diff options
Diffstat (limited to 'src/server/net/discoverylistener.cpp')
-rw-r--r-- | src/server/net/discoverylistener.cpp | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp index 76c0f52..9586a71 100644 --- a/src/server/net/discoverylistener.cpp +++ b/src/server/net/discoverylistener.cpp @@ -29,23 +29,20 @@ /** * @brief DiscoveryListener::DiscoveryListener */ -DiscoveryListener::DiscoveryListener() : - _socket(this), _counterResetPos(0) +DiscoveryListener::DiscoveryListener(QObject *parent) + : QObject(parent), _socket(this) { - if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT)) + if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT)) { qFatal("Could not bind to service discovery port %d", int(SERVICE_DISCOVERY_PORT)); - connect(&_socket, SIGNAL(readyRead()), this, SLOT(onReadyRead())); - for (int i = 0; i < SD_PACKET_TABLE_SIZE; ++i) - _packetCounter[i] = 0; + } + connect(&_socket, &QUdpSocket::readyRead, this, &DiscoveryListener::onReadyRead); startTimer((SPAM_MODERATE_AT_ONCE * SPAM_MODERATE_INTERVAL) / SD_PACKET_TABLE_SIZE + 1); } /** * @brief DiscoveryListener::~DiscoveryListener */ -DiscoveryListener::~DiscoveryListener() -{ -} +DiscoveryListener::~DiscoveryListener() = default; /** * @brief hash @@ -57,8 +54,8 @@ static quint16 hash(const QHostAddress& host) static quint16 seed1 = 0, seed2 = 0; while (seed1 == 0) { // Make sure the algorithm uses different seeds each time the program is // run to prevent hash collision attacks - seed1 = quint16(qrand() & 0xffff); - seed2 = quint16(qrand() & 0xffff); + seed1 = quint16(slxrand() & 0xffff); + seed2 = quint16(slxrand() & 0xffff); } quint8 data[16], len; if (host.protocol() == QAbstractSocket::IPv4Protocol) { @@ -79,8 +76,8 @@ static quint16 hash(const QHostAddress& host) } else { // Durr? len = 2; - data[0] = quint8(qrand()); - data[1] = quint8(qrand()); + data[0] = quint8(slxrand()); + data[1] = quint8(slxrand()); } quint16 result = 0; quint16 mod = seed1; @@ -131,15 +128,17 @@ void DiscoveryListener::onReadyRead() continue; const quint16 bucket = hash(addr) % SD_PACKET_TABLE_SIZE; if (_packetCounter[bucket] > SPAM_CUTOFF) { - qDebug() << "SD: Potential (D)DoS from " << _socket.peerAddress().toString(); + qDebug() << "SD: Potential (D)DoS from " << addr.toString(); // emit some signal and pop up a big warning that someone is flooding/ddosing the PVS SD // ... on the other hand, will the user understand? ;) continue; } ++_packetCounter[bucket]; _packet.reset(); - if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) + if (_packet.readMessage(data, quint32(size)) != NM_READ_OK) { + qDebug() << "Corrupted service discovery message from" << addr.toString(); continue; + } // Valid packet, process it: const QByteArray iplist(_packet.getFieldBytes(_IPLIST)); const QByteArray hash(_packet.getFieldBytes(_HASH)); @@ -149,12 +148,16 @@ void DiscoveryListener::onReadyRead() if (salt1.size() < 16 || salt2.size() < 16) continue; // To make this more secure, you could remember the last X salts used, and ignore new packets using the same // Check if the source IP of the packet matches any of the addresses given in the IP list - if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) + if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString())) { + qDebug() << "SD: Client" << addr.toString() << "did not supply IP in list:" << iplist; continue; + } // If so, check if the submitted hash seems valid if (genSha1(&serverApp->sessionNameArray(), &salt1, &iplist) != hash && !(serverApp->getCurrentRoom()->clientPositions.contains(addr.toString()))) { // did not match local session name and client is not in same room. + qDebug() << "SD: Mismatch, neither session name match, nor client for current room" << serverApp->getCurrentRoom()->tutorIP; + qDebug() << "SD: Allowed clients from room:" << serverApp->getCurrentRoom()->clientPositions.keys(); continue; } @@ -162,7 +165,7 @@ void DiscoveryListener::onReadyRead() QByteArray myiplist(Network::interfaceAddressesToString().toUtf8()); QSslKey key; QSslCertificate cert; - if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (!CertManager::getPrivateKeyAndCert("manager2", key, cert)) { if (++certFails > 5) { CertManager::fatal(); } |