Upstream/Waterfall
1
0
Fork 0
mirror of https://github.com/PaperMC/Waterfall.git synced 2024-11-05 18:21:27 +01:00
Code Issues Projects Releases Wiki Activity

Split Firewall System

Browse Source
This commit is contained in:
linsaftw 2021-04-30 19:26:03 -03:00
parent 3931f4bfac
commit c5dc9c093c
2 changed files with 357 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

284
Waterfall-Proxy-Patches/0023-FlameCord-General-Patch.patch
View File

@ -1,4 +1,4 @@
From ed57b22b9bae1cabd74f9dd91ebe83389d6223ee Mon Sep 17 00:00:00 2001 From 274f6347ded5b72104c30c9663912270b1c1b116 Mon Sep 17 00:00:00 2001
From: Juan Cruz Linsalata <LinsaFTW@users.noreply.github.com> From: Juan Cruz Linsalata <LinsaFTW@users.noreply.github.com>
Date: Mon, 12 Oct 2020 15:40:53 -0300 Date: Mon, 12 Oct 2020 15:40:53 -0300
Subject: [PATCH] FlameCord General Patch Subject: [PATCH] FlameCord General Patch
@ -6,10 +6,10 @@ Subject: [PATCH] FlameCord General Patch
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
new file mode 100644 new file mode 100644
index 00000000..fd889644 index 00000000..8957c79a
--- /dev/null --- /dev/null
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
@@ -0,0 +1,68 @@ @@ -0,0 +1,42 @@
+package dev._2lstudios.flamecord; +package dev._2lstudios.flamecord;
+ +
+import java.util.Collection; +import java.util.Collection;
@ -18,7 +18,6 @@ index 00000000..fd889644
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration; +import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
+import dev._2lstudios.flamecord.configuration.MessagesConfiguration; +import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
+import dev._2lstudios.flamecord.configuration.ModulesConfiguration; +import dev._2lstudios.flamecord.configuration.ModulesConfiguration;
+import dev._2lstudios.flamecord.firewall.FirewallManager;
+import lombok.Getter; +import lombok.Getter;
+import net.md_5.bungee.config.ConfigurationProvider; +import net.md_5.bungee.config.ConfigurationProvider;
+import net.md_5.bungee.config.YamlConfiguration; +import net.md_5.bungee.config.YamlConfiguration;
@ -27,15 +26,12 @@ index 00000000..fd889644
+ @Getter + @Getter
+ private static FlameCord instance; + private static FlameCord instance;
+ @Getter + @Getter
+ private final FirewallManager firewallManager;
+ @Getter
+ private final FlameCordConfiguration flameCordConfiguration; + private final FlameCordConfiguration flameCordConfiguration;
+ @Getter + @Getter
+ private final ModulesConfiguration modulesConfiguration; + private final ModulesConfiguration modulesConfiguration;
+ @Getter + @Getter
+ private final MessagesConfiguration messagesConfiguration; + private final MessagesConfiguration messagesConfiguration;
+ @Getter + @Getter
+ private final Thread thread;
+ private boolean running = true; + private boolean running = true;
+ +
+ public static void renew(final Logger logger, final Collection<String> whitelistedAddresses) { + public static void renew(final Logger logger, final Collection<String> whitelistedAddresses) {
@ -52,30 +48,8 @@ index 00000000..fd889644
+ final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class); + final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class);
+ +
+ this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider); + this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider);
+ this.firewallManager = new FirewallManager(logger, whitelistedAddresses,
+ flameCordConfiguration.getFirewallSeconds());
+ this.modulesConfiguration = new ModulesConfiguration(configurationProvider); + this.modulesConfiguration = new ModulesConfiguration(configurationProvider);
+ this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider); + this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider);
+ this.thread = new Thread() {
+ @Override
+ public void run() {
+ while (running) {
+ try {
+ sleep(1000L);
+
+ if (!running) {
+ return;
+ }
+
+ firewallManager.tick();
+ } catch (final Exception e) {
+ // Ignored
+ }
+ }
+ }
+ };
+
+ this.thread.start();
+ } + }
+} +}
\ No newline at end of file \ No newline at end of file
@ -402,168 +376,8 @@ index 00000000..e82c4844
+ } + }
+ } + }
+} +}
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
new file mode 100644
index 00000000..6a661898
--- /dev/null
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
@@ -0,0 +1,30 @@
+package dev._2lstudios.flamecord.firewall;
+
+import java.net.SocketAddress;
+
+public class FirewallException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public FirewallException(final SocketAddress address) {
+ super("The address " + address + " is blocked from the server!");
+ }
+
+ public FirewallException(final String string) {
+ super(string);
+ }
+
+ public FirewallException(final String string, final Throwable throwable) {
+ super(string, throwable);
+ }
+
+ @Override
+ public synchronized Throwable initCause(final Throwable cause)
+ {
+ return this;
+ }
+
+ @Override
+ public synchronized Throwable fillInStackTrace() {
+ return this;
+ }
+}
\ No newline at end of file
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
new file mode 100644
index 00000000..8a474758
--- /dev/null
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
@@ -0,0 +1,116 @@
+package dev._2lstudios.flamecord.firewall;
+
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.logging.Logger;
+
+import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
+import lombok.Getter;
+
+public class FirewallManager {
+ private final Logger logger;
+ private final Collection<String> whitelistedAddresses;
+ private final Collection<String> firewalled;
+ private final int defaultSeconds;
+ @Getter
+ private int seconds;
+
+ public FirewallManager(final Logger logger, final Collection<String> whitelistedAddresses,
+ final int defaultSeconds) {
+ this.logger = logger;
+ this.whitelistedAddresses = whitelistedAddresses;
+ this.firewalled = new HashSet<>();
+ this.defaultSeconds = defaultSeconds;
+ this.seconds = defaultSeconds;
+ }
+
+ public boolean isWhitelisted(final SocketAddress address) {
+ final String addressString = address.toString();
+
+ for (final String whitelistedAddressString : whitelistedAddresses) {
+ if (addressString.endsWith(whitelistedAddressString)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public void addFirewalled(final SocketAddress address) {
+ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ if (!this.firewalled.contains(hostString)) {
+ this.firewalled.add(hostString);
+ logAdded(address);
+ }
+ }
+ }
+
+ public void logAdded(final SocketAddress address) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
+
+ if (flameCordConfiguration.isFirewallNotify()) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString));
+ }
+ }
+
+ public void logBlocked(final SocketAddress address) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
+
+ if (flameCordConfiguration.isFirewallNotify()) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString));
+ }
+ }
+
+ public Collection<String> getFirewalled() {
+ return this.firewalled;
+ }
+
+ public boolean isFirewalled(final SocketAddress address) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+
+ return this.firewalled.contains(iNetSocketAddress.getHostString());
+ }
+
+ public boolean isFirewalled(final String name) {
+ final String nameLowerCase = name.toLowerCase();
+
+ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) {
+ if (nameLowerCase.contains(string)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public void tick() {
+ if (--seconds <= 0) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final int size = this.firewalled.size();
+
+ if (size > 0) {
+ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) {
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size));
+ }
+
+ this.firewalled.clear();
+ }
+
+ this.seconds = defaultSeconds;
+ }
+ }
+}
\ No newline at end of file
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
index d4729244..dd089abd 100644 index bb39d31b..5b6f1fd5 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java --- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java +++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
@@ -1,5 +1,6 @@ @@ -1,5 +1,6 @@
@ -591,10 +405,10 @@ index d4729244..dd089abd 100644
if ( slice != null ) if ( slice != null )
diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
new file mode 100644 new file mode 100644
index 00000000..fa0b59c2 index 00000000..bf6f8538
--- /dev/null --- /dev/null
+++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java +++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
@@ -0,0 +1,71 @@ @@ -0,0 +1,61 @@
+package dev._2lstudios.flamecord.commands; +package dev._2lstudios.flamecord.commands;
+ +
+import java.util.Collection; +import java.util.Collection;
@ -602,7 +416,6 @@ index 00000000..fa0b59c2
+ +
+import dev._2lstudios.flamecord.FlameCord; +import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.configuration.MessagesConfiguration; +import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
+import dev._2lstudios.flamecord.firewall.FirewallManager;
+import net.md_5.bungee.BungeeCord; +import net.md_5.bungee.BungeeCord;
+import net.md_5.bungee.api.CommandSender; +import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.chat.TextComponent; +import net.md_5.bungee.api.chat.TextComponent;
@ -628,15 +441,6 @@ index 00000000..fa0b59c2
+ final String arg0 = args[0]; + final String arg0 = args[0];
+ +
+ switch (arg0) { + switch (arg0) {
+ case "firewall": {
+ final FirewallManager firewallManager = flameCord.getFirewallManager();
+ final int amount = firewallManager.getFirewalled().size(),
+ seconds = firewallManager.getSeconds();
+
+ sender.sendMessage(TextComponent.fromLegacyText(
+ messagesConfiguration.getTranslation("firewall_info", amount, seconds)));
+ break;
+ }
+ case "reload": { + case "reload": {
+ // FlameCord - Collect ips from servers + // FlameCord - Collect ips from servers
+ final Collection<String> whitelistedAddresses = new HashSet<>(); + final Collection<String> whitelistedAddresses = new HashSet<>();
@ -667,7 +471,7 @@ index 00000000..fa0b59c2
+ } + }
+} +}
diff --git a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java diff --git a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
index 3e4ebfc5..316790ee 100644 index 5d385706..83d3e9ed 100644
--- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java --- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
+++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java +++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
@@ -9,6 +9,10 @@ import com.google.common.collect.Sets; @@ -9,6 +9,10 @@ import com.google.common.collect.Sets;
@ -819,7 +623,7 @@ index 3e4ebfc5..316790ee 100644
+ } + }
} }
diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
index e90237ac..3cfef373 100644 index 7b99c466..af242603 100644
--- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java --- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
+++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java +++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
@@ -1,6 +1,8 @@ @@ -1,6 +1,8 @@
@ -839,7 +643,7 @@ index e90237ac..3cfef373 100644
import net.md_5.bungee.protocol.DefinedPacket; import net.md_5.bungee.protocol.DefinedPacket;
import net.md_5.bungee.protocol.MinecraftDecoder; import net.md_5.bungee.protocol.MinecraftDecoder;
import net.md_5.bungee.protocol.PacketWrapper; import net.md_5.bungee.protocol.PacketWrapper;
@@ -161,7 +164,13 @@ public class ServerConnector extends PacketHandler @@ -163,7 +166,13 @@ public class ServerConnector extends PacketHandler
{ {
if ( packet.packet == null ) if ( packet.packet == null )
{ {
@ -981,40 +785,19 @@ index 6cd71071..09909bd9 100644
} }
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
index d68cc2ce..46e338ca 100644 index b8e50855..d3a89e79 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java --- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
@@ -1,6 +1,9 @@ @@ -1,6 +1,8 @@
package net.md_5.bungee.netty; package net.md_5.bungee.netty;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
+ +
+import dev._2lstudios.flamecord.FlameCord; +import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.firewall.FirewallException;
import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter; import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.CorruptedFrameException; import io.netty.handler.codec.CorruptedFrameException;
@@ -9,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage; @@ -44,7 +46,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
import io.netty.handler.timeout.ReadTimeoutException;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.net.SocketAddress;
import java.util.logging.Level;
import net.md_5.bungee.api.ProxyServer;
import net.md_5.bungee.connection.CancelSendSignal;
@@ -39,12 +43,20 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception
{
+ // FlameCord - Firewall system
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
+
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
+ throw new FirewallException(remoteAddress);
+ }
+
if ( handler != null )
{
channel = new ChannelWrapper( ctx ); channel = new ChannelWrapper( ctx );
handler.connected( channel ); handler.connected( channel );
@ -1024,7 +807,7 @@ index d68cc2ce..46e338ca 100644
{ {
ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has connected", handler ); ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has connected", handler );
} }
@@ -60,7 +72,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter @@ -60,7 +63,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
channel.close(); channel.close();
handler.disconnected( channel ); handler.disconnected( channel );
@ -1034,59 +817,32 @@ index d68cc2ce..46e338ca 100644
{ {
ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has disconnected", handler ); ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has disconnected", handler );
} }
@@ -130,7 +143,24 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter @@ -136,7 +140,10 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
{ {
if ( ctx.channel().isActive() ) if ( ctx.channel().isActive() )
{ {
- boolean logExceptions = !( handler instanceof PingHandler ); - boolean logExceptions = !( handler instanceof PingHandler );
+ // FlameCord - Use flamecord + // FlameCord - Use flamecord
+ final FlameCord flameCord = FlameCord.getInstance(); + final FlameCord flameCord = FlameCord.getInstance();
+ // FlameCord - log exceptions based on FlameCord configuration and FirewallException + // FlameCord - Log exceptions based on FlameCord
+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException); + boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions();
+
+ // FlameCord - Firewall system
+ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) {
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
+
+ if (remoteAddress != null) {
+ flameCord.getFirewallManager().addFirewalled(remoteAddress);
+ }
+ }
+
+ // FlameCord - Handle firewall exceptions
+ if (cause instanceof FirewallException) {
+ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress());
+ }
if ( logExceptions ) if ( logExceptions )
{ {
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
index a54da9c3..84302b32 100644 index 4996a7b4..1680ce96 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java --- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
@@ -1,6 +1,9 @@ @@ -1,6 +1,8 @@
package net.md_5.bungee.netty; package net.md_5.bungee.netty;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
+ +
+import dev._2lstudios.flamecord.FlameCord; +import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.firewall.FirewallException;
import io.github.waterfallmc.waterfall.event.ConnectionInitEvent; import io.github.waterfallmc.waterfall.event.ConnectionInitEvent;
import io.netty.buffer.PooledByteBufAllocator; import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.Channel; import io.netty.channel.Channel;
@@ -61,6 +64,11 @@ public class PipelineUtils @@ -107,7 +109,9 @@ public class PipelineUtils
{
SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress();
+ // FlameCord - Firewall system
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
+ throw new FirewallException(remoteAddress);
+ }
+
if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) )
{
ch.close();
@@ -107,7 +115,9 @@ public class PipelineUtils
// FlameCord - Close on exception caught // FlameCord - Close on exception caught
@Override @Override
public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) throws Exception { public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) throws Exception {
@ -1097,5 +853,5 @@ index a54da9c3..84302b32 100644
ctx.close(); ctx.close();
} }
-- --
2.20.1 2.31.1

337
Waterfall-Proxy-Patches/0026-Firewall-System.patch Normal file
View File

@ -0,0 +1,337 @@
From b18c16e3bb5a0e71261a854327ec7966b6af279e Mon Sep 17 00:00:00 2001
From: linsaftw <linsaftw@users.noreply.github.com>
Date: Fri, 30 Apr 2021 19:23:36 -0300
Subject: [PATCH] Firewall System
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
index 8957c79a..fd889644 100644
--- a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
@@ -6,6 +6,7 @@ import java.util.logging.Logger;
import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
import dev._2lstudios.flamecord.configuration.ModulesConfiguration;
+import dev._2lstudios.flamecord.firewall.FirewallManager;
import lombok.Getter;
import net.md_5.bungee.config.ConfigurationProvider;
import net.md_5.bungee.config.YamlConfiguration;
@@ -14,12 +15,15 @@ public class FlameCord {
@Getter
private static FlameCord instance;
@Getter
+ private final FirewallManager firewallManager;
+ @Getter
private final FlameCordConfiguration flameCordConfiguration;
@Getter
private final ModulesConfiguration modulesConfiguration;
@Getter
private final MessagesConfiguration messagesConfiguration;
@Getter
+ private final Thread thread;
private boolean running = true;
public static void renew(final Logger logger, final Collection<String> whitelistedAddresses) {
@@ -36,7 +40,29 @@ public class FlameCord {
final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class);
this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider);
+ this.firewallManager = new FirewallManager(logger, whitelistedAddresses,
+ flameCordConfiguration.getFirewallSeconds());
this.modulesConfiguration = new ModulesConfiguration(configurationProvider);
this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider);
+ this.thread = new Thread() {
+ @Override
+ public void run() {
+ while (running) {
+ try {
+ sleep(1000L);
+
+ if (!running) {
+ return;
+ }
+
+ firewallManager.tick();
+ } catch (final Exception e) {
+ // Ignored
+ }
+ }
+ }
+ };
+
+ this.thread.start();
}
}
\ No newline at end of file
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
new file mode 100644
index 00000000..6a661898
--- /dev/null
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
@@ -0,0 +1,30 @@
+package dev._2lstudios.flamecord.firewall;
+
+import java.net.SocketAddress;
+
+public class FirewallException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public FirewallException(final SocketAddress address) {
+ super("The address " + address + " is blocked from the server!");
+ }
+
+ public FirewallException(final String string) {
+ super(string);
+ }
+
+ public FirewallException(final String string, final Throwable throwable) {
+ super(string, throwable);
+ }
+
+ @Override
+ public synchronized Throwable initCause(final Throwable cause)
+ {
+ return this;
+ }
+
+ @Override
+ public synchronized Throwable fillInStackTrace() {
+ return this;
+ }
+}
\ No newline at end of file
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
new file mode 100644
index 00000000..8a474758
--- /dev/null
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
@@ -0,0 +1,116 @@
+package dev._2lstudios.flamecord.firewall;
+
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.logging.Logger;
+
+import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
+import lombok.Getter;
+
+public class FirewallManager {
+ private final Logger logger;
+ private final Collection<String> whitelistedAddresses;
+ private final Collection<String> firewalled;
+ private final int defaultSeconds;
+ @Getter
+ private int seconds;
+
+ public FirewallManager(final Logger logger, final Collection<String> whitelistedAddresses,
+ final int defaultSeconds) {
+ this.logger = logger;
+ this.whitelistedAddresses = whitelistedAddresses;
+ this.firewalled = new HashSet<>();
+ this.defaultSeconds = defaultSeconds;
+ this.seconds = defaultSeconds;
+ }
+
+ public boolean isWhitelisted(final SocketAddress address) {
+ final String addressString = address.toString();
+
+ for (final String whitelistedAddressString : whitelistedAddresses) {
+ if (addressString.endsWith(whitelistedAddressString)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public void addFirewalled(final SocketAddress address) {
+ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ if (!this.firewalled.contains(hostString)) {
+ this.firewalled.add(hostString);
+ logAdded(address);
+ }
+ }
+ }
+
+ public void logAdded(final SocketAddress address) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
+
+ if (flameCordConfiguration.isFirewallNotify()) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString));
+ }
+ }
+
+ public void logBlocked(final SocketAddress address) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
+
+ if (flameCordConfiguration.isFirewallNotify()) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+ final String hostString = iNetSocketAddress.getHostString();
+
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString));
+ }
+ }
+
+ public Collection<String> getFirewalled() {
+ return this.firewalled;
+ }
+
+ public boolean isFirewalled(final SocketAddress address) {
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
+
+ return this.firewalled.contains(iNetSocketAddress.getHostString());
+ }
+
+ public boolean isFirewalled(final String name) {
+ final String nameLowerCase = name.toLowerCase();
+
+ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) {
+ if (nameLowerCase.contains(string)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public void tick() {
+ if (--seconds <= 0) {
+ final FlameCord flameCord = FlameCord.getInstance();
+ final int size = this.firewalled.size();
+
+ if (size > 0) {
+ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) {
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size));
+ }
+
+ this.firewalled.clear();
+ }
+
+ this.seconds = defaultSeconds;
+ }
+ }
+}
\ No newline at end of file
diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
index bf6f8538..fa0b59c2 100644
--- a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
+++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
@@ -5,6 +5,7 @@ import java.util.HashSet;
import dev._2lstudios.flamecord.FlameCord;
import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
+import dev._2lstudios.flamecord.firewall.FirewallManager;
import net.md_5.bungee.BungeeCord;
import net.md_5.bungee.api.CommandSender;
import net.md_5.bungee.api.chat.TextComponent;
@@ -30,6 +31,15 @@ private final BungeeCord bungeeCord;
final String arg0 = args[0];
switch (arg0) {
+ case "firewall": {
+ final FirewallManager firewallManager = flameCord.getFirewallManager();
+ final int amount = firewallManager.getFirewalled().size(),
+ seconds = firewallManager.getSeconds();
+
+ sender.sendMessage(TextComponent.fromLegacyText(
+ messagesConfiguration.getTranslation("firewall_info", amount, seconds)));
+ break;
+ }
case "reload": {
// FlameCord - Collect ips from servers
final Collection<String> whitelistedAddresses = new HashSet<>();
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
index d3a89e79..e56b4c68 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
@@ -3,6 +3,7 @@ package net.md_5.bungee.netty;
import com.google.common.base.Preconditions;
import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.firewall.FirewallException;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.CorruptedFrameException;
@@ -11,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage;
import io.netty.handler.timeout.ReadTimeoutException;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.net.SocketAddress;
import java.util.logging.Level;
import net.md_5.bungee.api.ProxyServer;
import net.md_5.bungee.connection.CancelSendSignal;
@@ -41,6 +43,13 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception
{
+ // FlameCord - Firewall system
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
+
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
+ throw new FirewallException(remoteAddress);
+ }
+
if ( handler != null )
{
channel = new ChannelWrapper( ctx );
@@ -143,7 +152,21 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
// FlameCord - Use flamecord
final FlameCord flameCord = FlameCord.getInstance();
// FlameCord - Log exceptions based on FlameCord
- boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions();
+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException);
+
+ // FlameCord - Firewall system
+ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) {
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
+
+ if (remoteAddress != null) {
+ flameCord.getFirewallManager().addFirewalled(remoteAddress);
+ }
+ }
+
+ // FlameCord - Handle firewall exceptions
+ if (cause instanceof FirewallException) {
+ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress());
+ }
if ( logExceptions )
{
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
index 1680ce96..5ddc84a3 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
@@ -3,6 +3,7 @@ package net.md_5.bungee.netty;
import com.google.common.base.Preconditions;
import dev._2lstudios.flamecord.FlameCord;
+import dev._2lstudios.flamecord.firewall.FirewallException;
import io.github.waterfallmc.waterfall.event.ConnectionInitEvent;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.Channel;
@@ -63,6 +64,11 @@ public class PipelineUtils
{
SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress();
+ // FlameCord - Firewall system
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
+ throw new FirewallException(remoteAddress);
+ }
+
if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) )
{
ch.close();
--
2.31.1