From 0d5680e9712a5362c23b0ef6e479654d67e99b8b Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 14 Aug 2013 22:07:22 +0100 Subject: Count any incoming packet that could not be recognized as an LLUDP packet as a malformed packet. Record this as stat clientstack..IncomingPacketsMalformedCount Used to detect if a simulator is receiving significant junk UDP Decimates the number of packets between which a warning is logged and prints the IP source of the last malformed packet when logging --- .../Region/ClientStack/Linden/UDP/LLUDPServer.cs | 65 +++++++++++++++------- 1 file changed, 44 insertions(+), 21 deletions(-) (limited to 'OpenSim/Region/ClientStack') diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs index de2f9d4..553250c 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs @@ -108,6 +108,19 @@ namespace OpenSim.Region.ClientStack.LindenUDP StatsManager.RegisterStat( new Stat( + "IncomingPacketsMalformedCount", + "Number of inbound UDP packets that could not be recognized as LL protocol packets.", + "", + "", + "clientstack", + scene.Name, + StatType.Pull, + MeasuresOfInterest.AverageChangeOverTime, + stat => stat.Value = m_udpServer.IncomingMalformedPacketCount, + StatVerbosity.Info)); + + StatsManager.RegisterStat( + new Stat( "OutgoingUDPSendsCount", "Number of UDP sends performed", "", @@ -268,7 +281,10 @@ namespace OpenSim.Region.ClientStack.LindenUDP public Socket Server { get { return null; } } - private int m_malformedCount = 0; // Guard against a spamming attack + /// + /// Record how many inbound packets could not be recognized as LLUDP packets. + /// + public int IncomingMalformedPacketCount { get; private set; } /// /// Record current outgoing client for monitoring purposes. @@ -1181,6 +1197,19 @@ namespace OpenSim.Region.ClientStack.LindenUDP outgoingPacket.TickCount = Environment.TickCount & Int32.MaxValue; } + private void RecordMalformedInboundPacket(IPEndPoint endPoint) + { +// if (m_malformedCount < 100) +// m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString()); + + IncomingMalformedPacketCount++; + + if ((IncomingMalformedPacketCount % 10000) == 0) + m_log.WarnFormat( + "[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack. Last malformed was from {1}", + IncomingMalformedPacketCount, endPoint); + } + public override void PacketReceived(UDPPacketBuffer buffer) { // Debugging/Profiling @@ -1202,6 +1231,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP // "[LLUDPSERVER]: Dropping undersized packet with {0} bytes received from {1} in {2}", // buffer.DataLength, buffer.RemoteEndPoint, m_scene.RegionInfo.RegionName); + RecordMalformedInboundPacket(endPoint); + return; // Drop undersized packet } @@ -1220,6 +1251,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP // "[LLUDPSERVER]: Dropping packet with malformed header received from {0} in {1}", // buffer.RemoteEndPoint, m_scene.RegionInfo.RegionName); + RecordMalformedInboundPacket(endPoint); + return; // Malformed header } @@ -1235,34 +1268,24 @@ namespace OpenSim.Region.ClientStack.LindenUDP // Only allocate a buffer for zerodecoding if the packet is zerocoded ((buffer.Data[0] & Helpers.MSG_ZEROCODED) != 0) ? new byte[4096] : null); } - catch (MalformedDataException) - { - } - catch (IndexOutOfRangeException) - { -// m_log.WarnFormat( -// "[LLUDPSERVER]: Dropping short packet received from {0} in {1}", -// buffer.RemoteEndPoint, m_scene.RegionInfo.RegionName); - - return; // Drop short packet - } catch (Exception e) { - if (m_malformedCount < 100) + if (IncomingMalformedPacketCount < 100) m_log.DebugFormat("[LLUDPSERVER]: Dropped malformed packet: " + e.ToString()); - - m_malformedCount++; - - if ((m_malformedCount % 100000) == 0) - m_log.DebugFormat("[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack.", m_malformedCount); } // Fail-safe check if (packet == null) { - m_log.ErrorFormat("[LLUDPSERVER]: Malformed data, cannot parse {0} byte packet from {1}:", - buffer.DataLength, buffer.RemoteEndPoint); - m_log.Error(Utils.BytesToHexString(buffer.Data, buffer.DataLength, null)); + if (IncomingMalformedPacketCount < 100) + { + m_log.ErrorFormat("[LLUDPSERVER]: Malformed data, cannot parse {0} byte packet from {1}:", + buffer.DataLength, buffer.RemoteEndPoint); + m_log.Error(Utils.BytesToHexString(buffer.Data, buffer.DataLength, null)); + } + + RecordMalformedInboundPacket(endPoint); + return; } -- cgit v1.1 From 93dffe17773ee5af552ac64a7902f66d8acac1b3 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 14 Aug 2013 22:33:12 +0100 Subject: Add stat clientstack..IncomingPacketsOrphanedCount to record well-formed packets that were not initial connection packets and could not be associated with a connected viewer. --- .../Region/ClientStack/Linden/UDP/LLUDPServer.cs | 33 +++++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'OpenSim/Region/ClientStack') diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs index 553250c..102e581 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs @@ -121,6 +121,19 @@ namespace OpenSim.Region.ClientStack.LindenUDP StatsManager.RegisterStat( new Stat( + "IncomingPacketsOrphanedCount", + "Number of inbound packets that were not initial connections packets and could not be associated with a viewer.", + "", + "", + "clientstack", + scene.Name, + StatType.Pull, + MeasuresOfInterest.AverageChangeOverTime, + stat => stat.Value = m_udpServer.IncomingOrphanedPacketCount, + StatVerbosity.Info)); + + StatsManager.RegisterStat( + new Stat( "OutgoingUDPSendsCount", "Number of UDP sends performed", "", @@ -287,6 +300,11 @@ namespace OpenSim.Region.ClientStack.LindenUDP public int IncomingMalformedPacketCount { get; private set; } /// + /// Record how many inbound packets could not be associated with a simulator circuit. + /// + public int IncomingOrphanedPacketCount { get; private set; } + + /// /// Record current outgoing client for monitoring purposes. /// private IClientAPI m_currentOutgoingClient; @@ -1206,7 +1224,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP if ((IncomingMalformedPacketCount % 10000) == 0) m_log.WarnFormat( - "[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack. Last malformed was from {1}", + "[LLUDPSERVER]: Received {0} malformed packets so far, probable network attack. Last was from {1}", IncomingMalformedPacketCount, endPoint); } @@ -1279,9 +1297,8 @@ namespace OpenSim.Region.ClientStack.LindenUDP { if (IncomingMalformedPacketCount < 100) { - m_log.ErrorFormat("[LLUDPSERVER]: Malformed data, cannot parse {0} byte packet from {1}:", - buffer.DataLength, buffer.RemoteEndPoint); - m_log.Error(Utils.BytesToHexString(buffer.Data, buffer.DataLength, null)); + m_log.WarnFormat("[LLUDPSERVER]: Malformed data, cannot parse {0} byte packet from {1}, data {2}:", + buffer.DataLength, buffer.RemoteEndPoint, Utils.BytesToHexString(buffer.Data, buffer.DataLength, null)); } RecordMalformedInboundPacket(endPoint); @@ -1323,6 +1340,14 @@ namespace OpenSim.Region.ClientStack.LindenUDP if (!m_scene.TryGetClient(endPoint, out client) || !(client is LLClientView)) { //m_log.Debug("[LLUDPSERVER]: Received a " + packet.Type + " packet from an unrecognized source: " + address + " in " + m_scene.RegionInfo.RegionName); + + IncomingOrphanedPacketCount++; + + if ((IncomingOrphanedPacketCount % 10000) == 0) + m_log.WarnFormat( + "[LLUDPSERVER]: Received {0} orphaned packets so far. Last was from {1}", + IncomingOrphanedPacketCount, endPoint); + return; } -- cgit v1.1 From 104626d732614a2e0b1988961e61f63447017013 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 14 Aug 2013 23:22:20 +0100 Subject: minor: Comment out AvatarPicketSearch caps log message for now, which is occuring on every login and entity transfer --- OpenSim/Region/ClientStack/Linden/Caps/AvatarPickerSearchModule.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/ClientStack') diff --git a/OpenSim/Region/ClientStack/Linden/Caps/AvatarPickerSearchModule.cs b/OpenSim/Region/ClientStack/Linden/Caps/AvatarPickerSearchModule.cs index 9f2aed0..10a4753 100644 --- a/OpenSim/Region/ClientStack/Linden/Caps/AvatarPickerSearchModule.cs +++ b/OpenSim/Region/ClientStack/Linden/Caps/AvatarPickerSearchModule.cs @@ -123,7 +123,7 @@ namespace OpenSim.Region.ClientStack.Linden if (m_URL == "localhost") { - m_log.DebugFormat("[AVATAR PICKER SEARCH]: /CAPS/{0} in region {1}", capID, m_scene.RegionInfo.RegionName); +// m_log.DebugFormat("[AVATAR PICKER SEARCH]: /CAPS/{0} in region {1}", capID, m_scene.RegionInfo.RegionName); caps.RegisterHandler( "AvatarPickerSearch", new AvatarPickerSearchHandler("/CAPS/" + capID + "/", m_People, "AvatarPickerSearch", "Search for avatars by name")); -- cgit v1.1 From 7d268912f1ee09b4e146208a4dd84dbf81ba335d Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Fri, 16 Aug 2013 00:58:25 +0100 Subject: Packet headers are not zero-encoded so don't try to zero-decode these in PacketPool.GetType() Instead adjusts code with that from Packet.BuildHeader(byte[], ref int, ref int):Header in libomv This stops packet decoding failures with agent UUIDs that contain 00 in their earlier parts (e.g. b0b0b0b0-0000-0000-0000-000000000211) Thanks to lkalif for pointing this out. --- .../Region/ClientStack/Linden/UDP/PacketPool.cs | 25 ++++++++-------------- 1 file changed, 9 insertions(+), 16 deletions(-) (limited to 'OpenSim/Region/ClientStack') diff --git a/OpenSim/Region/ClientStack/Linden/UDP/PacketPool.cs b/OpenSim/Region/ClientStack/Linden/UDP/PacketPool.cs index 1fdc410..5a2bcee 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/PacketPool.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/PacketPool.cs @@ -145,39 +145,32 @@ namespace OpenSim.Region.ClientStack.LindenUDP return packet; } - // private byte[] decoded_header = new byte[10]; private static PacketType GetType(byte[] bytes) { - byte[] decoded_header = new byte[10 + 8]; ushort id; PacketFrequency freq; + bool isZeroCoded = (bytes[0] & Helpers.MSG_ZEROCODED) != 0; - if ((bytes[0] & Helpers.MSG_ZEROCODED) != 0) + if (bytes[6] == 0xFF) { - Helpers.ZeroDecode(bytes, 16, decoded_header); - } - else - { - Buffer.BlockCopy(bytes, 0, decoded_header, 0, 10); - } - - if (decoded_header[6] == 0xFF) - { - if (decoded_header[7] == 0xFF) + if (bytes[7] == 0xFF) { - id = (ushort) ((decoded_header[8] << 8) + decoded_header[9]); freq = PacketFrequency.Low; + if (isZeroCoded && bytes[8] == 0) + id = bytes[10]; + else + id = (ushort)((bytes[8] << 8) + bytes[9]); } else { - id = decoded_header[7]; freq = PacketFrequency.Medium; + id = bytes[7]; } } else { - id = decoded_header[6]; freq = PacketFrequency.High; + id = bytes[6]; } return Packet.GetType(id, freq); -- cgit v1.1