twin/paper-mc
1
0
Fork 0
mirror of https://github.com/PaperMC/Paper.git synced 2025-08-10 17:52:02 -07:00
Code Issues Packages Projects Releases Wiki Activity

[ci skip] Add more identifying patch comments

Browse Source
This commit is contained in:
Nassim Jahnke
2024-01-18 15:56:25 +01:00
parent 3a0aff9ba9
commit 16f89b4fa7
29 changed files with 107 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
patches/server/Add-Velocity-IP-Forwarding-Support.patch
View File

@@ -37,6 +37,17 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
+import net.minecraft.resources.ResourceLocation;
+import net.minecraft.world.entity.player.ProfilePublicKey;
+
+/**
+ * While Velocity supports BungeeCord-style IP forwarding, it is not secure. Users
+ * have a lot of problems setting up firewalls or setting up plugins like IPWhitelist.
+ * Further, the BungeeCord IP forwarding protocol still retains essentially its original
+ * form, when there is brand-new support for custom login plugin messages in 1.13.
+ * <p>
+ * Velocity's modern IP forwarding uses an HMAC-SHA256 code to ensure authenticity
+ * of messages, is packed into a binary format that is smaller than BungeeCord's
+ * forwarding, and is integrated into the Minecraft login process by using the 1.13
+ * login plugin message packet.
+ */
+public class VelocityProxy {
+ private static final int SUPPORTED_FORWARDING_VERSION = 1;
+ public static final int MODERN_FORWARDING_WITH_KEY = 2;
@@ -102,11 +113,11 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
this.server.enablePlugins(org.bukkit.plugin.PluginLoadOrder.STARTUP);
// CraftBukkit end
+ // Paper start
+ // Paper start - Add Velocity IP Forwarding Support
+ boolean usingProxy = org.spigotmc.SpigotConfig.bungee || io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled;
+ String proxyFlavor = (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) ? "Velocity" : "BungeeCord";
+ String proxyLink = (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) ? "https://docs.papermc.io/velocity/security" : "http://www.spigotmc.org/wiki/firewall-guide/";
+ // Paper end
+ // Paper end - Add Velocity IP Forwarding Support
if (!this.usesAuthentication()) {
DedicatedServer.LOGGER.warn("**** SERVER IS RUNNING IN OFFLINE/INSECURE MODE!");
DedicatedServer.LOGGER.warn("The server will make no attempt to authenticate usernames. Beware.");
@@ -114,11 +125,11 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
- if (org.spigotmc.SpigotConfig.bungee) {
- DedicatedServer.LOGGER.warn("Whilst this makes it possible to use BungeeCord, unless access to your server is properly restricted, it also opens up the ability for hackers to connect with any username they choose.");
- DedicatedServer.LOGGER.warn("Please see http://www.spigotmc.org/wiki/firewall-guide/ for further information.");
+ // Paper start
+ // Paper start - Add Velocity IP Forwarding Support
+ if (usingProxy) {
+ DedicatedServer.LOGGER.warn("Whilst this makes it possible to use " + proxyFlavor + ", unless access to your server is properly restricted, it also opens up the ability for hackers to connect with any username they choose.");
+ DedicatedServer.LOGGER.warn("Please see " + proxyLink + " for further information.");
+ // Paper end
+ // Paper end - Add Velocity IP Forwarding Support
} else {
DedicatedServer.LOGGER.warn("While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose.");
}
@@ -130,7 +141,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
private final String serverId;
private ServerPlayer player; // CraftBukkit
public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
+ private int velocityLoginMessageId = -1; // Paper - Velocity support
+ private int velocityLoginMessageId = -1; // Paper - Add Velocity IP Forwarding Support
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -138,7 +149,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
this.state = ServerLoginPacketListenerImpl.State.KEY;
this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.challenge));
} else {
+ // Paper start - Velocity support
+ // Paper start - Add Velocity IP Forwarding Support
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) {
+ this.velocityLoginMessageId = java.util.concurrent.ThreadLocalRandom.current().nextInt();
+ net.minecraft.network.FriendlyByteBuf buf = new net.minecraft.network.FriendlyByteBuf(io.netty.buffer.Unpooled.buffer());
@@ -147,7 +158,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
+ this.connection.send(packet1);
+ return;
+ }
+ // Paper end
+ // Paper end - Add Velocity IP Forwarding Support
// CraftBukkit start
// Paper start - Cache authenticator threads
authenticatorPool.execute(new Runnable() {
@@ -155,12 +166,12 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
// CraftBukkit start
private GameProfile callPlayerPreLoginEvents(GameProfile gameprofile) throws Exception { // Paper - Add more fields to AsyncPlayerPreLoginEvent
+ // Paper start - Velocity support
+ // Paper start - Add Velocity IP Forwarding Support
+ if (ServerLoginPacketListenerImpl.this.velocityLoginMessageId == -1 && io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) {
+ disconnect("This server requires you to connect with Velocity.");
+ return gameprofile;
+ }
+ // Paper end - Velocity support
+ // Paper end - Add Velocity IP Forwarding Support
String playerName = gameprofile.getName();
java.net.InetAddress address = ((java.net.InetSocketAddress) this.connection.getRemoteAddress()).getAddress();
java.util.UUID uniqueId = gameprofile.getId();
@@ -168,7 +179,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
@Override
public void handleCustomQueryPacket(ServerboundCustomQueryAnswerPacket packet) {
+ // Paper start - Velocity support
+ // Paper start - Add Velocity IP Forwarding Support
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled && packet.transactionId() == this.velocityLoginMessageId) {
+ ServerboundCustomQueryAnswerPacket.QueryAnswerPayload payload = (ServerboundCustomQueryAnswerPacket.QueryAnswerPayload)packet.payload();
+ if (payload == null) {
@@ -212,7 +223,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
+ });
+ return;
+ }
+ // Paper end
+ // Paper end - Add Velocity IP Forwarding Support
this.disconnect(ServerLoginPacketListenerImpl.DISCONNECT_UNEXPECTED_QUERY);
}
@@ -225,7 +236,7 @@ index 0000000000000000000000000000000000000000..00000000000000000000000000000000
public long getConnectionThrottle() {
// Spigot Start - Automatically set connection throttle for bungee configurations
- if (org.spigotmc.SpigotConfig.bungee) {
+ if (org.spigotmc.SpigotConfig.bungee || io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) { // Paper - Velocity support
+ if (org.spigotmc.SpigotConfig.bungee || io.papermc.paper.configuration.GlobalConfiguration.get().proxies.velocity.enabled) { // Paper - Add Velocity IP Forwarding Support
return -1;
} else {
return this.configuration.getInt("settings.connection-throttle");