path: root/src/server/net/discoverylistener.cpp

/*
 * discoverylistener.cpp
 *
 *  Created on: 25.01.2013
 *      Author: sr
 */

#include "discoverylistener.h"
#include "certmanager.h"
#include "../serverapp/serverapp.h"
#include "../../shared/settings.h"
#include "../../shared/network.h"
#include "../../shared/util.h"
#include <QCryptographicHash>
#include <QSslCertificate>
#include <QSslKey>

#define UDPBUFSIZ 9000
#define SPAM_CUTOFF 50
#define SPAM_MODERATE_INTERVAL 6787
#define SPAM_MODERATE_AT_ONCE 100

// static objects


// +++ static ++++ hash ip address +++


/***************************************************************************//**
 * @brief DiscoveryListener::DiscoveryListener
 */
DiscoveryListener::DiscoveryListener() :
	_socket(this), _counterResetPos(0)
{
	if (!_socket.bind(QHostAddress::AnyIPv4, SERVICE_DISCOVERY_PORT))
		qFatal("Could not bind to service discovery port %d", int(SERVICE_DISCOVERY_PORT));
	connect(&_socket, SIGNAL(readyRead()), this, SLOT(onReadyRead()));
	for (int i = 0; i < SD_PACKET_TABLE_SIZE; ++i)
		_packetCounter[i] = 0;
	startTimer((SPAM_MODERATE_AT_ONCE * SPAM_MODERATE_INTERVAL) / SD_PACKET_TABLE_SIZE + 1);
}

/***************************************************************************//**
 * @brief DiscoveryListener::~DiscoveryListener
 */
DiscoveryListener::~DiscoveryListener()
{
}

/***************************************************************************//**
 * @brief hash
 * @param host
 * @return
 */
static quint16 hash(const QHostAddress& host)
{
	static quint16 seed1 = 0, seed2 = 0;
	while (seed1 == 0) { // Make sure the algorithm uses different seeds each time the program is
		// run to prevent hash collision attacks
		seed1 = quint16(qrand() & 0xffff);
		seed2 = quint16(qrand() & 0xffff);
	}
	quint8 data[16], len;
	if (host.protocol() == QAbstractSocket::IPv4Protocol) {
		// IPv4
		quint32 addr = host.toIPv4Address();
		len = 4;
		memcpy(data, &addr, len);
	} else if (host.protocol() == QAbstractSocket::IPv6Protocol) {
		// IPv6
		len = 16;
		// Fast version (might break with future qt versions)
		memcpy(data, host.toIPv6Address().c, len);
		/* // --- Safe version (but better try to figure out a new fast way if above stops working ;))
		 Q_IPV6ADDR addr = host.toIPv6Address();
		 for (int i = 0; i < len; ++i)
		 data[i] = addr[i];
		 */
	} else {
		// Durr?
		len = 2;
		data[0] = quint8(qrand());
		data[1] = quint8(qrand());
	}
	quint16 result = 0;
	quint16 mod = seed1;
	for (quint8 i = 0; i < len; ++i) {
		result = quint16(((result << 1) + data[i]) ^ mod); // because of the shift this algo is not suitable for len(input) > 8
		mod = quint16(mod + seed2 + data[i]);
	}
	return result;
}

/*
 * Overrides
 */

/***************************************************************************//**
 * @brief Decrease packet counters per source IP in our "spam protection" table.
 * @param event
 */
void DiscoveryListener::timerEvent(QTimerEvent* /* event */ )
{
	for (int i = 0; i < SPAM_MODERATE_AT_ONCE; ++i) {
		if (++_counterResetPos >= SD_PACKET_TABLE_SIZE)
			_counterResetPos = 0;
		if (_packetCounter[_counterResetPos] > 10) {
			_packetCounter[_counterResetPos] = quint8(_packetCounter[_counterResetPos] - 10);
		} else if (_packetCounter[_counterResetPos] != 0) {
			_packetCounter[_counterResetPos] = 0;
		}
	}
}

/*
 * Slots
 */

/***************************************************************************//**
 * @brief Incoming UDP packet on service discovery port - handle.
 */
void DiscoveryListener::onReadyRead()
{
	static int certFails = 0;
	char data[UDPBUFSIZ];
	QHostAddress addr;
	quint16 port;
	while (_socket.hasPendingDatagrams()) {
		const qint64 size = _socket.readDatagram(data, UDPBUFSIZ, &addr, &port);
		if (size <= 0)
			continue;
		const quint16 bucket = hash(addr) % SD_PACKET_TABLE_SIZE;
		if (_packetCounter[bucket] > SPAM_CUTOFF) {
			qDebug() << "SD: Potential (D)DoS from " << _socket.peerAddress().toString();
			// emit some signal and pop up a big warning that someone is flooding/ddosing the PVS SD
			// ... on the other hand, will the user understand? ;)
			continue;
		}
		++_packetCounter[bucket];
		_packet.reset();
		if (_packet.readMessage(data, quint32(size)) != NM_READ_OK)
			continue;
		// Valid packet, process it:
		const QByteArray iplist(_packet.getFieldBytes(_IPLIST));
		const QByteArray hash(_packet.getFieldBytes(_HASH));
		const QByteArray salt1(_packet.getFieldBytes(_SALT1));
		const QByteArray salt2(_packet.getFieldBytes(_SALT2));
		// For security, the salt has to be at least 16 bytes long
		if (salt1.size() < 16 || salt2.size() < 16)
			continue; // To make this more secure, you could remember the last X salts used, and ignore new packets using the same
		// Check if the source IP of the packet matches any of the addresses given in the IP list
		if (!Network::isAddressInList(QString::fromUtf8(iplist), addr.toString()))
			continue;
		// If so, check if the submitted hash seems valid
		if (genSha1(&serverApp->sessionNameArray(), &salt1, &iplist) != hash &&
		        !(serverApp->getCurrentRoom()->clientPositions.contains(addr.toString()))) {
			// did not match local session name and client is not in same room.
			continue;
		}

		qDebug("Got matching discovery request...");
		QByteArray myiplist(Network::interfaceAddressesToString().toUtf8());
		QSslKey key;
		QSslCertificate cert;
		if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) {
			if (++certFails > 5) {
				CertManager::fatal();
			}
			continue;
		}
		QByteArray certhash(cert.digest(QCryptographicHash::Sha1));
		// Reply to client
		_packet.reset();
		_packet.setField(_HASH, genSha1(&serverApp->sessionNameArray(), &salt2, &myiplist, &CLIENT_PORT_ARRAY, &certhash));
		_packet.setField(_IPLIST, myiplist);
		_packet.setField(_PORT, CLIENT_PORT_ARRAY);
		_packet.setField(_CERT, certhash);
		_packet.writeMessage(&_socket, addr, port);
	}
}