sv_reconnectlimit->integer * 1000)) {
Com_DPrintf ("%s:reconnect rejected : too soon\n", NET_AdrToString (from));
return;
}
break;
}
}
// don't let "ip" overflow userinfo string
if ( NET_IsLocalAddress (from) )
ip = "localhost";
else
ip = (char *)NET_AdrToString( from );
if( ( strlen( ip ) + strlen( userinfo ) + 4 ) >= MAX_INFO_STRING ) {
NET_OutOfBandPrint( NS_SERVER, from,
"print\nUserinfo string length exceeded. "
"Try removing setu cvars from your config.\n" );
return;
}
Info_SetValueForKey( userinfo, "ip", ip );
// see if the challenge is valid (LAN clients don't need to challenge)
if (!NET_IsLocalAddress(from))
{
int ping;
challenge_t *challengeptr;
for (i=0; i<MAX_CHALLENGES; i++)
{
if (NET_CompareAdr(from, svs.challenges[i].adr))
{
if(challenge == svs.challenges[i].challenge)
break;
}
}
if (i == MAX_CHALLENGES)
{
NET_OutOfBandPrint( NS_SERVER, from, "print\nNo or bad challenge for your address.\n" );
return;
}
challengeptr = &svs.challenges[i];
if(challengeptr->wasrefused)
{
// Return silently, so that error messages written by the server keep being displayed.
return;
}
ping = svs.time - challengeptr->pingTime;
// never reject a LAN client based on ping
if ( !Sys_IsLANAddress( from ) ) {
if ( sv_minPing->value && ping < sv_minPing->value ) {
NET_OutOfBandPrint( NS_SERVER, from, "print\n%s", SV_StringEdString("SERVER_FOR_HIGH_PING") );
stringEd = SV_GetString("CLIENT_REJECTED_LOW_PING");
Com_DPrintf (stringEd, i);
challengeptr->wasrefused = qtrue;
return;
}
if ( sv_maxPing->value && ping > sv_maxPing->value ) {
NET_OutOfBandPrint( NS_SERVER, from, "print\n%s", SV_StringEdString("SERVER_FOR_LOW_PING") );
stringEd = SV_GetString("CLIENT_REJECTED_LOW_PING");
Com_DPrintf (stringEd, i);
challengeptr->wasrefused = qtrue;
return;
}
}
stringEd = SV_GetString("CLIENT_CONN_WITH_PING");
Com_Printf(stringEd, i, ping);
challengeptr->connected = qtrue;
}
newcl = &temp;
Com_Memset (newcl, 0, sizeof(client_t));
// if there is already a slot for this ip, reuse it
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( cl->state == CS_FREE ) {
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
Com_Printf ("%s:reconnect\n", NET_AdrToString (from));
newcl = cl;
// this doesn't work because it nukes the players userinfo
// // disconnect the client from the game first so any flags the
// // player might have are dropped
// VM_Call( gvm, GAME_CLIENT_DISCONNECT, newcl - svs.clients );
//
goto gotnewcl;
}
}
// find a client slot
// if "sv_privateClients" is set > 0, then that number
// of client slots will be reserved for connections that
// have "password" set to the value of "sv_privatePassword"
// Info requests will report the maxclients as if the private
// slots didn't exist, to prevent people from trying to connect
// to a full server.
// This is to allow us to reserve a couple slots here on our
// servers so we can play without having to kick people.
// check for privateClient password
password = Info_ValueForKey( userinfo, "password" );
if ( !strcmp( password, sv_privatePassword->string ) ) {
startIndex = 0;
} else {
// skip past the reserved slots
startIndex = sv_privateClients->integer;
}
newcl = NULL;
for ( i = startIndex; i < sv_maxclients->integer ; i++ ) {
cl = &svs.clients[i];
if (cl->state == CS_FREE) {
newcl = cl;
break;
}
}
if ( !newcl ) {
if ( NET_IsLocalAddress( from ) ) {
count = 0;
for ( i = startIndex; i < sv_maxclients->integer ; i++ ) {
cl = &svs.clients[i];
if (cl->netchan.remoteAddress.type == NA_BOT) {
count++;
}
}
// if they're all bots
if (count >= sv_maxclients->integer - startIndex) {
SV_DropClient(&svs.clients[sv_maxclients->integer - 1], "only bots on server");
newcl = &svs.clients[sv_maxclients->integer - 1];
}
else {
Com_Error( ERR_FATAL, "server is full on local connect" );
return;
}
}
else {
NET_OutOfBandPrint( NS_SERVER, from, "print\n%s\n", SV_StringEdString("SERVER_IS_FULL") );
Com_DPrintf ("Rejected a connection.\n");
return;
}
}
// we got a newcl, so reset the reliableSequence and reliableAcknowledge
cl->reliableAcknowledge = 0;
cl->reliableSequence = 0;
gotnewcl:
// build a new connection
// accept the new client
// this is the only place a client_t is ever initialized
*newcl = temp;
clientNum = newcl - svs.clients;
ent = SV_GentityNum( clientNum );
newcl->gentity = ent;
// save the challenge
newcl->challenge = challenge;
// save the address
#ifdef LEGACY_PROTOCOL
newcl->compat = compat;
Netchan_Setup(NS_SERVER, &newcl->netchan, from, qport, challenge, compat);
#else
Netchan_Setup(NS_SERVER, &newcl->netchan, from, qport, challenge, qfalse);
#endif
// init the netchan queue
newcl->netchan_end_queue = &newcl->netchan_start_queue;
// save the userinfo
Q_strncpyz( newcl->userinfo, userinfo, sizeof(newcl->userinfo) );
// get the game a chance to reject this connection or modify the userinfo
denied = VM_Call( gvm, GAME_CLIENT_CONNECT, clientNum, qtrue, qfalse ); // firstTime = qtrue
if ( denied ) {
// we can't just use VM_ArgPtr, because that is only valid inside a VM_Call
char *str = VM_ExplicitArgPtr( gvm, denied );
NET_OutOfBandPrint( NS_SERVER, from, "print\n%s\n", str );
Com_DPrintf ("Game rejected a connection: %s.\n", str);
return;
}
SV_UserinfoChanged( newcl );
// send the connect packet to the client
NET_OutOfBandPrint(NS_SERVER, from, "connectResponse %d", challenge);
Com_DPrintf( "Going from CS_FREE to CS_CONNECTED for %s\n", newcl->name );
newcl->state = CS_CONNECTED;
newcl->lastSnapshotTime = 0;
newcl->lastPacketTime = svs.time;
newcl->lastConnectTime = svs.time;
// when we receive the first packet from the client, we will
// notice that it is from a different serverid and that the
// gamestate message was not just sent, forcing a retransmit
newcl->gamestateMessageNum = -1;
// if this was the first client on the server, or the last client
// the server can hold, send a heartbeat to the master.
count = 0;
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( svs.clients[i].state >= CS_CONNECTED ) {
count++;
}
}
if ( count == 1 || count == sv_maxclients->integer ) {
SV_Heartbeat_f();
}
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val;
char *ip;
int i;
int len;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 && sv_lanForceRate->integer == 1) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if(strlen(val))
{
i = atoi(val);
if(i < 1)
i = 1;
else if(i > sv_fps->integer)
i = sv_fps->integer;
i = 1000 / i;
}
else
i = 50;
if(i != cl->snapshotMsec)
{
// Reset last sent snapshot so we avoid desync between server frame time and snapshot send time
cl->lastSnapshotTime = 0;
cl->snapshotMsec = i;
}
#ifdef USE_VOIP
#ifdef LEGACY_PROTOCOL
if(cl->compat)
cl->hasVoip = qfalse;
else
#endif
{
val = Info_ValueForKey(cl->userinfo, "cl_voip");
cl->hasVoip = atoi(val);
}
#endif
// TTimo
// maintain the IP information
// the banning code relies on this being consistently present
if( NET_IsLocalAddress(cl->netchan.remoteAddress) )
ip = "localhost";
else
ip = (char*)NET_AdrToString( cl->netchan.remoteAddress );
val = Info_ValueForKey( cl->userinfo, "ip" );
if( val[0] )
len = strlen( ip ) - strlen( val ) + strlen( cl->userinfo );
else
len = strlen( ip ) + 4 + strlen( cl->userinfo );
if( len >= MAX_INFO_STRING )
SV_DropClient( cl, "userinfo string length exceeded" );
else
Info_SetValueForKey( cl->userinfo, "ip", ip );
}
/*
=================
SV_GetChallenge
A "getchallenge" OOB command has been received
Returns a challenge number that can be used
in a subsequent connectResponse command.
We do this to prevent denial of service attacks that
flood the server with invalid connection IPs. With a
challenge, they must give a valid IP address.
If we are authorizing, a challenge request will cause a packet
to be sent to the authorize server.
When an authorizeip is returned, a challenge response will be
sent to that ip.
ioquake3: we added a possibility for clients to add a challenge
to their packets, to make it more difficult for malicious servers
to hi-jack client connections.
Also, the auth stuff is completely disabled for com_standalone games
as well as IPv6 connections, since there is no way to use the
v4-only auth server for these new types of connections.
=================
*/
void SV_GetChallenge( netadr_t from ) {
static leakyBucket_t outboundLeakyBucket;
int i;
int oldest;
int oldestTime;
int oldestClientTime;
int clientChallenge;
challenge_t *challenge;
qboolean wasfound = qfalse;
// ignore if we are in single player
if ( Cvar_VariableValue( "g_gametype" ) == GT_SINGLE_PLAYER || Cvar_VariableValue("ui_singlePlayerActive")) {
return;
}
// Prevent using getchallenge as an amplifier
if ( SVC_RateLimitAddress( from, 10, 1000 ) ) {
Com_DPrintf( "SV_GetChallenge: rate limit from %s exceeded, dropping request\n",
NET_AdrToString( from ) );
return;
}
// Allow getchallenge to be DoSed relatively easily, but prevent
// excess outbound bandwidth usage when being flooded inbound
if ( SVC_RateLimit( &outboundLeakyBucket, 10, 100 ) ) {
Com_DPrintf( "SV_GetChallenge: rate limit exceeded, dropping request\n" );
return;
}
oldest = 0;
oldestClientTime = oldestTime = 0x7fffffff;
// see if we already have a challenge for this ip
challenge = &svs.challenges[0];
clientChallenge = atoi( Cmd_Argv( 1 ) );
for (i = 0 ; i < MAX_CHALLENGES ; i++, challenge++ )
{
if ( !challenge->connected && NET_CompareAdr( from, challenge->adr ) )
{
wasfound = qtrue;
if ( challenge->time < oldestClientTime )
oldestClientTime = challenge->time;
}
if ( wasfound && i >= MAX_CHALLENGES_MULTI )
{
i = MAX_CHALLENGES;
break;
}
if ( challenge->time < oldestTime )
{
oldestTime = challenge->time;
oldest = i;
}
}
if (i == MAX_CHALLENGES)
{
// this is the first time this client has asked for a challenge
challenge = &svs.challenges[oldest];
challenge->clientChallenge = clientChallenge;
challenge->adr = from;
challenge->firstTime = svs.time;
challenge->connected = qfalse;
}
// always generate a new challenge number, so the client cannot circumvent sv_maxping
challenge->challenge = ( (rand() << 16) ^ rand() ) ^ svs.time;
challenge->wasrefused = qfalse;
challenge->time = svs.time;
#if !defined(STANDALONE) && defined (USE_AUTHORIZE)
// Drop the authorize stuff if this client is coming in via v6 as the auth server does not support ipv6.
// Drop also for addresses coming in on local LAN and for stand-alone games independent from id's assets.
if(challenge->adr.type == NA_IP && !Cvar_VariableIntegerValue("com_standalone") && !Sys_IsLANAddress(from))
{
// look up the authorize server's IP
if (svs.authorizeAddress.type == NA_BAD)
{
Com_Printf( "Resolving %s\n", AUTHORIZE_SERVER_NAME );
if (NET_StringToAdr(AUTHORIZE_SERVER_NAME, &svs.authorizeAddress, NA_IP))
{
svs.authorizeAddress.port = BigShort( PORT_AUTHORIZE );
Com_Printf( "%s resolved to %i.%i.%i.%i:%i\n", AUTHORIZE_SERVER_NAME,
svs.authorizeAddress.ip[0], svs.authorizeAddress.ip[1],
svs.authorizeAddress.ip[2], svs.authorizeAddress.ip[3],
BigShort( svs.authorizeAddress.port ) );
}
}
// we couldn't contact the auth server, let them in.
if(svs.authorizeAddress.type == NA_BAD)
Com_Printf("Couldn't resolve auth server address\n");
// if they have been challenging for a long time and we
// haven't heard anything from the authorize server, go ahead and
// let them in, assuming the id server is down
else if(svs.time - oldestClientTime > AUTHORIZE_TIMEOUT)
Com_DPrintf( "authorize server timed out\n" );
else
{
// otherwise send their ip to the authorize server
cvar_t *fs;
char game[1024];
Com_DPrintf( "sending getIpAuthorize for %s\n", NET_AdrToString( from ));
strcpy(game, IDBASEGAME);
fs = Cvar_Get ("fs_game", "", CVAR_INIT|CVAR_SYSTEMINFO );
if (fs && fs->string[0] != 0) {
strcpy(game, fs->string);
}
// the 0 is for backwards compatibility with obsolete sv_allowanonymous flags
// getIpAuthorize <challenge> <IP> <game> 0 <auth-flag>
NET_OutOfBandPrint( NS_SERVER, svs.authorizeAddress,
"getIpAuthorize %i %i.%i.%i.%i %s 0 %s", challenge->challenge,
from.ip[0], from.ip[1], from.ip[2], from.ip[3], game, sv_strictAuth->string );
return;
}
}
#endif
challenge->pingTime = svs.time;
NET_OutOfBandPrint(NS_SERVER, challenge->adr, "challengeResponse %d %d",
challenge->challenge, clientChallenge);
}
/*
===============
SV_CheckDRDoS
DRDoS stands for "Distributed Reflected Denial of Service".
See here: http://www.lemuria.org/security/application-drdos.html
Returns false if we're good. true return value means we need to block.
If the address isn't NA_IP, it's automatically denied.
===============
*/
bool SV_CheckDRDoS(netadr_t from) {
int i, oldestBan, oldestBanTime, globalCount, specificCount, oldest, oldestTime;
receipt_t *receipt;
netadr_t exactFrom;
floodBan_t *ban;
static int lastGlobalLogTime = 0;
// Usually the network is smart enough to not allow incoming UDP packets
// with a source address being a spoofed LAN address. Even if that's not
// the case, sending packets to other hosts in the LAN is not a big deal.
// NA_LOOPBACK qualifies as a LAN address.
if (Sys_IsLANAddress(from)) {
return false;
}
exactFrom = from;
if (from.type == NA_IP) {
from.ip[3] = 0; // xx.xx.xx.0
} else {
from.ip6[15] = 0;
}
// This quick exit strategy while we're being bombarded by getinfo/getstatus requests
// directed at a specific IP address doesn't really impact server performance.
// The code below does its duty very quickly if we're handling a flood packet.
ban = &svs.infoFloodBans[0];
oldestBan = 0;
oldestBanTime = 0x7fffffff;
for (i = 0; i < MAX_INFO_FLOOD_BANS; i++, ban++) {
if (svs.time - ban->time < 120000 && // Two minute ban.
NET_CompareBaseAdr(from, ban->adr)) {
ban->count++;
if (!ban->flood && ((svs.time - ban->time) >= 3000) && ban->count <= 5) {
Com_DPrintf("Unban info flood protect for address %s, they're not flooding\n", NET_AdrToString(exactFrom));
Com_Memset(ban, 0, sizeof(floodBan_t));
oldestBan = i;
break;
}
if (ban->count >= 180) {
Com_DPrintf("Renewing info flood ban for address %s, received %i getinfo/getstatus requests in %i milliseconds\n", NET_AdrToString(exactFrom), ban->count, svs.time - ban->time);
ban->time = svs.time;
ban->count = 0;
ban->flood = true;
}
return true;
}
if (ban->time < oldestBanTime) {
oldestBanTime = ban->time;
oldestBan = i;
}
}
// Count receipts in last 2 seconds.
globalCount = 0;
specificCount = 0;
receipt = &svs.infoReceipts[0];
oldest = 0;
oldestTime = 0x7fffffff;
for (i = 0; i < MAX_INFO_RECEIPTS; i++, receipt++) {
if (receipt->time + 2000 > svs.time) {
if (receipt->time) {
// When the server starts, all receipt times are at zero. Furthermore,
// svs.time is close to zero. We check that the receipt time is already
// set so that during the first two seconds after server starts, queries
// from the master servers don't get ignored. As a consequence a potentially
// unlimited number of getinfo+getstatus responses may be sent during the
// first frame of a server's life.
globalCount++;
}
if (NET_CompareBaseAdr(from, receipt->adr)) {
specificCount++;
}
}
if (receipt->time < oldestTime) {
oldestTime = receipt->time;
oldest = i;
}
}
if (specificCount >= 3) { // Already sent 3 to this IP in last 2 seconds.
Com_Printf("Possible DRDoS attack to address %s, putting into temporary getinfo/getstatus ban list\n", NET_AdrToString(exactFrom));
ban = &svs.infoFloodBans[oldestBan];
ban->adr = from;
ban->time = svs.time;
ban->count = 0;
ban->flood = false;
return true;
}
if (globalCount == MAX_INFO_RECEIPTS) { // All receipts happened in last 2 seconds.
// Detect time wrap where the server sets time back to zero. Problem
// is that we're using a static variable here that doesn't get zeroed out when
// the time wraps. TTimo's way of doing this is casting everything including
// the difference to unsigned int, but I think that's confusing to the programmer.
if (svs.time < lastGlobalLogTime) {
lastGlobalLogTime = 0;
}
if (lastGlobalLogTime + 1000 <= svs.time) { // Limit one log every second.
Com_Printf("Detected flood of arbitrary getinfo/getstatus connectionless packets\n");
lastGlobalLogTime = svs.time;
}
return true;
}
receipt = &svs.infoReceipts[oldest];
receipt->adr = from;
receipt->time = svs.time;
return false;
}
/*
=================
SV_UserinfoChanged
Pull specific info from a newly changed userinfo string
into a more C friendly form.
=================
*/
void SV_UserinfoChanged( client_t *cl ) {
char *val;
char *ip;
int i;
int len;
// name for C code
Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) );
// rate command
// if the client is on the same subnet as the server and we aren't running an
// internet public server, assume they don't need a rate choke
if ( Sys_IsLANAddress( cl->netchan.remoteAddress ) && com_dedicated->integer != 2 && sv_lanForceRate->integer == 1) {
cl->rate = 99999; // lans should not rate limit
} else {
val = Info_ValueForKey (cl->userinfo, "rate");
if (strlen(val)) {
i = atoi(val);
cl->rate = i;
if (cl->rate < 1000) {
cl->rate = 1000;
} else if (cl->rate > 90000) {
cl->rate = 90000;
}
} else {
cl->rate = 3000;
}
}
val = Info_ValueForKey (cl->userinfo, "handicap");
if (strlen(val)) {
i = atoi(val);
if (i<=0 || i>100 || strlen(val) > 4) {
Info_SetValueForKey( cl->userinfo, "handicap", "100" );
}
}
// snaps command
val = Info_ValueForKey (cl->userinfo, "snaps");
if (strlen(val)) {
i = atoi(val);
if ( i < 1 ) {
i = 1;
} else if ( i > sv_fps->integer ) {
i = sv_fps->integer;
}
cl->snapshotMsec = 1000/i;
} else {
cl->snapshotMsec = 50;
}
#ifdef USE_VOIP
// in the future, (val) will be a protocol version string, so only
// accept explicitly 1, not generally non-zero.
val = Info_ValueForKey (cl->userinfo, "cl_voip");
cl->hasVoip = (atoi(val) == 1) ? qtrue : qfalse;
#endif
// TTimo
// maintain the IP information
// the banning code relies on this being consistently present
if( NET_IsLocalAddress(cl->netchan.remoteAddress) )
ip = "localhost";
else
ip = (char*)NET_AdrToString( cl->netchan.remoteAddress );
val = Info_ValueForKey( cl->userinfo, "ip" );
if( val[0] )
len = strlen( ip ) - strlen( val ) + strlen( cl->userinfo );
else
len = strlen( ip ) + 4 + strlen( cl->userinfo );
if( len >= MAX_INFO_STRING )
SV_DropClient( cl, "userinfo string length exceeded" );
else
Info_SetValueForKey( cl->userinfo, "ip", ip );
}
void SV_DirectConnect( netadr_t from ) {
char userinfo[MAX_INFO_STRING];
int i;
client_t *cl, *newcl;
client_t temp;
sharedEntity_t *ent;
int clientNum;
int qport;
int challenge;
char *password;
int startIndex;
intptr_t denied;
int count;
Com_DPrintf ("SVC_DirectConnect ()\n");
Q_strncpyz( userinfo, Cmd_Argv(1), sizeof(userinfo) );
if ( Q_stricmp( Info_ValueForKey( userinfo, "protocol" ), PROTOCOL_VERSION ) ) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nServer uses protocol version "PROTOCOL_VERSION".\n" );
Com_DPrintf (" rejected connect from version %s\n", Info_ValueForKey( userinfo, "protocol" ));
return;
}
challenge = atoi( Info_ValueForKey( userinfo, "challenge" ) );
qport = atoi( Info_ValueForKey( userinfo, "qport" ) );
// quick reject
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( cl->state == CS_FREE ) {
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
if (( svs.time - cl->lastConnectTime)
< (sv_reconnectlimit->integer * 1000)) {
Com_DPrintf ("%s:reconnect rejected : too soon\n", NET_AdrToString (from));
return;
}
break;
}
}
// see if the challenge is valid (LAN clients don't need to challenge)
if ( !NET_IsLocalAddress (from) ) {
int ping;
for (i=0 ; i<MAX_CHALLENGES ; i++) {
if (NET_CompareAdr(from, svs.challenges[i].adr)) {
if ( challenge == svs.challenges[i].challenge ) {
break; // good
}
}
}
if (i == MAX_CHALLENGES) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nNo or bad challenge for address.\n" );
return;
}
// force the IP key/value pair so the game can filter based on ip
Info_SetValueForKey( userinfo, "ip", NET_AdrToString( from ) );
ping = svs.time - svs.challenges[i].pingTime;
Com_Printf( "Client %i connecting with %i challenge ping\n", i, ping );
svs.challenges[i].connected = qtrue;
// never reject a LAN client based on ping
if ( !Sys_IsLANAddress( from ) ) {
if ( sv_minPing->value && ping < sv_minPing->value ) {
// don't let them keep trying until they get a big delay
NET_OutOfBandPrint( NS_SERVER, from, "print\nServer is for high pings only\n" );
Com_DPrintf ("Client %i rejected on a too low ping\n", i);
// reset the address otherwise their ping will keep increasing
// with each connect message and they'd eventually be able to connect
svs.challenges[i].adr.port = 0;
return;
}
if ( sv_maxPing->value && ping > sv_maxPing->value ) {
NET_OutOfBandPrint( NS_SERVER, from, "print\nServer is for low pings only\n" );
Com_DPrintf ("Client %i rejected on a too high ping\n", i);
return;
}
}
} else {
// force the "ip" info key to "localhost"
Info_SetValueForKey( userinfo, "ip", "localhost" );
}
newcl = &temp;
Com_Memset (newcl, 0, sizeof(client_t));
// if there is already a slot for this ip, reuse it
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( cl->state == CS_FREE ) {
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) ) {
Com_Printf ("%s:reconnect\n", NET_AdrToString (from));
newcl = cl;
// this doesn't work because it nukes the players userinfo
// // disconnect the client from the game first so any flags the
// // player might have are dropped
// VM_Call( gvm, GAME_CLIENT_DISCONNECT, newcl - svs.clients );
//
goto gotnewcl;
}
}
// find a client slot
// if "sv_privateClients" is set > 0, then that number
// of client slots will be reserved for connections that
// have "password" set to the value of "sv_privatePassword"
// Info requests will report the maxclients as if the private
// slots didn't exist, to prevent people from trying to connect
// to a full server.
// This is to allow us to reserve a couple slots here on our
// servers so we can play without having to kick people.
// check for privateClient password
password = Info_ValueForKey( userinfo, "password" );
if ( !strcmp( password, sv_privatePassword->string ) ) {
startIndex = 0;
} else {
// skip past the reserved slots
startIndex = sv_privateClients->integer;
}
newcl = NULL;
for ( i = startIndex; i < MAX_PLAYERS ; i++ ) {
cl = &svs.clients[i];
if (cl->state == CS_FREE) {
newcl = cl;
break;
}
}
if ( !newcl ) {
if ( NET_IsLocalAddress( from ) ) {
count = 0;
for ( i = startIndex; i < sv_maxclients->integer ; i++ ) {
cl = &svs.clients[i];
if (cl->netchan.remoteAddress.type == NA_BOT) {
count++;
}
}
// if they're all bots
if (count >= sv_maxclients->integer - startIndex) {
SV_DropClient(&svs.clients[sv_maxclients->integer - 1], "only bots on server");
newcl = &svs.clients[sv_maxclients->integer - 1];
}
else {
Com_Error( ERR_FATAL, "server is full on local connect\n" );
return;
}
}
else {
NET_OutOfBandPrint( NS_SERVER, from, "print\nServer is full.\n" );
Com_DPrintf ("Rejected a connection.\n");
return;
}
}
// we got a newcl, so reset the reliableSequence and reliableAcknowledge
cl->reliableAcknowledge = 0;
cl->reliableSequence = 0;
gotnewcl:
// build a new connection
// accept the new client
// this is the only place a client_t is ever initialized
*newcl = temp;
clientNum = newcl - svs.clients;
ent = SV_GentityNum( clientNum );
newcl->gentity = ent;
// save the challenge
newcl->challenge = challenge;
// save the address
Netchan_Setup (NS_SERVER, &newcl->netchan , from, qport);
// init the netchan queue
newcl->netchan_end_queue = &newcl->netchan_start_queue;
// save the userinfo
Q_strncpyz( newcl->userinfo, userinfo, sizeof(newcl->userinfo) );
// get the game a chance to reject this connection or modify the userinfo
denied = VM_Call( gvm, GAME_CLIENT_CONNECT, clientNum, qtrue, qfalse ); // firstTime = qtrue
if ( denied ) {
// we can't just use VM_ArgPtr, because that is only valid inside a VM_Call
char *str = VM_ExplicitArgPtr( gvm, denied );
NET_OutOfBandPrint( NS_SERVER, from, "error\n%s\n", str );
Com_DPrintf ("Game rejected a connection: %s.\n", str);
return;
}
SV_UserinfoChanged( newcl );
// send the connect packet to the client
NET_OutOfBandPrint( NS_SERVER, from, "connectResponse" );
Com_DPrintf( "Going from CS_FREE to CS_CONNECTED for %s\n", newcl->name );
newcl->state = CS_CONNECTED;
newcl->nextSnapshotTime = svs.time;
newcl->lastPacketTime = svs.time;
newcl->lastConnectTime = svs.time;
// when we receive the first packet from the client, we will
// notice that it is from a different serverid and that the
// gamestate message was not just sent, forcing a retransmit
newcl->gamestateMessageNum = -1;
// if this was the first client on the server, or the last client
// the server can hold, send a heartbeat to the master.
count = 0;
for (i=0,cl=svs.clients ; i < sv_maxclients->integer ; i++,cl++) {
if ( svs.clients[i].state >= CS_CONNECTED ) {
count++;
}
}
if ( count == 1 || count == sv_maxclients->integer ) {
SV_Heartbeat_f();
}
}
/*
=================
SV_CheckDRDoS
DRDoS stands for "Distributed Reflected Denial of Service".
See here: http://www.lemuria.org/security/application-drdos.html
Returns qfalse if we're good. qtrue return value means we need to block.
If the address isn't NA_IP, it's automatically denied.
=================
*/
qboolean SV_CheckDRDoS(netadr_t from)
{
int i;
int globalCount;
int specificCount;
receipt_t *receipt;
netadr_t exactFrom;
int oldest;
int oldestTime;
static int lastGlobalLogTime = 0;
static int lastSpecificLogTime = 0;
// Usually the network is smart enough to not allow incoming UDP packets
// with a source address being a spoofed LAN address. Even if that's not
// the case, sending packets to other hosts in the LAN is not a big deal.
// NA_LOOPBACK qualifies as a LAN address.
if (Sys_IsLANAddress(from)) { return qfalse; }
exactFrom = from;
if (from.type == NA_IP) {
from.ip[3] = 0; // xx.xx.xx.0
}
else {
// So we got a connectionless packet but it's not IPv4, so
// what is it? I don't care, it doesn't matter, we'll just block it.
// This probably won't even happen.
return qtrue;
}
// Count receipts in last 2 seconds.
globalCount = 0;
specificCount = 0;
receipt = &svs.infoReceipts[0];
oldest = 0;
oldestTime = 0x7fffffff;
for (i = 0; i < MAX_INFO_RECEIPTS; i++, receipt++) {
if (receipt->time + 2000 > svs.time) {
if (receipt->time) {
// When the server starts, all receipt times are at zero. Furthermore,
// svs.time is close to zero. We check that the receipt time is already
// set so that during the first two seconds after server starts, queries
// from the master servers don't get ignored. As a consequence a potentially
// unlimited number of getinfo+getstatus responses may be sent during the
// first frame of a server's life.
globalCount++;
}
if (NET_CompareBaseAdr(from, receipt->adr)) {
specificCount++;
}
}
if (receipt->time < oldestTime) {
oldestTime = receipt->time;
oldest = i;
}
}
if (globalCount == MAX_INFO_RECEIPTS) { // All receipts happened in last 2 seconds.
if (lastGlobalLogTime + 1000 <= svs.time){ // Limit one log every second.
Com_Printf("Detected flood of getinfo/getstatus connectionless packets\n");
lastGlobalLogTime = svs.time;
}
return qtrue;
}
if (specificCount >= 3) { // Already sent 3 to this IP in last 2 seconds.
if (lastSpecificLogTime + 1000 <= svs.time) { // Limit one log every second.
Com_DPrintf("Possible DRDoS attack to address %i.%i.%i.%i, ignoring getinfo/getstatus connectionless packet\n",
exactFrom.ip[0], exactFrom.ip[1], exactFrom.ip[2], exactFrom.ip[3]);
lastSpecificLogTime = svs.time;
}
return qtrue;
}
receipt = &svs.infoReceipts[oldest];
receipt->adr = from;
receipt->time = svs.time;
return qfalse;
}
/*
==================
SV_DirectConnect
A "connect" OOB command has been received
==================
*/
void SV_DirectConnect( netadr_t from, const Cmd::Args& args )
{
char userinfo[ MAX_INFO_STRING ];
int i;
client_t *cl, *newcl;
client_t temp;
sharedEntity_t *ent;
int clientNum;
int version;
int qport;
int challenge;
const char *password;
int startIndex;
bool denied;
char reason[ MAX_STRING_CHARS ];
int count;
const char *ip;
#ifdef HAVE_GEOIP
const char *country = nullptr;
#endif
if ( args.Argc() < 2 )
{
return;
}
Log::Debug( "SVC_DirectConnect ()" );
Q_strncpyz( userinfo, args.Argv(1).c_str(), sizeof( userinfo ) );
// DHM - Nerve :: Update Server allows any protocol to connect
// NOTE TTimo: but we might need to store the protocol around for potential non http/ftp clients
version = atoi( Info_ValueForKey( userinfo, "protocol" ) );
if ( version != PROTOCOL_VERSION )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\nServer uses protocol version %i (yours is %i).", PROTOCOL_VERSION, version );
Log::Debug( " rejected connect from version %i", version );
return;
}
challenge = atoi( Info_ValueForKey( userinfo, "challenge" ) );
qport = atoi( Info_ValueForKey( userinfo, "qport" ) );
// quick reject
for ( i = 0, cl = svs.clients; i < sv_maxclients->integer; i++, cl++ )
{
// DHM - Nerve :: This check was allowing clients to reconnect after zombietime(2 secs)
//if ( cl->state == CS_FREE ) {
//continue;
//}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) )
{
if ( ( svs.time - cl->lastConnectTime )
< ( sv_reconnectlimit->integer * 1000 ) )
{
Log::Debug( "%s: reconnect rejected: too soon", NET_AdrToString( from ) );
return;
}
break;
}
}
if ( NET_IsLocalAddress( from ) )
{
ip = "localhost";
}
else
{
ip = NET_AdrToString( from );
}
if ( ( strlen( ip ) + strlen( userinfo ) + 4 ) >= MAX_INFO_STRING )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from,
"print\nUserinfo string length exceeded. "
"Try removing setu cvars from your config." );
return;
}
Info_SetValueForKey( userinfo, "ip", ip, false );
// see if the challenge is valid (local clients don't need to challenge)
if ( !NET_IsLocalAddress( from ) )
{
int ping;
for ( i = 0; i < MAX_CHALLENGES; i++ )
{
if ( NET_CompareAdr( from, svs.challenges[ i ].adr ) )
{
if ( challenge == svs.challenges[ i ].challenge )
{
break; // good
}
}
}
if ( i == MAX_CHALLENGES )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\n[err_dialog]No or bad challenge for address." );
return;
}
// force the IP address key/value pair, so the game can filter based on it
Info_SetValueForKey( userinfo, "ip", NET_AdrToString( from ), false );
if ( svs.challenges[ i ].firstPing == 0 )
{
ping = svs.time - svs.challenges[ i ].pingTime;
svs.challenges[ i ].firstPing = ping;
}
else
{
ping = svs.challenges[ i ].firstPing;
}
#ifdef HAVE_GEOIP
country = NET_GeoIP_Country( &from );
if ( country )
{
Log::Notice( "Client %i connecting from %s with %i challenge ping\n", i, country, ping );
}
else
{
Log::Notice( "Client %i connecting from somewhere unknown with %i challenge ping\n", i, ping );
}
#else
Log::Notice( "Client %i connecting with %i challenge ping\n", i, ping );
#endif
svs.challenges[ i ].connected = true;
// never reject a LAN client based on ping
if ( !Sys_IsLANAddress( from ) )
{
if ( sv_minPing->value && ping < sv_minPing->value )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\n[err_dialog]Server is for high pings only" );
Log::Debug( "Client %i rejected on a too low ping", i );
return;
}
if ( sv_maxPing->value && ping > sv_maxPing->value )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\n[err_dialog]Server is for low pings only" );
Log::Debug( "Client %i rejected on a too high ping: %i", i, ping );
return;
}
}
}
else
{
// force the "ip" info key to "localhost"
Info_SetValueForKey( userinfo, "ip", "localhost", false );
}
newcl = &temp;
memset( newcl, 0, sizeof( client_t ) );
// if there is already a slot for this IP address, reuse it
for ( i = 0, cl = svs.clients; i < sv_maxclients->integer; i++, cl++ )
{
if ( cl->state == clientState_t::CS_FREE )
{
continue;
}
if ( NET_CompareBaseAdr( from, cl->netchan.remoteAddress )
&& ( cl->netchan.qport == qport
|| from.port == cl->netchan.remoteAddress.port ) )
{
Log::Notice( "%s:reconnect\n", NET_AdrToString( from ) );
newcl = cl;
// this doesn't work because it nukes the players userinfo
// // disconnect the client from the game first so any flags the
// // player might have are dropped
// VM_Call( gvm, GAME_CLIENT_DISCONNECT, newcl - svs.clients );
//
goto gotnewcl;
}
}
// find a client slot
// if "sv_privateClients" is set > 0, then that number
// of client slots will be reserved for connections that
// have "password" set to the value of "sv_privatePassword"
// Info requests will report the maxclients as if the private
// slots didn't exist, to prevent people from trying to connect
// to a full server.
// This is to allow us to reserve a couple slots here on our
// servers so we can play without having to kick people.
// check for privateClient password
password = Info_ValueForKey( userinfo, "password" );
if ( !strcmp( password, sv_privatePassword->string ) )
{
startIndex = 0;
}
else
{
// skip past the reserved slots
startIndex = sv_privateClients->integer;
}
newcl = nullptr;
for ( i = startIndex; i < sv_maxclients->integer; i++ )
{
cl = &svs.clients[ i ];
if ( cl->state == clientState_t::CS_FREE )
{
newcl = cl;
break;
}
}
if ( !newcl )
{
if ( NET_IsLocalAddress( from ) )
{
count = 0;
for ( i = startIndex; i < sv_maxclients->integer; i++ )
{
cl = &svs.clients[ i ];
if ( SV_IsBot(cl) )
{
count++;
}
}
// if they're all bots
if ( count >= sv_maxclients->integer - startIndex )
{
SV_DropClient( &svs.clients[ sv_maxclients->integer - 1 ], "only bots on server" );
newcl = &svs.clients[ sv_maxclients->integer - 1 ];
}
else
{
Com_Error( errorParm_t::ERR_FATAL, "server is full on local connect" );
}
}
else
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\n%s", sv_fullmsg->string );
Log::Debug( "Rejected a connection." );
return;
}
}
// we got a newcl, so reset the reliableSequence and reliableAcknowledge
cl->reliableAcknowledge = 0;
cl->reliableSequence = 0;
gotnewcl:
// build a new connection
// accept the new client
// this is the only place a client_t is ever initialized
*newcl = std::move(temp);
clientNum = newcl - svs.clients;
ent = SV_GentityNum( clientNum );
newcl->gentity = ent;
ent->r.svFlags = 0;
#ifdef HAVE_GEOIP
if ( country )
{
Info_SetValueForKey( userinfo, "geoip", country, false );
}
#endif
// save the challenge
newcl->challenge = challenge;
// save the address
Netchan_Setup( netsrc_t::NS_SERVER, &newcl->netchan, from, qport );
// init the netchan queue
// Save the pubkey
Q_strncpyz( newcl->pubkey, Info_ValueForKey( userinfo, "pubkey" ), sizeof( newcl->pubkey ) );
Info_RemoveKey( userinfo, "pubkey", false );
// save the userinfo
Q_strncpyz( newcl->userinfo, userinfo, sizeof( newcl->userinfo ) );
// get the game a chance to reject this connection or modify the userinfo
denied = gvm.GameClientConnect( reason, sizeof( reason ), clientNum, true, false ); // firstTime = true
if ( denied )
{
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "print\n[err_dialog]%s", reason );
Log::Debug( "Game rejected a connection: %s.", reason );
return;
}
SV_UserinfoChanged( newcl );
// DHM - Nerve :: Clear out firstPing now that client is connected
svs.challenges[ i ].firstPing = 0;
// send the connect packet to the client
NET_OutOfBandPrint( netsrc_t::NS_SERVER, from, "connectResponse" );
Log::Debug( "Going from CS_FREE to CS_CONNECTED for %s", newcl->name );
newcl->state = clientState_t::CS_CONNECTED;
newcl->nextSnapshotTime = svs.time;
newcl->lastPacketTime = svs.time;
newcl->lastConnectTime = svs.time;
// when we receive the first packet from the client, we will
// notice that it is from a different serverid and that the
// gamestate message was not just sent, forcing a retransmit
newcl->gamestateMessageNum = -1;
// if this was the first client on the server, or the last client
// the server can hold, send a heartbeat to the master.
count = 0;
for ( i = 0, cl = svs.clients; i < sv_maxclients->integer; i++, cl++ )
{
if ( svs.clients[ i ].state >= clientState_t::CS_CONNECTED )
{
count++;
}
}
if ( count == 1 || count == sv_maxclients->integer )
{
SV_Heartbeat_f();
}
}