1ec19fcdb7d5cc372117b67c83c1673888a6c6ac
[xonotic/darkplaces.git] / netconn.c
1 /*
2 Copyright (C) 1996-1997 Id Software, Inc.
3 Copyright (C) 2002 Mathieu Olivier
4 Copyright (C) 2003 Ashley Rose Hale (LadyHavoc)
5
6 This program is free software; you can redistribute it and/or
7 modify it under the terms of the GNU General Public License
8 as published by the Free Software Foundation; either version 2
9 of the License, or (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14
15 See the GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
20
21 */
22
23 #include "quakedef.h"
24 #include "thread.h"
25 #include "lhnet.h"
26
27 // for secure rcon authentication
28 #include "hmac.h"
29 #include "mdfour.h"
30 #include <time.h>
31
32 #define QWMASTER_PORT 27000
33 #define DPMASTER_PORT 27950
34
35 // note this defaults on for dedicated servers, off for listen servers
36 cvar_t sv_public = {CF_SERVER, "sv_public", "0", "1: advertises this server on the master server (so that players can find it in the server browser); 0: allow direct queries only; -1: do not respond to direct queries; -2: do not allow anyone to connect; -3: already block at getchallenge level"};
37 cvar_t sv_public_rejectreason = {CF_SERVER, "sv_public_rejectreason", "The server is closing.", "Rejection reason for connects when sv_public is -2"};
38 static cvar_t sv_heartbeatperiod = {CF_SERVER | CF_ARCHIVE, "sv_heartbeatperiod", "120", "how often to send heartbeat in seconds (only used if sv_public is 1)"};
39 extern cvar_t sv_status_privacy;
40
41 static cvar_t sv_masters [] =
42 {
43         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_master1", "", "user-chosen master server 1"},
44         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_master2", "", "user-chosen master server 2"},
45         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_master3", "", "user-chosen master server 3"},
46         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_master4", "", "user-chosen master server 4"},
47         {CF_CLIENT | CF_SERVER, "sv_masterextra1", "dpmaster.deathmask.net", "dpmaster.deathmask.net - default master server 1 (admin: Willis)"}, // admin: Willis
48         {CF_CLIENT | CF_SERVER, "sv_masterextra2", "dpmaster.tchr.no", "dpmaster.tchr.no - default master server 2 (admin: tChr)"}, // admin: tChr
49         {0, NULL, NULL, NULL}
50 };
51
52 #ifdef CONFIG_MENU
53 static cvar_t sv_qwmasters [] =
54 {
55         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_qwmaster1", "", "user-chosen qwmaster server 1"},
56         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_qwmaster2", "", "user-chosen qwmaster server 2"},
57         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_qwmaster3", "", "user-chosen qwmaster server 3"},
58         {CF_CLIENT | CF_SERVER | CF_ARCHIVE, "sv_qwmaster4", "", "user-chosen qwmaster server 4"},
59         {CF_CLIENT | CF_SERVER, "sv_qwmasterextra1", "master.quakeservers.net:27000", "Global master server. (admin: unknown)"},
60         {CF_CLIENT | CF_SERVER, "sv_qwmasterextra2", "asgaard.morphos-team.net:27000", "Global master server. (admin: unknown)"},
61         {CF_CLIENT | CF_SERVER, "sv_qwmasterextra3", "qwmaster.ocrana.de:27000", "German master server. (admin: unknown)"},
62         {CF_CLIENT | CF_SERVER, "sv_qwmasterextra4", "qwmaster.fodquake.net:27000", "Global master server. (admin: unknown)"},
63         {0, NULL, NULL, NULL}
64 };
65 #endif
66
67 static double nextheartbeattime = 0;
68
69 sizebuf_t cl_message;
70 sizebuf_t sv_message;
71 static unsigned char cl_message_buf[NET_MAXMESSAGE];
72 static unsigned char sv_message_buf[NET_MAXMESSAGE];
73 char cl_readstring[MAX_INPUTLINE];
74 char sv_readstring[MAX_INPUTLINE];
75
76 cvar_t net_test = {CF_CLIENT | CF_SERVER, "net_test", "0", "internal development use only, leave it alone (usually does nothing anyway)"};
77 cvar_t net_usesizelimit = {CF_SERVER, "net_usesizelimit", "2", "use packet size limiting (0: never, 1: in non-CSQC mode, 2: always)"};
78 cvar_t net_burstreserve = {CF_SERVER, "net_burstreserve", "0.3", "how much of the burst time to reserve for packet size spikes"};
79 cvar_t net_messagetimeout = {CF_CLIENT | CF_SERVER, "net_messagetimeout","300", "drops players who have not sent any packets for this many seconds"};
80 cvar_t net_connecttimeout = {CF_CLIENT | CF_SERVER, "net_connecttimeout","15", "after requesting a connection, the client must reply within this many seconds or be dropped (cuts down on connect floods). Must be above 10 seconds."};
81 cvar_t net_connectfloodblockingtimeout = {CF_SERVER, "net_connectfloodblockingtimeout", "5", "when a connection packet is received, it will block all future connect packets from that IP address for this many seconds (cuts down on connect floods). Note that this does not include retries from the same IP; these are handled earlier and let in."};
82 cvar_t net_challengefloodblockingtimeout = {CF_SERVER, "net_challengefloodblockingtimeout", "0.5", "when a challenge packet is received, it will block all future challenge packets from that IP address for this many seconds (cuts down on challenge floods). DarkPlaces clients retry once per second, so this should be <= 1. Failure here may lead to connect attempts failing."};
83 cvar_t net_getstatusfloodblockingtimeout = {CF_SERVER, "net_getstatusfloodblockingtimeout", "1", "when a getstatus packet is received, it will block all future getstatus packets from that IP address for this many seconds (cuts down on getstatus floods). DarkPlaces retries every 4 seconds, and qstat retries once per second, so this should be <= 1. Failure here may lead to server not showing up in the server list."};
84 cvar_t net_sourceaddresscheck = {CF_CLIENT, "net_sourceaddresscheck", "1", "compare the source IP address for replies (more secure, may break some bad multihoming setups"};
85 cvar_t hostname = {CF_SERVER | CF_ARCHIVE, "hostname", "UNNAMED", "server message to show in server browser"};
86 cvar_t developer_networking = {CF_CLIENT | CF_SERVER, "developer_networking", "0", "prints all received and sent packets (recommended only for debugging)"};
87
88 cvar_t net_fakelag = {CF_CLIENT, "net_fakelag","0", "lags local loopback connection by this much ping time (useful to play more fairly on your own server with people with higher pings)"};
89 static cvar_t net_fakeloss_send = {CF_CLIENT, "net_fakeloss_send","0", "drops this percentage of outgoing packets, useful for testing network protocol robustness (jerky movement, prediction errors, etc)"};
90 static cvar_t net_fakeloss_receive = {CF_CLIENT, "net_fakeloss_receive","0", "drops this percentage of incoming packets, useful for testing network protocol robustness (jerky movement, effects failing to start, sounds failing to play, etc)"};
91 static cvar_t net_slist_queriespersecond = {CF_CLIENT, "net_slist_queriespersecond", "20", "how many server information requests to send per second"};
92 static cvar_t net_slist_queriesperframe = {CF_CLIENT, "net_slist_queriesperframe", "4", "maximum number of server information requests to send each rendered frame (guards against low framerates causing problems)"};
93 static cvar_t net_slist_timeout = {CF_CLIENT, "net_slist_timeout", "4", "how long to listen for a server information response before giving up"};
94 static cvar_t net_slist_pause = {CF_CLIENT, "net_slist_pause", "0", "when set to 1, the server list won't update until it is set back to 0"};
95 static cvar_t net_slist_maxtries = {CF_CLIENT, "net_slist_maxtries", "3", "how many times to ask the same server for information (more times gives better ping reports but takes longer)"};
96 static cvar_t net_slist_favorites = {CF_CLIENT | CF_ARCHIVE, "net_slist_favorites", "", "contains a list of IP addresses and ports to always query explicitly"};
97 static cvar_t net_tos_dscp = {CF_CLIENT | CF_ARCHIVE, "net_tos_dscp", "32", "DiffServ Codepoint for network sockets (may need game restart to apply)"};
98 static cvar_t gameversion = {CF_SERVER, "gameversion", "0", "version of game data (mod-specific) to be sent to querying clients"};
99 static cvar_t gameversion_min = {CF_CLIENT | CF_SERVER, "gameversion_min", "-1", "minimum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"};
100 static cvar_t gameversion_max = {CF_CLIENT | CF_SERVER, "gameversion_max", "-1", "maximum version of game data (mod-specific), when client and server gameversion mismatch in the server browser the server is shown as incompatible; if -1, gameversion is used alone"};
101 static cvar_t rcon_restricted_password = {CF_SERVER | CF_PRIVATE, "rcon_restricted_password", "", "password to authenticate rcon commands in restricted mode; may be set to a string of the form user1:pass1 user2:pass2 user3:pass3 to allow multiple user accounts - the client then has to specify ONE of these combinations"};
102 static cvar_t rcon_restricted_commands = {CF_SERVER, "rcon_restricted_commands", "", "allowed commands for rcon when the restricted mode password was used"};
103 static cvar_t rcon_secure_maxdiff = {CF_SERVER, "rcon_secure_maxdiff", "5", "maximum time difference between rcon request and server system clock (to protect against replay attack)"};
104 extern cvar_t rcon_secure;
105 extern cvar_t rcon_secure_challengetimeout;
106
107 double masterquerytime = -1000;
108 int masterquerycount = 0;
109 int masterreplycount = 0;
110 int serverquerycount = 0;
111 int serverreplycount = 0;
112
113 challenge_t challenges[MAX_CHALLENGES];
114
115 #ifdef CONFIG_MENU
116 /// this is only false if there are still servers left to query
117 static qbool serverlist_querysleep = true;
118 static qbool serverlist_paused = false;
119 /// this is pushed a second or two ahead of realtime whenever a master server
120 /// reply is received, to avoid issuing queries while master replies are still
121 /// flooding in (which would make a mess of the ping times)
122 static double serverlist_querywaittime = 0;
123 #endif
124
125 static int cl_numsockets;
126 static lhnetsocket_t *cl_sockets[16];
127 static int sv_numsockets;
128 static lhnetsocket_t *sv_sockets[16];
129
130 netconn_t *netconn_list = NULL;
131 mempool_t *netconn_mempool = NULL;
132 void *netconn_mutex = NULL;
133
134 cvar_t cl_netport = {CF_CLIENT, "cl_port", "0", "forces client to use chosen port number if not 0"};
135 cvar_t sv_netport = {CF_SERVER, "port", "26000", "server port for players to connect to"};
136 cvar_t net_address = {CF_CLIENT | CF_SERVER, "net_address", "", "network address to open ipv4 ports on (if empty, use default interfaces)"};
137 cvar_t net_address_ipv6 = {CF_CLIENT | CF_SERVER, "net_address_ipv6", "", "network address to open ipv6 ports on (if empty, use default interfaces)"};
138
139 char cl_net_extresponse[NET_EXTRESPONSE_MAX][1400];
140 int cl_net_extresponse_count = 0;
141 int cl_net_extresponse_last = 0;
142
143 char sv_net_extresponse[NET_EXTRESPONSE_MAX][1400];
144 int sv_net_extresponse_count = 0;
145 int sv_net_extresponse_last = 0;
146
147 #ifdef CONFIG_MENU
148 // ServerList interface
149 serverlist_mask_t serverlist_andmasks[SERVERLIST_ANDMASKCOUNT];
150 serverlist_mask_t serverlist_ormasks[SERVERLIST_ORMASKCOUNT];
151
152 serverlist_infofield_t serverlist_sortbyfield;
153 int serverlist_sortflags;
154
155 int serverlist_viewcount = 0;
156 unsigned short serverlist_viewlist[SERVERLIST_VIEWLISTSIZE];
157
158 int serverlist_maxcachecount = 0;
159 int serverlist_cachecount = 0;
160 serverlist_entry_t *serverlist_cache = NULL;
161
162 qbool serverlist_consoleoutput;
163
164 static int nFavorites = 0;
165 static lhnetaddress_t favorites[MAX_FAVORITESERVERS];
166 static int nFavorites_idfp = 0;
167 static char favorites_idfp[MAX_FAVORITESERVERS][FP64_SIZE+1];
168
169 void NetConn_UpdateFavorites_c(cvar_t *var)
170 {
171         const char *p;
172         nFavorites = 0;
173         nFavorites_idfp = 0;
174         p = var->string;
175         while((size_t) nFavorites < sizeof(favorites) / sizeof(*favorites) && COM_ParseToken_Console(&p))
176         {
177                 if(com_token[0] != '[' && strlen(com_token) == FP64_SIZE && !strchr(com_token, '.'))
178                 // currently 44 bytes, longest possible IPv6 address: 39 bytes, so this works
179                 // (if v6 address contains port, it must start with '[')
180                 {
181                         strlcpy(favorites_idfp[nFavorites_idfp], com_token, sizeof(favorites_idfp[nFavorites_idfp]));
182                         ++nFavorites_idfp;
183                 }
184                 else 
185                 {
186                         if(LHNETADDRESS_FromString(&favorites[nFavorites], com_token, 26000))
187                                 ++nFavorites;
188                 }
189         }
190 }
191
192 /// helper function to insert a value into the viewset
193 /// spare entries will be removed
194 static void _ServerList_ViewList_Helper_InsertBefore( int index, serverlist_entry_t *entry )
195 {
196     int i;
197         if( serverlist_viewcount < SERVERLIST_VIEWLISTSIZE ) {
198                 i = serverlist_viewcount++;
199         } else {
200                 i = SERVERLIST_VIEWLISTSIZE - 1;
201         }
202
203         for( ; i > index ; i-- )
204                 serverlist_viewlist[ i ] = serverlist_viewlist[ i - 1 ];
205
206         serverlist_viewlist[index] = (int)(entry - serverlist_cache);
207 }
208
209 /// we suppose serverlist_viewcount to be valid, ie > 0
210 static void _ServerList_ViewList_Helper_Remove( int index )
211 {
212         serverlist_viewcount--;
213         for( ; index < serverlist_viewcount ; index++ )
214                 serverlist_viewlist[index] = serverlist_viewlist[index + 1];
215 }
216
217 /// \returns true if A should be inserted before B
218 static qbool _ServerList_Entry_Compare( serverlist_entry_t *A, serverlist_entry_t *B )
219 {
220         int result = 0; // > 0 if for numbers A > B and for text if A < B
221
222         if( serverlist_sortflags & SLSF_CATEGORIES )
223         {
224                 result = A->info.category - B->info.category;
225                 if (result != 0)
226                         return result < 0;
227         }
228
229         if( serverlist_sortflags & SLSF_FAVORITES )
230         {
231                 if(A->info.isfavorite != B->info.isfavorite)
232                         return A->info.isfavorite;
233         }
234         
235         switch( serverlist_sortbyfield ) {
236                 case SLIF_PING:
237                         result = A->info.ping - B->info.ping;
238                         break;
239                 case SLIF_MAXPLAYERS:
240                         result = A->info.maxplayers - B->info.maxplayers;
241                         break;
242                 case SLIF_NUMPLAYERS:
243                         result = A->info.numplayers - B->info.numplayers;
244                         break;
245                 case SLIF_NUMBOTS:
246                         result = A->info.numbots - B->info.numbots;
247                         break;
248                 case SLIF_NUMHUMANS:
249                         result = A->info.numhumans - B->info.numhumans;
250                         break;
251                 case SLIF_FREESLOTS:
252                         result = A->info.freeslots - B->info.freeslots;
253                         break;
254                 case SLIF_PROTOCOL:
255                         result = A->info.protocol - B->info.protocol;
256                         break;
257                 case SLIF_CNAME:
258                         result = strcmp( B->info.cname, A->info.cname );
259                         break;
260                 case SLIF_GAME:
261                         result = strcasecmp( B->info.game, A->info.game );
262                         break;
263                 case SLIF_MAP:
264                         result = strcasecmp( B->info.map, A->info.map );
265                         break;
266                 case SLIF_MOD:
267                         result = strcasecmp( B->info.mod, A->info.mod );
268                         break;
269                 case SLIF_NAME:
270                         result = strcasecmp( B->info.name, A->info.name );
271                         break;
272                 case SLIF_QCSTATUS:
273                         result = strcasecmp( B->info.qcstatus, A->info.qcstatus ); // not really THAT useful, though
274                         break;
275                 case SLIF_CATEGORY:
276                         result = A->info.category - B->info.category;
277                         break;
278                 case SLIF_ISFAVORITE:
279                         result = !!B->info.isfavorite - !!A->info.isfavorite;
280                         break;
281                 default:
282                         Con_DPrint( "_ServerList_Entry_Compare: Bad serverlist_sortbyfield!\n" );
283                         break;
284         }
285
286         if (result != 0)
287         {
288                 if( serverlist_sortflags & SLSF_DESCENDING )
289                         return result > 0;
290                 else
291                         return result < 0;
292         }
293
294         // if the chosen sort key is identical, sort by index
295         // (makes this a stable sort, so that later replies from servers won't
296         //  shuffle the servers around when they have the same ping)
297         return A < B;
298 }
299
300 static qbool _ServerList_CompareInt( int A, serverlist_maskop_t op, int B )
301 {
302         // This should actually be done with some intermediate and end-of-function return
303         switch( op ) {
304                 case SLMO_LESS:
305                         return A < B;
306                 case SLMO_LESSEQUAL:
307                         return A <= B;
308                 case SLMO_EQUAL:
309                         return A == B;
310                 case SLMO_GREATER:
311                         return A > B;
312                 case SLMO_NOTEQUAL:
313                         return A != B;
314                 case SLMO_GREATEREQUAL:
315                 case SLMO_CONTAINS:
316                 case SLMO_NOTCONTAIN:
317                 case SLMO_STARTSWITH:
318                 case SLMO_NOTSTARTSWITH:
319                         return A >= B;
320                 default:
321                         Con_DPrint( "_ServerList_CompareInt: Bad op!\n" );
322                         return false;
323         }
324 }
325
326 static qbool _ServerList_CompareStr( const char *A, serverlist_maskop_t op, const char *B )
327 {
328         int i;
329         char bufferA[ 1400 ], bufferB[ 1400 ]; // should be more than enough
330         COM_StringDecolorize(A, 0, bufferA, sizeof(bufferA), false);
331         for (i = 0;i < (int)sizeof(bufferA)-1 && bufferA[i];i++)
332                 bufferA[i] = (bufferA[i] >= 'A' && bufferA[i] <= 'Z') ? (bufferA[i] + 'a' - 'A') : bufferA[i];
333         bufferA[i] = 0;
334         for (i = 0;i < (int)sizeof(bufferB)-1 && B[i];i++)
335                 bufferB[i] = (B[i] >= 'A' && B[i] <= 'Z') ? (B[i] + 'a' - 'A') : B[i];
336         bufferB[i] = 0;
337
338         // Same here, also using an intermediate & final return would be more appropriate
339         // A info B mask
340         switch( op ) {
341                 case SLMO_CONTAINS:
342                         return *bufferB && !!strstr( bufferA, bufferB ); // we want a real bool
343                 case SLMO_NOTCONTAIN:
344                         return !*bufferB || !strstr( bufferA, bufferB );
345                 case SLMO_STARTSWITH:
346                         //Con_Printf("startsWith: %s %s\n", bufferA, bufferB);
347                         return *bufferB && !memcmp(bufferA, bufferB, strlen(bufferB));
348                 case SLMO_NOTSTARTSWITH:
349                         return !*bufferB || memcmp(bufferA, bufferB, strlen(bufferB));
350                 case SLMO_LESS:
351                         return strcmp( bufferA, bufferB ) < 0;
352                 case SLMO_LESSEQUAL:
353                         return strcmp( bufferA, bufferB ) <= 0;
354                 case SLMO_EQUAL:
355                         return strcmp( bufferA, bufferB ) == 0;
356                 case SLMO_GREATER:
357                         return strcmp( bufferA, bufferB ) > 0;
358                 case SLMO_NOTEQUAL:
359                         return strcmp( bufferA, bufferB ) != 0;
360                 case SLMO_GREATEREQUAL:
361                         return strcmp( bufferA, bufferB ) >= 0;
362                 default:
363                         Con_DPrint( "_ServerList_CompareStr: Bad op!\n" );
364                         return false;
365         }
366 }
367
368 static qbool _ServerList_Entry_Mask( serverlist_mask_t *mask, serverlist_info_t *info )
369 {
370         if( !_ServerList_CompareInt( info->ping, mask->tests[SLIF_PING], mask->info.ping ) )
371                 return false;
372         if( !_ServerList_CompareInt( info->maxplayers, mask->tests[SLIF_MAXPLAYERS], mask->info.maxplayers ) )
373                 return false;
374         if( !_ServerList_CompareInt( info->numplayers, mask->tests[SLIF_NUMPLAYERS], mask->info.numplayers ) )
375                 return false;
376         if( !_ServerList_CompareInt( info->numbots, mask->tests[SLIF_NUMBOTS], mask->info.numbots ) )
377                 return false;
378         if( !_ServerList_CompareInt( info->numhumans, mask->tests[SLIF_NUMHUMANS], mask->info.numhumans ) )
379                 return false;
380         if( !_ServerList_CompareInt( info->freeslots, mask->tests[SLIF_FREESLOTS], mask->info.freeslots ) )
381                 return false;
382         if( !_ServerList_CompareInt( info->protocol, mask->tests[SLIF_PROTOCOL], mask->info.protocol ))
383                 return false;
384         if( *mask->info.cname
385                 && !_ServerList_CompareStr( info->cname, mask->tests[SLIF_CNAME], mask->info.cname ) )
386                 return false;
387         if( *mask->info.game
388                 && !_ServerList_CompareStr( info->game, mask->tests[SLIF_GAME], mask->info.game ) )
389                 return false;
390         if( *mask->info.mod
391                 && !_ServerList_CompareStr( info->mod, mask->tests[SLIF_MOD], mask->info.mod ) )
392                 return false;
393         if( *mask->info.map
394                 && !_ServerList_CompareStr( info->map, mask->tests[SLIF_MAP], mask->info.map ) )
395                 return false;
396         if( *mask->info.name
397                 && !_ServerList_CompareStr( info->name, mask->tests[SLIF_NAME], mask->info.name ) )
398                 return false;
399         if( *mask->info.qcstatus
400                 && !_ServerList_CompareStr( info->qcstatus, mask->tests[SLIF_QCSTATUS], mask->info.qcstatus ) )
401                 return false;
402         if( *mask->info.players
403                 && !_ServerList_CompareStr( info->players, mask->tests[SLIF_PLAYERS], mask->info.players ) )
404                 return false;
405         if( !_ServerList_CompareInt( info->category, mask->tests[SLIF_CATEGORY], mask->info.category ) )
406                 return false;
407         if( !_ServerList_CompareInt( info->isfavorite, mask->tests[SLIF_ISFAVORITE], mask->info.isfavorite ))
408                 return false;
409         return true;
410 }
411
412 static void ServerList_ViewList_Insert( serverlist_entry_t *entry )
413 {
414         int start, end, mid, i;
415         lhnetaddress_t addr;
416
417         // reject incompatible servers
418         if(
419                 entry->info.gameversion != gameversion.integer
420                 &&
421                 !(
422                            gameversion_min.integer >= 0 // min/max range set by user/mod?
423                         && gameversion_max.integer >= 0
424                         && gameversion_min.integer <= entry->info.gameversion // version of server in min/max range?
425                         && gameversion_max.integer >= entry->info.gameversion
426                  )
427         )
428                 return;
429
430         // refresh the "favorite" status
431         entry->info.isfavorite = false;
432         if(LHNETADDRESS_FromString(&addr, entry->info.cname, 26000))
433         {
434                 char idfp[FP64_SIZE+1];
435                 for(i = 0; i < nFavorites; ++i)
436                 {
437                         if(LHNETADDRESS_Compare(&addr, &favorites[i]) == 0)
438                         {
439                                 entry->info.isfavorite = true;
440                                 break;
441                         }
442                 }
443                 if(Crypto_RetrieveHostKey(&addr, 0, NULL, 0, idfp, sizeof(idfp), NULL, NULL))
444                 {
445                         for(i = 0; i < nFavorites_idfp; ++i)
446                         {
447                                 if(!strcmp(idfp, favorites_idfp[i]))
448                                 {
449                                         entry->info.isfavorite = true;
450                                         break;
451                                 }
452                         }
453                 }
454         }
455
456         // refresh the "category"
457         entry->info.category = MR_GetServerListEntryCategory(entry);
458
459         // FIXME: change this to be more readable (...)
460         // now check whether it passes through the masks
461         for( start = 0 ; start < SERVERLIST_ANDMASKCOUNT && serverlist_andmasks[start].active; start++ )
462                 if( !_ServerList_Entry_Mask( &serverlist_andmasks[start], &entry->info ) )
463                         return;
464
465         for( start = 0 ; start < SERVERLIST_ORMASKCOUNT && serverlist_ormasks[start].active ; start++ )
466                 if( _ServerList_Entry_Mask( &serverlist_ormasks[start], &entry->info ) )
467                         break;
468         if( start == SERVERLIST_ORMASKCOUNT || (start > 0 && !serverlist_ormasks[start].active) )
469                 return;
470
471         if( !serverlist_viewcount ) {
472                 _ServerList_ViewList_Helper_InsertBefore( 0, entry );
473                 return;
474         }
475         // ok, insert it, we just need to find out where exactly:
476
477         // two special cases
478         // check whether to insert it as new first item
479         if( _ServerList_Entry_Compare( entry, ServerList_GetViewEntry(0) ) ) {
480                 _ServerList_ViewList_Helper_InsertBefore( 0, entry );
481                 return;
482         } // check whether to insert it as new last item
483         else if( !_ServerList_Entry_Compare( entry, ServerList_GetViewEntry(serverlist_viewcount - 1) ) ) {
484                 _ServerList_ViewList_Helper_InsertBefore( serverlist_viewcount, entry );
485                 return;
486         }
487         start = 0;
488         end = serverlist_viewcount - 1;
489         while( end > start + 1 )
490         {
491                 mid = (start + end) / 2;
492                 // test the item that lies in the middle between start and end
493                 if( _ServerList_Entry_Compare( entry, ServerList_GetViewEntry(mid) ) )
494                         // the item has to be in the upper half
495                         end = mid;
496                 else
497                         // the item has to be in the lower half
498                         start = mid;
499         }
500         _ServerList_ViewList_Helper_InsertBefore( start + 1, entry );
501 }
502
503 static void ServerList_ViewList_Remove( serverlist_entry_t *entry )
504 {
505         int i;
506         for( i = 0; i < serverlist_viewcount; i++ )
507         {
508                 if (ServerList_GetViewEntry(i) == entry)
509                 {
510                         _ServerList_ViewList_Helper_Remove(i);
511                         break;
512                 }
513         }
514 }
515
516 void ServerList_RebuildViewList(void)
517 {
518         int i;
519
520         serverlist_viewcount = 0;
521         for( i = 0 ; i < serverlist_cachecount ; i++ ) {
522                 serverlist_entry_t *entry = &serverlist_cache[i];
523                 // also display entries that are currently being refreshed [11/8/2007 Black]
524                 if( entry->query == SQS_QUERIED || entry->query == SQS_REFRESHING )
525                         ServerList_ViewList_Insert( entry );
526         }
527 }
528
529 void ServerList_ResetMasks(void)
530 {
531         int i;
532
533         memset( &serverlist_andmasks, 0, sizeof( serverlist_andmasks ) );
534         memset( &serverlist_ormasks, 0, sizeof( serverlist_ormasks ) );
535         // numbots needs to be compared to -1 to always succeed
536         for(i = 0; i < SERVERLIST_ANDMASKCOUNT; ++i)
537                 serverlist_andmasks[i].info.numbots = -1;
538         for(i = 0; i < SERVERLIST_ORMASKCOUNT; ++i)
539                 serverlist_ormasks[i].info.numbots = -1;
540 }
541
542 void ServerList_GetPlayerStatistics(int *numplayerspointer, int *maxplayerspointer)
543 {
544         int i;
545         int numplayers = 0, maxplayers = 0;
546         for (i = 0;i < serverlist_cachecount;i++)
547         {
548                 if (serverlist_cache[i].query == SQS_QUERIED)
549                 {
550                         numplayers += serverlist_cache[i].info.numhumans;
551                         maxplayers += serverlist_cache[i].info.maxplayers;
552                 }
553         }
554         *numplayerspointer = numplayers;
555         *maxplayerspointer = maxplayers;
556 }
557
558 #if 0
559 static void _ServerList_Test(void)
560 {
561         int i;
562         if (serverlist_maxcachecount <= 1024)
563         {
564                 serverlist_maxcachecount = 1024;
565                 serverlist_cache = (serverlist_entry_t *)Mem_Realloc(netconn_mempool, (void *)serverlist_cache, sizeof(serverlist_entry_t) * serverlist_maxcachecount);
566         }
567         for( i = 0 ; i < 1024 ; i++ ) {
568                 memset( &serverlist_cache[serverlist_cachecount], 0, sizeof( serverlist_entry_t ) );
569                 serverlist_cache[serverlist_cachecount].info.ping = 1000 + 1024 - i;
570                 dpsnprintf( serverlist_cache[serverlist_cachecount].info.name, sizeof(serverlist_cache[serverlist_cachecount].info.name), "Black's ServerList Test %i", i );
571                 serverlist_cache[serverlist_cachecount].finished = true;
572                 dpsnprintf( serverlist_cache[serverlist_cachecount].line1, sizeof(serverlist_cache[serverlist_cachecount].info.line1), "%i %s", serverlist_cache[serverlist_cachecount].info.ping, serverlist_cache[serverlist_cachecount].info.name );
573                 ServerList_ViewList_Insert( &serverlist_cache[serverlist_cachecount] );
574                 serverlist_cachecount++;
575         }
576 }
577 #endif
578
579 void ServerList_QueryList(qbool resetcache, qbool querydp, qbool queryqw, qbool consoleoutput)
580 {
581         masterquerytime = host.realtime;
582         masterquerycount = 0;
583         masterreplycount = 0;
584         if( resetcache ) {
585                 serverquerycount = 0;
586                 serverreplycount = 0;
587                 serverlist_cachecount = 0;
588                 serverlist_viewcount = 0;
589                 serverlist_maxcachecount = 0;
590                 serverlist_cache = (serverlist_entry_t *)Mem_Realloc(netconn_mempool, (void *)serverlist_cache, sizeof(serverlist_entry_t) * serverlist_maxcachecount);
591         } else {
592                 // refresh all entries
593                 int n;
594                 for( n = 0 ; n < serverlist_cachecount ; n++ ) {
595                         serverlist_entry_t *entry = &serverlist_cache[ n ];
596                         entry->query = SQS_REFRESHING;
597                         entry->querycounter = 0;
598                 }
599         }
600         serverlist_consoleoutput = consoleoutput;
601
602         //_ServerList_Test();
603
604         NetConn_QueryMasters(querydp, queryqw);
605 }
606 #endif
607
608 // rest
609
610 int NetConn_Read(lhnetsocket_t *mysocket, void *data, int maxlength, lhnetaddress_t *peeraddress)
611 {
612         int length;
613         int i;
614         if (mysocket->address.addresstype == LHNETADDRESSTYPE_LOOP && netconn_mutex)
615                 Thread_LockMutex(netconn_mutex);
616         length = LHNET_Read(mysocket, data, maxlength, peeraddress);
617         if (mysocket->address.addresstype == LHNETADDRESSTYPE_LOOP && netconn_mutex)
618                 Thread_UnlockMutex(netconn_mutex);
619         if (length == 0)
620                 return 0;
621         if (net_fakeloss_receive.integer)
622                 for (i = 0;i < cl_numsockets;i++)
623                         if (cl_sockets[i] == mysocket && (rand() % 100) < net_fakeloss_receive.integer)
624                                 return 0;
625         if (developer_networking.integer)
626         {
627                 char addressstring[128], addressstring2[128];
628                 LHNETADDRESS_ToString(LHNET_AddressFromSocket(mysocket), addressstring, sizeof(addressstring), true);
629                 if (length > 0)
630                 {
631                         LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true);
632                         Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i from %s:\n", (void *)mysocket, addressstring, (void *)data, maxlength, (void *)peeraddress, length, addressstring2);
633                         Com_HexDumpToConsole((unsigned char *)data, length);
634                 }
635                 else
636                         Con_Printf("LHNET_Read(%p (%s), %p, %i, %p) = %i\n", (void *)mysocket, addressstring, (void *)data, maxlength, (void *)peeraddress, length);
637         }
638         return length;
639 }
640
641 int NetConn_Write(lhnetsocket_t *mysocket, const void *data, int length, const lhnetaddress_t *peeraddress)
642 {
643         int ret;
644         int i;
645         if (net_fakeloss_send.integer)
646                 for (i = 0;i < cl_numsockets;i++)
647                         if (cl_sockets[i] == mysocket && (rand() % 100) < net_fakeloss_send.integer)
648                                 return length;
649         if (mysocket->address.addresstype == LHNETADDRESSTYPE_LOOP && netconn_mutex)
650                 Thread_LockMutex(netconn_mutex);
651         ret = LHNET_Write(mysocket, data, length, peeraddress);
652         if (mysocket->address.addresstype == LHNETADDRESSTYPE_LOOP && netconn_mutex)
653                 Thread_UnlockMutex(netconn_mutex);
654         if (developer_networking.integer)
655         {
656                 char addressstring[128], addressstring2[128];
657                 LHNETADDRESS_ToString(LHNET_AddressFromSocket(mysocket), addressstring, sizeof(addressstring), true);
658                 LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true);
659                 Con_Printf("LHNET_Write(%p (%s), %p, %i, %p (%s)) = %i%s\n", (void *)mysocket, addressstring, (void *)data, length, (void *)peeraddress, addressstring2, length, ret == length ? "" : " (ERROR)");
660                 Com_HexDumpToConsole((unsigned char *)data, length);
661         }
662         return ret;
663 }
664
665 int NetConn_WriteString(lhnetsocket_t *mysocket, const char *string, const lhnetaddress_t *peeraddress)
666 {
667         // note this does not include the trailing NULL because we add that in the parser
668         return NetConn_Write(mysocket, string, (int)strlen(string), peeraddress);
669 }
670
671 qbool NetConn_CanSend(netconn_t *conn)
672 {
673         conn->outgoing_packetcounter = (conn->outgoing_packetcounter + 1) % NETGRAPH_PACKETS;
674         conn->outgoing_netgraph[conn->outgoing_packetcounter].time            = host.realtime;
675         conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET;
676         conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes   = NETGRAPH_NOPACKET;
677         conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes        = NETGRAPH_NOPACKET;
678         conn->outgoing_netgraph[conn->outgoing_packetcounter].cleartime       = conn->cleartime;
679         if (host.realtime > conn->cleartime)
680                 return true;
681         else
682         {
683                 conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_CHOKEDPACKET;
684                 return false;
685         }
686 }
687
688 static void NetConn_UpdateCleartime(double *cleartime, int rate, int burstsize, int len)
689 {
690         double bursttime = burstsize / (double)rate;
691
692         // delay later packets to obey rate limit
693         if (*cleartime < host.realtime - bursttime)
694                 *cleartime = host.realtime - bursttime;
695         *cleartime = *cleartime + len / (double)rate;
696
697         // limit bursts to one packet in size ("dialup mode" emulating old behaviour)
698         if (net_test.integer)
699         {
700                 if (*cleartime < host.realtime)
701                         *cleartime = host.realtime;
702         }
703 }
704
705 static int NetConn_AddCryptoFlag(crypto_t *crypto)
706 {
707         // HACK: if an encrypted connection is used, randomly set some unused
708         // flags. When AES encryption is enabled, that will make resends differ
709         // from the original, so that e.g. substring filters in a router/IPS
710         // are unlikely to match a second time. See also "startkeylogger".
711         int flag = 0;
712         if (crypto->authenticated)
713         {
714                 // Let's always set at least one of the bits.
715                 int r = rand() % 7 + 1;
716                 if (r & 1)
717                         flag |= NETFLAG_CRYPTO0;
718                 if (r & 2)
719                         flag |= NETFLAG_CRYPTO1;
720                 if (r & 4)
721                         flag |= NETFLAG_CRYPTO2;
722         }
723         return flag;
724 }
725
726 int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolversion_t protocol, int rate, int burstsize, qbool quakesignon_suppressreliables)
727 {
728         int totallen = 0;
729         unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
730         unsigned char cryptosendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
731
732         // if this packet was supposedly choked, but we find ourselves sending one
733         // anyway, make sure the size counting starts at zero
734         // (this mostly happens on level changes and disconnects and such)
735         if (conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes == NETGRAPH_CHOKEDPACKET)
736                 conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes = NETGRAPH_NOPACKET;
737
738         conn->outgoing_netgraph[conn->outgoing_packetcounter].cleartime = conn->cleartime;
739
740         if (protocol == PROTOCOL_QUAKEWORLD)
741         {
742                 int packetLen;
743                 qbool sendreliable;
744
745                 // note that it is ok to send empty messages to the qw server,
746                 // otherwise it won't respond to us at all
747
748                 sendreliable = false;
749                 // if the remote side dropped the last reliable message, resend it
750                 if (conn->qw.incoming_acknowledged > conn->qw.last_reliable_sequence && conn->qw.incoming_reliable_acknowledged != conn->qw.reliable_sequence)
751                         sendreliable = true;
752                 // if the reliable transmit buffer is empty, copy the current message out
753                 if (!conn->sendMessageLength && conn->message.cursize)
754                 {
755                         memcpy (conn->sendMessage, conn->message.data, conn->message.cursize);
756                         conn->sendMessageLength = conn->message.cursize;
757                         SZ_Clear(&conn->message); // clear the message buffer
758                         conn->qw.reliable_sequence ^= 1;
759                         sendreliable = true;
760                 }
761                 // outgoing unreliable packet number, and outgoing reliable packet number (0 or 1)
762                 StoreLittleLong(sendbuffer, conn->outgoing_unreliable_sequence | (((unsigned int)sendreliable)<<31));
763                 // last received unreliable packet number, and last received reliable packet number (0 or 1)
764                 StoreLittleLong(sendbuffer + 4, conn->qw.incoming_sequence | (((unsigned int)conn->qw.incoming_reliable_sequence)<<31));
765                 packetLen = 8;
766                 conn->outgoing_unreliable_sequence++;
767                 // client sends qport in every packet
768                 if (conn == cls.netcon)
769                 {
770                         *((short *)(sendbuffer + 8)) = LittleShort(cls.qw_qport);
771                         packetLen += 2;
772                         // also update cls.qw_outgoing_sequence
773                         cls.qw_outgoing_sequence = conn->outgoing_unreliable_sequence;
774                 }
775                 if (packetLen + (sendreliable ? conn->sendMessageLength : 0) > 1400)
776                 {
777                         Con_Printf ("NetConn_SendUnreliableMessage: reliable message too big %u\n", data->cursize);
778                         return -1;
779                 }
780
781                 conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += packetLen + 28;
782
783                 // add the reliable message if there is one
784                 if (sendreliable)
785                 {
786                         conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += conn->sendMessageLength + 28;
787                         memcpy(sendbuffer + packetLen, conn->sendMessage, conn->sendMessageLength);
788                         packetLen += conn->sendMessageLength;
789                         conn->qw.last_reliable_sequence = conn->outgoing_unreliable_sequence;
790                 }
791
792                 // add the unreliable message if possible
793                 if (packetLen + data->cursize <= 1400)
794                 {
795                         conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += data->cursize + 28;
796                         memcpy(sendbuffer + packetLen, data->data, data->cursize);
797                         packetLen += data->cursize;
798                 }
799
800                 NetConn_Write(conn->mysocket, (void *)&sendbuffer, packetLen, &conn->peeraddress);
801
802                 conn->packetsSent++;
803                 conn->unreliableMessagesSent++;
804
805                 totallen += packetLen + 28;
806         }
807         else
808         {
809                 unsigned int packetLen;
810                 unsigned int dataLen;
811                 unsigned int eom;
812                 const void *sendme;
813                 size_t sendmelen;
814
815                 // if a reliable message fragment has been lost, send it again
816                 if (conn->sendMessageLength && (host.realtime - conn->lastSendTime) > 1.0)
817                 {
818                         if (conn->sendMessageLength <= MAX_PACKETFRAGMENT)
819                         {
820                                 dataLen = conn->sendMessageLength;
821                                 eom = NETFLAG_EOM;
822                         }
823                         else
824                         {
825                                 dataLen = MAX_PACKETFRAGMENT;
826                                 eom = 0;
827                         }
828
829                         packetLen = NET_HEADERSIZE + dataLen;
830
831                         StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
832                         StoreBigLong(sendbuffer + 4, conn->nq.sendSequence - 1);
833                         memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
834
835                         conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += packetLen + 28;
836
837                         sendme = Crypto_EncryptPacket(&conn->crypto, &sendbuffer, packetLen, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
838                         if (sendme && NetConn_Write(conn->mysocket, sendme, (int)sendmelen, &conn->peeraddress) == (int)sendmelen)
839                         {
840                                 conn->lastSendTime = host.realtime;
841                                 conn->packetsReSent++;
842                         }
843
844                         totallen += (int)sendmelen + 28;
845                 }
846
847                 // if we have a new reliable message to send, do so
848                 if (!conn->sendMessageLength && conn->message.cursize && !quakesignon_suppressreliables)
849                 {
850                         if (conn->message.cursize > (int)sizeof(conn->sendMessage))
851                         {
852                                 Con_Printf("NetConn_SendUnreliableMessage: reliable message too big (%u > %u)\n", conn->message.cursize, (int)sizeof(conn->sendMessage));
853                                 conn->message.overflowed = true;
854                                 return -1;
855                         }
856
857                         if (developer_networking.integer && conn == cls.netcon)
858                         {
859                                 Con_Print("client sending reliable message to server:\n");
860                                 SZ_HexDumpToConsole(&conn->message);
861                         }
862
863                         memcpy(conn->sendMessage, conn->message.data, conn->message.cursize);
864                         conn->sendMessageLength = conn->message.cursize;
865                         SZ_Clear(&conn->message);
866
867                         if (conn->sendMessageLength <= MAX_PACKETFRAGMENT)
868                         {
869                                 dataLen = conn->sendMessageLength;
870                                 eom = NETFLAG_EOM;
871                         }
872                         else
873                         {
874                                 dataLen = MAX_PACKETFRAGMENT;
875                                 eom = 0;
876                         }
877
878                         packetLen = NET_HEADERSIZE + dataLen;
879
880                         StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
881                         StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
882                         memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
883
884                         conn->nq.sendSequence++;
885
886                         conn->outgoing_netgraph[conn->outgoing_packetcounter].reliablebytes += packetLen + 28;
887
888                         sendme = Crypto_EncryptPacket(&conn->crypto, &sendbuffer, packetLen, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
889                         if(sendme)
890                                 NetConn_Write(conn->mysocket, sendme, (int)sendmelen, &conn->peeraddress);
891
892                         conn->lastSendTime = host.realtime;
893                         conn->packetsSent++;
894                         conn->reliableMessagesSent++;
895
896                         totallen += (int)sendmelen + 28;
897                 }
898
899                 // if we have an unreliable message to send, do so
900                 if (data->cursize)
901                 {
902                         packetLen = NET_HEADERSIZE + data->cursize;
903
904                         if (packetLen > (int)sizeof(sendbuffer))
905                         {
906                                 Con_Printf("NetConn_SendUnreliableMessage: message too big %u\n", data->cursize);
907                                 return -1;
908                         }
909
910                         StoreBigLong(sendbuffer, packetLen | NETFLAG_UNRELIABLE | NetConn_AddCryptoFlag(&conn->crypto));
911                         StoreBigLong(sendbuffer + 4, conn->outgoing_unreliable_sequence);
912                         memcpy(sendbuffer + NET_HEADERSIZE, data->data, data->cursize);
913
914                         conn->outgoing_unreliable_sequence++;
915
916                         conn->outgoing_netgraph[conn->outgoing_packetcounter].unreliablebytes += packetLen + 28;
917
918                         sendme = Crypto_EncryptPacket(&conn->crypto, &sendbuffer, packetLen, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
919                         if(sendme)
920                                 NetConn_Write(conn->mysocket, sendme, (int)sendmelen, &conn->peeraddress);
921
922                         conn->packetsSent++;
923                         conn->unreliableMessagesSent++;
924
925                         totallen += (int)sendmelen + 28;
926                 }
927         }
928
929         NetConn_UpdateCleartime(&conn->cleartime, rate, burstsize, totallen);
930
931         return 0;
932 }
933
934 qbool NetConn_HaveClientPorts(void)
935 {
936         return !!cl_numsockets;
937 }
938
939 qbool NetConn_HaveServerPorts(void)
940 {
941         return !!sv_numsockets;
942 }
943
944 void NetConn_CloseClientPorts(void)
945 {
946         for (;cl_numsockets > 0;cl_numsockets--)
947                 if (cl_sockets[cl_numsockets - 1])
948                         LHNET_CloseSocket(cl_sockets[cl_numsockets - 1]);
949 }
950
951 static void NetConn_OpenClientPort(const char *addressstring, lhnetaddresstype_t addresstype, int defaultport)
952 {
953         lhnetaddress_t address;
954         lhnetsocket_t *s;
955         int success;
956         char addressstring2[1024];
957         if (addressstring && addressstring[0])
958                 success = LHNETADDRESS_FromString(&address, addressstring, defaultport);
959         else
960                 success = LHNETADDRESS_FromPort(&address, addresstype, defaultport);
961         if (success)
962         {
963                 if ((s = LHNET_OpenSocket_Connectionless(&address)))
964                 {
965                         cl_sockets[cl_numsockets++] = s;
966                         LHNETADDRESS_ToString(LHNET_AddressFromSocket(s), addressstring2, sizeof(addressstring2), true);
967                         if (addresstype != LHNETADDRESSTYPE_LOOP)
968                                 Con_Printf("Client opened a socket on address %s\n", addressstring2);
969                 }
970                 else
971                 {
972                         LHNETADDRESS_ToString(&address, addressstring2, sizeof(addressstring2), true);
973                         Con_Printf(CON_ERROR "Client failed to open a socket on address %s\n", addressstring2);
974                 }
975         }
976         else
977                 Con_Printf(CON_ERROR "Client unable to parse address %s\n", addressstring);
978 }
979
980 void NetConn_OpenClientPorts(void)
981 {
982         int port;
983         NetConn_CloseClientPorts();
984
985         SV_LockThreadMutex(); // FIXME recursive?
986         Crypto_LoadKeys(); // client sockets
987         SV_UnlockThreadMutex();
988
989         port = bound(0, cl_netport.integer, 65535);
990         if (cl_netport.integer != port)
991                 Cvar_SetValueQuick(&cl_netport, port);
992         if(port == 0)
993                 Con_Printf("Client using an automatically assigned port\n");
994         else
995                 Con_Printf("Client using port %i\n", port);
996         NetConn_OpenClientPort(NULL, LHNETADDRESSTYPE_LOOP, 2);
997         NetConn_OpenClientPort(net_address.string, LHNETADDRESSTYPE_INET4, port);
998 #ifndef NOSUPPORTIPV6
999         NetConn_OpenClientPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port);
1000 #endif
1001 }
1002
1003 void NetConn_CloseServerPorts(void)
1004 {
1005         for (;sv_numsockets > 0;sv_numsockets--)
1006                 if (sv_sockets[sv_numsockets - 1])
1007                         LHNET_CloseSocket(sv_sockets[sv_numsockets - 1]);
1008 }
1009
1010 static qbool NetConn_OpenServerPort(const char *addressstring, lhnetaddresstype_t addresstype, int defaultport, int range)
1011 {
1012         lhnetaddress_t address;
1013         lhnetsocket_t *s;
1014         int port;
1015         char addressstring2[1024];
1016         int success;
1017
1018         for (port = defaultport; port <= defaultport + range; port++)
1019         {
1020                 if (addressstring && addressstring[0])
1021                         success = LHNETADDRESS_FromString(&address, addressstring, port);
1022                 else
1023                         success = LHNETADDRESS_FromPort(&address, addresstype, port);
1024                 if (success)
1025                 {
1026                         if ((s = LHNET_OpenSocket_Connectionless(&address)))
1027                         {
1028                                 sv_sockets[sv_numsockets++] = s;
1029                                 LHNETADDRESS_ToString(LHNET_AddressFromSocket(s), addressstring2, sizeof(addressstring2), true);
1030                                 if (addresstype != LHNETADDRESSTYPE_LOOP)
1031                                         Con_Printf("Server listening on address %s\n", addressstring2);
1032                                 return true;
1033                         }
1034                         else
1035                         {
1036                                 LHNETADDRESS_ToString(&address, addressstring2, sizeof(addressstring2), true);
1037                                 Con_Printf(CON_ERROR "Server failed to open socket on address %s\n", addressstring2);
1038                         }
1039                 }
1040                 else
1041                 {
1042                         Con_Printf(CON_ERROR "Server unable to parse address %s\n", addressstring);
1043                         // if it cant parse one address, it wont be able to parse another for sure
1044                         return false;
1045                 }
1046         }
1047         return false;
1048 }
1049
1050 void NetConn_OpenServerPorts(int opennetports)
1051 {
1052         int port;
1053         NetConn_CloseServerPorts();
1054
1055         SV_LockThreadMutex(); // FIXME recursive?
1056         Crypto_LoadKeys(); // server sockets
1057         SV_UnlockThreadMutex();
1058
1059         NetConn_UpdateSockets();
1060         port = bound(0, sv_netport.integer, 65535);
1061         if (port == 0)
1062                 port = 26000;
1063         if (sv_netport.integer != port)
1064                 Cvar_SetValueQuick(&sv_netport, port);
1065         if (cls.state != ca_dedicated)
1066                 NetConn_OpenServerPort(NULL, LHNETADDRESSTYPE_LOOP, 1, 1);
1067         if (opennetports)
1068         {
1069 #ifndef NOSUPPORTIPV6
1070                 qbool ip4success = NetConn_OpenServerPort(net_address.string, LHNETADDRESSTYPE_INET4, port, 100);
1071                 NetConn_OpenServerPort(net_address_ipv6.string, LHNETADDRESSTYPE_INET6, port, ip4success ? 1 : 100);
1072 #else
1073                 NetConn_OpenServerPort(net_address.string, LHNETADDRESSTYPE_INET4, port, 100);
1074 #endif
1075         }
1076         if (sv_numsockets == 0)
1077                 Host_Error("NetConn_OpenServerPorts: unable to open any ports!");
1078 }
1079
1080 lhnetsocket_t *NetConn_ChooseClientSocketForAddress(lhnetaddress_t *address)
1081 {
1082         int i, a = LHNETADDRESS_GetAddressType(address);
1083         for (i = 0;i < cl_numsockets;i++)
1084                 if (cl_sockets[i] && LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(cl_sockets[i])) == a)
1085                         return cl_sockets[i];
1086         return NULL;
1087 }
1088
1089 lhnetsocket_t *NetConn_ChooseServerSocketForAddress(lhnetaddress_t *address)
1090 {
1091         int i, a = LHNETADDRESS_GetAddressType(address);
1092         for (i = 0;i < sv_numsockets;i++)
1093                 if (sv_sockets[i] && LHNETADDRESS_GetAddressType(LHNET_AddressFromSocket(sv_sockets[i])) == a)
1094                         return sv_sockets[i];
1095         return NULL;
1096 }
1097
1098 netconn_t *NetConn_Open(lhnetsocket_t *mysocket, lhnetaddress_t *peeraddress)
1099 {
1100         netconn_t *conn;
1101         conn = (netconn_t *)Mem_Alloc(netconn_mempool, sizeof(*conn));
1102         conn->mysocket = mysocket;
1103         conn->peeraddress = *peeraddress;
1104         conn->lastMessageTime = host.realtime;
1105         conn->message.data = conn->messagedata;
1106         conn->message.maxsize = sizeof(conn->messagedata);
1107         conn->message.cursize = 0;
1108         // LadyHavoc: (inspired by ProQuake) use a short connect timeout to
1109         // reduce effectiveness of connection request floods
1110         conn->timeout = host.realtime + net_connecttimeout.value;
1111         LHNETADDRESS_ToString(&conn->peeraddress, conn->address, sizeof(conn->address), true);
1112         conn->next = netconn_list;
1113         netconn_list = conn;
1114         return conn;
1115 }
1116
1117 void NetConn_ClearFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength);
1118 void NetConn_Close(netconn_t *conn)
1119 {
1120         netconn_t *c;
1121         // remove connection from list
1122
1123         // allow the client to reconnect immediately
1124         NetConn_ClearFlood(&(conn->peeraddress), sv.connectfloodaddresses, sizeof(sv.connectfloodaddresses) / sizeof(sv.connectfloodaddresses[0]));
1125
1126         if (conn == netconn_list)
1127                 netconn_list = conn->next;
1128         else
1129         {
1130                 for (c = netconn_list;c;c = c->next)
1131                 {
1132                         if (c->next == conn)
1133                         {
1134                                 c->next = conn->next;
1135                                 break;
1136                         }
1137                 }
1138                 // not found in list, we'll avoid crashing here...
1139                 if (!c)
1140                         return;
1141         }
1142         // free connection
1143         Mem_Free(conn);
1144 }
1145
1146 static int clientport = -1;
1147 static int clientport2 = -1;
1148 static int hostport = -1;
1149
1150 // Call on disconnect, during startup, or if cl_netport is changed
1151 void NetConn_UpdateSockets_Client(void)
1152 {
1153         if (cls.state == ca_disconnected && clientport != clientport2)
1154         {
1155                 clientport = clientport2;
1156                 NetConn_CloseClientPorts();
1157         }
1158         if (cl_numsockets == 0)
1159                 NetConn_OpenClientPorts();
1160 }
1161
1162 // Call when cl_port is changed
1163 static void NetConn_cl_netport_Callback(cvar_t *var)
1164 {
1165         if(cls.state != ca_dedicated)
1166         {
1167                 if (clientport2 != var->integer)
1168                 {
1169                         clientport2 = var->integer;
1170                         if (cls.state == ca_connected)
1171                                 Con_Print("Changing \"cl_port\" will not take effect until you reconnect.\n");
1172                 }
1173                 NetConn_UpdateSockets_Client();
1174         }
1175 }
1176
1177 // Call when port is changed
1178 static void NetConn_sv_netport_Callback(cvar_t *var)
1179 {
1180         if (hostport != var->integer)
1181         {
1182                 hostport = var->integer;
1183                 if (sv.active)
1184                         Con_Print("Changing \"port\" will not take effect until \"map\" command is executed.\n");
1185         }
1186 }
1187
1188 void NetConn_UpdateSockets(void)
1189 {
1190         int i, j;
1191
1192         // TODO add logic to automatically close sockets if needed
1193         LHNET_DefaultDSCP(net_tos_dscp.integer);
1194
1195         for (j = 0;j < MAX_RCONS;j++)
1196         {
1197                 i = (cls.rcon_ringpos + j + 1) % MAX_RCONS;
1198                 if(cls.rcon_commands[i][0])
1199                 {
1200                         if(host.realtime > cls.rcon_timeout[i])
1201                         {
1202                                 char s[128];
1203                                 LHNETADDRESS_ToString(&cls.rcon_addresses[i], s, sizeof(s), true);
1204                                 Con_Printf("rcon to %s (for command %s) failed: challenge request timed out\n", s, cls.rcon_commands[i]);
1205                                 cls.rcon_commands[i][0] = 0;
1206                                 --cls.rcon_trying;
1207                                 break;
1208                         }
1209                 }
1210         }
1211 }
1212
1213 static int NetConn_ReceivedMessage(netconn_t *conn, const unsigned char *data, size_t length, protocolversion_t protocol, double newtimeout)
1214 {
1215         int originallength = (int)length;
1216         unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
1217         unsigned char cryptosendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
1218         unsigned char cryptoreadbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
1219         if (length < 8)
1220                 return 0;
1221
1222         if (protocol == PROTOCOL_QUAKEWORLD)
1223         {
1224                 unsigned int sequence, sequence_ack;
1225                 qbool reliable_ack, reliable_message;
1226                 int count;
1227                 //int qport;
1228
1229                 sequence = LittleLong(*((int *)(data + 0)));
1230                 sequence_ack = LittleLong(*((int *)(data + 4)));
1231                 data += 8;
1232                 length -= 8;
1233
1234                 if (conn != cls.netcon)
1235                 {
1236                         // server only
1237                         if (length < 2)
1238                                 return 0;
1239                         // TODO: use qport to identify that this client really is who they say they are?  (and elsewhere in the code to identify the connection without a port match?)
1240                         //qport = LittleShort(*((int *)(data + 8)));
1241                         data += 2;
1242                         length -= 2;
1243                 }
1244
1245                 conn->packetsReceived++;
1246                 reliable_message = (sequence >> 31) != 0;
1247                 reliable_ack = (sequence_ack >> 31) != 0;
1248                 sequence &= ~(1<<31);
1249                 sequence_ack &= ~(1<<31);
1250                 if (sequence <= conn->qw.incoming_sequence)
1251                 {
1252                         //Con_DPrint("Got a stale datagram\n");
1253                         return 0;
1254                 }
1255                 count = sequence - (conn->qw.incoming_sequence + 1);
1256                 if (count > 0)
1257                 {
1258                         conn->droppedDatagrams += count;
1259                         //Con_DPrintf("Dropped %u datagram(s)\n", count);
1260                         // If too may packets have been dropped, only write the
1261                         // last NETGRAPH_PACKETS ones to the netgraph. Why?
1262                         // Because there's no point in writing more than
1263                         // these as the netgraph is going to be full anyway.
1264                         if (count > NETGRAPH_PACKETS)
1265                                 count = NETGRAPH_PACKETS;
1266                         while (count--)
1267                         {
1268                                 conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
1269                                 conn->incoming_netgraph[conn->incoming_packetcounter].time            = host.realtime;
1270                                 conn->incoming_netgraph[conn->incoming_packetcounter].cleartime       = conn->incoming_cleartime;
1271                                 conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET;
1272                                 conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes   = NETGRAPH_NOPACKET;
1273                                 conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes        = NETGRAPH_NOPACKET;
1274                         }
1275                 }
1276                 conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
1277                 conn->incoming_netgraph[conn->incoming_packetcounter].time            = host.realtime;
1278                 conn->incoming_netgraph[conn->incoming_packetcounter].cleartime       = conn->incoming_cleartime;
1279                 conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28;
1280                 conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes   = NETGRAPH_NOPACKET;
1281                 conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes        = NETGRAPH_NOPACKET;
1282                 NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
1283
1284                 // limit bursts to one packet in size ("dialup mode" emulating old behaviour)
1285                 if (net_test.integer)
1286                 {
1287                         if (conn->cleartime < host.realtime)
1288                                 conn->cleartime = host.realtime;
1289                 }
1290
1291                 if (reliable_ack == conn->qw.reliable_sequence)
1292                 {
1293                         // received, now we will be able to send another reliable message
1294                         conn->sendMessageLength = 0;
1295                         conn->reliableMessagesReceived++;
1296                 }
1297                 conn->qw.incoming_sequence = sequence;
1298                 if (conn == cls.netcon)
1299                         cls.qw_incoming_sequence = conn->qw.incoming_sequence;
1300                 conn->qw.incoming_acknowledged = sequence_ack;
1301                 conn->qw.incoming_reliable_acknowledged = reliable_ack;
1302                 if (reliable_message)
1303                         conn->qw.incoming_reliable_sequence ^= 1;
1304                 conn->lastMessageTime = host.realtime;
1305                 conn->timeout = host.realtime + newtimeout;
1306                 conn->unreliableMessagesReceived++;
1307                 if (conn == cls.netcon)
1308                 {
1309                         SZ_Clear(&cl_message);
1310                         SZ_Write(&cl_message, data, (int)length);
1311                         MSG_BeginReading(&cl_message);
1312                 }
1313                 else
1314                 {
1315                         SZ_Clear(&sv_message);
1316                         SZ_Write(&sv_message, data, (int)length);
1317                         MSG_BeginReading(&sv_message);
1318                 }
1319                 return 2;
1320         }
1321         else
1322         {
1323                 unsigned int count;
1324                 unsigned int flags;
1325                 unsigned int sequence;
1326                 size_t qlength;
1327                 const void *sendme;
1328                 size_t sendmelen;
1329
1330                 originallength = (int)length;
1331                 data = (const unsigned char *) Crypto_DecryptPacket(&conn->crypto, data, length, cryptoreadbuffer, &length, sizeof(cryptoreadbuffer));
1332                 if(!data)
1333                         return 0;
1334                 if(length < 8)
1335                         return 0;
1336
1337                 qlength = (unsigned int)BuffBigLong(data);
1338                 flags = qlength & ~NETFLAG_LENGTH_MASK;
1339                 qlength &= NETFLAG_LENGTH_MASK;
1340                 // control packets were already handled
1341                 if (!(flags & NETFLAG_CTL) && qlength == length)
1342                 {
1343                         sequence = BuffBigLong(data + 4);
1344                         conn->packetsReceived++;
1345                         data += 8;
1346                         length -= 8;
1347                         if (flags & NETFLAG_UNRELIABLE)
1348                         {
1349                                 if (sequence >= conn->nq.unreliableReceiveSequence)
1350                                 {
1351                                         if (sequence > conn->nq.unreliableReceiveSequence)
1352                                         {
1353                                                 count = sequence - conn->nq.unreliableReceiveSequence;
1354                                                 conn->droppedDatagrams += count;
1355                                                 //Con_DPrintf("Dropped %u datagram(s)\n", count);
1356                                                 // If too may packets have been dropped, only write the
1357                                                 // last NETGRAPH_PACKETS ones to the netgraph. Why?
1358                                                 // Because there's no point in writing more than
1359                                                 // these as the netgraph is going to be full anyway.
1360                                                 if (count > NETGRAPH_PACKETS)
1361                                                         count = NETGRAPH_PACKETS;
1362                                                 while (count--)
1363                                                 {
1364                                                         conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
1365                                                         conn->incoming_netgraph[conn->incoming_packetcounter].time            = host.realtime;
1366                                                         conn->incoming_netgraph[conn->incoming_packetcounter].cleartime       = conn->incoming_cleartime;
1367                                                         conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = NETGRAPH_LOSTPACKET;
1368                                                         conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes   = NETGRAPH_NOPACKET;
1369                                                         conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes        = NETGRAPH_NOPACKET;
1370                                                 }
1371                                         }
1372                                         conn->incoming_packetcounter = (conn->incoming_packetcounter + 1) % NETGRAPH_PACKETS;
1373                                         conn->incoming_netgraph[conn->incoming_packetcounter].time            = host.realtime;
1374                                         conn->incoming_netgraph[conn->incoming_packetcounter].cleartime       = conn->incoming_cleartime;
1375                                         conn->incoming_netgraph[conn->incoming_packetcounter].unreliablebytes = originallength + 28;
1376                                         conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes   = NETGRAPH_NOPACKET;
1377                                         conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes        = NETGRAPH_NOPACKET;
1378                                         NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
1379
1380                                         conn->nq.unreliableReceiveSequence = sequence + 1;
1381                                         conn->lastMessageTime = host.realtime;
1382                                         conn->timeout = host.realtime + newtimeout;
1383                                         conn->unreliableMessagesReceived++;
1384                                         if (length > 0)
1385                                         {
1386                                                 if (conn == cls.netcon)
1387                                                 {
1388                                                         SZ_Clear(&cl_message);
1389                                                         SZ_Write(&cl_message, data, (int)length);
1390                                                         MSG_BeginReading(&cl_message);
1391                                                 }
1392                                                 else
1393                                                 {
1394                                                         SZ_Clear(&sv_message);
1395                                                         SZ_Write(&sv_message, data, (int)length);
1396                                                         MSG_BeginReading(&sv_message);
1397                                                 }
1398                                                 return 2;
1399                                         }
1400                                 }
1401                                 //else
1402                                 //      Con_DPrint("Got a stale datagram\n");
1403                                 return 1;
1404                         }
1405                         else if (flags & NETFLAG_ACK)
1406                         {
1407                                 conn->incoming_netgraph[conn->incoming_packetcounter].ackbytes += originallength + 28;
1408                                 NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
1409
1410                                 if (sequence == (conn->nq.sendSequence - 1))
1411                                 {
1412                                         if (sequence == conn->nq.ackSequence)
1413                                         {
1414                                                 conn->nq.ackSequence++;
1415                                                 if (conn->nq.ackSequence != conn->nq.sendSequence)
1416                                                         Con_DPrint("ack sequencing error\n");
1417                                                 conn->lastMessageTime = host.realtime;
1418                                                 conn->timeout = host.realtime + newtimeout;
1419                                                 if (conn->sendMessageLength > MAX_PACKETFRAGMENT)
1420                                                 {
1421                                                         unsigned int packetLen;
1422                                                         unsigned int dataLen;
1423                                                         unsigned int eom;
1424
1425                                                         conn->sendMessageLength -= MAX_PACKETFRAGMENT;
1426                                                         memmove(conn->sendMessage, conn->sendMessage+MAX_PACKETFRAGMENT, conn->sendMessageLength);
1427
1428                                                         if (conn->sendMessageLength <= MAX_PACKETFRAGMENT)
1429                                                         {
1430                                                                 dataLen = conn->sendMessageLength;
1431                                                                 eom = NETFLAG_EOM;
1432                                                         }
1433                                                         else
1434                                                         {
1435                                                                 dataLen = MAX_PACKETFRAGMENT;
1436                                                                 eom = 0;
1437                                                         }
1438
1439                                                         packetLen = NET_HEADERSIZE + dataLen;
1440
1441                                                         StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
1442                                                         StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
1443                                                         memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
1444
1445                                                         conn->nq.sendSequence++;
1446
1447                                                         sendme = Crypto_EncryptPacket(&conn->crypto, &sendbuffer, packetLen, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
1448                                                         if (sendme && NetConn_Write(conn->mysocket, sendme, (int)sendmelen, &conn->peeraddress) == (int)sendmelen)
1449                                                         {
1450                                                                 conn->lastSendTime = host.realtime;
1451                                                                 conn->packetsSent++;
1452                                                         }
1453                                                 }
1454                                                 else
1455                                                         conn->sendMessageLength = 0;
1456                                         }
1457                                         //else
1458                                         //      Con_DPrint("Duplicate ACK received\n");
1459                                 }
1460                                 //else
1461                                 //      Con_DPrint("Stale ACK received\n");
1462                                 return 1;
1463                         }
1464                         else if (flags & NETFLAG_DATA)
1465                         {
1466                                 unsigned char temppacket[8];
1467                                 conn->incoming_netgraph[conn->incoming_packetcounter].reliablebytes   += originallength + 28;
1468                                 NetConn_UpdateCleartime(&conn->incoming_cleartime, cl_rate.integer, cl_rate_burstsize.integer, originallength + 28);
1469
1470                                 conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes        += 8 + 28;
1471
1472                                 StoreBigLong(temppacket, 8 | NETFLAG_ACK | NetConn_AddCryptoFlag(&conn->crypto));
1473                                 StoreBigLong(temppacket + 4, sequence);
1474                                 sendme = Crypto_EncryptPacket(&conn->crypto, temppacket, 8, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
1475                                 if(sendme)
1476                                         NetConn_Write(conn->mysocket, sendme, (int)sendmelen, &conn->peeraddress);
1477                                 if (sequence == conn->nq.receiveSequence)
1478                                 {
1479                                         conn->lastMessageTime = host.realtime;
1480                                         conn->timeout = host.realtime + newtimeout;
1481                                         conn->nq.receiveSequence++;
1482                                         if( conn->receiveMessageLength + length <= (int)sizeof( conn->receiveMessage ) ) {
1483                                                 memcpy(conn->receiveMessage + conn->receiveMessageLength, data, length);
1484                                                 conn->receiveMessageLength += (int)length;
1485                                         } else {
1486                                                 Con_Printf( "Reliable message (seq: %i) too big for message buffer!\n"
1487                                                                         "Dropping the message!\n", sequence );
1488                                                 conn->receiveMessageLength = 0;
1489                                                 return 1;
1490                                         }
1491                                         if (flags & NETFLAG_EOM)
1492                                         {
1493                                                 conn->reliableMessagesReceived++;
1494                                                 length = conn->receiveMessageLength;
1495                                                 conn->receiveMessageLength = 0;
1496                                                 if (length > 0)
1497                                                 {
1498                                                         if (conn == cls.netcon)
1499                                                         {
1500                                                                 SZ_Clear(&cl_message);
1501                                                                 SZ_Write(&cl_message, conn->receiveMessage, (int)length);
1502                                                                 MSG_BeginReading(&cl_message);
1503                                                         }
1504                                                         else
1505                                                         {
1506                                                                 SZ_Clear(&sv_message);
1507                                                                 SZ_Write(&sv_message, conn->receiveMessage, (int)length);
1508                                                                 MSG_BeginReading(&sv_message);
1509                                                         }
1510                                                         return 2;
1511                                                 }
1512                                         }
1513                                 }
1514                                 else
1515                                         conn->receivedDuplicateCount++;
1516                                 return 1;
1517                         }
1518                 }
1519         }
1520         return 0;
1521 }
1522
1523 static void NetConn_ConnectionEstablished(lhnetsocket_t *mysocket, lhnetaddress_t *peeraddress, protocolversion_t initialprotocol)
1524 {
1525         crypto_t *crypto;
1526         cls.connect_trying = false;
1527 #ifdef CONFIG_MENU
1528         M_Update_Return_Reason("");
1529 #endif
1530         // Disconnect from the current server or stop demo playback
1531         if(cls.state == ca_connected || cls.demoplayback)
1532                 CL_Disconnect();
1533         // allocate a net connection to keep track of things
1534         cls.netcon = NetConn_Open(mysocket, peeraddress);
1535         crypto = &cls.netcon->crypto;
1536         if(cls.crypto.authenticated)
1537         {
1538                 Crypto_FinishInstance(crypto, &cls.crypto);
1539                 Con_Printf("%s connection to %s has been established: server is %s@%s%.*s, I am %.*s@%s%.*s\n",
1540                                 crypto->use_aes ? "Encrypted" : "Authenticated",
1541                                 cls.netcon->address,
1542                                 crypto->server_idfp[0] ? crypto->server_idfp : "-",
1543                                 (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
1544                                 crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-",
1545                                 crypto_keyfp_recommended_length, crypto->client_idfp[0] ? crypto->client_idfp : "-",
1546                                 (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
1547                                 crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-"
1548                                 );
1549         }
1550         Con_Printf("Connection accepted to %s\n", cls.netcon->address);
1551         key_dest = key_game;
1552 #ifdef CONFIG_MENU
1553         m_state = m_none;
1554 #endif
1555         cls.demonum = -1;                       // not in the demo loop now
1556         cls.state = ca_connected;
1557         cls.signon = 0;                         // need all the signon messages before playing
1558         cls.protocol = initialprotocol;
1559         // reset move sequence numbering on this new connection
1560         cls.servermovesequence = 0;
1561         if (cls.protocol == PROTOCOL_QUAKEWORLD)
1562                 CL_ForwardToServer("new");
1563         if (cls.protocol == PROTOCOL_QUAKE)
1564         {
1565                 // write a keepalive (clc_nop) as it seems to greatly improve the
1566                 // chances of connecting to a netquake server
1567                 sizebuf_t msg;
1568                 unsigned char buf[4];
1569                 memset(&msg, 0, sizeof(msg));
1570                 msg.data = buf;
1571                 msg.maxsize = sizeof(buf);
1572                 MSG_WriteChar(&msg, clc_nop);
1573                 NetConn_SendUnreliableMessage(cls.netcon, &msg, cls.protocol, 10000, 0, false);
1574         }
1575 }
1576
1577 int NetConn_IsLocalGame(void)
1578 {
1579         if (cls.state == ca_connected && sv.active && cl.maxclients == 1)
1580                 return true;
1581         return false;
1582 }
1583
1584 #ifdef CONFIG_MENU
1585 static int NetConn_ClientParsePacket_ServerList_ProcessReply(const char *addressstring)
1586 {
1587         int n;
1588         int pingtime;
1589         serverlist_entry_t *entry = NULL;
1590
1591         // search the cache for this server and update it
1592         for (n = 0;n < serverlist_cachecount;n++) {
1593                 entry = &serverlist_cache[ n ];
1594                 if (!strcmp(addressstring, entry->info.cname))
1595                         break;
1596         }
1597
1598         if (n == serverlist_cachecount)
1599         {
1600                 // LAN search doesnt require an answer from the master server so we wont
1601                 // know the ping nor will it be initialized already...
1602
1603                 // find a slot
1604                 if (serverlist_cachecount == SERVERLIST_TOTALSIZE)
1605                         return -1;
1606
1607                 if (serverlist_maxcachecount <= serverlist_cachecount)
1608                 {
1609                         serverlist_maxcachecount += 64;
1610                         serverlist_cache = (serverlist_entry_t *)Mem_Realloc(netconn_mempool, (void *)serverlist_cache, sizeof(serverlist_entry_t) * serverlist_maxcachecount);
1611                 }
1612                 entry = &serverlist_cache[n];
1613
1614                 memset(entry, 0, sizeof(*entry));
1615                 // store the data the engine cares about (address and ping)
1616                 strlcpy(entry->info.cname, addressstring, sizeof(entry->info.cname));
1617                 entry->info.ping = 100000;
1618                 entry->querytime = host.realtime;
1619                 // if not in the slist menu we should print the server to console
1620                 if (serverlist_consoleoutput)
1621                         Con_Printf("querying %s\n", addressstring);
1622                 ++serverlist_cachecount;
1623         }
1624         // if this is the first reply from this server, count it as having replied
1625         pingtime = (int)((host.realtime - entry->querytime) * 1000.0 + 0.5);
1626         pingtime = bound(0, pingtime, 9999);
1627         if (entry->query == SQS_REFRESHING) {
1628                 entry->info.ping = pingtime;
1629                 entry->query = SQS_QUERIED;
1630         } else {
1631                 // convert to unsigned to catch the -1
1632                 // I still dont like this but its better than the old 10000 magic ping number - as in easier to type and read :( [11/8/2007 Black]
1633                 entry->info.ping = min((unsigned) entry->info.ping, (unsigned) pingtime);
1634                 serverreplycount++;
1635         }
1636         
1637         // other server info is updated by the caller
1638         return n;
1639 }
1640
1641 static void NetConn_ClientParsePacket_ServerList_UpdateCache(int n)
1642 {
1643         serverlist_entry_t *entry = &serverlist_cache[n];
1644         serverlist_info_t *info = &entry->info;
1645         // update description strings for engine menu and console output
1646         dpsnprintf(entry->line1, sizeof(serverlist_cache[n].line1), "^%c%5d^7 ^%c%3u^7/%3u %-65.65s", info->ping >= 300 ? '1' : (info->ping >= 200 ? '3' : '7'), (int)info->ping, ((info->numhumans > 0 && info->numhumans < info->maxplayers) ? (info->numhumans >= 4 ? '7' : '3') : '1'), info->numplayers, info->maxplayers, info->name);
1647         dpsnprintf(entry->line2, sizeof(serverlist_cache[n].line2), "^4%-21.21s %-19.19s ^%c%-17.17s^4 %-20.20s", info->cname, info->game,
1648                         (
1649                          info->gameversion != gameversion.integer
1650                          &&
1651                          !(
1652                                     gameversion_min.integer >= 0 // min/max range set by user/mod?
1653                                  && gameversion_max.integer >= 0
1654                                  && gameversion_min.integer <= info->gameversion // version of server in min/max range?
1655                                  && gameversion_max.integer >= info->gameversion
1656                           )
1657                         ) ? '1' : '4',
1658                         info->mod, info->map);
1659         if (entry->query == SQS_QUERIED)
1660         {
1661                 if(!serverlist_paused)
1662                         ServerList_ViewList_Remove(entry);
1663         }
1664         // if not in the slist menu we should print the server to console (if wanted)
1665         else if( serverlist_consoleoutput )
1666                 Con_Printf("%s\n%s\n", serverlist_cache[n].line1, serverlist_cache[n].line2);
1667         // and finally, update the view set
1668         if(!serverlist_paused)
1669                 ServerList_ViewList_Insert( entry );
1670         //      update the entry's state
1671         serverlist_cache[n].query = SQS_QUERIED;
1672 }
1673
1674 // returns true, if it's sensible to continue the processing
1675 static qbool NetConn_ClientParsePacket_ServerList_PrepareQuery( int protocol, const char *ipstring, qbool isfavorite ) {
1676         int n;
1677         serverlist_entry_t *entry;
1678
1679         //      ignore the rest of the message if the serverlist is full
1680         if( serverlist_cachecount == SERVERLIST_TOTALSIZE )
1681                 return false;
1682         //      also ignore     it      if      we      have already queried    it      (other master server    response)
1683         for( n =        0 ; n   < serverlist_cachecount ; n++   )
1684                 if( !strcmp( ipstring, serverlist_cache[ n ].info.cname ) )
1685                         break;
1686
1687         if( n < serverlist_cachecount ) {
1688                 // the entry has already been queried once or 
1689                 return true;
1690         }
1691
1692         if (serverlist_maxcachecount <= n)
1693         {
1694                 serverlist_maxcachecount += 64;
1695                 serverlist_cache = (serverlist_entry_t *)Mem_Realloc(netconn_mempool, (void *)serverlist_cache, sizeof(serverlist_entry_t) * serverlist_maxcachecount);
1696         }
1697
1698         entry = &serverlist_cache[n];
1699
1700         memset(entry, 0, sizeof(*entry));
1701         entry->protocol =       protocol;
1702         //      store   the data        the engine cares about (address and     ping)
1703         strlcpy (entry->info.cname, ipstring, sizeof(entry->info.cname));
1704
1705         entry->info.isfavorite = isfavorite;
1706         
1707         // no, then reset the ping right away
1708         entry->info.ping = -1;
1709         // we also want to increase the serverlist_cachecount then
1710         serverlist_cachecount++;
1711         serverquerycount++;
1712
1713         entry->query =  SQS_QUERYING;
1714
1715         return true;
1716 }
1717
1718 static void NetConn_ClientParsePacket_ServerList_ParseDPList(lhnetaddress_t *senderaddress, const unsigned char *data, int length, qbool isextended)
1719 {
1720         masterreplycount++;
1721         if (serverlist_consoleoutput)
1722                 Con_Printf("received DarkPlaces %sserver list...\n", isextended ? "extended " : "");
1723         while (length >= 7)
1724         {
1725                 char ipstring [128];
1726
1727                 // IPv4 address
1728                 if (data[0] == '\\')
1729                 {
1730                         unsigned short port = data[5] * 256 + data[6];
1731
1732                         if (port != 0 && (data[1] != 0xFF || data[2] != 0xFF || data[3] != 0xFF || data[4] != 0xFF))
1733                                 dpsnprintf (ipstring, sizeof (ipstring), "%u.%u.%u.%u:%hu", data[1], data[2], data[3], data[4], port);
1734
1735                         // move on to next address in packet
1736                         data += 7;
1737                         length -= 7;
1738                 }
1739                 // IPv6 address
1740                 else if (data[0] == '/' && isextended && length >= 19)
1741                 {
1742                         unsigned short port = data[17] * 256 + data[18];
1743
1744                         if (port != 0)
1745                         {
1746 #ifdef WHY_JUST_WHY
1747                                 const char *ifname;
1748                                 char ifnamebuf[16];
1749
1750                                 /// \TODO: make some basic checks of the IP address (broadcast, ...)
1751
1752                                 ifname = LHNETADDRESS_GetInterfaceName(senderaddress, ifnamebuf, sizeof(ifnamebuf));
1753                                 if (ifname != NULL)
1754                                 {
1755                                         dpsnprintf (ipstring, sizeof (ipstring), "[%x:%x:%x:%x:%x:%x:%x:%x%%%s]:%hu",
1756                                                                 (data[1] << 8) | data[2], (data[3] << 8) | data[4], (data[5] << 8) | data[6], (data[7] << 8) | data[8],
1757                                                                 (data[9] << 8) | data[10], (data[11] << 8) | data[12], (data[13] << 8) | data[14], (data[15] << 8) | data[16],
1758                                                                 ifname, port);
1759                                 }
1760                                 else
1761 #endif
1762                                 {
1763                                         dpsnprintf (ipstring, sizeof (ipstring), "[%x:%x:%x:%x:%x:%x:%x:%x]:%hu",
1764                                                                 (data[1] << 8) | data[2], (data[3] << 8) | data[4], (data[5] << 8) | data[6], (data[7] << 8) | data[8],
1765                                                                 (data[9] << 8) | data[10], (data[11] << 8) | data[12], (data[13] << 8) | data[14], (data[15] << 8) | data[16],
1766                                                                 port);
1767                                 }
1768                         }
1769
1770                         // move on to next address in packet
1771                         data += 19;
1772                         length -= 19;
1773                 }
1774                 else
1775                 {
1776                         Con_Print("Error while parsing the server list\n");
1777                         break;
1778                 }
1779
1780                 if (serverlist_consoleoutput && developer_networking.integer)
1781                         Con_Printf("Requesting info from DarkPlaces server %s\n", ipstring);
1782                 
1783                 if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_DARKPLACES7, ipstring, false ) ) {
1784                         break;
1785                 }
1786
1787         }
1788
1789         // begin or resume serverlist queries
1790         serverlist_querysleep = false;
1791         serverlist_querywaittime = host.realtime + 3;
1792 }
1793 #endif
1794
1795 static int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress)
1796 {
1797         qbool fromserver;
1798         int ret, c;
1799         char *string, addressstring2[128];
1800         char stringbuf[16384];
1801         char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
1802         size_t sendlength;
1803 #ifdef CONFIG_MENU
1804         char infostringvalue[MAX_INPUTLINE];
1805         char ipstring[32];
1806         const char *s;
1807 #endif
1808
1809         // quakeworld ingame packet
1810         fromserver = cls.netcon && mysocket == cls.netcon->mysocket && !LHNETADDRESS_Compare(&cls.netcon->peeraddress, peeraddress);
1811
1812         // convert the address to a string incase we need it
1813         LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true);
1814
1815         if (length >= 5 && data[0] == 255 && data[1] == 255 && data[2] == 255 && data[3] == 255)
1816         {
1817                 // received a command string - strip off the packaging and put it
1818                 // into our string buffer with NULL termination
1819                 data += 4;
1820                 length -= 4;
1821                 length = min(length, (int)sizeof(stringbuf) - 1);
1822                 memcpy(stringbuf, data, length);
1823                 stringbuf[length] = 0;
1824                 string = stringbuf;
1825
1826                 if (developer_networking.integer)
1827                 {
1828                         Con_Printf("NetConn_ClientParsePacket: %s sent us a command:\n", addressstring2);
1829                         Com_HexDumpToConsole(data, length);
1830                 }
1831
1832                 sendlength = sizeof(senddata) - 4;
1833                 switch(Crypto_ClientParsePacket(string, length, senddata+4, &sendlength, peeraddress))
1834                 {
1835                         case CRYPTO_NOMATCH:
1836                                 // nothing to do
1837                                 break;
1838                         case CRYPTO_MATCH:
1839                                 if(sendlength)
1840                                 {
1841                                         memcpy(senddata, "\377\377\377\377", 4);
1842                                         NetConn_Write(mysocket, senddata, (int)sendlength+4, peeraddress);
1843                                 }
1844                                 break;
1845                         case CRYPTO_DISCARD:
1846                                 if(sendlength)
1847                                 {
1848                                         memcpy(senddata, "\377\377\377\377", 4);
1849                                         NetConn_Write(mysocket, senddata, (int)sendlength+4, peeraddress);
1850                                 }
1851                                 return true;
1852                                 break;
1853                         case CRYPTO_REPLACE:
1854                                 string = senddata+4;
1855                                 length = (int)sendlength;
1856                                 break;
1857                 }
1858
1859                 if (length >= 10 && !memcmp(string, "challenge ", 10) && cls.rcon_trying)
1860                 {
1861                         int i = 0, j;
1862                         for (j = 0;j < MAX_RCONS;j++)
1863                         {
1864                                 // note: this value from i is used outside the loop too...
1865                                 i = (cls.rcon_ringpos + j) % MAX_RCONS;
1866                                 if(cls.rcon_commands[i][0])
1867                                         if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[i]))
1868                                                 break;
1869                         }
1870                         if (j < MAX_RCONS)
1871                         {
1872                                 char buf[1500];
1873                                 char argbuf[1500];
1874                                 const char *e;
1875                                 int n;
1876                                 dpsnprintf(argbuf, sizeof(argbuf), "%s %s", string + 10, cls.rcon_commands[i]);
1877                                 memcpy(buf, "\377\377\377\377srcon HMAC-MD4 CHALLENGE ", 29);
1878
1879                                 e = strchr(rcon_password.string, ' ');
1880                                 n = e ? e-rcon_password.string : (int)strlen(rcon_password.string);
1881
1882                                 if(HMAC_MDFOUR_16BYTES((unsigned char *) (buf + 29), (unsigned char *) argbuf, (int)strlen(argbuf), (unsigned char *) rcon_password.string, n))
1883                                 {
1884                                         int k;
1885                                         buf[45] = ' ';
1886                                         strlcpy(buf + 46, argbuf, sizeof(buf) - 46);
1887                                         NetConn_Write(mysocket, buf, 46 + (int)strlen(buf + 46), peeraddress);
1888                                         cls.rcon_commands[i][0] = 0;
1889                                         --cls.rcon_trying;
1890
1891                                         for (k = 0;k < MAX_RCONS;k++)
1892                                                 if(cls.rcon_commands[k][0])
1893                                                         if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[k]))
1894                                                                 break;
1895                                         if(k < MAX_RCONS)
1896                                         {
1897                                                 int l;
1898                                                 NetConn_WriteString(mysocket, "\377\377\377\377getchallenge", peeraddress);
1899                                                 // extend the timeout on other requests as we asked for a challenge
1900                                                 for (l = 0;l < MAX_RCONS;l++)
1901                                                         if(cls.rcon_commands[l][0])
1902                                                                 if (!LHNETADDRESS_Compare(peeraddress, &cls.rcon_addresses[l]))
1903                                                                         cls.rcon_timeout[l] = host.realtime + rcon_secure_challengetimeout.value;
1904                                         }
1905
1906                                         return true; // we used up the challenge, so we can't use this oen for connecting now anyway
1907                                 }
1908                         }
1909                 }
1910                 if (length >= 10 && !memcmp(string, "challenge ", 10) && cls.connect_trying)
1911                 {
1912                         // darkplaces or quake3
1913                         char protocolnames[1400];
1914                         Con_DPrintf("\"%s\" received, sending connect request back to %s\n", string, addressstring2);
1915                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
1916                                 Con_DPrintf("challenge message from wrong server %s\n", addressstring2);
1917                                 return true;
1918                         }
1919                         Protocol_Names(protocolnames, sizeof(protocolnames));
1920 #ifdef CONFIG_MENU
1921                         M_Update_Return_Reason("Got challenge response");
1922 #endif
1923                         // update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
1924                         InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
1925                         // TODO: add userinfo stuff here instead of using NQ commands?
1926                         memcpy(senddata, "\377\377\377\377", 4);
1927                         dpsnprintf(senddata+4, sizeof(senddata)-4, "connect\\protocol\\darkplaces 3\\protocols\\%s%s\\challenge\\%s", protocolnames, cls.connect_userinfo, string + 10);
1928                         NetConn_WriteString(mysocket, senddata, peeraddress);
1929                         return true;
1930                 }
1931                 if (length == 6 && !memcmp(string, "accept", 6) && cls.connect_trying)
1932                 {
1933                         // darkplaces or quake3
1934                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
1935                                 Con_DPrintf("accept message from wrong server %s\n", addressstring2);
1936                                 return true;
1937                         }
1938 #ifdef CONFIG_MENU
1939                         M_Update_Return_Reason("Accepted");
1940 #endif
1941                         NetConn_ConnectionEstablished(mysocket, peeraddress, PROTOCOL_DARKPLACES3);
1942                         return true;
1943                 }
1944                 if (length > 7 && !memcmp(string, "reject ", 7) && cls.connect_trying)
1945                 {
1946                         char rejectreason[128];
1947                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
1948                                 Con_DPrintf("reject message from wrong server %s\n", addressstring2);
1949                                 return true;
1950                         }
1951                         cls.connect_trying = false;
1952                         string += 7;
1953                         length = min(length - 7, (int)sizeof(rejectreason) - 1);
1954                         memcpy(rejectreason, string, length);
1955                         rejectreason[length] = 0;
1956 #ifdef CONFIG_MENU
1957                         M_Update_Return_Reason(rejectreason);
1958 #endif
1959                         return true;
1960                 }
1961 #ifdef CONFIG_MENU
1962                 if(key_dest != key_game)
1963                 {
1964                         if (length >= 15 && !memcmp(string, "statusResponse\x0A", 15))
1965                         {
1966                                 serverlist_info_t *info;
1967                                 char *p;
1968                                 int n;
1969
1970                                 string += 15;
1971                                 // search the cache for this server and update it
1972                                 n = NetConn_ClientParsePacket_ServerList_ProcessReply(addressstring2);
1973                                 if (n < 0)
1974                                         return true;
1975
1976                                 info = &serverlist_cache[n].info;
1977                                 info->game[0] = 0;
1978                                 info->mod[0]  = 0;
1979                                 info->map[0]  = 0;
1980                                 info->name[0] = 0;
1981                                 info->qcstatus[0] = 0;
1982                                 info->players[0] = 0;
1983                                 info->protocol = -1;
1984                                 info->numplayers = 0;
1985                                 info->numbots = -1;
1986                                 info->maxplayers  = 0;
1987                                 info->gameversion = 0;
1988
1989                                 p = strchr(string, '\n');
1990                                 if(p)
1991                                 {
1992                                         *p = 0; // cut off the string there
1993                                         ++p;
1994                                 }
1995                                 else
1996                                         Con_Printf("statusResponse without players block?\n");
1997
1998                                 if ((s = InfoString_GetValue(string, "gamename"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->game, s, sizeof (info->game));
1999                                 if ((s = InfoString_GetValue(string, "modname"      , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->mod , s, sizeof (info->mod ));
2000                                 if ((s = InfoString_GetValue(string, "mapname"      , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->map , s, sizeof (info->map ));
2001                                 if ((s = InfoString_GetValue(string, "hostname"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->name, s, sizeof (info->name));
2002                                 if ((s = InfoString_GetValue(string, "protocol"     , infostringvalue, sizeof(infostringvalue))) != NULL) info->protocol = atoi(s);
2003                                 if ((s = InfoString_GetValue(string, "clients"      , infostringvalue, sizeof(infostringvalue))) != NULL) info->numplayers = atoi(s);
2004                                 if ((s = InfoString_GetValue(string, "bots"         , infostringvalue, sizeof(infostringvalue))) != NULL) info->numbots = atoi(s);
2005                                 if ((s = InfoString_GetValue(string, "sv_maxclients", infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);
2006                                 if ((s = InfoString_GetValue(string, "gameversion"  , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);
2007                                 if ((s = InfoString_GetValue(string, "qcstatus"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->qcstatus, s, sizeof(info->qcstatus));
2008                                 if (p                                                                                         != NULL) strlcpy(info->players, p, sizeof(info->players));
2009                                 info->numhumans = info->numplayers - max(0, info->numbots);
2010                                 info->freeslots = info->maxplayers - info->numplayers;
2011
2012                                 NetConn_ClientParsePacket_ServerList_UpdateCache(n);
2013
2014                                 return true;
2015                         }
2016                         if (length >= 13 && !memcmp(string, "infoResponse\x0A", 13))
2017                         {
2018                                 serverlist_info_t *info;
2019                                 int n;
2020
2021                                 string += 13;
2022                                 // search the cache for this server and update it
2023                                 n = NetConn_ClientParsePacket_ServerList_ProcessReply(addressstring2);
2024                                 if (n < 0)
2025                                         return true;
2026
2027                                 info = &serverlist_cache[n].info;
2028                                 info->game[0] = 0;
2029                                 info->mod[0]  = 0;
2030                                 info->map[0]  = 0;
2031                                 info->name[0] = 0;
2032                                 info->qcstatus[0] = 0;
2033                                 info->players[0] = 0;
2034                                 info->protocol = -1;
2035                                 info->numplayers = 0;
2036                                 info->numbots = -1;
2037                                 info->maxplayers  = 0;
2038                                 info->gameversion = 0;
2039
2040                                 if ((s = InfoString_GetValue(string, "gamename"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->game, s, sizeof (info->game));
2041                                 if ((s = InfoString_GetValue(string, "modname"      , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->mod , s, sizeof (info->mod ));
2042                                 if ((s = InfoString_GetValue(string, "mapname"      , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->map , s, sizeof (info->map ));
2043                                 if ((s = InfoString_GetValue(string, "hostname"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->name, s, sizeof (info->name));
2044                                 if ((s = InfoString_GetValue(string, "protocol"     , infostringvalue, sizeof(infostringvalue))) != NULL) info->protocol = atoi(s);
2045                                 if ((s = InfoString_GetValue(string, "clients"      , infostringvalue, sizeof(infostringvalue))) != NULL) info->numplayers = atoi(s);
2046                                 if ((s = InfoString_GetValue(string, "bots"         , infostringvalue, sizeof(infostringvalue))) != NULL) info->numbots = atoi(s);
2047                                 if ((s = InfoString_GetValue(string, "sv_maxclients", infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);
2048                                 if ((s = InfoString_GetValue(string, "gameversion"  , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);
2049                                 if ((s = InfoString_GetValue(string, "qcstatus"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->qcstatus, s, sizeof(info->qcstatus));
2050                                 info->numhumans = info->numplayers - max(0, info->numbots);
2051                                 info->freeslots = info->maxplayers - info->numplayers;
2052
2053                                 NetConn_ClientParsePacket_ServerList_UpdateCache(n);
2054
2055                                 return true;
2056                         }
2057                         if (!strncmp(string, "getserversResponse\\", 19) && serverlist_cachecount < SERVERLIST_TOTALSIZE)
2058                         {
2059                                 // Extract the IP addresses
2060                                 data += 18;
2061                                 length -= 18;
2062                                 NetConn_ClientParsePacket_ServerList_ParseDPList(peeraddress, data, length, false);
2063                                 return true;
2064                         }
2065                         if (!strncmp(string, "getserversExtResponse", 21) && serverlist_cachecount < SERVERLIST_TOTALSIZE)
2066                         {
2067                                 // Extract the IP addresses
2068                                 data += 21;
2069                                 length -= 21;
2070                                 NetConn_ClientParsePacket_ServerList_ParseDPList(peeraddress, data, length, true);
2071                                 return true;
2072                         }
2073                         if (!memcmp(string, "d\n", 2) && serverlist_cachecount < SERVERLIST_TOTALSIZE)
2074                         {
2075                                 // Extract the IP addresses
2076                                 data += 2;
2077                                 length -= 2;
2078                                 masterreplycount++;
2079                                 if (serverlist_consoleoutput)
2080                                         Con_Printf("received QuakeWorld server list from %s...\n", addressstring2);
2081                                 while (length >= 6 && (data[0] != 0xFF || data[1] != 0xFF || data[2] != 0xFF || data[3] != 0xFF) && data[4] * 256 + data[5] != 0)
2082                                 {
2083                                         dpsnprintf (ipstring, sizeof (ipstring), "%u.%u.%u.%u:%u", data[0], data[1], data[2], data[3], data[4] * 256 + data[5]);
2084                                         if (serverlist_consoleoutput && developer_networking.integer)
2085                                                 Con_Printf("Requesting info from QuakeWorld server %s\n", ipstring);
2086                                         
2087                                         if( !NetConn_ClientParsePacket_ServerList_PrepareQuery( PROTOCOL_QUAKEWORLD, ipstring, false ) ) {
2088                                                 break;
2089                                         }
2090
2091                                         // move on to next address in packet
2092                                         data += 6;
2093                                         length -= 6;
2094                                 }
2095                                 // begin or resume serverlist queries
2096                                 serverlist_querysleep = false;
2097                                 serverlist_querywaittime = host.realtime + 3;
2098                                 return true;
2099                         }
2100                 }
2101 #endif
2102                 if (!strncmp(string, "extResponse ", 12))
2103                 {
2104                         ++cl_net_extresponse_count;
2105                         if(cl_net_extresponse_count > NET_EXTRESPONSE_MAX)
2106                                 cl_net_extresponse_count = NET_EXTRESPONSE_MAX;
2107                         cl_net_extresponse_last = (cl_net_extresponse_last + 1) % NET_EXTRESPONSE_MAX;
2108                         dpsnprintf(cl_net_extresponse[cl_net_extresponse_last], sizeof(cl_net_extresponse[cl_net_extresponse_last]), "\"%s\" %s", addressstring2, string + 12);
2109                         return true;
2110                 }
2111                 if (!strncmp(string, "ping", 4))
2112                 {
2113                         if (developer_extra.integer)
2114                                 Con_DPrintf("Received ping from %s, sending ack\n", addressstring2);
2115                         NetConn_WriteString(mysocket, "\377\377\377\377ack", peeraddress);
2116                         return true;
2117                 }
2118                 if (!strncmp(string, "ack", 3))
2119                         return true;
2120                 // QuakeWorld compatibility
2121                 if (length > 1 && string[0] == 'c' && (string[1] == '-' || (string[1] >= '0' && string[1] <= '9')) && cls.connect_trying)
2122                 {
2123                         // challenge message
2124                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
2125                                 Con_DPrintf("c message from wrong server %s\n", addressstring2);
2126                                 return true;
2127                         }
2128                         Con_Printf("challenge %s received, sending QuakeWorld connect request back to %s\n", string + 1, addressstring2);
2129 #ifdef CONFIG_MENU
2130                         M_Update_Return_Reason("Got QuakeWorld challenge response");
2131 #endif
2132                         cls.qw_qport = qport.integer;
2133                         // update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
2134                         InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
2135                         memcpy(senddata, "\377\377\377\377", 4);
2136                         dpsnprintf(senddata+4, sizeof(senddata)-4, "connect %i %i %i \"%s%s\"\n", 28, cls.qw_qport, atoi(string + 1), cls.userinfo, cls.connect_userinfo);
2137                         NetConn_WriteString(mysocket, senddata, peeraddress);
2138                         return true;
2139                 }
2140                 if (length >= 1 && string[0] == 'j' && cls.connect_trying)
2141                 {
2142                         // accept message
2143                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
2144                                 Con_DPrintf("j message from wrong server %s\n", addressstring2);
2145                                 return true;
2146                         }
2147 #ifdef CONFIG_MENU
2148                         M_Update_Return_Reason("QuakeWorld Accepted");
2149 #endif
2150                         NetConn_ConnectionEstablished(mysocket, peeraddress, PROTOCOL_QUAKEWORLD);
2151                         return true;
2152                 }
2153                 if (length > 2 && !memcmp(string, "n\\", 2))
2154                 {
2155 #ifdef CONFIG_MENU
2156                         serverlist_info_t *info;
2157                         int n;
2158
2159                         // qw server status
2160                         if (serverlist_consoleoutput && developer_networking.integer >= 2)
2161                                 Con_Printf("QW server status from server at %s:\n%s\n", addressstring2, string + 1);
2162
2163                         string += 1;
2164                         // search the cache for this server and update it
2165                         n = NetConn_ClientParsePacket_ServerList_ProcessReply(addressstring2);
2166                         if (n < 0)
2167                                 return true;
2168
2169                         info = &serverlist_cache[n].info;
2170                         strlcpy(info->game, "QuakeWorld", sizeof(info->game));
2171                         if ((s = InfoString_GetValue(string, "*gamedir"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->mod , s, sizeof (info->mod ));else info->mod[0]  = 0;
2172                         if ((s = InfoString_GetValue(string, "map"          , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->map , s, sizeof (info->map ));else info->map[0]  = 0;
2173                         if ((s = InfoString_GetValue(string, "hostname"     , infostringvalue, sizeof(infostringvalue))) != NULL) strlcpy(info->name, s, sizeof (info->name));else info->name[0] = 0;
2174                         info->protocol = 0;
2175                         info->numplayers = 0; // updated below
2176                         info->numhumans = 0; // updated below
2177                         if ((s = InfoString_GetValue(string, "maxclients"   , infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);else info->maxplayers  = 0;
2178                         if ((s = InfoString_GetValue(string, "gameversion"  , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);else info->gameversion = 0;
2179
2180                         // count active players on server
2181                         // (we could gather more info, but we're just after the number)
2182                         s = strchr(string, '\n');
2183                         if (s)
2184                         {
2185                                 s++;
2186                                 while (s < string + length)
2187                                 {
2188                                         for (;s < string + length && *s != '\n';s++)
2189                                                 ;
2190                                         if (s >= string + length)
2191                                                 break;
2192                                         info->numplayers++;
2193                                         info->numhumans++;
2194                                         s++;
2195                                 }
2196                         }
2197
2198                         NetConn_ClientParsePacket_ServerList_UpdateCache(n);
2199 #endif
2200                         return true;
2201                 }
2202                 if (string[0] == 'n')
2203                 {
2204                         // qw print command, used by rcon replies too
2205                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address) && LHNETADDRESS_Compare(peeraddress, &cls.rcon_address)) {
2206                                 Con_DPrintf("n message from wrong server %s\n", addressstring2);
2207                                 return true;
2208                         }
2209                         Con_Printf("QW print command from server at %s:\n%s\n", addressstring2, string + 1);
2210                 }
2211                 // we may not have liked the packet, but it was a command packet, so
2212                 // we're done processing this packet now
2213                 return true;
2214         }
2215         // quakeworld ingame packet
2216         if (fromserver && cls.protocol == PROTOCOL_QUAKEWORLD && length >= 8 && (ret = NetConn_ReceivedMessage(cls.netcon, data, length, cls.protocol, net_messagetimeout.value)) == 2)
2217         {
2218                 ret = 0;
2219                 CL_ParseServerMessage();
2220                 return ret;
2221         }
2222         // netquake control packets, supported for compatibility only
2223         if (length >= 5 && BuffBigLong(data) == ((int)NETFLAG_CTL | length) && !ENCRYPTION_REQUIRED)
2224         {
2225 #ifdef CONFIG_MENU
2226                 int n;
2227                 serverlist_info_t *info;
2228 #endif
2229
2230                 data += 4;
2231                 length -= 4;
2232                 SZ_Clear(&cl_message);
2233                 SZ_Write(&cl_message, data, length);
2234                 MSG_BeginReading(&cl_message);
2235                 c = MSG_ReadByte(&cl_message);
2236                 switch (c)
2237                 {
2238                 case CCREP_ACCEPT:
2239                         if (developer_extra.integer)
2240                                 Con_DPrintf("Datagram_ParseConnectionless: received CCREP_ACCEPT from %s.\n", addressstring2);
2241                         if (cls.connect_trying)
2242                         {
2243                                 lhnetaddress_t clientportaddress;
2244                                 if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address)) {
2245                                         Con_DPrintf("CCREP_ACCEPT message from wrong server %s\n", addressstring2);
2246                                         break;
2247                                 }
2248                                 clientportaddress = *peeraddress;
2249                                 LHNETADDRESS_SetPort(&clientportaddress, MSG_ReadLong(&cl_message));
2250                                 // extra ProQuake stuff
2251                                 if (length >= 6)
2252                                         cls.proquake_servermod = MSG_ReadByte(&cl_message); // MOD_PROQUAKE
2253                                 else
2254                                         cls.proquake_servermod = 0;
2255                                 if (length >= 7)
2256                                         cls.proquake_serverversion = MSG_ReadByte(&cl_message); // version * 10
2257                                 else
2258                                         cls.proquake_serverversion = 0;
2259                                 if (length >= 8)
2260                                         cls.proquake_serverflags = MSG_ReadByte(&cl_message); // flags (mainly PQF_CHEATFREE)
2261                                 else
2262                                         cls.proquake_serverflags = 0;
2263                                 if (cls.proquake_servermod == 1)
2264                                         Con_Printf("Connected to ProQuake %.1f server, enabling precise aim\n", cls.proquake_serverversion / 10.0f);
2265                                 // update the server IP in the userinfo (QW servers expect this, and it is used by the reconnect command)
2266                                 InfoString_SetValue(cls.userinfo, sizeof(cls.userinfo), "*ip", addressstring2);
2267 #ifdef CONFIG_MENU
2268                                 M_Update_Return_Reason("Accepted");
2269 #endif
2270                                 NetConn_ConnectionEstablished(mysocket, &clientportaddress, PROTOCOL_QUAKE);
2271                         }
2272                         break;
2273                 case CCREP_REJECT:
2274                         if (developer_extra.integer) {
2275                                 Con_DPrintf("CCREP_REJECT message from wrong server %s\n", addressstring2);
2276                                 break;
2277                         }
2278                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.connect_address))
2279                                 break;
2280                         cls.connect_trying = false;
2281 #ifdef CONFIG_MENU
2282                         M_Update_Return_Reason((char *)MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)));
2283 #endif
2284                         break;
2285                 case CCREP_SERVER_INFO:
2286                         if (developer_extra.integer)
2287                                 Con_DPrintf("Datagram_ParseConnectionless: received CCREP_SERVER_INFO from %s.\n", addressstring2);
2288 #ifdef CONFIG_MENU
2289                         // LadyHavoc: because the quake server may report weird addresses
2290                         // we just ignore it and keep the real address
2291                         MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring));
2292                         // search the cache for this server and update it
2293                         n = NetConn_ClientParsePacket_ServerList_ProcessReply(addressstring2);
2294                         if (n < 0)
2295                                 break;
2296
2297                         info = &serverlist_cache[n].info;
2298                         strlcpy(info->game, "Quake", sizeof(info->game));
2299                         strlcpy(info->mod , "", sizeof(info->mod)); // mod name is not specified
2300                         strlcpy(info->name, MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)), sizeof(info->name));
2301                         strlcpy(info->map , MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)), sizeof(info->map));
2302                         info->numplayers = MSG_ReadByte(&cl_message);
2303                         info->maxplayers = MSG_ReadByte(&cl_message);
2304                         info->protocol = MSG_ReadByte(&cl_message);
2305
2306                         NetConn_ClientParsePacket_ServerList_UpdateCache(n);
2307 #endif
2308                         break;
2309                 case CCREP_RCON: // RocketGuy: ProQuake rcon support
2310                         if (net_sourceaddresscheck.integer && LHNETADDRESS_Compare(peeraddress, &cls.rcon_address)) {
2311                                 Con_DPrintf("CCREP_RCON message from wrong server %s\n", addressstring2);
2312                                 break;
2313                         }
2314                         if (developer_extra.integer)
2315                                 Con_DPrintf("Datagram_ParseConnectionless: received CCREP_RCON from %s.\n", addressstring2);
2316
2317                         Con_Printf("%s\n", MSG_ReadString(&cl_message, cl_readstring, sizeof(cl_readstring)));
2318                         break;
2319                 case CCREP_PLAYER_INFO:
2320                         // we got a CCREP_PLAYER_INFO??
2321                         //if (developer_extra.integer)
2322                                 Con_Printf("Datagram_ParseConnectionless: received CCREP_PLAYER_INFO from %s.\n", addressstring2);
2323                         break;
2324                 case CCREP_RULE_INFO:
2325                         // we got a CCREP_RULE_INFO??
2326                         //if (developer_extra.integer)
2327                                 Con_Printf("Datagram_ParseConnectionless: received CCREP_RULE_INFO from %s.\n", addressstring2);
2328                         break;
2329                 default:
2330                         break;
2331                 }
2332                 SZ_Clear(&cl_message);
2333                 // we may not have liked the packet, but it was a valid control
2334                 // packet, so we're done processing this packet now
2335                 return true;
2336         }
2337         ret = 0;
2338         if (fromserver && length >= (int)NET_HEADERSIZE && (ret = NetConn_ReceivedMessage(cls.netcon, data, length, cls.protocol, net_messagetimeout.value)) == 2)
2339                 CL_ParseServerMessage();
2340         return ret;
2341 }
2342
2343 #ifdef CONFIG_MENU
2344 void NetConn_QueryQueueFrame(void)
2345 {
2346         int index;
2347         int queries;
2348         int maxqueries;
2349         double timeouttime;
2350         static double querycounter = 0;
2351
2352         if(!net_slist_pause.integer && serverlist_paused)
2353                 ServerList_RebuildViewList();
2354         serverlist_paused = net_slist_pause.integer != 0;
2355
2356         if (serverlist_querysleep)
2357                 return;
2358
2359         // apply a cool down time after master server replies,
2360         // to avoid messing up the ping times on the servers
2361         if (serverlist_querywaittime > host.realtime)
2362                 return;
2363
2364         // each time querycounter reaches 1.0 issue a query
2365         querycounter += cl.realframetime * net_slist_queriespersecond.value;
2366         maxqueries = (int)querycounter;
2367         maxqueries = bound(0, maxqueries, net_slist_queriesperframe.integer);
2368         querycounter -= maxqueries;
2369
2370         if( maxqueries == 0 ) {
2371                 return;
2372         }
2373
2374         //      scan serverlist and issue queries as needed
2375         serverlist_querysleep = true;
2376
2377         timeouttime     = host.realtime - net_slist_timeout.value;
2378         for( index = 0, queries = 0 ;   index   < serverlist_cachecount &&      queries < maxqueries    ; index++ )
2379         {
2380                 serverlist_entry_t *entry = &serverlist_cache[ index ];
2381                 if( entry->query != SQS_QUERYING && entry->query != SQS_REFRESHING )
2382                 {
2383                         continue;
2384                 }
2385
2386                 serverlist_querysleep   = false;
2387                 if( entry->querycounter !=      0 && entry->querytime > timeouttime     )
2388                 {
2389                         continue;
2390                 }
2391
2392                 if( entry->querycounter !=      (unsigned) net_slist_maxtries.integer )
2393                 {
2394                         lhnetaddress_t  address;
2395                         int socket;
2396
2397                         LHNETADDRESS_FromString(&address, entry->info.cname, 0);
2398                         if      (entry->protocol == PROTOCOL_QUAKEWORLD)
2399                         {
2400                                 for (socket     = 0; socket     < cl_numsockets ;       socket++)
2401                                         NetConn_WriteString(cl_sockets[socket], "\377\377\377\377status\n", &address);
2402                         }
2403                         else
2404                         {
2405                                 for (socket     = 0; socket     < cl_numsockets ;       socket++)
2406                                         NetConn_WriteString(cl_sockets[socket], "\377\377\377\377getstatus", &address);
2407                         }
2408
2409                         //      update the entry fields
2410                         entry->querytime = host.realtime;
2411                         entry->querycounter++;
2412
2413                         // if not in the slist menu we should print the server to console
2414                         if (serverlist_consoleoutput)
2415                                 Con_Printf("querying %25s (%i. try)\n", entry->info.cname, entry->querycounter);
2416
2417                         queries++;
2418                 }
2419                 else
2420                 {
2421                         // have we tried to refresh this server?
2422                         if( entry->query == SQS_REFRESHING ) {
2423                                 // yes, so update the reply count (since its not responding anymore)
2424                                 serverreplycount--;
2425                                 if(!serverlist_paused)
2426                                         ServerList_ViewList_Remove(entry);
2427                         }
2428                         entry->query = SQS_TIMEDOUT;
2429                 }
2430         }
2431 }
2432 #endif
2433
2434 void NetConn_ClientFrame(void)
2435 {
2436         int i, length;
2437         lhnetaddress_t peeraddress;
2438         unsigned char readbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
2439         NetConn_UpdateSockets();
2440         if (cls.connect_trying && cls.connect_nextsendtime < host.realtime)
2441         {
2442 #ifdef CONFIG_MENU
2443                 if (cls.connect_remainingtries == 0)
2444                         M_Update_Return_Reason("Connect: Waiting 10 seconds for reply");
2445 #endif
2446                 cls.connect_nextsendtime = host.realtime + 1;
2447                 cls.connect_remainingtries--;
2448                 if (cls.connect_remainingtries <= -10)
2449                 {
2450                         cls.connect_trying = false;
2451 #ifdef CONFIG_MENU
2452                         M_Update_Return_Reason("Connect: Failed");
2453 #endif
2454                         return;
2455                 }
2456                 // try challenge first (newer DP server or QW)
2457                 NetConn_WriteString(cls.connect_mysocket, "\377\377\377\377getchallenge", &cls.connect_address);
2458                 // then try netquake as a fallback (old server, or netquake)
2459                 SZ_Clear(&cl_message);
2460                 // save space for the header, filled in later
2461                 MSG_WriteLong(&cl_message, 0);
2462                 MSG_WriteByte(&cl_message, CCREQ_CONNECT);
2463                 MSG_WriteString(&cl_message, "QUAKE");
2464                 MSG_WriteByte(&cl_message, NET_PROTOCOL_VERSION);
2465                 // extended proquake stuff
2466                 MSG_WriteByte(&cl_message, 1); // mod = MOD_PROQUAKE
2467                 // this version matches ProQuake 3.40, the first version to support
2468                 // the NAT fix, and it only supports the NAT fix for ProQuake 3.40 or
2469                 // higher clients, so we pretend we are that version...
2470                 MSG_WriteByte(&cl_message, 34); // version * 10
2471                 MSG_WriteByte(&cl_message, 0); // flags
2472                 MSG_WriteLong(&cl_message, 0); // password
2473                 // write the packetsize now...
2474                 StoreBigLong(cl_message.data, NETFLAG_CTL | (cl_message.cursize & NETFLAG_LENGTH_MASK));
2475                 NetConn_Write(cls.connect_mysocket, cl_message.data, cl_message.cursize, &cls.connect_address);
2476                 SZ_Clear(&cl_message);
2477         }
2478         for (i = 0;i < cl_numsockets;i++)
2479         {
2480                 while (cl_sockets[i] && (length = NetConn_Read(cl_sockets[i], readbuffer, sizeof(readbuffer), &peeraddress)) > 0)
2481                 {
2482 //                      R_TimeReport("clientreadnetwork");
2483                         NetConn_ClientParsePacket(cl_sockets[i], readbuffer, length, &peeraddress);
2484 //                      R_TimeReport("clientparsepacket");
2485                 }
2486         }
2487 #ifdef CONFIG_MENU
2488         NetConn_QueryQueueFrame();
2489 #endif
2490         if (cls.netcon && host.realtime > cls.netcon->timeout && !sv.active)
2491         {
2492                 Con_Print("Connection timed out\n");
2493                 CL_Disconnect();
2494         }
2495 }
2496
2497 static void NetConn_BuildChallengeString(char *buffer, int bufferlength)
2498 {
2499         int i;
2500         char c;
2501         for (i = 0;i < bufferlength - 1;i++)
2502         {
2503                 do
2504                 {
2505                         c = rand () % (127 - 33) + 33;
2506                 } while (c == '\\' || c == ';' || c == '"' || c == '%' || c == '/');
2507                 buffer[i] = c;
2508         }
2509         buffer[i] = 0;
2510 }
2511
2512 /// (div0) build the full response only if possible; better a getinfo response than no response at all if getstatus won't fit
2513 static qbool NetConn_BuildStatusResponse(const char* challenge, char* out_msg, size_t out_size, qbool fullstatus)
2514 {
2515         prvm_prog_t *prog = SVVM_prog;
2516         char qcstatus[256];
2517         unsigned int nb_clients = 0, nb_bots = 0, i;
2518         int length;
2519         char teambuf[3];
2520         const char *crypto_idstring;
2521         const char *worldstatusstr;
2522
2523         // How many clients are there?
2524         for (i = 0;i < (unsigned int)svs.maxclients;i++)
2525         {
2526                 if (svs.clients[i].active)
2527                 {
2528                         nb_clients++;
2529                         if (!svs.clients[i].netconnection)
2530                                 nb_bots++;
2531                 }
2532         }
2533
2534         *qcstatus = 0;
2535         worldstatusstr = PRVM_GetString(prog, PRVM_serverglobalstring(worldstatus));
2536         if(worldstatusstr && *worldstatusstr)
2537         {
2538                 char *p;
2539                 const char *q;
2540                 p = qcstatus;
2541                 for(q = worldstatusstr; *q && (size_t)(p - qcstatus) < (sizeof(qcstatus) - 1); ++q)
2542                         if(*q != '\\' && *q != '\n')
2543                                 *p++ = *q;
2544                 *p = 0;
2545         }
2546
2547         /// \TODO: we should add more information for the full status string
2548         crypto_idstring = Crypto_GetInfoResponseDataString();
2549         length = dpsnprintf(out_msg, out_size,
2550                                                 "\377\377\377\377%s\x0A"
2551                                                 "\\gamename\\%s\\modname\\%s\\gameversion\\%d\\sv_maxclients\\%d"
2552                                                 "\\clients\\%d\\bots\\%d\\mapname\\%s\\hostname\\%s\\protocol\\%d"
2553                                                 "%s%s"
2554                                                 "%s%s"
2555                                                 "%s%s"
2556                                                 "%s",
2557                                                 fullstatus ? "statusResponse" : "infoResponse",
2558                                                 gamenetworkfiltername, com_modname, gameversion.integer, svs.maxclients,
2559                                                 nb_clients, nb_bots, sv.worldbasename, hostname.string, NET_PROTOCOL_VERSION,
2560                                                 *qcstatus ? "\\qcstatus\\" : "", qcstatus,
2561                                                 challenge ? "\\challenge\\" : "", challenge ? challenge : "",
2562                                                 crypto_idstring ? "\\d0_blind_id\\" : "", crypto_idstring ? crypto_idstring : "",
2563                                                 fullstatus ? "\n" : "");
2564
2565         // Make sure it fits in the buffer
2566         if (length < 0)
2567                 goto bad;
2568
2569         if (fullstatus)
2570         {
2571                 char *ptr;
2572                 int left;
2573                 int savelength;
2574
2575                 savelength = length;
2576
2577                 ptr = out_msg + length;
2578                 left = (int)out_size - length;
2579
2580                 for (i = 0;i < (unsigned int)svs.maxclients;i++)
2581                 {
2582                         client_t *client = &svs.clients[i];
2583                         if (client->active)
2584                         {
2585                                 int nameind, cleanind, pingvalue;
2586                                 char curchar;
2587                                 char cleanname [sizeof(client->name)];
2588                                 const char *statusstr;
2589                                 prvm_edict_t *ed;
2590
2591                                 // Remove all characters '"' and '\' in the player name
2592                                 nameind = 0;
2593                                 cleanind = 0;
2594                                 do
2595                                 {
2596                                         curchar = client->name[nameind++];
2597                                         if (curchar != '"' && curchar != '\\')
2598                                         {
2599                                                 cleanname[cleanind++] = curchar;
2600                                                 if (cleanind == sizeof(cleanname) - 1)
2601                                                         break;
2602                                         }
2603                                 } while (curchar != '\0');
2604                                 cleanname[cleanind] = 0; // cleanind is always a valid index even at this point
2605
2606                                 pingvalue = (int)(client->ping * 1000.0f);
2607                                 if(client->netconnection)
2608                                         pingvalue = bound(1, pingvalue, 9999);
2609                                 else
2610                                         pingvalue = 0;
2611
2612                                 *qcstatus = 0;
2613                                 ed = PRVM_EDICT_NUM(i + 1);
2614                                 statusstr = PRVM_GetString(prog, PRVM_serveredictstring(ed, clientstatus));
2615                                 if(statusstr && *statusstr)
2616                                 {
2617                                         char *p;
2618                                         const char *q;
2619                                         p = qcstatus;
2620                                         for(q = statusstr; *q && p != qcstatus + sizeof(qcstatus) - 1; ++q)
2621                                                 if(*q != '\\' && *q != '"' && !ISWHITESPACE(*q))
2622                                                         *p++ = *q;
2623                                         *p = 0;
2624                                 }
2625
2626                                 if (IS_NEXUIZ_DERIVED(gamemode) && (teamplay.integer > 0))
2627                                 {
2628                                         if(client->frags == -666) // spectator
2629                                                 strlcpy(teambuf, " 0", sizeof(teambuf));
2630                                         else if(client->colors == 0x44) // red team
2631                                                 strlcpy(teambuf, " 1", sizeof(teambuf));
2632                                         else if(client->colors == 0xDD) // blue team
2633                                                 strlcpy(teambuf, " 2", sizeof(teambuf));
2634                                         else if(client->colors == 0xCC) // yellow team
2635                                                 strlcpy(teambuf, " 3", sizeof(teambuf));
2636                                         else if(client->colors == 0x99) // pink team
2637                                                 strlcpy(teambuf, " 4", sizeof(teambuf));
2638                                         else
2639                                                 strlcpy(teambuf, " 0", sizeof(teambuf));
2640                                 }
2641                                 else
2642                                         *teambuf = 0;
2643
2644                                 // note: team number is inserted according to SoF2 protocol
2645                                 if(*qcstatus)
2646                                         length = dpsnprintf(ptr, left, "%s %d%s \"%s\"\n",
2647                                                                                 qcstatus,
2648                                                                                 pingvalue,
2649                                                                                 teambuf,
2650                                                                                 cleanname);
2651                                 else
2652                                         length = dpsnprintf(ptr, left, "%d %d%s \"%s\"\n",
2653                                                                                 client->frags,
2654                                                                                 pingvalue,
2655                                                                                 teambuf,
2656                                                                                 cleanname);
2657
2658                                 if(length < 0)
2659                                 {
2660                                         // out of space?
2661                                         // turn it into an infoResponse!
2662                                         out_msg[savelength] = 0;
2663                                         memcpy(out_msg + 4, "infoResponse\x0A", 13);
2664                                         memmove(out_msg + 17, out_msg + 19, savelength - 19);
2665                                         break;
2666                                 }
2667                                 left -= length;
2668                                 ptr += length;
2669                         }
2670                 }
2671         }
2672
2673         return true;
2674
2675 bad:
2676         return false;
2677 }
2678
2679 static qbool NetConn_PreventFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength, double floodtime, qbool renew)
2680 {
2681         size_t floodslotnum, bestfloodslotnum;
2682         double bestfloodtime;
2683         lhnetaddress_t noportpeeraddress;
2684         // see if this is a connect flood
2685         noportpeeraddress = *peeraddress;
2686         LHNETADDRESS_SetPort(&noportpeeraddress, 0);
2687         bestfloodslotnum = 0;
2688         bestfloodtime = floodlist[bestfloodslotnum].lasttime;
2689         for (floodslotnum = 0;floodslotnum < floodlength;floodslotnum++)
2690         {
2691                 if (bestfloodtime >= floodlist[floodslotnum].lasttime)
2692                 {
2693                         bestfloodtime = floodlist[floodslotnum].lasttime;
2694                         bestfloodslotnum = floodslotnum;
2695                 }
2696                 if (floodlist[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &floodlist[floodslotnum].address) == 0)
2697                 {
2698                         // this address matches an ongoing flood address
2699                         if (host.realtime < floodlist[floodslotnum].lasttime + floodtime)
2700                         {
2701                                 if(renew)
2702                                 {
2703                                         // renew the ban on this address so it does not expire
2704                                         // until the flood has subsided
2705                                         floodlist[floodslotnum].lasttime = host.realtime;
2706                                 }
2707                                 //Con_Printf("Flood detected!\n");
2708                                 return true;
2709                         }
2710                         // the flood appears to have subsided, so allow this
2711                         bestfloodslotnum = floodslotnum; // reuse the same slot
2712                         break;
2713                 }
2714         }
2715         // begin a new timeout on this address
2716         floodlist[bestfloodslotnum].address = noportpeeraddress;
2717         floodlist[bestfloodslotnum].lasttime = host.realtime;
2718         //Con_Printf("Flood detection initiated!\n");
2719         return false;
2720 }
2721
2722 void NetConn_ClearFlood(lhnetaddress_t *peeraddress, server_floodaddress_t *floodlist, size_t floodlength)
2723 {
2724         size_t floodslotnum;
2725         lhnetaddress_t noportpeeraddress;
2726         // see if this is a connect flood
2727         noportpeeraddress = *peeraddress;
2728         LHNETADDRESS_SetPort(&noportpeeraddress, 0);
2729         for (floodslotnum = 0;floodslotnum < floodlength;floodslotnum++)
2730         {
2731                 if (floodlist[floodslotnum].lasttime && LHNETADDRESS_Compare(&noportpeeraddress, &floodlist[floodslotnum].address) == 0)
2732                 {
2733                         // this address matches an ongoing flood address
2734                         // remove the ban
2735                         floodlist[floodslotnum].address.addresstype = LHNETADDRESSTYPE_NONE;
2736                         floodlist[floodslotnum].lasttime = 0;
2737                         //Con_Printf("Flood cleared!\n");
2738                 }
2739         }
2740 }
2741
2742 typedef qbool (*rcon_matchfunc_t) (lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen);
2743
2744 static qbool hmac_mdfour_time_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
2745 {
2746         char mdfourbuf[16];
2747         long t1, t2;
2748
2749         if (!password[0]) {
2750                 Con_Print(CON_ERROR "LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
2751                 return false;
2752         }
2753
2754         t1 = (long) time(NULL);
2755         t2 = strtol(s, NULL, 0);
2756         if(labs(t1 - t2) > rcon_secure_maxdiff.integer)
2757                 return false;
2758
2759         if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, (int)strlen(password)))
2760                 return false;
2761
2762         return !memcmp(mdfourbuf, hash, 16);
2763 }
2764
2765 static qbool hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
2766 {
2767         char mdfourbuf[16];
2768         int i;
2769
2770         if (!password[0]) {
2771                 Con_Print(CON_ERROR "LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
2772                 return false;
2773         }
2774
2775         if(slen < (int)(sizeof(challenges[0].string)) - 1)
2776                 return false;
2777
2778         // validate the challenge
2779         for (i = 0;i < MAX_CHALLENGES;i++)
2780                 if(challenges[i].time > 0)
2781                         if (!LHNETADDRESS_Compare(peeraddress, &challenges[i].address) && !strncmp(challenges[i].string, s, sizeof(challenges[0].string) - 1))
2782                                 break;
2783         // if the challenge is not recognized, drop the packet
2784         if (i == MAX_CHALLENGES)
2785                 return false;
2786
2787         if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, (int)strlen(password)))
2788                 return false;
2789
2790         if(memcmp(mdfourbuf, hash, 16))
2791                 return false;
2792
2793         // unmark challenge to prevent replay attacks
2794         challenges[i].time = 0;
2795
2796         return true;
2797 }
2798
2799 static qbool plaintext_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
2800 {
2801         if (!password[0]) {
2802                 Con_Print(CON_ERROR "LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
2803                 return false;
2804         }
2805
2806         return !strcmp(password, hash);
2807 }
2808
2809 /// returns a string describing the user level, or NULL for auth failure
2810 static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *password, const char *s, const char *endpos, rcon_matchfunc_t comparator, const char *cs, int cslen)
2811 {
2812         const char *text, *userpass_start, *userpass_end, *userpass_startpass;
2813         static char buf[MAX_INPUTLINE];
2814         qbool hasquotes;
2815         qbool restricted = false;
2816         qbool have_usernames = false;
2817         static char vabuf[1024];
2818
2819         userpass_start = rcon_password.string;
2820         while((userpass_end = strchr(userpass_start, ' ')))
2821         {
2822                 have_usernames = true;
2823                 strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1));
2824                 if(buf[0])  // Ignore empty entries due to leading/duplicate space.
2825                         if(comparator(peeraddress, buf, password, cs, cslen))
2826                                 goto allow;
2827                 userpass_start = userpass_end + 1;
2828         }
2829         if(userpass_start[0])  // Ignore empty trailing entry due to trailing space or password not set.
2830         {
2831                 userpass_end = userpass_start + strlen(userpass_start);
2832                 if(comparator(peeraddress, userpass_start, password, cs, cslen))
2833                         goto allow;
2834         }
2835
2836         restricted = true;
2837         have_usernames = false;
2838         userpass_start = rcon_restricted_password.string;
2839         while((userpass_end = strchr(userpass_start, ' ')))
2840         {
2841                 have_usernames = true;
2842                 strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1));
2843                 if(buf[0])  // Ignore empty entries due to leading/duplicate space.
2844                         if(comparator(peeraddress, buf, password, cs, cslen))
2845                                 goto check;
2846                 userpass_start = userpass_end + 1;
2847         }
2848         if(userpass_start[0])  // Ignore empty trailing entry due to trailing space or password not set.
2849         {
2850                 userpass_end = userpass_start + strlen(userpass_start);
2851                 if(comparator(peeraddress, userpass_start, password, cs, cslen))
2852                         goto check;
2853         }
2854         
2855         return NULL; // DENIED
2856
2857 check:
2858         for(text = s; text != endpos; ++text)
2859                 if((signed char) *text > 0 && ((signed char) *text < (signed char) ' ' || *text == ';'))
2860                         return NULL; // block possible exploits against the parser/alias expansion
2861
2862         while(s != endpos)
2863         {
2864                 size_t l = strlen(s);
2865                 if(l)
2866                 {
2867                         hasquotes = (strchr(s, '"') != NULL);
2868                         // sorry, we can't allow these substrings in wildcard expressions,
2869                         // as they can mess with the argument counts
2870                         text = rcon_restricted_commands.string;
2871                         while(COM_ParseToken_Console(&text))
2872                         {
2873                                 // com_token now contains a pattern to check for...
2874                                 if(strchr(com_token, '*') || strchr(com_token, '?')) // wildcard expression, * can only match a SINGLE argument
2875                                 {
2876                                         if(!hasquotes)
2877                                                 if(matchpattern_with_separator(s, com_token, true, " ", true)) // note how we excluded tab, newline etc. above
2878                                                         goto match;
2879                                 }
2880                                 else if(strchr(com_token, ' ')) // multi-arg expression? must match in whole
2881                                 {
2882                                         if(!strcmp(com_token, s))
2883                                                 goto match;
2884                                 }
2885                                 else // single-arg expression? must match the beginning of the command
2886                                 {
2887                                         if(!strcmp(com_token, s))
2888                                                 goto match;
2889                                         if(!memcmp(va(vabuf, sizeof(vabuf), "%s ", com_token), s, strlen(com_token) + 1))
2890                                                 goto match;
2891                                 }
2892                         }
2893                         // if we got here, nothing matched!
2894                         return NULL;
2895                 }
2896 match:
2897                 s += l + 1;
2898         }
2899
2900 allow:
2901         userpass_startpass = strchr(userpass_start, ':');
2902         if(have_usernames && userpass_startpass && userpass_startpass < userpass_end)
2903                 return va(vabuf, sizeof(vabuf), "%srcon (username %.*s)", restricted ? "restricted " : "", (int)(userpass_startpass-userpass_start), userpass_start);
2904
2905         return va(vabuf, sizeof(vabuf), "%srcon", restricted ? "restricted " : "");
2906 }
2907
2908 static void RCon_Execute(lhnetsocket_t *mysocket, lhnetaddress_t *peeraddress, const char *addressstring2, const char *userlevel, const char *s, const char *endpos, qbool proquakeprotocol)
2909 {
2910         if(userlevel)
2911         {
2912                 // looks like a legitimate rcon command with the correct password
2913                 const char *s_ptr = s;
2914                 Con_Printf("server received %s command from %s: ", userlevel, host_client ? host_client->name : addressstring2);
2915                 while(s_ptr != endpos)
2916                 {
2917                         size_t l = strlen(s_ptr);
2918                         if(l)
2919                                 Con_Printf(" %s;", s_ptr);
2920                         s_ptr += l + 1;
2921                 }
2922                 Con_Printf("\n");
2923
2924                 if (!host_client || !host_client->netconnection || LHNETADDRESS_GetAddressType(&host_client->netconnection->peeraddress) != LHNETADDRESSTYPE_LOOP)
2925                         Con_Rcon_Redirect_Init(mysocket, peeraddress, proquakeprotocol);
2926                 while(s != endpos)
2927                 {
2928                         size_t l = strlen(s);
2929                         if(l)
2930                         {
2931                                 client_t *host_client_save = host_client;
2932                                 Cmd_ExecuteString(cmd_local, s, src_local, true);
2933                                 host_client = host_client_save;
2934                                 // in case it is a command that changes host_client (like restart)
2935                         }
2936                         s += l + 1;
2937                 }
2938                 Con_Rcon_Redirect_End();
2939         }
2940         else
2941         {
2942                 Con_Printf("server denied rcon access to %s\n", host_client ? host_client->name : addressstring2);
2943         }
2944 }
2945
2946 static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *data, int length, lhnetaddress_t *peeraddress)
2947 {
2948         int i, ret, clientnum, best;
2949         double besttime;
2950         char *string, response[2800], addressstring2[128];
2951         static char stringbuf[16384]; // server only
2952         qbool islocal = (LHNETADDRESS_GetAddressType(peeraddress) == LHNETADDRESSTYPE_LOOP);
2953         char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
2954         size_t sendlength, response_len;
2955         char infostringvalue[MAX_INPUTLINE];
2956
2957         if (!sv.active)
2958                 return false;
2959
2960         // convert the address to a string incase we need it
2961         LHNETADDRESS_ToString(peeraddress, addressstring2, sizeof(addressstring2), true);
2962
2963         // see if we can identify the sender as a local player
2964         // (this is necessary for rcon to send a reliable reply if the client is
2965         //  actually on the server, not sending remotely)
2966         for (i = 0, host_client = svs.clients;i < svs.maxclients;i++, host_client++)
2967                 if (host_client->netconnection && host_client->netconnection->mysocket == mysocket && !LHNETADDRESS_Compare(&host_client->netconnection->peeraddress, peeraddress))
2968                         break;
2969         if (i == svs.maxclients)
2970                 host_client = NULL;
2971
2972         if (length >= 5 && data[0] == 255 && data[1] == 255 && data[2] == 255 && data[3] == 255)
2973         {
2974                 // received a command string - strip off the packaging and put it
2975                 // into our string buffer with NULL termination
2976                 data += 4;
2977                 length -= 4;
2978                 length = min(length, (int)sizeof(stringbuf) - 1);
2979                 memcpy(stringbuf, data, length);
2980                 stringbuf[length] = 0;
2981                 string = stringbuf;
2982
2983                 if (developer_extra.integer)
2984                 {
2985                         Con_Printf("NetConn_ServerParsePacket: %s sent us a command:\n", addressstring2);
2986                         Com_HexDumpToConsole(data, length);
2987                 }
2988
2989                 sendlength = sizeof(senddata) - 4;
2990                 switch(Crypto_ServerParsePacket(string, length, senddata+4, &sendlength, peeraddress))
2991                 {
2992                         case CRYPTO_NOMATCH:
2993                                 // nothing to do
2994                                 break;
2995                         case CRYPTO_MATCH:
2996                                 if(sendlength)
2997                                 {
2998                                         memcpy(senddata, "\377\377\377\377", 4);
2999                                         NetConn_Write(mysocket, senddata, (int)sendlength+4, peeraddress);
3000                                 }
3001                                 break;
3002                         case CRYPTO_DISCARD:
3003                                 if(sendlength)
3004                                 {
3005                                         memcpy(senddata, "\377\377\377\377", 4);
3006                                         NetConn_Write(mysocket, senddata, (int)sendlength+4, peeraddress);
3007                                 }
3008                                 return true;
3009                                 break;
3010                         case CRYPTO_REPLACE:
3011                                 string = senddata+4;
3012                                 length = (int)sendlength;
3013                                 break;
3014                 }
3015
3016                 if (length >= 12 && !memcmp(string, "getchallenge", 12) && (islocal || sv_public.integer > -3))
3017                 {
3018                         for (i = 0, best = 0, besttime = host.realtime;i < MAX_CHALLENGES;i++)
3019                         {
3020                                 if(challenges[i].time > 0)
3021                                         if (!LHNETADDRESS_Compare(peeraddress, &challenges[i].address))
3022                                                 break;
3023                                 if (besttime > challenges[i].time)
3024                                         besttime = challenges[best = i].time;
3025                         }
3026                         // if we did not find an exact match, choose the oldest and
3027                         // update address and string
3028                         if (i == MAX_CHALLENGES)
3029                         {
3030                                 i = best;
3031                                 challenges[i].address = *peeraddress;
3032                                 NetConn_BuildChallengeString(challenges[i].string, sizeof(challenges[i].string));
3033                         }
3034                         else
3035                         {
3036                                 // flood control: drop if requesting challenge too often
3037                                 if(challenges[i].time > host.realtime - net_challengefloodblockingtimeout.value)
3038                                         return true;
3039                         }
3040                         challenges[i].time = host.realtime;
3041                         // send the challenge
3042                         memcpy(response, "\377\377\377\377", 4);
3043                         dpsnprintf(response+4, sizeof(response)-4, "challenge %s", challenges[i].string);
3044                         response_len = strlen(response) + 1;
3045                         Crypto_ServerAppendToChallenge(string, length, response, &response_len, sizeof(response));
3046                         NetConn_Write(mysocket, response, (int)response_len, peeraddress);
3047                         return true;
3048                 }
3049                 if (length > 8 && !memcmp(string, "connect\\", 8))
3050                 {
3051                         char *s;
3052                         client_t *client;
3053                         crypto_t *crypto = Crypto_ServerGetInstance(peeraddress);
3054                         string += 7;
3055                         length -= 7;
3056
3057                         if(crypto && crypto->authenticated)
3058                         {
3059                                 // no need to check challenge
3060                                 if(crypto_developer.integer)
3061                                 {
3062                                         Con_Printf("%s connection to %s is being established: client is %s@%s%.*s, I am %.*s@%s%.*s\n",
3063                                                         crypto->use_aes ? "Encrypted" : "Authenticated",
3064                                                         addressstring2,
3065                                                         crypto->client_idfp[0] ? crypto->client_idfp : "-",
3066                                                         (crypto->client_issigned || !crypto->client_keyfp[0]) ? "" : "~",
3067                                                         crypto_keyfp_recommended_length, crypto->client_keyfp[0] ? crypto->client_keyfp : "-",
3068                                                         crypto_keyfp_recommended_length, crypto->server_idfp[0] ? crypto->server_idfp : "-",
3069                                                         (crypto->server_issigned || !crypto->server_keyfp[0]) ? "" : "~",
3070                                                         crypto_keyfp_recommended_length, crypto->server_keyfp[0] ? crypto->server_keyfp : "-"
3071                                                   );
3072                                 }
3073                         }
3074                         else
3075                         {
3076                                 if ((s = InfoString_GetValue(string, "challenge", infostringvalue, sizeof(infostringvalue))))
3077                                 {
3078                                         // validate the challenge
3079                                         for (i = 0;i < MAX_CHALLENGES;i++)
3080                                                 if(challenges[i].time > 0)
3081                                                         if (!LHNETADDRESS_Compare(peeraddress, &challenges[i].address) && !strcmp(challenges[i].string, s))
3082                                                                 break;
3083                                         // if the challenge is not recognized, drop the packet
3084                                         if (i == MAX_CHALLENGES)
3085                                                 return true;
3086                                 }
3087                         }
3088
3089                         if((s = InfoString_GetValue(string, "message", infostringvalue, sizeof(infostringvalue))))
3090                                 Con_DPrintf("Connecting client %s sent us the message: %s\n", addressstring2, s);
3091
3092                         if(!(islocal || sv_public.integer > -2))
3093                         {
3094                                 if (developer_extra.integer)
3095                                         Con_Printf("Datagram_ParseConnectionless: sending \"reject %s\" to %s.\n", sv_public_rejectreason.string, addressstring2);
3096                                 memcpy(response, "\377\377\377\377", 4);
3097                                 dpsnprintf(response+4, sizeof(response)-4, "reject %s", sv_public_rejectreason.string);
3098                                 NetConn_WriteString(mysocket, response, peeraddress);
3099                                 return true;
3100                         }
3101
3102                         // check engine protocol
3103                         if(!(s = InfoString_GetValue(string, "protocol", infostringvalue, sizeof(infostringvalue))) || strcmp(s, "darkplaces 3"))
3104                         {
3105                                 if (developer_extra.integer)
3106                                         Con_Printf("Datagram_ParseConnectionless: sending \"reject Wrong game protocol.\" to %s.\n", addressstring2);
3107                                 NetConn_WriteString(mysocket, "\377\377\377\377reject Wrong game protocol.", peeraddress);
3108                                 return true;
3109                         }
3110
3111                         // see if this is a duplicate connection request or a disconnected
3112                         // client who is rejoining to the same client slot
3113                         for (clientnum = 0, client = svs.clients;clientnum < svs.maxclients;clientnum++, client++)
3114                         {
3115                                 if (client->netconnection && LHNETADDRESS_Compare(peeraddress, &client->netconnection->peeraddress) == 0)
3116                                 {
3117                                         // this is a known client...
3118                                         if(crypto && crypto->authenticated)
3119                                         {
3120                                                 // reject if changing key!
3121                                                 if(client->netconnection->crypto.authenticated)
3122                                                 {
3123                                                         if(
3124                                                                         strcmp(client->netconnection->crypto.client_idfp, crypto->client_idfp)
3125                                                                         ||
3126                                                                         strcmp(client->netconnection->crypto.server_idfp, crypto->server_idfp)
3127                                                                         ||
3128                                                                         strcmp(client->netconnection->crypto.client_keyfp, crypto->client_keyfp)
3129                                                                         ||
3130                                                                         strcmp(client->netconnection->crypto.server_keyfp, crypto->server_keyfp)
3131                                                           )
3132                                                         {
3133                                                                 if (developer_extra.integer)
3134                                                                         Con_Printf("Datagram_ParseConnectionless: sending \"reject Attempt to change key of crypto.\" to %s.\n", addressstring2);
3135                                                                 NetConn_WriteString(mysocket, "\377\377\377\377reject Attempt to change key of crypto.", peeraddress);
3136                                                                 return true;
3137                                                         }
3138                                                 }
3139                                         }
3140                                         else
3141                                         {
3142                                                 // reject if downgrading!
3143                                                 if(client->netconnection->crypto.authenticated)
3144                                                 {
3145                                                         if (developer_extra.integer)
3146                                                                 Con_Printf("Datagram_ParseConnectionless: sending \"reject Attempt to downgrade crypto.\" to %s.\n", addressstring2);
3147                                                         NetConn_WriteString(mysocket, "\377\377\377\377reject Attempt to downgrade crypto.", peeraddress);
3148                                                         return true;
3149                                                 }
3150                                         }
3151                                         if (client->begun)
3152                                         {
3153                                                 // client crashed and is coming back,
3154                                                 // keep their stuff intact
3155                                                 if (developer_extra.integer)
3156                                                         Con_Printf("Datagram_ParseConnectionless: sending \"accept\" to %s.\n", addressstring2);
3157                                                 NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
3158                                                 if(crypto && crypto->authenticated)
3159                                                         Crypto_FinishInstance(&client->netconnection->crypto, crypto);
3160                                                 SV_SendServerinfo(client);
3161                                         }
3162                                         else
3163                                         {
3164                                                 // client is still trying to connect,
3165                                                 // so we send a duplicate reply
3166                                                 if (developer_extra.integer)
3167                                                         Con_Printf("Datagram_ParseConnectionless: sending duplicate accept to %s.\n", addressstring2);
3168                                                 if(crypto && crypto->authenticated)
3169                                                         Crypto_FinishInstance(&client->netconnection->crypto, crypto);
3170                                                 NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
3171                                         }
3172                                         return true;
3173                                 }
3174                         }
3175
3176                         if (NetConn_PreventFlood(peeraddress, sv.connectfloodaddresses, sizeof(sv.connectfloodaddresses) / sizeof(sv.connectfloodaddresses[0]), net_connectfloodblockingtimeout.value, true))
3177                                 return true;
3178
3179                         // find an empty client slot for this new client
3180                         for (clientnum = 0, client = svs.clients;clientnum < svs.maxclients;clientnum++, client++)
3181                         {
3182                                 netconn_t *conn;
3183                                 if (!client->active && (conn = NetConn_Open(mysocket, peeraddress)))
3184                                 {
3185                                         // allocated connection
3186                                         if (developer_extra.integer)
3187                                                 Con_Printf("Datagram_ParseConnectionless: sending \"accept\" to %s.\n", conn->address);
3188                                         NetConn_WriteString(mysocket, "\377\377\377\377accept", peeraddress);
3189                                         // now set up the client
3190                                         if(crypto && crypto->authenticated)
3191                                                 Crypto_FinishInstance(&conn->crypto, crypto);
3192                                         SV_ConnectClient(clientnum, conn);
3193                                         NetConn_Heartbeat(1);
3194                                         return true;
3195                                 }
3196                         }
3197
3198                         // no empty slots found - server is full
3199                         if (developer_extra.integer)
3200                                 Con_Printf("Datagram_ParseConnectionless: sending \"reject Server is full.\" to %s.\n", addressstring2);
3201                         NetConn_WriteString(mysocket, "\377\377\377\377reject Server is full.", peeraddress);
3202
3203                         return true;
3204                 }
3205                 if (length >= 7 && !memcmp(string, "getinfo", 7) && (islocal || sv_public.integer > -1))
3206                 {
3207                         const char *challenge = NULL;
3208
3209                         if (NetConn_PreventFlood(peeraddress, sv.getstatusfloodaddresses, sizeof(sv.getstatusfloodaddresses) / sizeof(sv.getstatusfloodaddresses[0]), net_getstatusfloodblockingtimeout.value, false))
3210                                 return true;
3211
3212                         // If there was a challenge in the getinfo message
3213                         if (length > 8 && string[7] == ' ')
3214                                 challenge = string + 8;
3215
3216                         if (NetConn_BuildStatusResponse(challenge, response, sizeof(response), false))
3217                         {
3218                                 if (developer_extra.integer)
3219                                         Con_DPrintf("Sending reply to master %s - %s\n", addressstring2, response);
3220                                 NetConn_WriteString(mysocket, response, peeraddress);
3221                         }
3222                         return true;
3223                 }
3224                 if (length >= 9 && !memcmp(string, "getstatus", 9) && (islocal || sv_public.integer > -1))
3225