diff options
-rw-r--r-- | src/client/net/serverdiscovery.cpp | 10 | ||||
-rw-r--r-- | src/server/net/discoverylistener.cpp | 14 | ||||
-rw-r--r-- | src/server/serverapp/serverapp.cpp | 2 |
3 files changed, 19 insertions, 7 deletions
diff --git a/src/client/net/serverdiscovery.cpp b/src/client/net/serverdiscovery.cpp index efae165..5076a8b 100644 --- a/src/client/net/serverdiscovery.cpp +++ b/src/client/net/serverdiscovery.cpp @@ -106,7 +106,7 @@ void ServerDiscovery::doDiscovery() // Check if specifig manager IP is given. If not broadcast in whole network. if (_mgrIP != QHostAddress::Null) { - qDebug() << "Broadcasting to " << _mgrIP.toString(); + qDebug() << "Sending discovery to " << _mgrIP.toString(); if (!_packet.writeMessage(&_discoverySocket, _mgrIP, SERVICE_DISCOVERY_PORT)) qDebug("Failed"); } else { @@ -151,8 +151,10 @@ void ServerDiscovery::onUdpReadyRead() continue; _packet.reset(); - if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) + if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) { + qDebug() << "Corrupt discovery reply from" << addr.toString(); continue; + } // Valid packet, process it: const QByteArray hash(_packet.getFieldBytes(_HASH)); @@ -162,6 +164,7 @@ void ServerDiscovery::onUdpReadyRead() // Check if the source IP of the packet matches any of the addresses given in the IP list if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) { + qDebug() << "Received bogus discovery reply from" << addr.toString() << "... Not in" << iplist; ++_ipErrorCount; emit error(ErrorType::InvalidIpList, _hashErrorCount); continue; @@ -170,6 +173,7 @@ void ServerDiscovery::onUdpReadyRead() // If so, check if the submitted hash seems valid if (genSha1(&_nameBytes, &_salt2, &iplist, &port, &cert) != hash && _mgrIP != addr) { // did not match local session name, or other data was spoofed + qDebug() << "Received bogus session name in discovery reply from" << addr.toString(); ++_hashErrorCount; emit error(ErrorType::InvalidHash, _ipErrorCount); continue; @@ -184,6 +188,8 @@ void ServerDiscovery::onUdpReadyRead() const ushort iport = QString::fromUtf8(port).toUShort(&ok); if (ok) { emit serverDetected(addr.toString(), quint16(iport), _nameBytes, cert, (_mgrIP == addr)); + } else { + qDebug() << "... but server advertises unparsable port" << port; } // Stop the discovery diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp index d644259..9586a71 100644 --- a/src/server/net/discoverylistener.cpp +++ b/src/server/net/discoverylistener.cpp @@ -30,7 +30,7 @@ * @brief DiscoveryListener::DiscoveryListener */ DiscoveryListener::DiscoveryListener(QObject *parent) - : _socket(this) + : QObject(parent), _socket(this) { if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT)) { qFatal("Could not bind to service discovery port %d", int(SERVICE_DISCOVERY_PORT)); @@ -128,15 +128,17 @@ void DiscoveryListener::onReadyRead() continue; const quint16 bucket = hash(addr) % SD_PACKET_TABLE_SIZE; if (_packetCounter[bucket] > SPAM_CUTOFF) { - qDebug() << "SD: Potential (D)DoS from " << _socket.peerAddress().toString(); + qDebug() << "SD: Potential (D)DoS from " << addr.toString(); // emit some signal and pop up a big warning that someone is flooding/ddosing the PVS SD // ... on the other hand, will the user understand? ;) continue; } ++_packetCounter[bucket]; _packet.reset(); - if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) + if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) { + qDebug() << "Corrupted service discovery message from" << addr.toString(); continue; + } // Valid packet, process it: const QByteArray iplist(_packet.getFieldBytes(_IPLIST)); const QByteArray hash(_packet.getFieldBytes(_HASH)); @@ -146,12 +148,16 @@ void DiscoveryListener::onReadyRead() if (salt1.size() < 16 || salt2.size() < 16) continue; // To make this more secure, you could remember the last X salts used, and ignore new packets using the same // Check if the source IP of the packet matches any of the addresses given in the IP list - if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) + if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) { + qDebug() << "SD: Client" << addr.toString() << "did not supply IP in list:" << iplist; continue; + } // If so, check if the submitted hash seems valid if (genSha1(&serverApp->sessionNameArray(), &salt1, &iplist) != hash && !(serverApp->getCurrentRoom()->clientPositions.contains(addr.toString()))) { // did not match local session name and client is not in same room. + qDebug() << "SD: Mismatch, neither session name match, nor client for current room" << serverApp->getCurrentRoom()->tutorIP; + qDebug() << "SD: Allowed clients from room:" << serverApp->getCurrentRoom()->clientPositions.keys(); continue; } diff --git a/src/server/serverapp/serverapp.cpp b/src/server/serverapp/serverapp.cpp index 900d3a4..c91ed15 100644 --- a/src/server/serverapp/serverapp.cpp +++ b/src/server/serverapp/serverapp.cpp @@ -145,7 +145,7 @@ const Room* ServerApp::getCurrentRoom() const static Room* defaultRoom = nullptr; if (defaultRoom == nullptr) { defaultRoom = new Room(QMap<QString, - QPoint>(), QSize(8, 6), QSize(1, 1), "", ""); + QPoint>(), QSize(8, 6), QSize(1, 1), "", "<none>"); } return defaultRoom; } |