Move haproxy handling and throttling to Cloudburst network (GeyserMC#6390)

(cherry picked from commit 6b979fa)

Author: valaphee

core/src/main/java/org/geysermc/geyser/network/GeyserServerInitializer.java

@@ -38,8 +38,6 @@
 import org.geysermc.geyser.GeyserImpl;
 import org.geysermc.geyser.session.GeyserSession;
 
-import java.net.InetSocketAddress;
-
 public class GeyserServerInitializer extends BedrockServerInitializer {
     private final GeyserImpl geyser;
     private final boolean rakCookiesEnabled;
@@ -63,13 +61,6 @@ protected void preInitChannel(Channel channel) throws Exception {
     @Override
     public void initSession(@NonNull BedrockServerSession bedrockServerSession) {
         try {
-            if (this.geyser.getGeyserServer().getProxiedAddresses() != null) {
-                InetSocketAddress address = this.geyser.getGeyserServer().getProxiedAddresses().get((InetSocketAddress) bedrockServerSession.getSocketAddress());
-                if (address != null) {
-                    ((GeyserBedrockPeer) bedrockServerSession.getPeer()).setProxiedAddress(address);
-                }
-            }
-
             bedrockServerSession.setLogging(this.geyser.config().debugMode());
             GeyserSession session = new GeyserSession(this.geyser, bedrockServerSession, this.eventLoopGroup.next());
 

core/src/main/java/org/geysermc/geyser/network/UpstreamPacketHandler.java

@@ -203,11 +203,6 @@ public PacketSignal handle(LoginPacket loginPacket) {
         }
         receivedLoginPacket = true;
 
-        if (geyser.getSessionManager().reachedMaxConnectionsPerAddress(session)) {
-            session.disconnect("Too many connections are originating from this location!");
-            return PacketSignal.HANDLED;
-        }
-
         LoginEncryptionUtils.encryptPlayerConnection(session, loginPacket);
 
         if (session.isClosed()) {

core/src/main/java/org/geysermc/geyser/network/netty/GeyserServer.java

@@ -37,9 +37,8 @@
 import io.netty.util.concurrent.DefaultThreadFactory;
 import io.netty.util.concurrent.Future;
 import lombok.Getter;
-import net.jodah.expiringmap.ExpirationPolicy;
-import net.jodah.expiringmap.ExpiringMap;
 import org.cloudburstmc.netty.channel.raknet.RakChannelFactory;
+import org.cloudburstmc.netty.channel.raknet.config.DefaultRakServerThrottle;
 import org.cloudburstmc.netty.channel.raknet.config.RakChannelOption;
 import org.cloudburstmc.netty.channel.raknet.config.RakServerCookieMode;
 import org.cloudburstmc.netty.handler.codec.raknet.server.RakServerOfflineHandler;
@@ -54,9 +53,7 @@
 import org.geysermc.geyser.network.GameProtocol;
 import org.geysermc.geyser.network.GeyserServerInitializer;
 import org.geysermc.geyser.network.netty.handler.RakConnectionRequestHandler;
-import org.geysermc.geyser.network.netty.handler.RakGeyserRateLimiter;
 import org.geysermc.geyser.network.netty.handler.RakPingHandler;
-import org.geysermc.geyser.network.netty.proxy.ProxyServerHandler;
 import org.geysermc.geyser.ping.GeyserPingInfo;
 import org.geysermc.geyser.ping.IGeyserPingPassthrough;
 import org.geysermc.geyser.skin.SkinProvider;
@@ -107,8 +104,6 @@ public final class GeyserServer {
     private final ServerBootstrap bootstrap;
     private EventLoopGroup playerGroup;
 
-    @Getter
-    private final ExpiringMap<InetSocketAddress, InetSocketAddress> proxiedAddresses;
     private int listenCount;
 
     private ChannelFuture[] bootstrapFutures;
@@ -136,14 +131,6 @@ public GeyserServer(GeyserImpl geyser, int threadCount) {
             this.listenCount = 1;
         }
 
-        if (this.geyser.config().advanced().bedrock().useHaproxyProtocol() || this.geyser.config().advanced().bedrock().useWaterdogpeForwarding()) {
-            this.proxiedAddresses = ExpiringMap.builder()
-                    .expiration(30 + 1, TimeUnit.MINUTES)
-                    .expirationPolicy(ExpirationPolicy.ACCESSED).build();
-        } else {
-            this.proxiedAddresses = null;
-        }
-
         this.broadcastPort = geyser.config().advanced().bedrock().broadcastPort();
     }
 
@@ -170,21 +157,6 @@ private void modifyHandlers(ChannelFuture future) {
             channel.pipeline()
                 .addFirst(RakConnectionRequestHandler.NAME, new RakConnectionRequestHandler(this))
                 .addAfter(RakServerOfflineHandler.NAME, RakPingHandler.NAME, new RakPingHandler(this));
-
-            // Add proxy handler
-            boolean isProxyProtocol = this.geyser.config().advanced().bedrock().useHaproxyProtocol();
-            if (isProxyProtocol) {
-                channel.pipeline().addFirst("proxy-protocol-decoder", new ProxyServerHandler());
-            }
-
-            boolean isWhitelistedProxyProtocol = isProxyProtocol && !this.geyser.config().advanced().bedrock().haproxyProtocolWhitelistedIps().isEmpty();
-            if (Boolean.parseBoolean(System.getProperty("Geyser.RakRateLimitingDisabled", "false")) || isWhitelistedProxyProtocol) {
-                // We would already block any non-whitelisted IP addresses in onConnectionRequest so we can remove the rate limiter
-                channel.pipeline().remove(RakServerRateLimiter.NAME);
-            } else {
-                // Use our own rate limiter to allow multiple players from the same IP
-                channel.pipeline().replace(RakServerRateLimiter.NAME, RakGeyserRateLimiter.NAME, new RakGeyserRateLimiter(channel));
-            }
         });
     }
 
@@ -237,6 +209,15 @@ private ServerBootstrap createBootstrap() {
         boolean rakSendCookie = Boolean.parseBoolean(System.getProperty("Geyser.RakSendCookie", "true"));
         this.geyser.getLogger().debug("Setting RakNet send cookie to " + rakSendCookie);
 
+        int maxConnectionsPerAddress =  positivePropOrDefault("Geyser.MaxConnectionsPerAddress", 10);
+        this.geyser.getLogger().debug("Setting max connections per address to " + maxConnectionsPerAddress);
+
+        boolean rakRateLimitingDisabled = Boolean.parseBoolean(System.getProperty(
+            "Geyser.RakRateLimitingDisabled",
+            Boolean.toString(this.geyser.config().advanced().bedrock().useWaterdogpeForwarding())
+        ));
+        this.geyser.getLogger().debug("Disabling RakNet rate limiting " + rakRateLimitingDisabled);
+
         GeyserServerInitializer serverInitializer = new GeyserServerInitializer(this.geyser, rakSendCookie);
         playerGroup = serverInitializer.getEventLoopGroup();
 
@@ -245,13 +226,15 @@ private ServerBootstrap createBootstrap() {
             .group(group, childGroup)
             .option(RakChannelOption.RAK_HANDLE_PING, true)
             .option(RakChannelOption.RAK_MAX_MTU, this.geyser.config().advanced().bedrock().mtu())
-            .option(RakChannelOption.RAK_PACKET_LIMIT, rakPacketLimit)
+            .option(RakChannelOption.RAK_PACKET_LIMIT, rakRateLimitingDisabled ? 0 : rakPacketLimit)
             .option(RakChannelOption.RAK_GLOBAL_PACKET_LIMIT, rakGlobalPacketLimit)
             .option(RakChannelOption.RAK_SERVER_COOKIE_MODE, rakSendCookie ? RakServerCookieMode.ACTIVE : RakServerCookieMode.INVALID)
+            .option(RakChannelOption.RAK_PROXY_PROTOCOL, this.geyser.config().advanced().bedrock().useHaproxyProtocol())
+            .option(RakChannelOption.RAK_THROTTLE, rakRateLimitingDisabled ? null : new DefaultRakServerThrottle(maxConnectionsPerAddress, 4_000, 3))
             .childHandler(serverInitializer);
     }
 
-    public boolean onConnectionRequest(InetSocketAddress inetSocketAddress) {
+    public boolean onConnectionRequest(InetSocketAddress inetSocketAddress, InetSocketAddress clientAddress) {
         List<String> allowedProxyIPs = geyser.config().advanced().bedrock().haproxyProtocolWhitelistedIps();
         if (geyser.config().advanced().bedrock().useHaproxyProtocol() && !allowedProxyIPs.isEmpty()) {
             boolean isWhitelistedIP = false;
@@ -268,20 +251,11 @@ public boolean onConnectionRequest(InetSocketAddress inetSocketAddress) {
             }
         }
 
-        String ip;
-        if (geyser.config().logPlayerIpAddresses()) {
-            if (this.proxiedAddresses != null) {
-                ip = this.proxiedAddresses.getOrDefault(inetSocketAddress, inetSocketAddress).toString();
-            } else {
-                ip = inetSocketAddress.toString();
-            }
-        } else {
-            ip = "<IP address withheld>";
-        }
+        String ip = geyser.config().logPlayerIpAddresses() ? clientAddress.toString() : "<IP address withheld>";
 
         ConnectionRequestEvent requestEvent = new ConnectionRequestEvent(
-            inetSocketAddress, 
-            this.proxiedAddresses != null ? this.proxiedAddresses.get(inetSocketAddress) : null
+            clientAddress,
+            geyser.config().advanced().bedrock().useHaproxyProtocol() ? inetSocketAddress : null
         );
         geyser.eventBus().fire(requestEvent);
         if (requestEvent.isCancelled()) {
@@ -297,16 +271,7 @@ public boolean onConnectionRequest(InetSocketAddress inetSocketAddress) {
 
     public BedrockPong onQuery(Channel channel, InetSocketAddress inetSocketAddress) {
         if (geyser.config().debugMode() && PRINT_DEBUG_PINGS) {
-            String ip;
-            if (geyser.config().logPlayerIpAddresses()) {
-                if (this.proxiedAddresses != null) {
-                    ip = this.proxiedAddresses.getOrDefault(inetSocketAddress, inetSocketAddress).toString();
-                } else {
-                    ip = inetSocketAddress.toString();
-                }
-            } else {
-                ip = "<IP address withheld>";
-            }
+            String ip = geyser.config().logPlayerIpAddresses() ? inetSocketAddress.toString() : "<IP address withheld>";
             geyser.getLogger().debug(GeyserLocale.getLocaleStringLog("geyser.network.pinged", ip));
         }
 

core/src/main/java/org/geysermc/geyser/network/netty/handler/RakConnectionRequestHandler.java

@@ -33,6 +33,7 @@
 import io.netty.channel.socket.DatagramPacket;
 import lombok.RequiredArgsConstructor;
 import org.checkerframework.checker.nullness.qual.NonNull;
+import org.cloudburstmc.netty.channel.raknet.RakServerChannel;
 import org.cloudburstmc.netty.channel.raknet.config.RakChannelOption;
 import org.geysermc.geyser.network.netty.GeyserServer;
 
@@ -84,8 +85,10 @@ public void channelRead(@NonNull ChannelHandlerContext ctx, @NonNull Object msg)
         ByteBuf magicBuf = ctx.channel().config().getOption(RakChannelOption.RAK_UNCONNECTED_MAGIC);
         long guid = ctx.channel().config().getOption(RakChannelOption.RAK_GUID);
 
-        if (!this.server.onConnectionRequest(packet.sender())) {
-            this.sendConnectionBanned(ctx, packet.sender(), magicBuf, guid);
+        InetSocketAddress address = packet.sender();
+        InetSocketAddress clientAddress = ((RakServerChannel) ctx.channel()).getClientAddress(address);
+        if (!this.server.onConnectionRequest(address, clientAddress)) {
+            this.sendConnectionBanned(ctx, address, magicBuf, guid);
         } else {
             ctx.fireChannelRead(msg);
         }

core/src/main/java/org/geysermc/geyser/network/netty/handler/RakGeyserRateLimiter.java

@@ -31,9 +31,12 @@
 import lombok.RequiredArgsConstructor;
 import org.cloudburstmc.netty.channel.raknet.RakPing;
 import org.cloudburstmc.netty.channel.raknet.RakPong;
+import org.cloudburstmc.netty.channel.raknet.RakServerChannel;
 import org.cloudburstmc.netty.channel.raknet.config.RakChannelOption;
 import org.geysermc.geyser.network.netty.GeyserServer;
 
+import java.net.InetSocketAddress;
+
 @ChannelHandler.Sharable
 @RequiredArgsConstructor
 public class RakPingHandler extends SimpleChannelInboundHandler<RakPing> {
@@ -45,7 +48,9 @@ public class RakPingHandler extends SimpleChannelInboundHandler<RakPing> {
     protected void channelRead0(ChannelHandlerContext ctx, RakPing msg) {
         long guid = ctx.channel().config().getOption(RakChannelOption.RAK_GUID);
 
-        RakPong pong = msg.reply(guid, this.server.onQuery(ctx.channel(), msg.getSender()).toByteBuf());
+        InetSocketAddress address = msg.getSender();
+        InetSocketAddress clientAddress = ((RakServerChannel) ctx.channel()).getClientAddress(address);
+        RakPong pong = msg.reply(guid, this.server.onQuery(ctx.channel(), clientAddress).toByteBuf());
         ctx.writeAndFlush(pong);
     }
 }