X-Git-Url: http://deadsoftware.ru/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fmastersrv%2Fmaster.c;h=e27cde1f9e57815cd012a47b20d5390213a47f4f;hb=0e578925305a55462c9630370d6f0044728693ef;hp=2ea5016bbf538ba65ee5da1e0f7679c5610894bf;hpb=97fa3221376e9119da5afaf7336ee7fadf91ca0e;p=d2df-sdl.git diff --git a/src/mastersrv/master.c b/src/mastersrv/master.c index 2ea5016..e27cde1 100644 --- a/src/mastersrv/master.c +++ b/src/mastersrv/master.c @@ -6,8 +6,9 @@ #include #include #include -#include +#include +#define ENET_DEBUG 1 #include #include @@ -21,8 +22,9 @@ #define DEFAULT_SPAM_CAP 10 #define DEFAULT_MAX_SERVERS MS_MAX_SERVERS #define DEFAULT_MAX_PER_HOST 4 -#define DEFAULT_TIMEOUT 100 -#define DEFAULT_BAN_TIME (3 * 86400) +#define DEFAULT_SERVER_TIMEOUT 100 +#define DEFAULT_CLIENT_TIMEOUT 3 +#define DEFAULT_SPAM_TIMEOUT 1 #define DEFAULT_PORT 25665 #define NET_BUFSIZE 65536 @@ -123,7 +125,9 @@ static ban_record_t *banlist; // settings static int ms_port = DEFAULT_PORT; -static int ms_timeout = DEFAULT_TIMEOUT; +static int ms_sv_timeout = DEFAULT_SERVER_TIMEOUT; +static int ms_cl_timeout = DEFAULT_CLIENT_TIMEOUT; +static int ms_spam_timeout = DEFAULT_SPAM_TIMEOUT; static int ms_spam_cap = DEFAULT_SPAM_CAP; static char ms_motd[MAX_STRLEN + 1] = ""; static char ms_urgent[MAX_STRLEN + 1] = ""; @@ -158,14 +162,14 @@ static const char *u_strtime(const time_t t) { static inline const char *u_logprefix(const enum log_severity_e s) { switch (s) { - case LOG_WARN: return "WARNING:"; - case LOG_ERROR: return "ERROR:"; + case LOG_WARN: return "WARNING: "; + case LOG_ERROR: return "ERROR: "; default: return ""; } } static void u_log(const enum log_severity_e severity, const char *fmt, ...) { - printf("[%s] %s ", u_strtime(time(NULL)), u_logprefix(severity)); + printf("[%s] %s", u_strtime(time(NULL)), u_logprefix(severity)); va_list args; va_start(args, fmt); vprintf(fmt, args); @@ -195,6 +199,17 @@ static bool u_strisprint(const char *str) { return true; } +static bool u_strisver(const char *str) { + if (!str || !*str) + return false; + for (const char *p = str; *p; ++p) { + // version strings consist of 0-9 . and space + if (!isdigit(*p) && *p != '.' && *p != ' ') + return false; + } + return true; +} + static const char *u_iptostr(const enet_uint32 host) { ENetAddress addr = { .host = host, .port = 0 }; char *buf = u_vabuf(); @@ -469,6 +484,16 @@ static ban_record_t *ban_record_add_ip(const char *ip, const int cnt, const time return ban_record_add_addr(addr.host, mask, cnt, cur); } +static void ban_free_list(void) { + ban_record_t *rec = banlist; + while (rec) { + ban_record_t *next = rec->next; + free(rec); + rec = next; + } + banlist = NULL; +} + static void ban_load_list(const char *fname) { FILE *f = fopen(fname, "r"); if (!f) { @@ -560,6 +585,7 @@ static void ban_add(const enet_uint32 host, const char *reason) { static inline void ban_peer(ENetPeer *peer, const char *reason) { if (peer) { ban_add(peer->address.host, reason); + peer->data = NULL; enet_peer_reset(peer); } } @@ -568,6 +594,7 @@ static inline void ban_peer(ENetPeer *peer, const char *reason) { static void deinit(void) { // ban_save_list(MS_BAN_FILE); + ban_free_list(); if (ms_host) { enet_host_destroy(ms_host); ms_host = NULL; @@ -575,6 +602,16 @@ static void deinit(void) { enet_deinitialize(); } +#ifdef SIGUSR1 +static void sigusr_handler(int signum) { + if (signum == SIGUSR1) { + u_log(LOG_WARN, "received SIGUSR1, reloading banlist"); + ban_free_list(); + ban_load_list(MS_BAN_FILE); + } +} +#endif + static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { server_t *sv = NULL; server_t tmpsv = { 0 }; @@ -617,7 +654,7 @@ static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { return true; } // only then update the times - sv->death_time = now + ms_timeout; + sv->death_time = now + ms_sv_timeout; sv->timestamp = now; u_log(LOG_NOTE, "updated server #%d:", sv - servers); u_printsv(sv); @@ -644,7 +681,7 @@ static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { // then add that shit *sv = tmpsv; sv->host = peer->address.host; - sv->death_time = now + ms_timeout; + sv->death_time = now + ms_sv_timeout; sv->timestamp = now; if (!ban_sanity_check(sv)) { sv->host = 0; @@ -669,6 +706,7 @@ static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { case NET_MSG_LIST: buf_send.pos = 0; + buf_send.overflow = 0; b_write_uint8(&buf_send, NET_MSG_LIST); clientver[0] = 0; @@ -688,6 +726,11 @@ static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { return true; } + if (clientver[0] && !u_strisver(clientver)) { + ban_peer(peer, "malformed MSG_LIST clientver"); + return true; + } + for (int i = 0; i < max_servers; ++i) { if (servers[i].host) b_write_server(&buf_send, servers + i); @@ -704,7 +747,7 @@ static bool handle_msg(const enet_uint8 msgid, ENetPeer *peer) { ENetPacket *p = enet_packet_create(buf_send.data, buf_send.pos, ENET_PACKET_FLAG_RELIABLE); enet_peer_send(peer, NET_CH_MAIN, p); - enet_host_flush(ms_host); + // enet_host_flush(ms_host); u_log(LOG_NOTE, "sent server list to %s:%d (ver %s)", u_iptostr(peer->address.host), peer->address.port, clientver[0] ? clientver : ""); return true; @@ -721,10 +764,12 @@ static void print_usage(void) { printf("Available options:\n"); printf("-h show this message and exit\n"); printf("-p N listen on port N (default: %d)\n", DEFAULT_PORT); - printf("-t N seconds before server is removed from list (default: %d)\n", DEFAULT_TIMEOUT); + printf("-t N seconds before server is removed from list (default: %d)\n", DEFAULT_SERVER_TIMEOUT); + printf("-c N how long a client is allowed to hold the connection active (default: %d)\n", DEFAULT_CLIENT_TIMEOUT); printf("-s N max number of servers in server list, 1-%d (default: %d)\n", MS_MAX_SERVERS, DEFAULT_MAX_SERVERS); printf("-d N if N > 0, disallow more than N servers on the same IP (default: %d)\n", DEFAULT_MAX_PER_HOST); - printf("-f N crappy spam filter: ban people after they send N requests in a row too fast (default: %d)\n", DEFAULT_SPAM_CAP); + printf("-f N crappy spam filter: ban clients after they send N requests in a row too fast (default: %d)\n", DEFAULT_SPAM_CAP); + printf("-w N how often does a client have to send packets for the filter to kick in, i.e. once every N sec (default: %d)\n", DEFAULT_SPAM_TIMEOUT); fflush(stdout); } @@ -751,7 +796,7 @@ static bool parse_args(int argc, char **argv) { if (argc < 2) return true; - if (!strcmp(argv[0], "-h")) { + if (!strcmp(argv[1], "-h")) { print_usage(); return false; } @@ -759,10 +804,12 @@ static bool parse_args(int argc, char **argv) { for (int i = 1; i < argc; ++i) { const bool success = parse_int_arg(argc, argv, i, "-p", 1, 0xFFFF, &ms_port) - || parse_int_arg(argc, argv, i, "-t", 1, 0x7FFFFFFF, &ms_timeout) + || parse_int_arg(argc, argv, i, "-t", 1, 0x7FFFFFFF, &ms_sv_timeout) + || parse_int_arg(argc, argv, i, "-c", 1, 0x7FFFFFFF, &ms_cl_timeout) || parse_int_arg(argc, argv, i, "-s", 1, MS_MAX_SERVERS, &max_servers) || parse_int_arg(argc, argv, i, "-d", 0, MS_MAX_SERVERS, &max_servers_per_host) - || parse_int_arg(argc, argv, i, "-f", 0, 0xFFFF, &ms_spam_cap); + || parse_int_arg(argc, argv, i, "-f", 0, 0xFFFF, &ms_spam_cap) + || parse_int_arg(argc, argv, i, "-w", 1, 0x7FFFFFFF, &ms_spam_timeout); if (success) { ++i; } else { @@ -775,15 +822,15 @@ static bool parse_args(int argc, char **argv) { } // a stupid thing to filter sustained spam from a single IP -static bool spam_filter(ENetPeer *peer) { - const time_t now = time(NULL); +static bool spam_filter(ENetPeer *peer, const time_t now) { if (peer->address.host == cl_last_addr) { // spam === sending shit faster than once a second - if (now - cl_last_time < 1) { + if (now - cl_last_time < ms_spam_timeout) { if (cl_spam_cnt > 1) u_log(LOG_WARN, "address %s is sending packets too fast", u_iptostr(peer->address.host)); if (++cl_spam_cnt >= ms_spam_cap) { ban_peer(peer, "spam"); + cl_last_addr = 0; return true; } } else { @@ -797,6 +844,11 @@ static bool spam_filter(ENetPeer *peer) { return false; } +// filter incoming UDP packets before the protocol kicks in +static int packet_filter(ENetHost *host, ENetEvent *event) { + return !!ban_check(host->receivedAddress.host); +} + int main(int argc, char **argv) { if (enet_initialize() != 0) u_fatal("could not init enet"); @@ -820,6 +872,10 @@ int main(int argc, char **argv) { atexit(deinit); +#ifdef SIGUSR1 + signal(SIGUSR1, sigusr_handler); +#endif + ENetAddress addr; addr.host = 0; addr.port = ms_port; @@ -827,47 +883,65 @@ int main(int argc, char **argv) { if (!ms_host) u_fatal("could not create enet host on port %d", ms_port); + ms_host->intercept = packet_filter; + bool running = true; enet_uint8 msgid = 0; ENetEvent event; while (running) { - while (enet_host_service(ms_host, &event, 5000) > 0) { - if (!event.peer) { - continue; // can this even happen? - } else if (ban_check(event.peer->address.host)) { - enet_peer_reset(event.peer); - continue; + while (enet_host_service(ms_host, &event, 10) > 0) { + const time_t now = time(NULL); + bool filtered = !event.peer || (ms_spam_cap && spam_filter(event.peer, now)); + if (!filtered && event.peer->data) { + // kick people that have overstayed their welcome + const time_t timeout = (time_t)(intptr_t)event.peer->data; + if (timeout < now) filtered = true; } - if (event.type != ENET_EVENT_TYPE_DISCONNECT) - if (spam_filter(event.peer)) - continue; + if (!filtered) { + switch (event.type) { + case ENET_EVENT_TYPE_CONNECT: + u_log(LOG_NOTE, "%s:%d connected", u_iptostr(event.peer->address.host), event.peer->address.port); + if (event.peer->channelCount != NET_CH_COUNT) + ban_peer(event.peer, "what is this"); + else // store timeout in the data field + event.peer->data = (void *)(intptr_t)(now + ms_cl_timeout); + break; - switch (event.type) { - case ENET_EVENT_TYPE_CONNECT: - u_log(LOG_NOTE, "%s:%d connected", u_iptostr(event.peer->address.host), event.peer->address.port); - break; + case ENET_EVENT_TYPE_RECEIVE: + if (!event.packet || event.packet->dataLength == 0) { + ban_peer(event.peer, "empty packet"); + break; + } + // set up receive buffer + buf_recv.pos = 0; + buf_recv.overflow = 0; + buf_recv.data = event.packet->data; + buf_recv.size = event.packet->dataLength; + // read message id and handle the message + msgid = b_read_uint8(&buf_recv); + if (!handle_msg(msgid, event.peer)) { + // cheeky cunt sending invalid messages + ban_peer(event.peer, "unknown message"); + } + break; - case ENET_EVENT_TYPE_RECEIVE: - if (!event.packet || event.packet->dataLength == 0) { - ban_peer(event.peer, "empty packet"); + case ENET_EVENT_TYPE_DISCONNECT: + event.peer->data = NULL; break; - } - // set up receive buffer - buf_recv.pos = 0; - buf_recv.overflow = 0; - buf_recv.data = event.packet->data; - buf_recv.size = event.packet->dataLength; - // read message id and handle the message - msgid = b_read_uint8(&buf_recv); - if (!handle_msg(msgid, event.peer)) { - // cheeky cunt sending invalid messages - ban_peer(event.peer, "unknown message"); - } - break; - default: - break; + default: + break; + } + } else if (event.peer) { + // u_log(LOG_WARN, "filtered event %d from %s", event.type, u_iptostr(event.peer->address.host)); + event.peer->data = NULL; + enet_peer_reset(event.peer); + } + + if (event.packet) { + buf_recv.data = NULL; + enet_packet_destroy(event.packet); } }