2 * Protocol of online ban list:
5 * GET g_ban_sync_uri?action=ban&hostname=...&ip=xxx.xxx.xxx&duration=nnnn&reason=...................
6 * (IP 1, 2, 3, or 4 octets, 3 octets for example is a /24 mask)
8 * GET g_ban_sync_uri?action=unban&hostname=...&ip=xxx.xxx.xxx
9 * - Querying the ban list
10 * GET g_ban_sync_uri?action=list&hostname=...&servers=xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx;...
12 * shows the bans from the listed servers, and possibly others.
13 * Format of a ban is ASCII plain text, four lines per ban, delimited by
14 * newline ONLY (no carriage return):
16 * IP address (also 1, 2, 3, or 4 octets, delimited by dot)
17 * time left in seconds
19 * server IP that registered the ban
22 #define MAX_IPBAN_URIS (URI_GET_IPBAN_END - URI_GET_IPBAN + 1)
24 float Ban_Insert(string ip, float bantime, string reason, float dosync);
26 void OnlineBanList_SendBan(string ip, float bantime, string reason)
31 uri = strcat( "action=ban&hostname=", uri_escape(autocvar_hostname));
32 uri = strcat(uri, "&ip=", uri_escape(ip));
33 uri = strcat(uri, "&duration=", ftos(bantime));
34 uri = strcat(uri, "&reason=", uri_escape(reason));
36 n = tokenize_console(autocvar_g_ban_sync_uri);
37 if(n >= MAX_IPBAN_URIS)
39 for(i = 0; i < n; ++i)
41 if(strstrofs(argv(i), "?", 0) >= 0)
42 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
44 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
48 void OnlineBanList_SendUnban(string ip)
53 uri = strcat( "action=unban&hostname=", uri_escape(autocvar_hostname));
54 uri = strcat(uri, "&ip=", uri_escape(ip));
56 n = tokenize_console(autocvar_g_ban_sync_uri);
57 if(n >= MAX_IPBAN_URIS)
59 for(i = 0; i < n; ++i)
61 if(strstrofs(argv(i), "?", 0) >= 0)
62 uri_get(strcat(argv(i), "&", uri), URI_GET_DISCARD); // 0 = "discard" callback target
64 uri_get(strcat(argv(i), "?", uri), URI_GET_DISCARD); // 0 = "discard" callback target
68 string OnlineBanList_Servers;
69 float OnlineBanList_Timeout;
70 float OnlineBanList_RequestWaiting[MAX_IPBAN_URIS];
72 void OnlineBanList_URI_Get_Callback(float id, float status, string data)
84 if(id >= MAX_IPBAN_URIS)
86 print("Received ban list for invalid ID\n");
90 tokenize_console(autocvar_g_ban_sync_uri);
93 print("Received ban list from ", uri, ": ");
95 if(OnlineBanList_RequestWaiting[id] == 0)
97 print("rejected (unexpected)\n");
101 OnlineBanList_RequestWaiting[id] = 0;
103 if(time > OnlineBanList_Timeout)
105 print("rejected (too late)\n");
109 syncinterval = autocvar_g_ban_sync_interval;
110 if(syncinterval == 0)
112 print("rejected (syncing disabled)\n");
120 print("error: status is ", ftos(status), "\n");
124 if(substring(data, 0, 1) == "<")
126 print("error: received HTML instead of a ban list\n");
130 if(strstrofs(data, "\r", 0) != -1)
132 print("error: received carriage returns\n");
139 n = tokenizebyseparator(data, "\n");
143 print("error: received invalid item count: ", ftos(n), "\n");
147 print("OK, ", ftos(n / 4), " items\n");
149 for(i = 0; i < n; i += 4)
152 timeleft = stof(argv(i + 1));
153 reason = argv(i + 2);
154 serverip = argv(i + 3);
156 dprint("received ban list item ", ftos(i / 4), ": ip=", ip);
157 dprint(" timeleft=", ftos(timeleft), " reason=", reason);
158 dprint(" serverip=", serverip, "\n");
160 timeleft -= 1.5 * autocvar_g_ban_sync_timeout;
165 if(l != 44) // length 44 is a cryptographic ID
167 for(j = 0; j < l; ++j)
168 if(strstrofs("0123456789.", substring(ip, j, 1), 0) == -1)
170 print("Invalid character ", substring(ip, j, 1), " in IP address ", ip, ". Skipping this ban.\n");
175 if(autocvar_g_ban_sync_trusted_servers_verify)
176 if((strstrofs(strcat(";", OnlineBanList_Servers, ";"), strcat(";", serverip, ";"), 0) == -1))
180 timeleft = min(syncinterval + (OnlineBanList_Timeout - time) + 5, timeleft);
181 // the ban will be prolonged on the next sync
182 // or expire 5 seconds after the next timeout
183 Ban_Insert(ip, timeleft, strcat("ban synced from ", serverip, " at ", uri), 0);
184 print("Ban list syncing: accepted ban of ", ip, " by ", serverip, " at ", uri, ": ");
191 void OnlineBanList_Think()
197 if(autocvar_g_ban_sync_uri == "")
199 if(autocvar_g_ban_sync_interval == 0) // < 0 is okay, it means "sync on level start only"
201 argc = tokenize_console(autocvar_g_ban_sync_trusted_servers);
205 if(OnlineBanList_Servers)
206 strunzone(OnlineBanList_Servers);
207 OnlineBanList_Servers = argv(0);
208 for(i = 1; i < argc; ++i)
209 OnlineBanList_Servers = strcat(OnlineBanList_Servers, ";", argv(i));
210 OnlineBanList_Servers = strzone(OnlineBanList_Servers);
212 uri = strcat( "action=list&hostname=", uri_escape(autocvar_hostname));
213 uri = strcat(uri, "&servers=", uri_escape(OnlineBanList_Servers));
215 OnlineBanList_Timeout = time + autocvar_g_ban_sync_timeout;
217 n = tokenize_console(autocvar_g_ban_sync_uri);
218 if(n >= MAX_IPBAN_URIS)
220 for(i = 0; i < n; ++i)
222 if(OnlineBanList_RequestWaiting[i])
224 OnlineBanList_RequestWaiting[i] = 1;
225 if(strstrofs(argv(i), "?", 0) >= 0)
226 uri_get(strcat(argv(i), "&", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
228 uri_get(strcat(argv(i), "?", uri), URI_GET_IPBAN + i); // 1000 = "banlist" callback target
231 if(autocvar_g_ban_sync_interval > 0)
232 self.nextthink = time + max(60, autocvar_g_ban_sync_interval * 60);
243 string ban_ip[BAN_MAX];
244 float ban_expire[BAN_MAX];
263 for(i = 0; i < ban_count; ++i)
265 if(time > ban_expire[i])
267 out = strcat(out, " ", ban_ip[i]);
268 out = strcat(out, " ", ftos(ban_expire[i] - time));
270 if(strlen(out) <= 1) // no real entries
271 cvar_set("g_banned_list", "");
273 cvar_set("g_banned_list", out);
276 float Ban_Delete(float i)
282 if(ban_expire[i] == 0)
284 if(ban_expire[i] > 0)
286 OnlineBanList_SendUnban(ban_ip[i]);
287 strunzone(ban_ip[i]);
298 for(i = 0; i < ban_count; ++i)
302 n = tokenize_console(autocvar_g_banned_list);
303 if(stof(argv(0)) == 1)
305 ban_count = (n - 1) / 2;
306 for(i = 0; i < ban_count; ++i)
308 ban_ip[i] = strzone(argv(2*i+1));
309 ban_expire[i] = time + stof(argv(2*i+2));
315 e.classname = "bansyncer";
316 e.think = OnlineBanList_Think;
317 e.nextthink = time + 1;
325 print("^2Listing all existing active bans:\n");
328 for(i = 0; i < ban_count; ++i)
330 if(time > ban_expire[i])
333 ++n; // total number of existing bans
335 msg = strcat("#", ftos(i), ": ");
336 msg = strcat(msg, ban_ip[i], " is still banned for ");
337 msg = strcat(msg, ftos(ban_expire[i] - time), " seconds");
339 print(" ", msg, "\n");
342 print("^2Done listing all active (", ftos(n), ") bans.\n");
345 float Ban_GetClientIP(entity client)
347 // we can't use tokenizing here, as this is called during ban list parsing
348 float i1, i2, i3, i4;
351 if(client.crypto_keyfp)
352 ban_idfp = client.crypto_idfp;
354 ban_idfp = string_null;
356 s = client.netaddress;
358 i1 = strstrofs(s, ".", 0);
361 i2 = strstrofs(s, ".", i1 + 1);
364 i3 = strstrofs(s, ".", i2 + 1);
367 i4 = strstrofs(s, ".", i3 + 1);
369 s = substring(s, 0, i4);
371 ban_ip1 = substring(s, 0, i1); // 8
372 ban_ip2 = substring(s, 0, i2); // 16
373 ban_ip3 = substring(s, 0, i3); // 24
374 ban_ip4 = strcat1(s); // 32
378 i1 = strstrofs(s, ":", 0);
381 i1 = strstrofs(s, ":", i1 + 1);
384 i2 = strstrofs(s, ":", i1 + 1);
387 i3 = strstrofs(s, ":", i2 + 1);
391 ban_ip1 = strcat(substring(s, 0, i1), "::/32"); // 32
392 ban_ip2 = strcat(substring(s, 0, i2), "::/48"); // 48
393 ban_ip4 = strcat(substring(s, 0, i3), "::/64"); // 64
395 if(i3 - i2 > 3) // means there is more than 2 digits and a : in the range
396 ban_ip3 = strcat(substring(s, 0, i2), ":", substring(s, i2 + 1, i3 - i2 - 3), "00::/56");
398 ban_ip3 = strcat(substring(s, 0, i2), ":0::/56");
403 float Ban_IsClientBanned(entity client, float idx)
405 float i, b, e, ipbanned;
408 if(!Ban_GetClientIP(client))
421 for(i = b; i < e; ++i)
424 if(time > ban_expire[i])
427 if(ban_ip1 == s) ipbanned = TRUE;
428 if(ban_ip2 == s) ipbanned = TRUE;
429 if(ban_ip3 == s) ipbanned = TRUE;
430 if(ban_ip4 == s) ipbanned = TRUE;
431 if(ban_idfp == s) return TRUE;
435 if(!autocvar_g_banned_list_idmode)
443 float Ban_MaybeEnforceBan(entity client)
445 if(Ban_IsClientBanned(client, -1))
448 s = strcat("^1NOTE:^7 banned client ", client.netaddress, " just tried to enter\n");
457 float Ban_MaybeEnforceBanOnce(entity client)
459 if(client.ban_checked)
461 client.ban_checked = TRUE;
462 return Ban_MaybeEnforceBan(self);
465 string Ban_Enforce(float i, string reason)
470 // Enforce our new ban
472 FOR_EACH_REALCLIENT(e)
473 if(Ban_IsClientBanned(e, i))
478 reason = strcat(reason, ": affects ");
480 reason = strcat(reason, ", ");
481 reason = strcat(reason, e.netname);
483 s = strcat(s, "^1NOTE:^7 banned client ", e.netaddress, "^7 has to go\n");
491 float Ban_Insert(string ip, float bantime, string reason, float dosync)
498 for(i = 0; i < ban_count; ++i)
502 if(time + bantime > ban_expire[i])
504 ban_expire[i] = time + bantime;
505 dprint(ip, "'s ban has been prolonged to ", ftos(bantime), " seconds from now\n");
508 dprint(ip, "'s ban is still active until ", ftos(ban_expire[i] - time), " seconds from now\n");
511 reason = Ban_Enforce(i, reason);
516 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
517 OnlineBanList_SendBan(ip, bantime, reason);
522 // do we have a free slot?
523 for(i = 0; i < ban_count; ++i)
524 if(time > ban_expire[i])
526 // no free slot? Then look for the one who would get unbanned next
530 bestscore = ban_expire[i];
531 for(j = 1; j < ban_count; ++j)
533 if(ban_expire[j] < bestscore)
536 bestscore = ban_expire[i];
540 // if we replace someone, will we be banned longer than him (so long-term
541 // bans never get overridden by short-term bans)
543 if(ban_expire[i] > time + bantime)
545 print(ip, " could not get banned due to no free ban slot\n");
548 // okay, insert our new victim as i
550 dprint(ip, " has been banned for ", ftos(bantime), " seconds\n");
551 ban_expire[i] = time + bantime;
552 ban_ip[i] = strzone(ip);
553 ban_count = max(ban_count, i + 1);
557 reason = Ban_Enforce(i, reason);
562 if(substring(reason, 0, 1) != "~") // like IRC: unauthenticated banner
563 OnlineBanList_SendBan(ip, bantime, reason);
568 void Ban_KickBanClient(entity client, float bantime, float masksize, string reason)
571 if(!Ban_GetClientIP(client))
573 sprint(client, strcat("Kickbanned: ", reason, "\n"));
582 ip = strcat1(ban_ip1);
585 ip = strcat1(ban_ip2);
588 ip = strcat1(ban_ip3);
592 ip = strcat1(ban_ip4);
596 id = strcat1(ban_idfp);
600 Ban_Insert(ip, bantime, reason, 1);
602 Ban_Insert(id, bantime, reason, 1);
604 * not needed, as we enforce the ban in Ban_Insert anyway
606 sprint(client, strcat("Kickbanned: ", reason, "\n"));