{CVAR_SAVE, "sv_master2", "", "user-chosen master server 2"},
{CVAR_SAVE, "sv_master3", "", "user-chosen master server 3"},
{CVAR_SAVE, "sv_master4", "", "user-chosen master server 4"},
- {0, "sv_masterextra1", "69.59.212.88", "ghdigital.com - default master server 1 (admin: LordHavoc)"}, // admin: LordHavoc
- {0, "sv_masterextra2", "107.161.23.68", "dpmaster.deathmask.net - default master server 2 (admin: Willis)"}, // admin: Willis
- {0, "sv_masterextra3", "92.62.40.73", "dpmaster.tchr.no - default master server 3 (admin: tChr)"}, // admin: tChr
-#ifdef SUPPORTIPV6
- {0, "sv_masterextra4", "[2a03:4000:2:225::51:334d]:27950", "dpmaster.sudo.rm-f.org - default master server 4 (admin: divVerent)"}, // admin: divVerent
- {0, "sv_masterextra5", "[2604:180::4ac:98c1]:27950", "dpmaster.deathmask.net - default master server 5 ipv6 address of dpmaster.deathmask.net (admin: Willis)"}, // admin: Willis
-#endif
+ {0, "sv_masterextra1", "ghdigital.com", "ghdigital.com - default master server 1 (admin: LordHavoc)"}, // admin: LordHavoc
+ {0, "sv_masterextra2", "dpmaster.deathmask.net", "dpmaster.deathmask.net - default master server 2 (admin: Willis)"}, // admin: Willis
+ {0, "sv_masterextra3", "dpmaster.tchr.no", "dpmaster.tchr.no - default master server 3 (admin: tChr)"}, // admin: tChr
{0, NULL, NULL, NULL}
};
{0, "sv_qwmasterextra1", "master.quakeservers.net:27000", "Global master server. (admin: unknown)"},
{0, "sv_qwmasterextra2", "asgaard.morphos-team.net:27000", "Global master server. (admin: unknown)"},
{0, "sv_qwmasterextra3", "qwmaster.ocrana.de:27000", "German master server. (admin: unknown)"},
- {0, "sv_qwmasterextra4", "masterserver.exhale.de:27000", "German master server. (admin: unknown)"},
- {0, "sv_qwmasterextra5", "qwmaster.fodquake.net:27000", "Global master server. (admin: unknown)"},
+ {0, "sv_qwmasterextra4", "qwmaster.fodquake.net:27000", "Global master server. (admin: unknown)"},
{0, NULL, NULL, NULL}
};
#endif
cvar_t net_connectfloodblockingtimeout = {0, "net_connectfloodblockingtimeout", "5", "when a connection packet is received, it will block all future connect packets from that IP address for this many seconds (cuts down on connect floods). Note that this does not include retries from the same IP; these are handled earlier and let in."};
cvar_t net_challengefloodblockingtimeout = {0, "net_challengefloodblockingtimeout", "0.5", "when a challenge packet is received, it will block all future challenge packets from that IP address for this many seconds (cuts down on challenge floods). DarkPlaces clients retry once per second, so this should be <= 1. Failure here may lead to connect attempts failing."};
cvar_t net_getstatusfloodblockingtimeout = {0, "net_getstatusfloodblockingtimeout", "1", "when a getstatus packet is received, it will block all future getstatus packets from that IP address for this many seconds (cuts down on getstatus floods). DarkPlaces retries every 4 seconds, and qstat retries once per second, so this should be <= 1. Failure here may lead to server not showing up in the server list."};
+cvar_t net_sourceaddresscheck = {0, "net_sourceaddresscheck", "1", "compare the source IP address for replies (more secure, may break some bad multihoming setups"};
cvar_t hostname = {CVAR_SAVE, "hostname", "UNNAMED", "server message to show in server browser"};
cvar_t developer_networking = {0, "developer_networking", "0", "prints all received and sent packets (recommended only for debugging)"};
break;
}
}
- if(Crypto_RetrieveHostKey(&addr, 0, NULL, 0, idfp, sizeof(idfp), NULL))
+ if(Crypto_RetrieveHostKey(&addr, 0, NULL, 0, idfp, sizeof(idfp), NULL, NULL))
{
for(i = 0; i < nFavorites_idfp; ++i)
{
}
}
-void NetConn_UpdateCleartime(double *cleartime, int rate, int burstsize, int len)
+static void NetConn_UpdateCleartime(double *cleartime, int rate, int burstsize, int len)
{
double bursttime = burstsize / (double)rate;
sendreliable = true;
}
// outgoing unreliable packet number, and outgoing reliable packet number (0 or 1)
- StoreLittleLong(sendbuffer, (unsigned int)conn->outgoing_unreliable_sequence | ((unsigned int)sendreliable<<31));
+ StoreLittleLong(sendbuffer, conn->outgoing_unreliable_sequence | (((unsigned int)sendreliable)<<31));
// last received unreliable packet number, and last received reliable packet number (0 or 1)
- StoreLittleLong(sendbuffer + 4, (unsigned int)conn->qw.incoming_sequence | ((unsigned int)conn->qw.incoming_reliable_sequence<<31));
+ StoreLittleLong(sendbuffer + 4, conn->qw.incoming_sequence | (((unsigned int)conn->qw.incoming_reliable_sequence)<<31));
packetLen = 8;
conn->outgoing_unreliable_sequence++;
// client sends qport in every packet
Con_Printf("Client using port %i\n", port);
NetConn_OpenClientPort(NULL, LHNETADDRESSTYPE_LOOP, 2);
NetConn_OpenClientPort(net_address.string, LHNETADDRESSTYPE_INET4, port);
-#ifdef SUPPORTIPV6
+#ifndef NOSUPPORTIPV6
NetConn_OpenClientPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port);
#endif
}
NetConn_OpenServerPort(NULL, LHNETADDRESSTYPE_LOOP, 1, 1);
if (opennetports)
{
-#ifdef SUPPORTIPV6
+#ifndef NOSUPPORTIPV6
qboolean ip4success = NetConn_OpenServerPort(net_address.string, LHNETADDRESSTYPE_INET4, port, 100);
NetConn_OpenServerPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port, ip4success ? 1 : 100);
#else
if (protocol == PROTOCOL_QUAKEWORLD)
{
- int sequence, sequence_ack;
- int reliable_ack, reliable_message;
+ unsigned int sequence, sequence_ack;
+ qboolean reliable_ack, reliable_message;
int count;
//int qport;
}
conn->packetsReceived++;
- reliable_message = (sequence >> 31) & 1;
- reliable_ack = (sequence_ack >> 31) & 1;
+ reliable_message = (sequence >> 31) != 0;
+ reliable_ack = (sequence_ack >> 31) != 0;
sequence &= ~(1<<31);
sequence_ack &= ~(1<<31);
if (sequence <= conn->qw.incoming_sequence)
{
conn->droppedDatagrams += count;
//Con_DPrintf("Dropped %u datagram(s)\n", count);
+ // If too may packets have been dropped, only write the
+ // last NETGRAPH_PACKETS ones to the netgraph. Why?
+ // Because there's no point in writing more than
+ // these as the netgraph is going to be full anyway.
+ if (count > NETGRAPH_PACKETS)
+ count = NETGRAPH_PACKETS;
while (count--)
{
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
count = sequence - conn->nq.unreliableReceiveSequence;
conn->droppedDatagrams += count;
//Con_DPrintf("Dropped %u datagram(s)\n", count);
+ // If too may packets have been dropped, only write the
+ // last NETGRAPH_PACKETS ones to the netgraph. Why?
+ // Because there's no point in writing more than
+ // these as the netgraph is going to be full anyway.
+ if (count > NETGRAPH_PACKETS)
+ count = NETGRAPH_PACKETS;
while (count--)
{
conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
if(cls.crypto.authenticated)
{
Crypto_FinishInstance(crypto, &cls.crypto);
- Con_Printf("%s connection to %s has been established: server is %s@%.*s, I am %.*s@%.*s\n",
+ Con_Printf("%s connection to %s has been established: server is %s@%s%.*s, I am %.*s@%s%.*s\n",
crypto->use_aes ? "Encrypted" : "Authenticated",
cls.netcon->address,
crypto->server_idfp[0] ? crypto->server_idfp : "-",
+ (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-",
crypto_keyfp_recommended_length, crypto->client_idfp[0] ? crypto->client_idfp : "-",
+ (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-"
);
}
{
// darkplaces or quake3
char protocolnames[1400];
- Protocol_Names(protocolnames, sizeof(protocolnames));
Con_DPrintf("\"%s\" received, sending connect request back to %s\n", string, addressstring2);
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("challenge message from wrong server %s\n", addressstring2);
+ return true;
+ }
+ Protocol_Names(protocolnames, sizeof(protocolnames));
#ifdef CONFIG_MENU
M_Update_Return_Reason("Got challenge response");
#endif
if (length == 6 && !memcmp(string, "accept", 6) && cls.connect_trying)
{
// darkplaces or quake3
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("accept message from wrong server %s\n", addressstring2);
+ return true;
+ }
#ifdef CONFIG_MENU
M_Update_Return_Reason("Accepted");
#endif
if (length > 7 && !memcmp(string, "reject ", 7) && cls.connect_trying)
{
char rejectreason[128];
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("reject message from wrong server %s\n", addressstring2);
+ return true;
+ }
cls.connect_trying = false;
string += 7;
length = min(length - 7, (int)sizeof(rejectreason) - 1);
if (length > 1 && string[0] == 'c' && (string[1] == '-' || (string[1] >= '0' && string[1] <= '9')) && cls.connect_trying)
{
// challenge message
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("c message from wrong server %s\n", addressstring2);
+ return true;
+ }
Con_Printf("challenge %s received, sending QuakeWorld connect request back to %s\n", string + 1, addressstring2);
#ifdef CONFIG_MENU
M_Update_Return_Reason("Got QuakeWorld challenge response");
if (length >= 1 && string[0] == 'j' && cls.connect_trying)
{
// accept message
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("j message from wrong server %s\n", addressstring2);
+ return true;
+ }
#ifdef CONFIG_MENU
M_Update_Return_Reason("QuakeWorld Accepted");
#endif
}
if (string[0] == 'n')
{
- // qw print command
+ // qw print command, used by rcon replies too
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address) && LHNETADDRESS_Compare(peeraddress, &cls.rcon_address)) {
+ Con_DPrintf("n message from wrong server %s\n", addressstring2);
+ return true;
+ }
Con_Printf("QW print command from server at %s:\n%s\n", addressstring2, string + 1);
}
// we may not have liked the packet, but it was a command packet, so
if (cls.connect_trying)
{
lhnetaddress_t clientportaddress;
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
+ Con_DPrintf("CCREP_ACCEPT message from wrong server %s\n", addressstring2);
+ break;
+ }
clientportaddress = *peeraddress;
LHNETADDRESS_SetPort(&clientportaddress, MSG_ReadLong(&cl_message));
// extra ProQuake stuff
}
break;
case CCREP_REJECT:
- if (developer_extra.integer)
- Con_DPrintf("Datagram_ParseConnectionless: received CCREP_REJECT from %s.\n", addressstring2);
+ if (developer_extra.integer) {
+ Con_DPrintf("CCREP_REJECT message from wrong server %s\n", addressstring2);
+ break;
+ }
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address))
+ break;
cls.connect_trying = false;
#ifdef CONFIG_MENU
M_Update_Return_Reason((char *)MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)));
#endif
break;
case CCREP_RCON: // RocketGuy: ProQuake rcon support
+ if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.rcon_address)) {
+ Con_DPrintf("CCREP_RCON message from wrong server %s\n", addressstring2);
+ break;
+ }
if (developer_extra.integer)
Con_DPrintf("Datagram_ParseConnectionless: received CCREP_RCON from %s.\n", addressstring2);
qboolean hasquotes;
qboolean restricted = false;
qboolean have_usernames = false;
- char vabuf[1024];
+ static char vabuf[1024];
userpass_start = rcon_password.string;
while((userpass_end = strchr(userpass_start, ' ')))
// no need to check challenge
if(crypto_developer.integer)
{
- Con_Printf("%s connection to %s is being established: client is %s@%.*s, I am %.*s@%.*s\n",
+ Con_Printf("%s connection to %s is being established: client is %s@%s%.*s, I am %.*s@%s%.*s\n",
crypto->use_aes ? "Encrypted" : "Authenticated",
addressstring2,
crypto->client_idfp[0] ? crypto->client_idfp : "-",
+ (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-",
crypto_keyfp_recommended_length, crypto->server_idfp[0] ? crypto->server_idfp : "-",
+ (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-"
);
}
Cvar_RegisterVariable(&net_connectfloodblockingtimeout);
Cvar_RegisterVariable(&net_challengefloodblockingtimeout);
Cvar_RegisterVariable(&net_getstatusfloodblockingtimeout);
+ Cvar_RegisterVariable(&net_sourceaddresscheck);
Cvar_RegisterVariable(&cl_netlocalping);
Cvar_RegisterVariable(&cl_netpacketloss_send);
Cvar_RegisterVariable(&cl_netpacketloss_receive);
projects / xonotic / darkplaces.git / blobdiff