}
}
+static int NetConn_AddCryptoFlag(crypto_t *crypto)
+{
+ // HACK: if an encrypted connection is used, randomly set some unused
+ // flags. When AES encryption is enabled, that will make resends differ
+ // from the original, so that e.g. substring filters in a router/IPS
+ // are unlikely to match a second time. See also "startkeylogger".
+ int flag = 0;
+ if (crypto->authenticated)
+ {
+ // Let's always set at least one of the bits.
+ int r = rand() % 7 + 1;
+ if (r & 1)
+ flag |= NETFLAG_CRYPTO0;
+ if (r & 2)
+ flag |= NETFLAG_CRYPTO1;
+ if (r & 4)
+ flag |= NETFLAG_CRYPTO2;
+ }
+ return flag;
+}
+
int NetConn_SendUnreliableMessage(netconn_t *conn, sizebuf_t *data, protocolversion_t protocol, int rate, int burstsize, qboolean quakesignon_suppressreliables)
{
int totallen = 0;
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence - 1);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
return -1;
}
- StoreBigLong(sendbuffer, packetLen | NETFLAG_UNRELIABLE);
+ StoreBigLong(sendbuffer, packetLen | NETFLAG_UNRELIABLE | NetConn_AddCryptoFlag(&conn->crypto));
StoreBigLong(sendbuffer + 4, conn->outgoing_unreliable_sequence);
memcpy(sendbuffer + NET_HEADERSIZE, data->data, data->cursize);
packetLen = NET_HEADERSIZE + dataLen;
- StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom));
+ StoreBigLong(sendbuffer, packetLen | (NETFLAG_DATA | eom | NetConn_AddCryptoFlag(&conn->crypto)));
StoreBigLong(sendbuffer + 4, conn->nq.sendSequence);
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
conn->outgoing_netgraph[conn->outgoing_packetcounter].ackbytes += 8 + 28;
- StoreBigLong(temppacket, 8 | NETFLAG_ACK);
+ StoreBigLong(temppacket, 8 | NETFLAG_ACK | NetConn_AddCryptoFlag(&conn->crypto));
StoreBigLong(temppacket + 4, sequence);
sendme = Crypto_EncryptPacket(&conn->crypto, temppacket, 8, &cryptosendbuffer, &sendmelen, sizeof(cryptosendbuffer));
if(sendme)
#define NET_HEADERSIZE (2 * sizeof(unsigned int))
// NetHeader flags
-#define NETFLAG_LENGTH_MASK 0x0000ffff
-#define NETFLAG_DATA 0x00010000
-#define NETFLAG_ACK 0x00020000
-#define NETFLAG_NAK 0x00040000
-#define NETFLAG_EOM 0x00080000
-#define NETFLAG_UNRELIABLE 0x00100000
-#define NETFLAG_CTL 0x80000000
-#define NETFLAG_CRYPTO 0x40000000
+#define NETFLAG_LENGTH_MASK 0x0000ffff
+#define NETFLAG_DATA 0x00010000
+#define NETFLAG_ACK 0x00020000
+#define NETFLAG_NAK 0x00040000
+#define NETFLAG_EOM 0x00080000
+#define NETFLAG_UNRELIABLE 0x00100000
+#define NETFLAG_CRYPTO0 0x10000000
+#define NETFLAG_CRYPTO1 0x20000000
+#define NETFLAG_CRYPTO2 0x40000000
+#define NETFLAG_CTL 0x80000000
#define NET_PROTOCOL_VERSION 3
projects / xonotic / darkplaces.git / commitdiff