papermc/patches/server/0281-Add-Velocity-IP-Forwarding-Support.patch
Spottedleaf 7d10cdea03
Merge tuinity (#6413)
This PR contains all of Tuinity's patches. Very notable ones are:

- Highly optimised collisions
- Optimised entity lookups by bounding box (Mojang made regressions in 1.17, this brings it back to 1.16)
- Starlight https://github.com/PaperMC/Starlight
- Rewritten dataconverter system https://github.com/PaperMC/DataConverter
- Random block ticking optimisation (wrongly dropped from Paper 1.17)
- Chunk ticking optimisations
- Anything else I've forgotten in the 60 or so patches

If you are a previous Tuinity user, your config will not migrate. You must do it yourself. The config options have simply been moved into paper.yml, so it will be an easy migration. However, please note that the chunk loading options in tuinity.yml are NOT compatible with the options in paper.yml. 

* Port tuinity, initial patchset

* Update gradle to 7.2

jmp said it fixes rebuildpatches not working for me. it fucking better

* Completely clean apply

* Remove tuinity config, add per player api patch

* Remove paper reobf mappings patch

* Properly update gradlew

* Force clean rebuild

* Mark fixups

Comments and ATs still need to be done

* grep -r "Tuinity"

* Fixup

* Ensure gameprofile lastaccess is written only under the state lock

* update URL for dataconverter

* Only clean rebuild tuinity patches

might fix merge conflicts

* Use UTF-8 for gradlew

* Clean rb patches again

* Convert block ids used as item ids

Neither the converters of pre 1.13 nor DFU handled these cases,
as by the time they were written the game at the time didn't
consider these ids valid - they would be air. Because of this,
some worlds have logspam since only DataConverter (not DFU or
legacy converters) will warn when an invalid id has been
seen.

While quite a few do need to now be considered as air, quite a lot
do not. So it makes sense to add conversion for these items, instead
of simply suppressing or ignoring the logs. I've now added id -> string conversion
for all block ids that could be used as items that existed in the game
before 1.7.10 (I have no interest in tracking down the
exact version block ids stopped working) that were on
https://minecraft-ids.grahamedgecombe.com/

Items that did not directly convert to new items will
be instead converted to air: stems, wheat crops, piston head,
tripwire wire block

* Fix LightPopulated parsing in V1466

The DFU code was checking if the number existed, not if it
didn't exist. I misread the original code.

* Always parse protochunk light sources unless it is marked as non-lit

Chunks not marked as lit will always go through the light engine,
so they should always have their block sources parsed.

* Update custom names to JSON for players

Missed this fix from CB, as it was inside
the DataFixers class.

I decided to double check all of the CB changes again:

DataFixers.java was the only area I missed, as I had inspected all
datafixer diffs and implemented them all into DataConverter. I also
checked Bootstrap.java again, and re-evaluated their changes. I had
previously done this, but determined that they were all bad.

The changes to make standing_sign block map to oak_sign block in
V1450 is bad, because that's not the item id V1450 accepts. Only
in 1.14 did oak_sign even exist, and as expected there is a converter
to rename all existing sign items/blocks.

The fix to register the portal block under id 1440 is useless, as
the flattenning logic will default to the lowest registered id - which
is the exact blockstate that CB registers into 1440. So it just
doesn't do anything.

The extra item ids in the id -> string converter are already added,
but I found this from EMC originally.

The change for the spawn egg id 23 -> Arrow is just wrong,
that id DOES correspond to TippedArrow, NOT Arrow. As
expected, the spawn egg already has a dedicated mapping for
Arrow, which is id 10 - which was Arrow's entity id.

I also ported a fix for the cooked_fished id update. This doesn't
really matter since there is already a dataconverter to fix this,
but the game didn't accept cooked_fished at the time. So I see
no harm.

* Review all converters and walkers

- Refactor V99 to have helper methods for defining entity/tile
  entity types
- Automatically namespace all ids that should be namespaced.
  While vanilla never saved non-namespaced data for things that
  are namespaced, plugins/users might have.
- Synchronised the identity ensure map in HelperBlockFlatteningV1450
- Code style consistency
- Add missing log warning in V102 for ITEM_NAME type conversion
- Use getBoolean instead of getByte
- Use ConverterAbstractEntityRename for V143 TippedArrow -> Arrow
  rename, as it will affect ENTITY_NAME type
- Always set isVillager to false in V502 for Zombie
- Register V808's converter under subversion 1 like DFU
- Register a breakpoint for V1.17.1. In the future, all final
  versions of major releases will have a breakpoint so that
  the work required to determine if a converter needs a breakpoint
  is minimal
- Validate that a dataconverter is only registered for a version
  that is registered
- ConverterFlattenTileEntity is actually ConverterFlattenEntity
  It even registered the converters under TILE_ENTITY, instead of
  ENTITY.
- Fix id comparison in V1492 STRUCTURE_FEATURE renamer
- Use ConverterAbstractStatsRename for V1510 stats renamer
  At the time I had written that class, the abstract renamer didn't
  exist.
- Ensure OwnerUUID is at least set to empty string in
  V1904 if the ocelot is converted to a cat (this is
  likely so that it retains a collar)
- Use generic read/write for Records in V1946
  Records is actually a list, not a map. So reading map was
  invalid.

* Always set light to zero when propagating decrease

This fixes an almost infinite loop where light values
would be spam queued on a very small subset on blocks.

This also likely fixes the memory issues people were
seeing.

* re-organize patches

* Apply and fix conflicts

* Revert some patches

getChunkAt retains chunks so that plugins don't spam loads
revert mc-4 fix will remain unless issues pop up

* Shuffle iterated chunks if per player is not enabled

Can help with some mob spawning stacking up at locations

* Make per player default, migrate all configs

* Adjust comments in fixups

* Rework config for player chunk loader

Old config is not compatible. Move all configs to be
under `settings` in paper.yml

The player chunk loader has been modified to
less aggressively load chunks, but to send
chunks at higher rates compared to tuinity. There are
new config entries to tune this behavior.

* Add back old constructor to CompressionEncoder/Decoder (fixes
 Tuinity #358)

* Raise chunk loading default limits

* Reduce worldgen thread workers for lower core count cpus

* Raise limits for chunk loading config

Also place it under `chunk-loading`

* Disable max chunk send rate by default

* Fix conflicts and rebuild patches

* Drop default send rate again

Appears to be still causing problems for no known reason

* Raise chunk send limits to 100 per player

While a low limit fixes ping issues for some people, most people
do not suffer from this issue and thus should not suffer from
an extremely slow load-in rate.

* Rebase part 1

Autosquash the fixups

* Move not implemented up

* Fixup mc-dev fixes

Missed this one

* Rebase per player viewdistance api into the original api patch

* Remove old light engine patch part 1

The prioritisation must be kept from it, so that part
has been rebased into the priority patch.
Part 2 will deal with rebasing all of the patches _after_

* Rebase remaining patches for old light patch removal

* Remove other mid tick patch

* Remove Optimize-PlayerChunkMap-memory-use-for-visibleChunks.patch

Replaced by `Do not copy visible chunks`

* Revert AT for Vec3i setX/Y/Z

The class is immutable. set should not be exposed

* Remove old IntegerUtil class

* Replace old CraftChunk#getEntities patch

* Remove import for SWMRNibbleArray in ChunkAccess

* Finished merge checklist

* Remove ensureTickThread impl in urgency patch

Co-authored-by: Spottedleaf <Spottedleaf@users.noreply.github.com>
Co-authored-by: Jason Penilla <11360596+jpenilla@users.noreply.github.com>
2021-08-31 04:02:11 -07:00

239 lines
12 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Andrew Steinborn <git@steinborn.me>
Date: Mon, 8 Oct 2018 14:36:14 -0400
Subject: [PATCH] Add Velocity IP Forwarding Support
While Velocity supports BungeeCord-style IP forwarding, it is not secure. Users
have a lot of problems setting up firewalls or setting up plugins like IPWhitelist.
Further, the BungeeCord IP forwarding protocol still retains essentially its original
form, when there is brand new support for custom login plugin messages in 1.13.
Velocity's modern IP forwarding uses an HMAC-SHA256 code to ensure authenticity
of messages, is packed into a binary format that is smaller than BungeeCord's
forwarding, and is integrated into the Minecraft login process by using the 1.13
login plugin message packet.
diff --git a/src/main/java/com/destroystokyo/paper/PaperConfig.java b/src/main/java/com/destroystokyo/paper/PaperConfig.java
index 69ad59f0faf1e9a1134d0a460b49569f670055f0..4b4fbd8747740111cc2e25f0c4d29a29926a3a1b 100644
--- a/src/main/java/com/destroystokyo/paper/PaperConfig.java
+++ b/src/main/java/com/destroystokyo/paper/PaperConfig.java
@@ -9,6 +9,7 @@ import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -262,7 +263,7 @@ public class PaperConfig {
}
public static boolean isProxyOnlineMode() {
- return Bukkit.getOnlineMode() || (SpigotConfig.bungee && bungeeOnlineMode);
+ return Bukkit.getOnlineMode() || (SpigotConfig.bungee && bungeeOnlineMode) || (velocitySupport && velocityOnlineMode);
}
public static int packetInSpamThreshold = 300;
@@ -344,6 +345,20 @@ public class PaperConfig {
tabSpamLimit = getInt("settings.spam-limiter.tab-spam-limit", tabSpamLimit);
}
+ public static boolean velocitySupport;
+ public static boolean velocityOnlineMode;
+ public static byte[] velocitySecretKey;
+ private static void velocitySupport() {
+ velocitySupport = getBoolean("settings.velocity-support.enabled", false);
+ velocityOnlineMode = getBoolean("settings.velocity-support.online-mode", false);
+ String secret = getString("settings.velocity-support.secret", "");
+ if (velocitySupport && secret.isEmpty()) {
+ fatal("Velocity support is enabled, but no secret key was specified. A secret key is required!");
+ } else {
+ velocitySecretKey = secret.getBytes(StandardCharsets.UTF_8);
+ }
+ }
+
public static boolean asyncChunks = false;
private static void asyncChunks() {
ConfigurationSection section;
diff --git a/src/main/java/com/destroystokyo/paper/proxy/VelocityProxy.java b/src/main/java/com/destroystokyo/paper/proxy/VelocityProxy.java
new file mode 100644
index 0000000000000000000000000000000000000000..41d73aa91fb401612e087aa1b7278ba61d28bf3a
--- /dev/null
+++ b/src/main/java/com/destroystokyo/paper/proxy/VelocityProxy.java
@@ -0,0 +1,66 @@
+package com.destroystokyo.paper.proxy;
+
+import com.destroystokyo.paper.PaperConfig;
+import com.google.common.net.InetAddresses;
+import com.mojang.authlib.GameProfile;
+import com.mojang.authlib.properties.Property;
+import java.net.InetAddress;
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import net.minecraft.network.FriendlyByteBuf;
+import net.minecraft.resources.ResourceLocation;
+
+public class VelocityProxy {
+ private static final int SUPPORTED_FORWARDING_VERSION = 1;
+ public static final ResourceLocation PLAYER_INFO_CHANNEL = new ResourceLocation("velocity", "player_info");
+
+ public static boolean checkIntegrity(final FriendlyByteBuf buf) {
+ final byte[] signature = new byte[32];
+ buf.readBytes(signature);
+
+ final byte[] data = new byte[buf.readableBytes()];
+ buf.getBytes(buf.readerIndex(), data);
+
+ try {
+ final Mac mac = Mac.getInstance("HmacSHA256");
+ mac.init(new SecretKeySpec(PaperConfig.velocitySecretKey, "HmacSHA256"));
+ final byte[] mySignature = mac.doFinal(data);
+ if (!MessageDigest.isEqual(signature, mySignature)) {
+ return false;
+ }
+ } catch (final InvalidKeyException | NoSuchAlgorithmException e) {
+ throw new AssertionError(e);
+ }
+
+ int version = buf.readVarInt();
+ if (version != SUPPORTED_FORWARDING_VERSION) {
+ throw new IllegalStateException("Unsupported forwarding version " + version + ", wanted " + SUPPORTED_FORWARDING_VERSION);
+ }
+
+ return true;
+ }
+
+ public static InetAddress readAddress(final FriendlyByteBuf buf) {
+ return InetAddresses.forString(buf.readUtf(Short.MAX_VALUE));
+ }
+
+ public static GameProfile createProfile(final FriendlyByteBuf buf) {
+ final GameProfile profile = new GameProfile(buf.readUUID(), buf.readUtf(16));
+ readProperties(buf, profile);
+ return profile;
+ }
+
+ private static void readProperties(final FriendlyByteBuf buf, final GameProfile profile) {
+ final int properties = buf.readVarInt();
+ for (int i1 = 0; i1 < properties; i1++) {
+ final String name = buf.readUtf(Short.MAX_VALUE);
+ final String value = buf.readUtf(Short.MAX_VALUE);
+ final String signature = buf.readBoolean() ? buf.readUtf(Short.MAX_VALUE) : null;
+ profile.getProperties().put(name, new Property(name, value, signature));
+ }
+ }
+}
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index 39bdda56aaa5503efc15207261634127b462c3e7..3fd913f3e963cf2da849a52364356e3b2da11eee 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -18,6 +18,7 @@ import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import net.minecraft.DefaultUncaughtExceptionHandler;
import net.minecraft.network.Connection;
+import net.minecraft.network.FriendlyByteBuf;
import net.minecraft.network.chat.Component;
import net.minecraft.network.chat.TextComponent;
import net.minecraft.network.chat.TranslatableComponent;
@@ -44,6 +45,7 @@ import org.bukkit.craftbukkit.util.Waitable;
import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
import org.bukkit.event.player.PlayerPreLoginEvent;
// CraftBukkit end
+import io.netty.buffer.Unpooled; // Paper
public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener {
@@ -62,6 +64,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
@Nullable
private ServerPlayer delayedAcceptPlayer;
public String hostname = ""; // CraftBukkit - add field
+ private int velocityLoginMessageId = -1; // Paper - Velocity support
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -233,6 +236,14 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
this.state = ServerLoginPacketListenerImpl.State.KEY;
this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.nonce));
} else {
+ // Paper start - Velocity support
+ if (com.destroystokyo.paper.PaperConfig.velocitySupport) {
+ this.velocityLoginMessageId = java.util.concurrent.ThreadLocalRandom.current().nextInt();
+ net.minecraft.network.protocol.login.ClientboundCustomQueryPacket packet1 = new net.minecraft.network.protocol.login.ClientboundCustomQueryPacket(this.velocityLoginMessageId, com.destroystokyo.paper.proxy.VelocityProxy.PLAYER_INFO_CHANNEL, new FriendlyByteBuf(Unpooled.EMPTY_BUFFER));
+ this.connection.send(packet1);
+ return;
+ }
+ // Paper end
// Spigot start
// Paper start - Cache authenticator threads
authenticatorPool.execute(new Runnable() {
@@ -334,6 +345,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
public class LoginHandler {
public void fireEvents() throws Exception {
+ // Paper start - Velocity support
+ if (ServerLoginPacketListenerImpl.this.velocityLoginMessageId == -1 && com.destroystokyo.paper.PaperConfig.velocitySupport) {
+ disconnect("This server requires you to connect with Velocity.");
+ return;
+ }
+ // Paper end
String playerName = ServerLoginPacketListenerImpl.this.gameProfile.getName();
java.net.InetAddress address = ((java.net.InetSocketAddress) ServerLoginPacketListenerImpl.this.connection.getRemoteAddress()).getAddress();
java.util.UUID uniqueId = ServerLoginPacketListenerImpl.this.gameProfile.getId();
@@ -381,6 +398,40 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener
// Spigot end
public void handleCustomQueryPacket(ServerboundCustomQueryPacket packet) {
+ // Paper start - Velocity support
+ if (com.destroystokyo.paper.PaperConfig.velocitySupport && packet.getTransactionId() == this.velocityLoginMessageId) {
+ FriendlyByteBuf buf = packet.getData();
+ if (buf == null) {
+ this.disconnect("This server requires you to connect with Velocity.");
+ return;
+ }
+
+ if (!com.destroystokyo.paper.proxy.VelocityProxy.checkIntegrity(buf)) {
+ this.disconnect("Unable to verify player details");
+ return;
+ }
+
+ java.net.SocketAddress listening = this.connection.getRemoteAddress();
+ int port = 0;
+ if (listening instanceof java.net.InetSocketAddress) {
+ port = ((java.net.InetSocketAddress) listening).getPort();
+ }
+ this.connection.address = new java.net.InetSocketAddress(com.destroystokyo.paper.proxy.VelocityProxy.readAddress(buf), port);
+
+ this.gameProfile = com.destroystokyo.paper.proxy.VelocityProxy.createProfile(buf);
+
+ // Proceed with login
+ authenticatorPool.execute(() -> {
+ try {
+ new LoginHandler().fireEvents();
+ } catch (Exception ex) {
+ disconnect("Failed to verify username!");
+ server.server.getLogger().log(java.util.logging.Level.WARNING, "Exception verifying " + gameProfile.getName(), ex);
+ }
+ });
+ return;
+ }
+ // Paper end
this.disconnect(new TranslatableComponent("multiplayer.disconnect.unexpected_query_response"));
}
diff --git a/src/main/java/org/bukkit/craftbukkit/CraftServer.java b/src/main/java/org/bukkit/craftbukkit/CraftServer.java
index d62f1650a0879e46e6c619c0f7387e0c438430ec..d64bcc0aafb918e82e881f6503ce8311e78a3f6f 100644
--- a/src/main/java/org/bukkit/craftbukkit/CraftServer.java
+++ b/src/main/java/org/bukkit/craftbukkit/CraftServer.java
@@ -694,7 +694,7 @@ public final class CraftServer implements Server {
@Override
public long getConnectionThrottle() {
// Spigot Start - Automatically set connection throttle for bungee configurations
- if (org.spigotmc.SpigotConfig.bungee) {
+ if (org.spigotmc.SpigotConfig.bungee || com.destroystokyo.paper.PaperConfig.velocitySupport) { // Paper - Velocity support
return -1;
} else {
return this.configuration.getInt("settings.connection-throttle");