Merge branch 'stable' into ext-encoding

Author: dktapps

src/protocol/OpenConnectionReply1.php

@@ -25,28 +25,40 @@ class OpenConnectionReply1 extends OfflineMessage{
 	public static $ID = MessageIdentifiers::ID_OPEN_CONNECTION_REPLY_1;
 
 	public int $serverID;
-	public bool $serverSecurity = false;
+	public ?int $cookie = null;
 	public int $mtuSize;
 
-	public static function create(int $serverId, bool $serverSecurity, int $mtuSize) : self{
+	public static function create(int $serverId, ?int $cookie, int $mtuSize) : self{
 		$result = new self;
 		$result->serverID = $serverId;
-		$result->serverSecurity = $serverSecurity;
+		$result->cookie = $cookie;
 		$result->mtuSize = $mtuSize;
 		return $result;
 	}
 
 	protected function encodePayload(ByteBufferWriter $out) : void{
 		$this->writeMagic($out);
 		BE::writeUnsignedLong($out, $this->serverID);
-		Byte::writeUnsigned($out, $this->serverSecurity ? 1 : 0);
+		if($this->cookie !== null){
+			Byte::writeUnsigned($out, 1);
+			BE::writeUnsignedInt($out, $this->cookie);
+			//TODO: If the client supports libcat security, we're expected to send a public key here.
+			//However this would require context-specific logic and I really cba with it
+		}else{
+			Byte::writeUnsigned($out, 0);
+		}
 		BE::writeUnsignedShort($out, $this->mtuSize);
 	}
 
 	protected function decodePayload(ByteBufferReader $in) : void{
 		$this->readMagic($in);
 		$this->serverID = BE::readUnsignedLong($in);
-		$this->serverSecurity = Byte::readUnsigned($in) !== 0;
+		if(Byte::readUnsigned($in) !== 0){
+			$this->cookie = BE::readUnsignedInt($in);
+			//TODO: If the server supports libcat security, it'll send a public key here.
+		}else{
+			$this->cookie = null;
+		}
 		$this->mtuSize = BE::readUnsignedShort($in);
 	}
 }

src/protocol/OpenConnectionRequest2.php

@@ -17,26 +17,44 @@
 namespace raklib\protocol;
 
 use pmmp\encoding\BE;
+use pmmp\encoding\Byte;
 use pmmp\encoding\ByteBufferReader;
 use pmmp\encoding\ByteBufferWriter;
 use raklib\utils\InternetAddress;
 
 class OpenConnectionRequest2 extends OfflineMessage{
 	public static $ID = MessageIdentifiers::ID_OPEN_CONNECTION_REQUEST_2;
 
+	private const TAIL_FIELDS_SIZE_COMMON = 2 + 8; //mtu + client ID
+	private const TAIL_FIELDS_SIZE_IPV4 = self::TAIL_FIELDS_SIZE_COMMON + PacketSerializer::IPV4_SIZE;
+	private const TAIL_FIELDS_SIZE_IPV6 = self::TAIL_FIELDS_SIZE_COMMON + PacketSerializer::IPV6_SIZE;
+
 	public int $clientID;
 	public InternetAddress $serverAddress;
+	public ?int $cookie = null;
 	public int $mtuSize;
 
 	protected function encodePayload(ByteBufferWriter $out) : void{
 		$this->writeMagic($out);
+		if($this->cookie !== null){
+			BE::writeUnsignedInt($out, $this->cookie);
+			Byte::writeUnsigned($out, 0); //TODO: encryption challenge - not supported for now because RakNet sucks and we don't need it
+		}
 		PacketSerializer::putAddress($out, $this->serverAddress);
 		BE::writeUnsignedShort($out, $this->mtuSize);
 		BE::writeUnsignedLong($out, $this->clientID);
 	}
 
 	protected function decodePayload(ByteBufferReader $in) : void{
 		$this->readMagic($in);
+
+		$remaining = $in->getUnreadLength();
+		if($remaining !== self::TAIL_FIELDS_SIZE_IPV4 && $remaining !== self::TAIL_FIELDS_SIZE_IPV6){
+			$this->cookie = BE::readUnsignedInt($in);
+			//TODO: encryption challenge - not supported for now because RakNet sucks and we don't need it
+			//we could handle this by looking at the remaining length of the packet, but it's not worth the complexity
+			Byte::readUnsigned($in);
+		}
 		$this->serverAddress = PacketSerializer::getAddress($in);
 		$this->mtuSize = BE::readUnsignedShort($in);
 		$this->clientID = BE::readUnsignedLong($in);

src/protocol/PacketSerializer.php

@@ -36,6 +36,18 @@ private function __construct(){
 		//NOOP
 	}
 
+	public const IPV4_SIZE =
+		1 + //type
+		4 + //ip
+		2; //port
+	public const IPV6_SIZE =
+		1 + //type
+		2 + //family
+		2 + //port
+		4 + //flow info
+		16 + //ip
+		4; //scope ID
+
 	/**
 	 * @throws DataDecodeException
 	 */

src/server/Server.php

@@ -85,6 +85,8 @@ class Server implements ServerInterface{
 
 	protected int $nextSessionId = 0;
 
+	private int $cookieRotationIntervalTicks;
+
 	/**
 	 * @phpstan-param positive-int $recvMaxSplitParts
 	 * @phpstan-param positive-int $recvMaxConcurrentSplits
@@ -102,14 +104,16 @@ public function __construct(
 		private int $recvMaxConcurrentSplits = ServerSession::DEFAULT_MAX_CONCURRENT_SPLIT_COUNT,
 		private int $blockMessageSuppressionThreshold = self::BLOCK_MESSAGE_SUPPRESSION_THRESHOLD,
 		private int $packetErrorSuppressionThreshold = self::PACKET_ERROR_SUPPRESSION_THRESHOLD,
-		private bool $blockIpOnPacketErrors = true
+		private bool $blockIpOnPacketErrors = true,
+		int $cookieRotationIntervalSeconds = 5,
 	){
 		if($maxMtuSize < Session::MIN_MTU_SIZE){
 			throw new \InvalidArgumentException("MTU size must be at least " . Session::MIN_MTU_SIZE . ", got $maxMtuSize");
 		}
 		$this->socket->setBlocking(false);
 
-		$this->unconnectedMessageHandler = new UnconnectedMessageHandler($this, $protocolAcceptor);
+		$this->cookieRotationIntervalTicks = $cookieRotationIntervalSeconds * self::RAKLIB_TPS;
+		$this->unconnectedMessageHandler = new UnconnectedMessageHandler($this, $protocolAcceptor, $cookieRotationIntervalSeconds > 0);
 	}
 
 	public function getPort() : int{
@@ -216,6 +220,14 @@ private function tick() : void{
 					}
 				}
 			}
+
+			if($this->cookieRotationIntervalTicks > 0 && ($this->ticks % $this->cookieRotationIntervalTicks) === 0){
+				$mismatches = $this->unconnectedMessageHandler->getCookieMismatchSinceLastRotation();
+				if($mismatches > 0){
+					$this->logger->warning("Mismatched cookies detected $mismatches times since last rotation - RakLib may be experiencing an attack from spoofed IP addresses");
+				}
+				$this->unconnectedMessageHandler->rotateCookieSalts();
+			}
 		}
 
 		++$this->ticks;

src/server/UnconnectedMessageHandler.php

@@ -16,6 +16,7 @@
 
 namespace raklib\server;
 
+use pmmp\encoding\BE;
 use pmmp\encoding\ByteBufferReader;
 use pmmp\encoding\DataDecodeException;
 use raklib\generic\Session;
@@ -30,9 +31,11 @@
 use raklib\protocol\UnconnectedPingOpenConnections;
 use raklib\protocol\UnconnectedPong;
 use raklib\utils\InternetAddress;
+use function crc32;
 use function get_class;
 use function min;
 use function ord;
+use function random_int;
 use function strlen;
 use function substr;
 
@@ -43,11 +46,49 @@ class UnconnectedMessageHandler{
 	 */
 	private \SplFixedArray $packetPool;
 
+	private string $currentCookieSalt;
+	private string $previousCookieSalt;
+	private int $cookieMismatches = 0;
+
 	public function __construct(
 		private Server $server,
-		private ProtocolAcceptor $protocolAcceptor
+		private ProtocolAcceptor $protocolAcceptor,
+		private bool $antiIpSpoofCookies = true
 	){
 		$this->registerPackets();
+
+		$this->currentCookieSalt = $this->previousCookieSalt = self::newCookieSalt();
+	}
+
+	private static function newCookieSalt() : string{
+		return BE::packUnsignedLong(random_int(PHP_INT_MIN, PHP_INT_MAX));
+	}
+
+	public function rotateCookieSalts() : void{
+		$this->previousCookieSalt = $this->currentCookieSalt;
+		$this->currentCookieSalt = self::newCookieSalt();
+		$this->cookieMismatches = 0;
+	}
+
+	private static function calculateCookieWithSalt(InternetAddress $address, string $salt) : int{
+		$preimage = strlen($address->getIp()) . $address->getIp() . BE::packUnsignedShort($address->getPort()) . $salt;
+		return crc32($preimage);
+	}
+
+	/**
+	 * Calculates a cookie using the current cookie salt and the provided IP address.
+	 * Cookie salt is a server-side secret, so the client cannot guess it.
+	 */
+	private function calculateCookie(InternetAddress $address) : int{
+		return self::calculateCookieWithSalt($address, $this->currentCookieSalt);
+	}
+
+	/**
+	 * Returns the number of times we detected a cookie mismatch since the salt was last rotated.
+	 * May be useful for reporting spoofed IP attacks.
+	 */
+	public function getCookieMismatchSinceLastRotation() : int{
+		return $this->cookieMismatches;
 	}
 
 	/**
@@ -82,9 +123,30 @@ private function handle(OfflineMessage $packet, InternetAddress $address) : bool
 				$this->server->getLogger()->notice("Refused connection from $address due to incompatible RakNet protocol version (version $packet->protocol)");
 			}else{
 				//IP header size (20 bytes) + UDP header size (8 bytes)
-				$this->server->sendPacket(OpenConnectionReply1::create($this->server->getID(), false, $packet->mtuSize + 28), $address);
+				$this->server->sendPacket(OpenConnectionReply1::create(
+					$this->server->getID(),
+					$this->antiIpSpoofCookies ? $this->calculateCookie($address) : null,
+					$packet->mtuSize + 28),
+					$address
+				);
 			}
 		}elseif($packet instanceof OpenConnectionRequest2){
+			if($this->antiIpSpoofCookies){
+				$cookie1 = $this->calculateCookie($address);
+				$cookie2 = self::calculateCookieWithSalt($address, $this->previousCookieSalt);
+				if($packet->cookie !== $cookie1 && $packet->cookie !== $cookie2){
+					$this->cookieMismatches++;
+					//don't log this by default, we don't want to let an attacker LogDoS us
+					//we also don't block the IP since this is probably coming from a spoofed IP
+					//$this->server->getLogger()->debug("Not creating session for $address due to cookie mismatch (expected $cookie1 or $cookie2, but got $packet->cookie)");
+					return true;
+				}else{
+					$this->server->getLogger()->debug("Cookie check succeeded for $address with cookie $packet->cookie (cookie1: $cookie1, cookie2: $cookie2)");
+				}
+			}else{
+				$this->server->getLogger()->debug("No cookie check performed for $address");
+			}
+
 			if($packet->serverAddress->getPort() === $this->server->getPort() or !$this->server->portChecking){
 				if($packet->mtuSize < Session::MIN_MTU_SIZE){
 					$this->server->getLogger()->debug("Not creating session for $address due to bad MTU size $packet->mtuSize");