Merge pull request #80 from rtw1x1/main

code cleanup

Author: rtw1x1

src/game/SecureCipher.cpp

@@ -119,10 +119,6 @@ bool SecureCipher::ComputeServerKeys(const uint8_t* client_pk)
     sodium_memzero(m_rx_stream_nonce, NONCE_SIZE);
     m_rx_stream_nonce[0] = 0x02;
 
-    sys_log(0, "[CIPHER] Server keys computed (tx_key: %02x%02x%02x%02x, rx_key: %02x%02x%02x%02x)",
-        m_tx_key[0], m_tx_key[1], m_tx_key[2], m_tx_key[3],
-        m_rx_key[0], m_rx_key[1], m_rx_key[2], m_rx_key[3]);
-
     return true;
 }
 

src/game/config.cpp

@@ -101,14 +101,6 @@ bool		g_bCheckMultiHack = true;
 
 int			g_iSpamBlockMaxLevel = 10;
 
-int			g_iFloodMaxPacketsPerSec = 300;
-int			g_iFloodMaxConnectionsPerIP = 10;
-int			g_iFloodMaxGlobalConnections = 8192;
-
-bool		g_bFirewallEnable = false;
-int			g_iFirewallTcpSynLimit = 500;
-int			g_iFirewallTcpSynBurst = 1000;
-
 void		LoadStateUserCount();
 void		LoadValidCRCList();
 bool		LoadClientVersion();
@@ -703,41 +695,6 @@ void config_init(const string& st_localeServiceName)
 			str_to_number(g_iSpamBlockMaxLevel, value_string);
 		}
 
-		TOKEN("flood_max_packets_per_sec")
-		{
-			str_to_number(g_iFloodMaxPacketsPerSec, value_string);
-			g_iFloodMaxPacketsPerSec = MAX(50, g_iFloodMaxPacketsPerSec);
-		}
-
-		TOKEN("flood_max_connections_per_ip")
-		{
-			str_to_number(g_iFloodMaxConnectionsPerIP, value_string);
-			g_iFloodMaxConnectionsPerIP = MAX(1, g_iFloodMaxConnectionsPerIP);
-		}
-
-		TOKEN("flood_max_global_connections")
-		{
-			str_to_number(g_iFloodMaxGlobalConnections, value_string);
-			g_iFloodMaxGlobalConnections = MAX(64, g_iFloodMaxGlobalConnections);
-		}
-
-		TOKEN("firewall_enable")
-		{
-			str_to_number(g_bFirewallEnable, value_string);
-		}
-
-		TOKEN("firewall_tcp_syn_limit")
-		{
-			str_to_number(g_iFirewallTcpSynLimit, value_string);
-			g_iFirewallTcpSynLimit = MAX(10, g_iFirewallTcpSynLimit);
-		}
-
-		TOKEN("firewall_tcp_syn_burst")
-		{
-			str_to_number(g_iFirewallTcpSynBurst, value_string);
-			g_iFirewallTcpSynBurst = MAX(10, g_iFirewallTcpSynBurst);
-		}
-
 		TOKEN("protect_normal_player")
 		{
 			str_to_number(g_protectNormalPlayer, value_string);

src/game/config.h

@@ -105,9 +105,5 @@ extern int gPlayerMaxLevel;
 
 extern bool g_BlockCharCreation;
 
-extern bool g_bFirewallEnable;
-extern int  g_iFirewallTcpSynLimit;
-extern int  g_iFirewallTcpSynBurst;
-
 #endif /* __INC_METIN_II_GAME_CONFIG_H__ */
 

src/game/desc.cpp

@@ -81,10 +81,6 @@ void DESC::Initialize()
 	m_offtime = 0;
 
 	m_pkDisconnectEvent = NULL;
-
-	m_iFloodCheckPulse = 0;
-	m_dwFloodPacketCount = 0;
-	m_bIPCountTracked = false;
 }
 
 void DESC::Destroy()
@@ -216,7 +212,6 @@ bool DESC::Setup(LPFDWATCH _fdw, socket_t _fd, const struct sockaddr_in & c_rSoc
 
 	m_pkPingEvent = event_create(ping_event, info, ping_event_second_cycle);
 
-	// Set Phase to handshake and begin secure key exchange
 	SetPhase(PHASE_HANDSHAKE);
 	m_handshake_time = get_dword_time();
 	SendKeyChallenge();
@@ -242,7 +237,6 @@ int DESC::ProcessInput()
 	else if (bytes_read == 0)
 		return 0;
 
-	// Decrypt only the newly received bytes before committing to the buffer
 	if (m_secureCipher.IsActivated()) {
 		m_secureCipher.DecryptInPlace(m_inputBuffer.WritePtr(), bytes_read);
 	}
@@ -328,7 +322,6 @@ void DESC::Packet(const void * c_pvData, int iSize)
 	if (m_iPhase == PHASE_CLOSE)
 		return;
 
-	// Log the packet for sequence tracking (only for real packet sends, not buffered flushes)
 	if (!m_hasBufferedOutput && iSize >= (int)sizeof(uint16_t) * 2)
 	{
 		const uint16_t wHeader = *static_cast<const uint16_t*>(c_pvData);
@@ -465,54 +458,22 @@ bool DESC::IsExpiredHandshake() const
 	return (m_handshake_time + (5 * 1000)) < get_dword_time();
 }
 
-bool DESC::CheckPacketFlood()
-{
-	extern int g_iFloodMaxPacketsPerSec;
-
-	// Use thecore_pulse() (cached per game-loop iteration) instead of
-	// get_dword_time() (gettimeofday syscall) to avoid per-packet syscall overhead.
-	int pulse = thecore_pulse();
-	int pps = static_cast<int>(thecore_pulse_per_second());
-
-	if (pulse - m_iFloodCheckPulse >= pps)
-	{
-		m_iFloodCheckPulse = pulse;
-		m_dwFloodPacketCount = 1;
-		return false;
-	}
-
-	++m_dwFloodPacketCount;
-
-	if (m_dwFloodPacketCount > (uint32_t)g_iFloodMaxPacketsPerSec)
-	{
-		sys_log(0, "FLOOD: %s exceeded %d packets/sec (count: %u), disconnecting",
-			GetHostName(), g_iFloodMaxPacketsPerSec, m_dwFloodPacketCount);
-		return true;
-	}
-
-	return false;
-}
-
 DWORD DESC::GetClientTime()
 {
 	return m_dwClientTime;
 }
 
-// Secure key exchange methods (libsodium/XChaCha20-Poly1305)
 void DESC::SendKeyChallenge()
 {
-	// Initialize cipher and generate keypair
 	if (!m_secureCipher.Initialize())
 	{
 		sys_err("Failed to initialize SecureCipher");
 		SetPhase(PHASE_CLOSE);
 		return;
 	}
 
-	// Generate challenge
 	m_secureCipher.GenerateChallenge(m_challenge);
 
-	// Build and send challenge packet
 	TPacketGCKeyChallenge packet;
 	packet.header = GC::KEY_CHALLENGE;
 	packet.length = sizeof(packet);
@@ -529,14 +490,12 @@ void DESC::SendKeyChallenge()
 
 bool DESC::HandleKeyResponse(const uint8_t* client_pk, const uint8_t* challenge_response)
 {
-	// Compute session keys from client's public key
 	if (!m_secureCipher.ComputeServerKeys(client_pk))
 	{
 		sys_err("Failed to compute server session keys for %s", GetHostName());
 		return false;
 	}
 
-	// Verify challenge response
 	if (!m_secureCipher.VerifyChallengeResponse(m_challenge, challenge_response))
 	{
 		sys_err("Challenge response verification failed for %s", GetHostName());
@@ -550,17 +509,14 @@ bool DESC::HandleKeyResponse(const uint8_t* client_pk, const uint8_t* challenge_
 
 void DESC::SendKeyComplete()
 {
-	// Generate session token
 	uint8_t session_token[SecureCipher::SESSION_TOKEN_SIZE];
 	randombytes_buf(session_token, sizeof(session_token));
 	m_secureCipher.SetSessionToken(session_token);
 
-	// Build and send complete packet
 	TPacketGCKeyComplete packet;
 	packet.header = GC::KEY_COMPLETE;
 	packet.length = sizeof(packet);
 
-	// Encrypt the session token
 	if (!m_secureCipher.EncryptToken(session_token, sizeof(session_token),
 	                                  packet.encrypted_token, packet.nonce))
 	{
@@ -571,10 +527,7 @@ void DESC::SendKeyComplete()
 
 	Packet(&packet, sizeof(packet));
 
-	// Flush before activating encryption
 	ProcessOutput();
-
-	// Activate encryption
 	m_secureCipher.SetActivated(true);
 
 	sys_log(0, "[HANDSHAKE] Cipher ACTIVATED for %s (tx_nonce: %llu, rx_nonce: %llu)",
@@ -852,8 +805,6 @@ void DESC::ChatPacket(BYTE type, const char * format, ...)
 	Packet(buf.read_peek(), buf.size());
 }
 
-// --- Packet sequence tracking ---
-
 void DESC::LogRecvPacket(uint16_t header, uint16_t length)
 {
 	auto& e = m_aRecentRecvPackets[m_dwRecvPacketSeq % PACKET_LOG_SIZE];

src/game/desc.h

@@ -104,7 +104,6 @@ class DESC
 
 		DWORD			GetClientTime();
 
-		// Secure key exchange (libsodium/XChaCha20-Poly1305)
 		void SendKeyChallenge();
 		bool HandleKeyResponse(const uint8_t* client_pk, const uint8_t* challenge_response);
 		void SendKeyComplete();
@@ -142,15 +141,9 @@ class DESC
 		bool			isChannelStatusRequested() const { return m_bChannelStatusRequested; }
 		void			SetChannelStatusRequested(bool bChannelStatusRequested) { m_bChannelStatusRequested = bChannelStatusRequested; }
 
-		// Handshake timeout check
 		bool			IsExpiredHandshake() const;
 		void			SetHandshakeTime(uint32_t handshake_time) { m_handshake_time = handshake_time; }
 
-		// Flood protection
-		bool			CheckPacketFlood();
-		void			SetIPCountTracked(bool b) { m_bIPCountTracked = b; }
-		bool			IsIPCountTracked() const { return m_bIPCountTracked; }
-
 	protected:
 		void			Initialize();
 
@@ -215,15 +208,7 @@ class DESC
 		bool			m_bDestroyed;
 		bool			m_bChannelStatusRequested;
 
-		// Handshake timeout protection
 		uint32_t		m_handshake_time;
-
-		// Flood protection
-		int				m_iFloodCheckPulse;
-		uint32_t		m_dwFloodPacketCount;
-		bool			m_bIPCountTracked;
-
-		// Secure cipher (libsodium/XChaCha20-Poly1305)
 		SecureCipher	m_secureCipher;
 		uint8_t			m_challenge[SecureCipher::CHALLENGE_SIZE];
 
@@ -242,7 +227,6 @@ class DESC
 		void RawPacket(const void * c_pvData, int iSize);
 		void ChatPacket(BYTE type, const char * format, ...);
 
-	// --- Packet sequence tracking (debug aid) ---
 	public:
 		struct PacketLogEntry
 		{

src/game/desc_manager.cpp

@@ -88,27 +88,6 @@ LPDESC DESC_MANAGER::AcceptDesc(LPFDWATCH fdw, socket_t s)
 
 	strlcpy(host, inet_ntoa(peer.sin_addr), sizeof(host));
 
-	// Global connection limit
-	extern int g_iFloodMaxGlobalConnections;
-	if (m_iSocketsConnected >= g_iFloodMaxGlobalConnections)
-	{
-		sys_log(0, "FLOOD: rejecting connection from %s (global limit %d/%d reached)",
-			host, m_iSocketsConnected, g_iFloodMaxGlobalConnections);
-		socket_close(desc);
-		return NULL;
-	}
-
-	// Per-IP connection limit
-	extern int g_iFloodMaxConnectionsPerIP;
-	auto itIP = m_map_ipConnCount.find(host);
-	if (itIP != m_map_ipConnCount.end() && itIP->second >= g_iFloodMaxConnectionsPerIP)
-	{
-		sys_log(0, "FLOOD: rejecting connection from %s (%d/%d connections)",
-			host, itIP->second, g_iFloodMaxConnectionsPerIP);
-		socket_close(desc);
-		return NULL;
-	}
-
 	newd = M2_NEW DESC;
 
 	if (!newd->Setup(fdw, desc, peer, ++m_iHandleCount))
@@ -123,10 +102,6 @@ LPDESC DESC_MANAGER::AcceptDesc(LPFDWATCH fdw, socket_t s)
 	m_set_pkDesc.insert(newd);
 	++m_iSocketsConnected;
 
-	// Track per-IP count
-	++m_map_ipConnCount[host];
-	newd->SetIPCountTracked(true);
-
 	return (newd);
 }
 
@@ -181,17 +156,6 @@ void DESC_MANAGER::DestroyDesc(LPDESC d, bool bEraseFromSet)
 	else
 		m_set_pkClientDesc.erase((LPCLIENT_DESC) d);
 
-	// Decrement per-IP connection count (before Destroy invalidates state)
-	if (d->IsIPCountTracked())
-	{
-		auto it = m_map_ipConnCount.find(d->GetHostName());
-		if (it != m_map_ipConnCount.end())
-		{
-			if (--it->second <= 0)
-				m_map_ipConnCount.erase(it);
-		}
-	}
-
 	// Explicit call to the virtual function Destroy()
 	d->Destroy();
 
@@ -419,7 +383,7 @@ DWORD DESC_MANAGER::CreateLoginKey(LPDESC d)
 
 	do
 	{
-		dwKey = randombytes_uniform(INT_MAX) + 1;  // CSPRNG: [1, INT_MAX]
+		dwKey = randombytes_uniform(INT_MAX) + 1;
 
 		if (m_map_pkLoginKey.find(dwKey) != m_map_pkLoginKey.end())
 			continue;
@@ -445,7 +409,6 @@ void DESC_MANAGER::ProcessExpiredLoginKey()
 	{
 		it2 = it++;
 
-		// Clean up orphaned keys (descriptor gone but never expired)
 		if (it2->second->m_dwExpireTime == 0 && it2->second->m_pkDesc == NULL)
 		{
 			M2_DELETE(it2->second);

src/game/desc_manager.h

@@ -67,8 +67,6 @@ class DESC_MANAGER : public singleton<DESC_MANAGER>
 		CLIENT_DESC_SET		m_set_pkClientDesc;
 		DESC_SET			m_set_pkDesc;
 
-		std::unordered_map<std::string, int>	m_map_ipConnCount;
-
 		DESC_HANDLE_MAP			m_map_handle;
 		//DESC_ACCOUNTID_MAP		m_AccountIDMap;
 		DESC_LOGINNAME_MAP		m_map_loginName;