From 4cd1ed218147905532d3c43c524db716420367fc Mon Sep 17 00:00:00 2001 From: Takenbacon Date: Thu, 20 Feb 2025 22:17:34 -0800 Subject: [PATCH] refactor(Core/Server): Improvements to antidos opcode handling (#21502) --- .../rev_1739897580268046640.sql | 111 ++++ .../apps/worldserver/worldserver.conf.dist | 11 - src/server/game/Globals/WorldGlobals.cpp | 76 +++ src/server/game/Globals/WorldGlobals.h | 44 ++ src/server/game/Server/WorldSession.cpp | 551 +++++------------- src/server/game/Server/WorldSession.h | 23 +- src/server/game/World/IWorld.h | 1 - src/server/game/World/World.cpp | 5 +- src/server/scripts/Commands/cs_reload.cpp | 10 + 9 files changed, 413 insertions(+), 419 deletions(-) create mode 100644 data/sql/updates/pending_db_world/rev_1739897580268046640.sql create mode 100644 src/server/game/Globals/WorldGlobals.cpp create mode 100644 src/server/game/Globals/WorldGlobals.h diff --git a/data/sql/updates/pending_db_world/rev_1739897580268046640.sql b/data/sql/updates/pending_db_world/rev_1739897580268046640.sql new file mode 100644 index 000000000..edccc5777 --- /dev/null +++ b/data/sql/updates/pending_db_world/rev_1739897580268046640.sql @@ -0,0 +1,111 @@ +DROP TABLE IF EXISTS `antidos_opcode_policies`; +CREATE TABLE `antidos_opcode_policies` ( + `Opcode` smallint unsigned NOT NULL, + `Policy` tinyint unsigned NOT NULL, + `MaxAllowedCount` smallint unsigned NOT NULL, + PRIMARY KEY (`Opcode`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +INSERT INTO `antidos_opcode_policies` (`Opcode`, `Policy`, `MaxAllowedCount`) VALUES + (393, 1, 200), + (404, 1, 200), + (398, 1, 200), + (102, 1, 200), + (1217, 1, 200), + (643, 1, 200), + (642, 1, 200), + (98, 1, 200), + (1192, 1, 200), + (1218, 1, 200), + (238, 1, 200), + (564, 1, 50), + (565, 1, 50), + (107, 1, 50), + (1065, 1, 50), + (999, 1, 50), + (1131, 1, 50), + (1153, 1, 50), + (177, 1, 50), + (450, 1, 50), + (483, 1, 25), + (1282, 1, 20), + (1016, 1, 20), + (1162, 1, 20), + (1133, 1, 20), + (448, 1, 10), + (452, 1, 10), + (638, 1, 10), + (454, 1, 10), + (1272, 1, 10), + (1139, 1, 10), + (1241, 1, 10), + (56, 1, 10), + (106, 1, 10), + (105, 1, 10), + (711, 1, 10), + (810, 1, 10), + (458, 1, 10), + (120, 1, 10), + (654, 1, 10), + (655, 1, 10), + (445, 1, 10), + (1179, 1, 10), + (1143, 1, 10), + (1144, 1, 10), + (1145, 1, 10), + (1142, 1, 10), + (1193, 1, 10), + (1204, 1, 10), + (839, 1, 10), + (467, 1, 10), + (996, 1, 10), + (600, 4, 5), + (612, 4, 5), + (601, 4, 5), + (54, 1, 3), + (55, 1, 3), + (517, 1, 3), + (519, 1, 3), + (535, 1, 3), + (1264, 1, 3), + (1069, 1, 3), + (1070, 1, 3), + (1071, 1, 3), + (1072, 1, 3), + (1073, 1, 3), + (1210, 1, 3), + (1074, 1, 3), + (1075, 1, 3), + (1077, 1, 3), + (847, 1, 3), + (849, 1, 3), + (850, 1, 3), + (851, 1, 3), + (853, 1, 3), + (852, 1, 3), + (854, 1, 3), + (122, 1, 3), + (130, 1, 3), + (132, 1, 3), + (133, 1, 3), + (141, 1, 3), + (143, 1, 3), + (144, 1, 3), + (145, 1, 3), + (561, 1, 3), + (562, 1, 3), + (563, 1, 3), + (764, 1, 3), + (1004, 1, 3), + (1005, 1, 3), + (1002, 1, 3), + (1003, 1, 3), + (1035, 1, 3), + (497, 1, 3), + (705, 1, 3), + (682, 1, 3), + (809, 1, 3), + (1259, 1, 3), + (910, 1, 3), + (802, 1, 3), + (1203, 1, 150); diff --git a/src/server/apps/worldserver/worldserver.conf.dist b/src/server/apps/worldserver/worldserver.conf.dist index d0597bfc2..484c4736e 100644 --- a/src/server/apps/worldserver/worldserver.conf.dist +++ b/src/server/apps/worldserver/worldserver.conf.dist @@ -1118,17 +1118,6 @@ PreventAFKLogout = 0 ################################################################################################### # PACKET SPOOF PROTECTION SETTINGS -# -# These settings determine which action to take when harmful packet spoofing is detected. -# -# PacketSpoof.Policy -# Description: Determines the course of action when packet spoofing is detected. -# Values: 0 - Log only -# 1 - Log + kick -# 2 - Log + kick + ban - -PacketSpoof.Policy = 1 - # # PacketSpoof.BanMode # Description: If PacketSpoof.Policy equals 2, this will determine the ban mode. diff --git a/src/server/game/Globals/WorldGlobals.cpp b/src/server/game/Globals/WorldGlobals.cpp new file mode 100644 index 000000000..fcfb3369e --- /dev/null +++ b/src/server/game/Globals/WorldGlobals.cpp @@ -0,0 +1,76 @@ +/* + * This file is part of the AzerothCore Project. See AUTHORS file for Copyright information + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Affero General Public License as published by the + * Free Software Foundation; either version 3 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ + +#include "DatabaseEnv.h" +#include "Log.h" +#include "QueryResult.h" +#include "Timer.h" +#include "WorldGlobals.h" + +WorldGlobals* WorldGlobals::instance() +{ + static WorldGlobals instance; + return &instance; +} + +void WorldGlobals::LoadAntiDosOpcodePolicies() +{ + uint32 oldMSTime = getMSTime(); + + _antiDosOpcodePolicies = {}; + + QueryResult result = WorldDatabase.Query("SELECT Opcode, Policy, MaxAllowedCount FROM antidos_opcode_policies"); + if (!result) + { + LOG_WARN("server.loading", ">> Loaded 0 AntiDos Opcode Policies. DB table `antidos_opcode_policies` is empty!"); + LOG_INFO("server.loading", " "); + return; + } + + uint32 count = 0; + + do + { + Field* fields = result->Fetch(); + + uint16 opcode = fields[0].Get(); + if (opcode >= NUM_OPCODE_HANDLERS) + { + LOG_ERROR("server.loading", "Unkown opcode {} in table `antidos_opcode_policies`, skipping.", opcode); + continue; + } + + std::unique_ptr policy = std::make_unique(); + policy->Policy = fields[1].Get(); + policy->MaxAllowedCount = fields[2].Get(); + + _antiDosOpcodePolicies[opcode] = std::move(policy); + + ++count; + } while (result->NextRow()); + + LOG_INFO("server.loading", ">> Loaded {} AntiDos Opcode Policies in {} ms", count, GetMSTimeDiffToNow(oldMSTime)); + LOG_INFO("server.loading", " "); +} + +AntiDosOpcodePolicy const* WorldGlobals::GetAntiDosPolicyForOpcode(uint16 opcode) +{ + if (opcode >= NUM_OPCODE_HANDLERS) + return nullptr; + + return _antiDosOpcodePolicies[opcode].get(); +} diff --git a/src/server/game/Globals/WorldGlobals.h b/src/server/game/Globals/WorldGlobals.h new file mode 100644 index 000000000..e8695d02b --- /dev/null +++ b/src/server/game/Globals/WorldGlobals.h @@ -0,0 +1,44 @@ +/* + * This file is part of the AzerothCore Project. See AUTHORS file for Copyright information + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Affero General Public License as published by the + * Free Software Foundation; either version 3 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ + +#ifndef __WORLDGLOBALS_H +#define __WORLDGLOBALS_H + +#include "Common.h" +#include "Opcodes.h" + +struct AntiDosOpcodePolicy +{ + uint8 Policy; + uint16 MaxAllowedCount; +}; + +class WorldGlobals +{ +public: + static WorldGlobals* instance(); + + void LoadAntiDosOpcodePolicies(); + AntiDosOpcodePolicy const* GetAntiDosPolicyForOpcode(uint16 opcode); + +private: + std::array, NUM_OPCODE_HANDLERS> _antiDosOpcodePolicies; +}; + +#define sWorldGlobals WorldGlobals::instance() + +#endif diff --git a/src/server/game/Server/WorldSession.cpp b/src/server/game/Server/WorldSession.cpp index 4d193306c..4a414d23d 100644 --- a/src/server/game/Server/WorldSession.cpp +++ b/src/server/game/Server/WorldSession.cpp @@ -49,6 +49,7 @@ #include "Vehicle.h" #include "WardenWin.h" #include "World.h" +#include "WorldGlobals.h" #include "WorldPacket.h" #include "WorldSocket.h" #include "WorldState.h" @@ -330,138 +331,138 @@ bool WorldSession::Update(uint32 diff, PacketFilter& updater) METRIC_DETAILED_TIMER("worldsession_update_opcode_time", METRIC_TAG("opcode", opHandle->Name)); LOG_DEBUG("network", "message id {} ({}) under READ", opcode, opHandle->Name); - try + WorldSession::DosProtection::Policy const evaluationPolicy = AntiDOS.EvaluateOpcode(*packet, currentTime); + switch (evaluationPolicy) { - switch (opHandle->Status) - { - case STATUS_LOGGEDIN: - if (!_player) - { - // skip STATUS_LOGGEDIN opcode unexpected errors if player logout sometime ago - this can be network lag delayed packets - //! If player didn't log out a while ago, it means packets are being sent while the server does not recognize - //! the client to be in world yet. We will re-add the packets to the bottom of the queue and process them later. - if (!m_playerRecentlyLogout) - { - requeuePackets.push_back(packet); - deletePacket = false; + case WorldSession::DosProtection::Policy::Kick: + case WorldSession::DosProtection::Policy::Ban: + processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; + break; + case WorldSession::DosProtection::Policy::BlockingThrottle: + requeuePackets.push_back(packet); + deletePacket = false; + processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; + break; + default: + break; + } - LOG_DEBUG("network", "Delaying processing of message with status STATUS_LOGGEDIN: No players in the world for account id {}", GetAccountId()); - } - } - else if (_player->IsInWorld()) + if (evaluationPolicy == WorldSession::DosProtection::Policy::Process + || evaluationPolicy == WorldSession::DosProtection::Policy::Log) + { + try + { + switch (opHandle->Status) { - if (AntiDOS.EvaluateOpcode(*packet, currentTime)) + case STATUS_LOGGEDIN: + if (!_player) + { + // skip STATUS_LOGGEDIN opcode unexpected errors if player logout sometime ago - this can be network lag delayed packets + //! If player didn't log out a while ago, it means packets are being sent while the server does not recognize + //! the client to be in world yet. We will re-add the packets to the bottom of the queue and process them later. + if (!m_playerRecentlyLogout) + { + requeuePackets.push_back(packet); + deletePacket = false; + + LOG_DEBUG("network", "Delaying processing of message with status STATUS_LOGGEDIN: No players in the world for account id {}", GetAccountId()); + } + } + else if (_player->IsInWorld()) { if (!sScriptMgr->CanPacketReceive(this, *packet)) - { break; - } opHandle->Call(this, *packet); LogUnprocessedTail(packet); } - else - processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; // break out of packet processing loop - } - // lag can cause STATUS_LOGGEDIN opcodes to arrive after the player started a transfer - break; - case STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT: - if (!_player && !m_playerRecentlyLogout) // There's a short delay between _player = null and m_playerRecentlyLogout = true during logout - { - LogUnexpectedOpcode(packet, "STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT", - "the player has not logged in yet and not recently logout"); - } - else if (AntiDOS.EvaluateOpcode(*packet, currentTime)) - { - // not expected _player or must checked in packet hanlder - if (!sScriptMgr->CanPacketReceive(this, *packet)) - break; - - opHandle->Call(this, *packet); - LogUnprocessedTail(packet); - } - else - processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; // break out of packet processing loop - break; - case STATUS_TRANSFER: - if (_player && !_player->IsInWorld() && AntiDOS.EvaluateOpcode(*packet, currentTime)) - { - if (!sScriptMgr->CanPacketReceive(this, *packet)) - { - break; - } - - opHandle->Call(this, *packet); - LogUnprocessedTail(packet); - } - else - processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; // break out of packet processing loop - break; - case STATUS_AUTHED: - if (m_inQueue) // prevent cheating + // lag can cause STATUS_LOGGEDIN opcodes to arrive after the player started a transfer break; - - // some auth opcodes can be recieved before STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT opcodes - // however when we recieve CMSG_CHAR_ENUM we are surely no longer during the logout process. - if (packet->GetOpcode() == CMSG_CHAR_ENUM) - m_playerRecentlyLogout = false; - - if (AntiDOS.EvaluateOpcode(*packet, currentTime)) - { - if (!sScriptMgr->CanPacketReceive(this, *packet)) + case STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT: + if (!_player && !m_playerRecentlyLogout) // There's a short delay between _player = null and m_playerRecentlyLogout = true during logout { - break; + LogUnexpectedOpcode(packet, "STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT", + "the player has not logged in yet and not recently logout"); } + else + { + // not expected _player or must checked in packet hanlder + if (!sScriptMgr->CanPacketReceive(this, *packet)) + break; + + opHandle->Call(this, *packet); + LogUnprocessedTail(packet); + } + break; + case STATUS_TRANSFER: + if (_player && !_player->IsInWorld()) + { + if (!sScriptMgr->CanPacketReceive(this, *packet)) + break; + + opHandle->Call(this, *packet); + LogUnprocessedTail(packet); + } + break; + case STATUS_AUTHED: + if (m_inQueue) // prevent cheating + break; + + // some auth opcodes can be recieved before STATUS_LOGGEDIN_OR_RECENTLY_LOGGOUT opcodes + // however when we recieve CMSG_CHAR_ENUM we are surely no longer during the logout process. + if (packet->GetOpcode() == CMSG_CHAR_ENUM) + m_playerRecentlyLogout = false; + + if (!sScriptMgr->CanPacketReceive(this, *packet)) + break; opHandle->Call(this, *packet); LogUnprocessedTail(packet); + break; + case STATUS_NEVER: + LOG_ERROR("network.opcode", "Received not allowed opcode {} from {}", + GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); + break; + case STATUS_UNHANDLED: + LOG_DEBUG("network.opcode", "Received not handled opcode {} from {}", + GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); + break; } - else - processedPackets = MAX_PROCESSED_PACKETS_IN_SAME_WORLDSESSION_UPDATE; // break out of packet processing loop - break; - case STATUS_NEVER: - LOG_ERROR("network.opcode", "Received not allowed opcode {} from {}", - GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); - break; - case STATUS_UNHANDLED: - LOG_DEBUG("network.opcode", "Received not handled opcode {} from {}", - GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); - break; } - } - catch (WorldPackets::InvalidHyperlinkException const& ihe) - { - LOG_ERROR("network", "{} sent {} with an invalid link:\n{}", GetPlayerInfo(), - GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), ihe.GetInvalidValue()); + catch (WorldPackets::InvalidHyperlinkException const& ihe) + { + LOG_ERROR("network", "{} sent {} with an invalid link:\n{}", GetPlayerInfo(), + GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), ihe.GetInvalidValue()); - if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK)) - { - KickPlayer("WorldSession::Update Invalid chat link"); + if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK)) + { + KickPlayer("WorldSession::Update Invalid chat link"); + } } - } - catch (WorldPackets::IllegalHyperlinkException const& ihe) - { - LOG_ERROR("network", "{} sent {} which illegally contained a hyperlink:\n{}", GetPlayerInfo(), - GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), ihe.GetInvalidValue()); + catch (WorldPackets::IllegalHyperlinkException const& ihe) + { + LOG_ERROR("network", "{} sent {} which illegally contained a hyperlink:\n{}", GetPlayerInfo(), + GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), ihe.GetInvalidValue()); - if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK)) - { - KickPlayer("WorldSession::Update Illegal chat link"); + if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK)) + { + KickPlayer("WorldSession::Update Illegal chat link"); + } } - } - catch (WorldPackets::PacketArrayMaxCapacityException const& pamce) - { - LOG_ERROR("network", "PacketArrayMaxCapacityException: {} while parsing {} from {}.", - pamce.what(), GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); - } - catch (ByteBufferException const&) - { - LOG_ERROR("network", "WorldSession::Update ByteBufferException occured while parsing a packet (opcode: {}) from client {}, accountid={}. Skipped packet.", packet->GetOpcode(), GetRemoteAddress(), GetAccountId()); - if (sLog->ShouldLog("network", LogLevel::LOG_LEVEL_DEBUG)) + catch (WorldPackets::PacketArrayMaxCapacityException const& pamce) { - LOG_DEBUG("network", "Dumping error causing packet:"); - packet->hexlike(); + LOG_ERROR("network", "PacketArrayMaxCapacityException: {} while parsing {} from {}.", + pamce.what(), GetOpcodeNameForLogging(static_cast(packet->GetOpcode())), GetPlayerInfo()); + } + catch (ByteBufferException const&) + { + LOG_ERROR("network", "WorldSession::Update ByteBufferException occured while parsing a packet (opcode: {}) from client {}, accountid={}. Skipped packet.", packet->GetOpcode(), GetRemoteAddress(), GetAccountId()); + if (sLog->ShouldLog("network", LogLevel::LOG_LEVEL_DEBUG)) + { + LOG_DEBUG("network", "Dumping error causing packet:"); + packet->hexlike(); + } } } @@ -1324,14 +1325,17 @@ Warden* WorldSession::GetWarden() return &(*_warden); } -bool WorldSession::DosProtection::EvaluateOpcode(WorldPacket& p, time_t time) const +WorldSession::DosProtection::Policy WorldSession::DosProtection::EvaluateOpcode(WorldPacket const& p, time_t const time) const { - uint32 maxPacketCounterAllowed = GetMaxPacketCounterAllowed(p.GetOpcode()); + AntiDosOpcodePolicy const* policy = sWorldGlobals->GetAntiDosPolicyForOpcode(p.GetOpcode()); + if (!policy) + return WorldSession::DosProtection::Policy::Process; // Return true if there is no policy for the opcode - // Return true if there no limit for the opcode + uint32 const maxPacketCounterAllowed = policy->MaxAllowedCount; if (!maxPacketCounterAllowed) - return true; + return WorldSession::DosProtection::Policy::Process; // Return true if there no limit for the opcode + // packetCounter is opcodes handled in the same world second, so MaxAllowedCount is per second PacketCounter& packetCounter = _PacketThrottlingMap[p.GetOpcode()]; if (packetCounter.lastReceiveTime != time) { @@ -1341,298 +1345,57 @@ bool WorldSession::DosProtection::EvaluateOpcode(WorldPacket& p, time_t time) co // Check if player is flooding some packets if (++packetCounter.amountCounter <= maxPacketCounterAllowed) - return true; + return WorldSession::DosProtection::Policy::Process; - LOG_WARN("network", "AntiDOS: Account {}, IP: {}, Ping: {}, Character: {}, flooding packet (opc: {} (0x{:X}), count: {})", - Session->GetAccountId(), Session->GetRemoteAddress(), Session->GetLatency(), Session->GetPlayerName(), - opcodeTable[static_cast(p.GetOpcode())]->Name, p.GetOpcode(), packetCounter.amountCounter); - - switch (_policy) + if (WorldSession::DosProtection::Policy(policy->Policy) != WorldSession::DosProtection::Policy::BlockingThrottle) { - case POLICY_LOG: - return true; - case POLICY_KICK: - { - LOG_INFO("network", "AntiDOS: Player {} kicked!", Session->GetPlayerName()); - Session->KickPlayer(); - return false; - } - case POLICY_BAN: - { - uint32 bm = sWorld->getIntConfig(CONFIG_PACKET_SPOOF_BANMODE); - uint32 duration = sWorld->getIntConfig(CONFIG_PACKET_SPOOF_BANDURATION); // in seconds - std::string nameOrIp = ""; - switch (bm) - { - case 0: // Ban account - (void)AccountMgr::GetName(Session->GetAccountId(), nameOrIp); - sBan->BanAccount(nameOrIp, std::to_string(duration), "DOS (Packet Flooding/Spoofing", "Server: AutoDOS"); - break; - case 1: // Ban ip - nameOrIp = Session->GetRemoteAddress(); - sBan->BanIP(nameOrIp, std::to_string(duration), "DOS (Packet Flooding/Spoofing", "Server: AutoDOS"); - break; - } + LOG_WARN("network", "AntiDOS: Account {}, IP: {}, Ping: {}, Character: {}, flooding packet (opc: {} (0x{:X}), count: {})", + Session->GetAccountId(), Session->GetRemoteAddress(), Session->GetLatency(), Session->GetPlayerName(), + opcodeTable[static_cast(p.GetOpcode())]->Name, p.GetOpcode(), packetCounter.amountCounter); + } - LOG_INFO("network", "AntiDOS: Player automatically banned for {} seconds.", duration); - return false; + switch (WorldSession::DosProtection::Policy(policy->Policy)) + { + case WorldSession::DosProtection::Policy::Kick: + { + LOG_INFO("network", "AntiDOS: Player {} kicked!", Session->GetPlayerName()); + Session->KickPlayer(); + break; + } + case WorldSession::DosProtection::Policy::Ban: + { + uint32 bm = sWorld->getIntConfig(CONFIG_PACKET_SPOOF_BANMODE); + uint32 duration = sWorld->getIntConfig(CONFIG_PACKET_SPOOF_BANDURATION); // in seconds + std::string nameOrIp = ""; + switch (bm) + { + case 0: // Ban account + (void)AccountMgr::GetName(Session->GetAccountId(), nameOrIp); + sBan->BanAccount(nameOrIp, std::to_string(duration), "DOS (Packet Flooding/Spoofing", "Server: AutoDOS"); + break; + case 1: // Ban ip + nameOrIp = Session->GetRemoteAddress(); + sBan->BanIP(nameOrIp, std::to_string(duration), "DOS (Packet Flooding/Spoofing", "Server: AutoDOS"); + break; } + + LOG_INFO("network", "AntiDOS: Player automatically banned for {} seconds.", duration); + break; + } + case WorldSession::DosProtection::Policy::DropPacket: + { + LOG_INFO("network", "AntiDOS: Opcode packet {} from player {} will be dropped.", p.GetOpcode(), Session->GetPlayerName()); + break; + } default: // invalid policy - return true; - } -} - -uint32 WorldSession::DosProtection::GetMaxPacketCounterAllowed(uint16 opcode) const -{ - uint32 maxPacketCounterAllowed; - switch (opcode) - { - // CPU usage sending 2000 packets/second on a 3.70 GHz 4 cores on Win x64 - // [% CPU mysqld] [%CPU worldserver RelWithDebInfo] - case CMSG_PLAYER_LOGIN: // 0 0.5 - case CMSG_NAME_QUERY: // 0 1 - case CMSG_PET_NAME_QUERY: // 0 1 - case CMSG_NPC_TEXT_QUERY: // 0 1 - case CMSG_ATTACKSTOP: // 0 1 - case CMSG_QUERY_QUESTS_COMPLETED: // 0 1 - case CMSG_QUERY_TIME: // 0 1 - case CMSG_CORPSE_MAP_POSITION_QUERY: // 0 1 - case CMSG_MOVE_TIME_SKIPPED: // 0 1 - case MSG_QUERY_NEXT_MAIL_TIME: // 0 1 - case CMSG_SET_SHEATHED: // 0 1 - case MSG_RAID_TARGET_UPDATE: // 0 1 - case CMSG_PLAYER_LOGOUT: // 0 1 - case CMSG_LOGOUT_REQUEST: // 0 1 - case CMSG_PET_RENAME: // 0 1 - case CMSG_QUESTGIVER_CANCEL: // 0 1 - case CMSG_QUESTGIVER_REQUEST_REWARD: // 0 1 - case CMSG_COMPLETE_CINEMATIC: // 0 1 - case CMSG_BANKER_ACTIVATE: // 0 1 - case CMSG_BUY_BANK_SLOT: // 0 1 - case CMSG_OPT_OUT_OF_LOOT: // 0 1 - case CMSG_DUEL_ACCEPTED: // 0 1 - case CMSG_DUEL_CANCELLED: // 0 1 - case CMSG_CALENDAR_COMPLAIN: // 0 1 - case CMSG_QUEST_QUERY: // 0 1.5 - case CMSG_ITEM_QUERY_SINGLE: // 0 1.5 - case CMSG_ITEM_NAME_QUERY: // 0 1.5 - case CMSG_GAMEOBJECT_QUERY: // 0 1.5 - case CMSG_CREATURE_QUERY: // 0 1.5 - case CMSG_QUESTGIVER_STATUS_QUERY: // 0 1.5 - case CMSG_GUILD_QUERY: // 0 1.5 - case CMSG_ARENA_TEAM_QUERY: // 0 1.5 - case CMSG_TAXINODE_STATUS_QUERY: // 0 1.5 - case CMSG_TAXIQUERYAVAILABLENODES: // 0 1.5 - case CMSG_QUESTGIVER_QUERY_QUEST: // 0 1.5 - case CMSG_PAGE_TEXT_QUERY: // 0 1.5 - case MSG_QUERY_GUILD_BANK_TEXT: // 0 1.5 - case MSG_CORPSE_QUERY: // 0 1.5 - case MSG_MOVE_SET_FACING: // 0 1.5 - case CMSG_REQUEST_PARTY_MEMBER_STATS: // 0 1.5 - case CMSG_QUESTGIVER_COMPLETE_QUEST: // 0 1.5 - case CMSG_SET_ACTION_BUTTON: // 0 1.5 - case CMSG_RESET_INSTANCES: // 0 1.5 - case CMSG_HEARTH_AND_RESURRECT: // 0 1.5 - case CMSG_TOGGLE_PVP: // 0 1.5 - case CMSG_PET_ABANDON: // 0 1.5 - case CMSG_ACTIVATETAXIEXPRESS: // 0 1.5 - case CMSG_ACTIVATETAXI: // 0 1.5 - case CMSG_SELF_RES: // 0 1.5 - case CMSG_UNLEARN_SKILL: // 0 1.5 - case CMSG_EQUIPMENT_SET_SAVE: // 0 1.5 - case CMSG_DELETEEQUIPMENT_SET: // 0 1.5 - case CMSG_DISMISS_CRITTER: // 0 1.5 - case CMSG_REPOP_REQUEST: // 0 1.5 - case CMSG_GROUP_INVITE: // 0 1.5 - case CMSG_GROUP_DECLINE: // 0 1.5 - case CMSG_GROUP_ACCEPT: // 0 1.5 - case CMSG_GROUP_UNINVITE_GUID: // 0 1.5 - case CMSG_GROUP_UNINVITE: // 0 1.5 - case CMSG_GROUP_DISBAND: // 0 1.5 - case CMSG_BATTLEMASTER_JOIN_ARENA: // 0 1.5 - case CMSG_LEAVE_BATTLEFIELD: // 0 1.5 - case MSG_GUILD_BANK_LOG_QUERY: // 0 2 - case CMSG_LOGOUT_CANCEL: // 0 2 - case CMSG_REALM_SPLIT: // 0 2 - case CMSG_ALTER_APPEARANCE: // 0 2 - case CMSG_QUEST_CONFIRM_ACCEPT: // 0 2 - case MSG_GUILD_EVENT_LOG_QUERY: // 0 2.5 - case CMSG_READY_FOR_ACCOUNT_DATA_TIMES: // 0 2.5 - case CMSG_QUESTGIVER_STATUS_MULTIPLE_QUERY: // 0 2.5 - case CMSG_BEGIN_TRADE: // 0 2.5 - case CMSG_INITIATE_TRADE: // 0 3 - case CMSG_MESSAGECHAT: // 0 3.5 - case CMSG_INSPECT: // 0 3.5 - case CMSG_AREA_SPIRIT_HEALER_QUERY: // not profiled - case CMSG_STANDSTATECHANGE: // not profiled - case MSG_RANDOM_ROLL: // not profiled - case CMSG_TIME_SYNC_RESP: // not profiled - case CMSG_TRAINER_BUY_SPELL: // not profiled - case CMSG_FORCE_SWIM_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_SWIM_BACK_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_RUN_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_RUN_BACK_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_FLIGHT_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_FLIGHT_BACK_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_WALK_SPEED_CHANGE_ACK: // not profiled - case CMSG_FORCE_TURN_RATE_CHANGE_ACK: // not profiled - case CMSG_FORCE_PITCH_RATE_CHANGE_ACK: // not profiled - { - // "0" is a magic number meaning there's no limit for the opcode. - // All the opcodes above must cause little CPU usage and no sync/async database queries at all - maxPacketCounterAllowed = 0; - break; - } - - case CMSG_QUESTGIVER_ACCEPT_QUEST: // 0 4 - case CMSG_QUESTLOG_REMOVE_QUEST: // 0 4 - case CMSG_QUESTGIVER_CHOOSE_REWARD: // 0 4 - case CMSG_CONTACT_LIST: // 0 5 - case CMSG_LEARN_PREVIEW_TALENTS: // 0 6 - case CMSG_AUTOBANK_ITEM: // 0 6 - case CMSG_AUTOSTORE_BANK_ITEM: // 0 6 - case CMSG_WHO: // 0 7 - case CMSG_PLAYER_VEHICLE_ENTER: // 0 8 - case CMSG_LEARN_PREVIEW_TALENTS_PET: // not profiled - case MSG_MOVE_HEARTBEAT: - { - maxPacketCounterAllowed = 200; - break; - } - - case CMSG_GUILD_SET_PUBLIC_NOTE: // 1 2 1 async db query - case CMSG_GUILD_SET_OFFICER_NOTE: // 1 2 1 async db query - case CMSG_SET_CONTACT_NOTES: // 1 2.5 1 async db query - case CMSG_CALENDAR_GET_CALENDAR: // 0 1.5 medium upload bandwidth usage - case CMSG_GUILD_BANK_QUERY_TAB: // 0 3.5 medium upload bandwidth usage - case CMSG_QUERY_INSPECT_ACHIEVEMENTS: // 0 13 high upload bandwidth usage - case CMSG_GAMEOBJ_REPORT_USE: // not profiled - case CMSG_GAMEOBJ_USE: // not profiled - case MSG_PETITION_DECLINE: // not profiled - { - maxPacketCounterAllowed = 50; - break; - } - - case CMSG_QUEST_POI_QUERY: // 0 25 very high upload bandwidth usage - { - maxPacketCounterAllowed = MAX_QUEST_LOG_SIZE; - break; - } - - case CMSG_GM_REPORT_LAG: // 1 3 1 async db query - case CMSG_SPELLCLICK: // not profiled - case CMSG_REMOVE_GLYPH: // not profiled - case CMSG_DISMISS_CONTROLLED_VEHICLE: // not profiled - { - maxPacketCounterAllowed = 20; - break; - } - - case CMSG_PETITION_SIGN: // 9 4 2 sync 1 async db queries - case CMSG_TURN_IN_PETITION: // 8 5.5 2 sync db query - case CMSG_GROUP_CHANGE_SUB_GROUP: // 6 5 1 sync 1 async db queries - case CMSG_PETITION_QUERY: // 4 3.5 1 sync db query - case CMSG_CHAR_RACE_CHANGE: // 5 4 1 sync db query - case CMSG_CHAR_CUSTOMIZE: // 5 5 1 sync db query - case CMSG_CHAR_FACTION_CHANGE: // 5 5 1 sync db query - case CMSG_CHAR_DELETE: // 4 4 1 sync db query - case CMSG_DEL_FRIEND: // 7 5 1 async db query - case CMSG_ADD_FRIEND: // 6 4 1 async db query - case CMSG_CHAR_RENAME: // 5 3 1 async db query - case CMSG_GMSURVEY_SUBMIT: // 2 3 1 async db query - case CMSG_BUG: // 1 1 1 async db query - case CMSG_GROUP_SET_LEADER: // 1 2 1 async db query - case CMSG_GROUP_RAID_CONVERT: // 1 5 1 async db query - case CMSG_GROUP_ASSISTANT_LEADER: // 1 2 1 async db query - case CMSG_PETITION_BUY: // not profiled 1 sync 1 async db queries - case CMSG_CHANGE_SEATS_ON_CONTROLLED_VEHICLE: // not profiled - case CMSG_REQUEST_VEHICLE_PREV_SEAT: // not profiled - case CMSG_REQUEST_VEHICLE_NEXT_SEAT: // not profiled - case CMSG_REQUEST_VEHICLE_SWITCH_SEAT: // not profiled - case CMSG_REQUEST_VEHICLE_EXIT: // not profiled - case CMSG_CONTROLLER_EJECT_PASSENGER: // not profiled - case CMSG_ITEM_REFUND: // not profiled - case CMSG_SOCKET_GEMS: // not profiled - case CMSG_WRAP_ITEM: // not profiled - case CMSG_REPORT_PVP_AFK: // not profiled - case CMSG_AUCTION_LIST_ITEMS: // not profiled - case CMSG_AUCTION_LIST_BIDDER_ITEMS: // not profiled - case CMSG_AUCTION_LIST_OWNER_ITEMS: // not profiled - { - maxPacketCounterAllowed = 10; - break; - } - - case CMSG_CHAR_CREATE: // 7 5 3 async db queries - case CMSG_CHAR_ENUM: // 22 3 2 async db queries - case CMSG_GMTICKET_CREATE: // 1 25 1 async db query - case CMSG_GMTICKET_UPDATETEXT: // 0 15 1 async db query - case CMSG_GMTICKET_DELETETICKET: // 1 25 1 async db query - case CMSG_GMRESPONSE_RESOLVE: // 1 25 1 async db query - case CMSG_CALENDAR_ADD_EVENT: // 21 10 2 async db query - case CMSG_CALENDAR_UPDATE_EVENT: // not profiled - case CMSG_CALENDAR_REMOVE_EVENT: // not profiled - case CMSG_CALENDAR_COPY_EVENT: // not profiled - case CMSG_CALENDAR_EVENT_INVITE: // not profiled - case CMSG_CALENDAR_EVENT_SIGNUP: // not profiled - case CMSG_CALENDAR_EVENT_RSVP: // not profiled - case CMSG_CALENDAR_EVENT_REMOVE_INVITE: // not profiled - case CMSG_CALENDAR_EVENT_MODERATOR_STATUS: // not profiled - case CMSG_ARENA_TEAM_INVITE: // not profiled - case CMSG_ARENA_TEAM_ACCEPT: // not profiled - case CMSG_ARENA_TEAM_DECLINE: // not profiled - case CMSG_ARENA_TEAM_LEAVE: // not profiled - case CMSG_ARENA_TEAM_DISBAND: // not profiled - case CMSG_ARENA_TEAM_REMOVE: // not profiled - case CMSG_ARENA_TEAM_LEADER: // not profiled - case CMSG_LOOT_METHOD: // not profiled - case CMSG_GUILD_INVITE: // not profiled - case CMSG_GUILD_ACCEPT: // not profiled - case CMSG_GUILD_DECLINE: // not profiled - case CMSG_GUILD_LEAVE: // not profiled - case CMSG_GUILD_DISBAND: // not profiled - case CMSG_GUILD_LEADER: // not profiled - case CMSG_GUILD_MOTD: // not profiled - case CMSG_GUILD_RANK: // not profiled - case CMSG_GUILD_ADD_RANK: // not profiled - case CMSG_GUILD_DEL_RANK: // not profiled - case CMSG_GUILD_INFO_TEXT: // not profiled - case CMSG_GUILD_BANK_DEPOSIT_MONEY: // not profiled - case CMSG_GUILD_BANK_WITHDRAW_MONEY: // not profiled - case CMSG_GUILD_BANK_BUY_TAB: // not profiled - case CMSG_GUILD_BANK_UPDATE_TAB: // not profiled - case CMSG_SET_GUILD_BANK_TEXT: // not profiled - case MSG_SAVE_GUILD_EMBLEM: // not profiled - case MSG_PETITION_RENAME: // not profiled - case MSG_TALENT_WIPE_CONFIRM: // not profiled - case MSG_SET_DUNGEON_DIFFICULTY: // not profiled - case MSG_SET_RAID_DIFFICULTY: // not profiled - case MSG_PARTY_ASSIGNMENT: // not profiled - case MSG_RAID_READY_CHECK: // not profiled - { - maxPacketCounterAllowed = 3; - break; - } - - case CMSG_ITEM_REFUND_INFO: // not profiled - { - maxPacketCounterAllowed = PLAYER_SLOTS_COUNT; - break; - } - - default: - { - maxPacketCounterAllowed = 100; - break; - } + break; } - return maxPacketCounterAllowed; + return WorldSession::DosProtection::Policy(policy->Policy); } WorldSession::DosProtection::DosProtection(WorldSession* s) : - Session(s), _policy((Policy)sWorld->getIntConfig(CONFIG_PACKET_SPOOF_POLICY)) { } + Session(s) { } void WorldSession::ResetTimeSync() { diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h index dca054f15..73ec2b542 100644 --- a/src/server/game/Server/WorldSession.h +++ b/src/server/game/Server/WorldSession.h @@ -322,7 +322,7 @@ protected: struct PacketCounter { time_t lastReceiveTime; - uint32 amountCounter; + uint16 amountCounter; }; /// Player session in the World @@ -1104,22 +1104,21 @@ protected: { friend class World; public: - DosProtection(WorldSession* s); - bool EvaluateOpcode(WorldPacket& p, time_t time) const; - protected: - enum Policy + enum class Policy { - POLICY_LOG, - POLICY_KICK, - POLICY_BAN + Process, + Kick, + Ban, + Log, + BlockingThrottle, + DropPacket }; - uint32 GetMaxPacketCounterAllowed(uint16 opcode) const; - + DosProtection(WorldSession* s); + Policy EvaluateOpcode(WorldPacket const& p, time_t const time) const; + protected: WorldSession* Session; - private: - Policy _policy; typedef std::unordered_map PacketThrottlingMap; // mark this member as "mutable" so it can be modified even in const functions mutable PacketThrottlingMap _PacketThrottlingMap; diff --git a/src/server/game/World/IWorld.h b/src/server/game/World/IWorld.h index 10f69f30b..a8afd153e 100644 --- a/src/server/game/World/IWorld.h +++ b/src/server/game/World/IWorld.h @@ -366,7 +366,6 @@ enum WorldIntConfigs CONFIG_WINTERGRASP_BATTLETIME, CONFIG_WINTERGRASP_NOBATTLETIME, CONFIG_WINTERGRASP_RESTART_AFTER_CRASH, - CONFIG_PACKET_SPOOF_POLICY, CONFIG_PACKET_SPOOF_BANMODE, CONFIG_PACKET_SPOOF_BANDURATION, CONFIG_WARDEN_CLIENT_RESPONSE_DELAY, diff --git a/src/server/game/World/World.cpp b/src/server/game/World/World.cpp index 298184eb4..e62ae480f 100644 --- a/src/server/game/World/World.cpp +++ b/src/server/game/World/World.cpp @@ -90,6 +90,7 @@ #include "WaypointMovementGenerator.h" #include "WeatherMgr.h" #include "WhoListCacheMgr.h" +#include "WorldGlobals.h" #include "WorldPacket.h" #include "WorldSession.h" #include "WorldSessionMgr.h" @@ -1196,7 +1197,6 @@ void World::LoadConfigSettings(bool reload) _bool_configs[CONFIG_SET_ALL_CREATURES_WITH_WAYPOINT_MOVEMENT_ACTIVE] = sConfigMgr->GetOption("SetAllCreaturesWithWaypointMovementActive", false); // packet spoof punishment - _int_configs[CONFIG_PACKET_SPOOF_POLICY] = sConfigMgr->GetOption("PacketSpoof.Policy", (uint32)WorldSession::DosProtection::POLICY_KICK); _int_configs[CONFIG_PACKET_SPOOF_BANMODE] = sConfigMgr->GetOption("PacketSpoof.BanMode", (uint32)0); if (_int_configs[CONFIG_PACKET_SPOOF_BANMODE] > 1) _int_configs[CONFIG_PACKET_SPOOF_BANMODE] = (uint32)0; @@ -1952,6 +1952,9 @@ void World::SetInitialWorldSettings() LOG_INFO("server.loading", "Load Channels..."); ChannelMgr::LoadChannels(); + LOG_INFO("server.loading", "Loading AntiDos opcode policies"); + sWorldGlobals->LoadAntiDosOpcodePolicies(); + sScriptMgr->OnBeforeWorldInitialized(); if (sWorld->getBoolConfig(CONFIG_PRELOAD_ALL_NON_INSTANCED_MAP_GRIDS)) diff --git a/src/server/scripts/Commands/cs_reload.cpp b/src/server/scripts/Commands/cs_reload.cpp index 62bfe7712..45434d502 100644 --- a/src/server/scripts/Commands/cs_reload.cpp +++ b/src/server/scripts/Commands/cs_reload.cpp @@ -47,6 +47,7 @@ EndScriptData */ #include "Tokenize.h" #include "WardenCheckMgr.h" #include "WaypointMgr.h" +#include "WorldGlobals.h" using namespace Acore::ChatCommands; @@ -73,6 +74,7 @@ public: }; static ChatCommandTable reloadCommandTable = { + { "antidos_opcode_policies", HandleReloadAntiDosOpcodePoliciesCommand, SEC_ADMINISTRATOR, Console::Yes }, { "auctions", HandleReloadAuctionsCommand, SEC_ADMINISTRATOR, Console::Yes }, { "dungeon_access_template", HandleReloadDungeonAccessCommand, SEC_ADMINISTRATOR, Console::Yes }, { "dungeon_access_requirements", HandleReloadDungeonAccessCommand, SEC_ADMINISTRATOR, Console::Yes }, @@ -1199,6 +1201,14 @@ public: return true; } + static bool HandleReloadAntiDosOpcodePoliciesCommand(ChatHandler* handler) + { + LOG_INFO("server.loading", "Reloading AntiDos opcode policies..."); + sWorldGlobals->LoadAntiDosOpcodePolicies(); + handler->SendGlobalGMSysMessage("AntiDos opcode policies reloaded."); + return true; + } + static bool HandleReloadAuctionsCommand(ChatHandler* handler) { ///- Reload dynamic data tables from the database