Please sign in to comment.
Add a backward compatible handshake
This work is basically on eeeee's handshake developed for DDRace. It works by realizing that the client will send back tick numbers sent in snapshots. The client puts these into a field named "last acked snapshot", aka the last snapshot the client saw (used for delta compression). This can be abused for a challenge-response handshake. For legacy clients (detected by a short `CTRLMSG_CONNECT` message), the idea is, upon reception of the `CTRLMSG_CONNECT` packet, to send a `CTRLMSG_CONNECTACCEPT` to fake accepting the connection, then send a packet containing all of the following: the rest of the initial connection build up (`MAP_CHANGE` to the standard dm1 map, `CON_READY`) and three empty snapshots (`SNAPEMPTY`) with the desired challenge. Due to client-side constraints, the token must be between 2 and `MAX_INT`. This lowers the security by roughly one bit to around 31 bits. If the `CTRLMSG_CONNECTACCEPT` message gets through to the client, but the other packet does not, the client is stuck. It won't receive any more packets from the server. If the client does not have the standard dm1 map, it will crash, since it accepts the `CON_READY` message from the server despite not having any map data. No data is saved until this point. When one receives an `INPUT` packet by a previously unknown client, the server checks whether it contains a correct token, and if it does, accept the new client. The client has received two vital messages from the server so far, so it expects the next sequence number to be 3. The client has sent an unknown amount of vital messages (might be a custom client) so we don't know what ack numbers it wants to see. We just treat the first vital chunk we receive as the new ack number. If we miss a packet due to that, the handshake will be broken and the client will be stuck. We send a `MAP_CHANGE` to the current map of the server and continue normally. Due to the large difference between packet sizes sent by the client to packets sent by the server, this legacy handshake is prone to reflection attacks due to IP spoofing. Rate limiting should be added.
- Loading branch information...
Showing with 267 additions and 25 deletions.
- +1 −0 CMakeLists.txt
- +7 −2 src/engine/server/server.cpp
- +1 −1 src/engine/server/server.h
- +1 −1 src/engine/shared/config_variables.h
- +8 −2 src/engine/shared/network.cpp
- +19 −3 src/engine/shared/network.h
- +2 −0 src/engine/shared/network_client.cpp
- +26 −0 src/engine/shared/network_conn.cpp
- +1 −1 src/engine/shared/network_console.cpp
- +112 −15 src/engine/shared/network_server.cpp
- +89 −0 src/engine/shared/network_server_hack.cpp
Oops, something went wrong.