Clients can now request the master to initiate an WebRTC/ICE connecti…

…on with 'sv_public 1' servers. This is primarily for the browser port. Servers now report their srflx address via the status command (with fp, ready for secure copy+paste).

CMakeLists.txt

@@ -1026,6 +1026,7 @@ ELSE()
 				engine/common/cvar.c
 				engine/common/cmd.c
 				engine/common/sha1.c		#for websockets
+				engine/common/sha2.c		#for fingerprints
 				engine/http/httpclient.c	#for the pipe stuff
 				engine/common/log.c
 				engine/common/fs.c

engine/client/cl_main.c

@@ -187,9 +187,6 @@ cvar_t  cl_gunanglex			= CVAR("cl_gunanglex", "0");
 cvar_t  cl_gunangley			= CVAR("cl_gunangley", "0");
 cvar_t  cl_gunanglez			= CVAR("cl_gunanglez", "0");
 
-#ifdef HAVE_DTLS
-extern cvar_t net_enable_dtls;
-#endif
 cvar_t	cl_proxyaddr			= CVAR("cl_proxyaddr", "");
 cvar_t	cl_sendguid				= CVARD("cl_sendguid", "", "Send a randomly generated 'globally unique' id to servers, which can be used by servers for score rankings and stuff. Different servers will see different guids. Delete the 'qkey' file in order to appear as a different user.\nIf set to 2, all servers will see the same guid. Be warned that this can show other people the guid that you're using.");
 cvar_t	cl_downloads			= CVARAFD("cl_downloads", "1", /*q3*/"cl_allowDownload", CVAR_NOTFROMSERVER, "Allows you to block all automatic downloads.");
@@ -614,6 +611,18 @@ static void CL_ConnectAbort(const char *format, ...)
 	connectinfo.numadr = 0;
 	SCR_EndLoadingPlaque();
 	connectinfo.trying = false;
+
+	if (format)
+	{
+		//try and force the menu to show again. this should force the disconnectreason to show.
+		if (!Key_Dest_Has(kdm_console))
+		{
+#ifdef MENU_DAT
+			if (!MP_Toggle(1))
+#endif
+				Menu_Prompt(NULL, NULL, reason, NULL, NULL, "Okay", true);
+		}
+	}
 }
 
 /*
@@ -679,6 +688,7 @@ static void CL_SendConnectPacket (netadr_t *to)
 
 	t1 = Sys_DoubleTime ();
 
+#ifdef HAVE_DTLS
 	if (connectinfo.peercred.hash && net_enable_dtls.ival>0)
 	{
 		char cert[8192];
@@ -693,6 +703,7 @@ static void CL_SendConnectPacket (netadr_t *to)
 			return;
 		}
 	}
+#endif
 
 	if (!to)
 	{
@@ -844,7 +855,7 @@ static void CL_ResolvedServer(void *vctx, void *data, size_t a, size_t b)
 
 	if (!ctx->found)
 	{
-		CL_ConnectAbort("Bad server address \"%s\"\n", ctx->servername);
+		CL_ConnectAbort("Unable to resolve server address \"%s\"\n", ctx->servername);
 		return;
 	}
 
@@ -1293,7 +1304,7 @@ void CL_CheckForResend (void)
 		connectinfo.clogged = false;
 
 	if (connectinfo.tries == 0 && connectinfo.nextadr < connectinfo.numadr)
-		if (!NET_EnsureRoute(cls.sockets, "conn", &connectinfo.peercred, to))
+		if (!NET_EnsureRoute(cls.sockets, "conn", &connectinfo.peercred, to, true))
 		{
 			CL_ConnectAbort ("Unable to establish connection to %s\n", cls.servername);
 			return;
@@ -1499,8 +1510,15 @@ static void CL_BeginServerConnect(char *host, int port, qboolean noproxy, enum c
 				*e=0;
 			if (!strncasecmp(arglist, "fp=", 3))
 			{
-				Base64_DecodeBlock(arglist+3, arglist+strlen(arglist), connectinfo.peercred.digest, sizeof(connectinfo.peercred.digest));
-				connectinfo.peercred.hash = &hash_sha1;
+				size_t l = 8*Base64_DecodeBlock(arglist+3, arglist+strlen(arglist), connectinfo.peercred.digest, sizeof(connectinfo.peercred.digest));
+				if (l <= 160)
+					connectinfo.peercred.hash = &hash_sha1;
+				else if (l <= 256)
+					connectinfo.peercred.hash = &hash_sha2_256;
+				else if (l <= 512)
+					connectinfo.peercred.hash = &hash_sha2_512;
+				else
+					connectinfo.peercred.hash = NULL;
 			}
 			else
 				Con_Printf(CON_WARNING"uri arg not known: \"%s\"\n", arglist);
@@ -3110,7 +3128,7 @@ void CL_Packet_f (void)
 
 	if (!cls.sockets)
 		NET_InitClient(false);
-	if (!NET_EnsureRoute(cls.sockets, "packet", &cred, &adr))
+	if (!NET_EnsureRoute(cls.sockets, "packet", &cred, &adr, true))
 		return;
 	NET_SendPacket (cls.sockets, out-send, send, &adr);
 
@@ -3432,7 +3450,7 @@ void CL_ConnectionlessPacket (void)
 				if (CL_IsPendingServerAddress(&net_from))
 				{
 					struct dtlspeercred_s cred = {cls.servername}; //FIXME
-					if (!NET_EnsureRoute(cls.sockets, "redir", &cred, &adr))
+					if (!NET_EnsureRoute(cls.sockets, "redir", &cred, &adr, true))
 						Con_Printf (CON_ERROR"Unable to redirect to %s\n", data);
 					else
 					{
@@ -3896,7 +3914,7 @@ void CL_ConnectionlessPacket (void)
 
 			memset(&cred, 0, sizeof(cred));
 			cred.peer = connectinfo.peercred;
-			if (NET_DTLS_Create(cls.sockets, &net_from, &cred))
+			if (NET_DTLS_Create(cls.sockets, &net_from, &cred, true))
 			{
 				connectinfo.numadr = 1;	//fixate on this resolved address.
 				connectinfo.adr[0] = net_from;
@@ -3942,15 +3960,6 @@ void CL_ConnectionlessPacket (void)
 				Con_TPrintf ("ignoring connection\n");
 			return;
 		}
-		if (net_from.type != NA_LOOPBACK)
-		{
-			Con_TPrintf (S_COLOR_GRAY"connection\n");
-
-#ifdef HAVE_SERVER
-			if (sv.state && sv.state != ss_clustermode)
-				SV_UnspawnServer();
-#endif
-		}
 
 		if (cls.state >= ca_connected)
 		{
@@ -3968,6 +3977,15 @@ void CL_ConnectionlessPacket (void)
 				return;
 			}
 		}
+		if (net_from.type != NA_LOOPBACK)
+		{
+//			Con_TPrintf (S_COLOR_GRAY"connection\n");
+
+#ifdef HAVE_SERVER
+			if (sv.state && sv.state != ss_clustermode)
+				SV_UnspawnServer();
+#endif
+		}
 		connectinfo.trying = false;
 		cl.splitclients = 0;
 		cls.protocol = connectinfo.protocol;
@@ -4383,10 +4401,6 @@ void CL_ReadPackets (void)
 	else
 		NET_ReadPackets(cls.sockets);
 
-#ifdef HAVE_DTLS
-	NET_DTLS_Timeouts(cls.sockets);
-#endif
-
 	//
 	// check timeout
 	//

engine/client/cl_parse.c

@@ -1499,6 +1499,7 @@ static int CL_LoadModels(int stage, qboolean dontactuallyload)
 	if (atstage())
 	{
 		SCR_SetLoadingFile("newmap");
+
 //		if (!cl.worldmodel || cl.worldmodel->type == mod_dummy)
 //			Host_EndGame("No worldmodel was loaded\n");
 		Surf_NewMap (cl.worldmodel);
@@ -3740,7 +3741,7 @@ void CL_ParseEstablished(void)
 		else
 			security = "^["S_COLOR_RED"plain-text\\tip\\"CON_WARNING"Do not type passwords as they can potentially be seen by network sniffers^]";
 
-		Con_TPrintf ("Connected to ^["S_COLOR_BLUE"%s\\type\\connect %s^] (%s).\n", cls.servername, cls.servername, security);
+		Con_TPrintf ("\rConnected to ^["S_COLOR_BLUE"%s\\type\\connect %s^] (%s).\n", cls.servername, cls.servername, security);
 	}
 }
 

engine/client/in_generic.c

@@ -63,7 +63,7 @@ void QDECL joyaxiscallback(cvar_t *var, char *oldvalue)
 	else if (!Q_strcasecmp(end, "right") || !Q_strcasecmp(end, "turnright"))
 		var->ival = 4*sign;
 	else if (!Q_strcasecmp(end, "left") || !Q_strcasecmp(end, "turnleft"))
-		var->ival = 4*sign*1;
+		var->ival = 4*sign*-1;
 	else if (!Q_strcasecmp(end, "up") || !Q_strcasecmp(end, "moveup"))
 		var->ival = 5*sign;
 	else if (!Q_strcasecmp(end, "down") || !Q_strcasecmp(end, "movedown"))

engine/client/m_multi.c

@@ -780,10 +780,9 @@ void M_Menu_GameOptions_f (void)
 	info->publicgame	= MC_AddCombo	(menu, 64, 160, y,			"Public", publicoptions, bound(0, sv_public.ival+1, 4));y+=8;
 #if !defined(FTE_TARGET_WEB) && defined(HAVE_DTLS)
 	{
-		extern cvar_t net_enable_dtls;
 		static const char *encoptions[] =
 		{
-			"None",
+			"Disabled",
 			"Accept",
 			"Request",
 			"Require",
@@ -1143,7 +1142,6 @@ void M_Menu_Network_f (void)
 		NULL
 	};
 #ifdef HAVE_DTLS
-	extern cvar_t net_enable_dtls;
 	static const char *dtlsopts[] = {
 		"Disabled",
 		"Accept",