From 5a71278434bef6f40ed2c37a19855f27b818c158 Mon Sep 17 00:00:00 2001 From: linsaftw Date: Sat, 1 May 2021 13:00:30 -0300 Subject: [PATCH] Improve Firewall handling --- .../0026-Firewall-System.patch | 121 +++++------------- .../0027-FlameCord-logger-options.patch | 26 ++-- 2 files changed, 43 insertions(+), 104 deletions(-) diff --git a/Waterfall-Proxy-Patches/0026-Firewall-System.patch b/Waterfall-Proxy-Patches/0026-Firewall-System.patch index ec849c8..ba8232d 100644 --- a/Waterfall-Proxy-Patches/0026-Firewall-System.patch +++ b/Waterfall-Proxy-Patches/0026-Firewall-System.patch @@ -1,11 +1,11 @@ -From 9dd65918d56668166b82233f084c25bdb974f05c Mon Sep 17 00:00:00 2001 +From 8ed0fb5643c225133bedd5b8336e736be07d0b48 Mon Sep 17 00:00:00 2001 From: linsaftw <25271111+linsaftw@users.noreply.github.com> Date: Fri, 30 Apr 2021 22:54:44 -0300 Subject: [PATCH] Firewall System diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java -index 8957c79ac..fd889644f 100644 +index 8957c79a..fd889644 100644 --- a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java @@ -6,6 +6,7 @@ import java.util.logging.Logger; @@ -64,7 +64,7 @@ index 8957c79ac..fd889644f 100644 } \ No newline at end of file diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java -index 81ded2243..8bb61ac11 100644 +index 81ded224..8bb61ac1 100644 --- a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java @@ -12,6 +12,15 @@ import net.md_5.bungee.config.Configuration; @@ -96,7 +96,7 @@ index 81ded2243..8bb61ac11 100644 configurationProvider.save(configuration, configurationFile); } diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/MessagesConfiguration.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/MessagesConfiguration.java -index ebfaa761c..c88077ade 100644 +index ebfaa761..c88077ad 100644 --- a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/MessagesConfiguration.java +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/MessagesConfiguration.java @@ -82,9 +82,17 @@ public class MessagesConfiguration { @@ -118,46 +118,9 @@ index ebfaa761c..c88077ade 100644 configuration); setIfUnexistant("flamecord_nopermission", "&cYou don't have permission to do this!", configuration); -diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java -new file mode 100644 -index 000000000..6a661898d ---- /dev/null -+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java -@@ -0,0 +1,30 @@ -+package dev._2lstudios.flamecord.firewall; -+ -+import java.net.SocketAddress; -+ -+public class FirewallException extends Exception { -+ private static final long serialVersionUID = 1L; -+ -+ public FirewallException(final SocketAddress address) { -+ super("The address " + address + " is blocked from the server!"); -+ } -+ -+ public FirewallException(final String string) { -+ super(string); -+ } -+ -+ public FirewallException(final String string, final Throwable throwable) { -+ super(string, throwable); -+ } -+ -+ @Override -+ public synchronized Throwable initCause(final Throwable cause) -+ { -+ return this; -+ } -+ -+ @Override -+ public synchronized Throwable fillInStackTrace() { -+ return this; -+ } -+} -\ No newline at end of file diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java new file mode 100644 -index 000000000..dfb5c6d30 +index 00000000..dfb5c6d3 --- /dev/null +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java @@ -0,0 +1,120 @@ @@ -283,20 +246,25 @@ index 000000000..dfb5c6d30 +} \ No newline at end of file diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java -index 107855b83..e8942767c 100644 +index 107855b8..27a027e0 100644 --- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java +++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java -@@ -45,6 +45,9 @@ public class MinecraftDecoder extends MessageToMessageDecoder - final int readableBytes = in.readableBytes(); +@@ -46,8 +46,14 @@ public class MinecraftDecoder extends MessageToMessageDecoder final int capacity = in.capacity(); -+ // FlameCord - Firewall system -+ FlameCord.getInstance().getFirewallManager().addFirewalled(ctx.channel().remoteAddress()); -+ if (readableBytes > 2097152) { ++ // FlameCord - Firewall system ++ FlameCord.getInstance().getFirewallManager().addFirewalled(ctx.channel().remoteAddress()); ++ throw new FastDecoderException("Error decoding packet with too many readableBytes: " + readableBytes); } else if (capacity > 2097152) { -@@ -106,6 +109,9 @@ public class MinecraftDecoder extends MessageToMessageDecoder ++ // FlameCord - Firewall system ++ FlameCord.getInstance().getFirewallManager().addFirewalled(ctx.channel().remoteAddress()); ++ + throw new FastDecoderException("Error decoding packet with too big capacity: " + capacity); + } + } +@@ -106,6 +112,9 @@ public class MinecraftDecoder extends MessageToMessageDecoder } else { packetTypeStr = "unknown"; } @@ -307,7 +275,7 @@ index 107855b83..e8942767c 100644 } finally { diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java -index bf6f85386..fa0b59c27 100644 +index bf6f8538..fa0b59c2 100644 --- a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java +++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java @@ -5,6 +5,7 @@ import java.util.HashSet; @@ -335,7 +303,7 @@ index bf6f85386..fa0b59c27 100644 // FlameCord - Collect ips from servers final Collection whitelistedAddresses = new HashSet<>(); diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java -index 494375cd6..aedfece35 100644 +index 494375cd..aedfece3 100644 --- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java +++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java @@ -165,6 +165,9 @@ public class ServerConnector extends PacketHandler @@ -349,7 +317,7 @@ index 494375cd6..aedfece35 100644 } } diff --git a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java -index deee607dc..3720825af 100644 +index deee607d..3720825a 100644 --- a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java +++ b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java @@ -154,6 +154,9 @@ public class InitialHandler extends PacketHandler implements PendingConnection @@ -373,7 +341,7 @@ index deee607dc..3720825af 100644 } } diff --git a/proxy/src/main/java/net/md_5/bungee/connection/PingHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/PingHandler.java -index 423af854f..70917b0b0 100644 +index 423af854..70917b0b 100644 --- a/proxy/src/main/java/net/md_5/bungee/connection/PingHandler.java +++ b/proxy/src/main/java/net/md_5/bungee/connection/PingHandler.java @@ -2,6 +2,7 @@ package net.md_5.bungee.connection; @@ -395,18 +363,10 @@ index 423af854f..70917b0b0 100644 } } diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -index 7f18b5646..81785523b 100644 +index 7f18b564..616651ba 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -@@ -3,6 +3,7 @@ package net.md_5.bungee.netty; - import com.google.common.base.Preconditions; - - import dev._2lstudios.flamecord.FlameCord; -+import dev._2lstudios.flamecord.firewall.FirewallException; - import io.netty.channel.ChannelHandlerContext; - import io.netty.channel.ChannelInboundHandlerAdapter; - import io.netty.handler.codec.CorruptedFrameException; -@@ -11,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage; +@@ -11,6 +11,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage; import io.netty.handler.timeout.ReadTimeoutException; import java.io.IOException; import java.net.InetSocketAddress; @@ -414,47 +374,26 @@ index 7f18b5646..81785523b 100644 import java.util.logging.Level; import net.md_5.bungee.api.ProxyServer; import net.md_5.bungee.connection.CancelSendSignal; -@@ -140,6 +142,14 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter - { - boolean logExceptions = !( handler instanceof PingHandler ); - -+ // FlameCord - Don't log firewall exceptions -+ logExceptions = cause instanceof FirewallException ? false : logExceptions; -+ -+ // FlameCord - Handle firewall exceptions -+ if (cause instanceof FirewallException) { -+ FlameCord.getInstance().getFirewallManager().logBlocked(ctx.channel().remoteAddress()); -+ } -+ - if ( logExceptions ) - { - if ( cause instanceof ReadTimeoutException ) diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -index 1d86aa63c..81987ca39 100644 +index 1d86aa63..915c162f 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -@@ -3,6 +3,7 @@ package net.md_5.bungee.netty; - import com.google.common.base.Preconditions; - - import dev._2lstudios.flamecord.FlameCord; -+import dev._2lstudios.flamecord.firewall.FirewallException; - import io.github.waterfallmc.waterfall.event.ConnectionInitEvent; - import io.netty.buffer.PooledByteBufAllocator; - import io.netty.channel.Channel; -@@ -63,6 +64,11 @@ public class PipelineUtils +@@ -63,6 +63,13 @@ public class PipelineUtils { SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress(); + // FlameCord - Firewall system -+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) { -+ throw new FirewallException(remoteAddress); ++ if ( FlameCord.getInstance().getFirewallManager().isFirewalled( remoteAddress ) ) { ++ FlameCord.getInstance().getFirewallManager().logBlocked( remoteAddress ); ++ ch.close(); ++ return; + } + if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) ) { ch.close(); diff --git a/query/src/main/java/net/md_5/bungee/query/QueryHandler.java b/query/src/main/java/net/md_5/bungee/query/QueryHandler.java -index b3bdfd05e..49d53f177 100644 +index b3bdfd05..49d53f17 100644 --- a/query/src/main/java/net/md_5/bungee/query/QueryHandler.java +++ b/query/src/main/java/net/md_5/bungee/query/QueryHandler.java @@ -2,6 +2,8 @@ package net.md_5.bungee.query; diff --git a/Waterfall-Proxy-Patches/0027-FlameCord-logger-options.patch b/Waterfall-Proxy-Patches/0027-FlameCord-logger-options.patch index 62b207f..c797e3f 100644 --- a/Waterfall-Proxy-Patches/0027-FlameCord-logger-options.patch +++ b/Waterfall-Proxy-Patches/0027-FlameCord-logger-options.patch @@ -1,11 +1,11 @@ -From ee009b46b1b0adc6269aea1698e9ded4bdda943d Mon Sep 17 00:00:00 2001 +From a16eb2112438585594f672a6a310a3a7594374a5 Mon Sep 17 00:00:00 2001 From: linsaftw <25271111+linsaftw@users.noreply.github.com> Date: Fri, 30 Apr 2021 23:51:51 -0300 Subject: [PATCH] FlameCord logger options diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java -index 8bb61ac11..8822c6d33 100644 +index 8bb61ac1..8822c6d3 100644 --- a/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/configuration/FlameCordConfiguration.java @@ -12,6 +12,15 @@ import net.md_5.bungee.config.Configuration; @@ -38,7 +38,7 @@ index 8bb61ac11..8822c6d33 100644 this.firewallNotify = setIfUnexistant("firewall.notify", this.firewallNotify, configuration); this.firewallSeconds = setIfUnexistant("firewall.seconds", this.firewallSeconds, configuration); diff --git a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java -index 3720825af..03c5aa07a 100644 +index 3720825a..03c5aa07 100644 --- a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java +++ b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java @@ -370,7 +370,8 @@ public class InitialHandler extends PacketHandler implements PendingConnection @@ -62,10 +62,10 @@ index 3720825af..03c5aa07a 100644 bungee.getLogger().log( Level.INFO, "{0} has connected", this ); } diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -index 5de0414ec..9f70323ee 100644 +index 616651ba..7bf30b23 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -@@ -48,7 +48,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -47,7 +47,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter channel = new ChannelWrapper( ctx ); handler.connected( channel ); @@ -75,7 +75,7 @@ index 5de0414ec..9f70323ee 100644 { ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has connected", handler ); } -@@ -64,7 +65,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -63,7 +64,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter channel.close(); handler.disconnected( channel ); @@ -85,7 +85,7 @@ index 5de0414ec..9f70323ee 100644 { ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has disconnected", handler ); } -@@ -95,10 +97,13 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -94,10 +96,13 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter { InetSocketAddress newAddress = new InetSocketAddress( proxy.sourceAddress(), proxy.sourcePort() ); @@ -103,21 +103,21 @@ index 5de0414ec..9f70323ee 100644 channel.setRemoteAddress( newAddress ); } finally -@@ -142,6 +147,9 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -141,6 +146,9 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter { boolean logExceptions = !( handler instanceof PingHandler ); + // FlameCord - Option to log exceptions + logExceptions = FlameCord.getInstance().getFlameCordConfiguration().isLoggerExceptions() ? logExceptions : false; + - // FlameCord - Don't log firewall exceptions - logExceptions = cause instanceof FirewallException ? false : logExceptions; - + if ( logExceptions ) + { + if ( cause instanceof ReadTimeoutException ) diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -index 81987ca39..8808a989c 100644 +index 915c162f..a6722b41 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -@@ -115,7 +115,10 @@ public class PipelineUtils +@@ -116,7 +116,10 @@ public class PipelineUtils // FlameCord - Close on exception caught @Override public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) throws Exception {