MaxKellermann / uoproxy

a proxy server designed for Ultima Online
17 stars 6 forks source link

Desynch When Targeting Spells #2

Open SJonesy opened 4 years ago

SJonesy commented 4 years ago

Using UOSteam with UOProxy .5 (latest master as of this post), I can 100% of the time reproduce a client desynch if I fire a spell while running on a mount. Doing the same thing when using just UOSteam does not result in a client desynch.

Here are repro steps, tested on UOOutlands:

  1. Enable spell-range check in UOSteam.
  2. Set a last target, out of spell range.
  3. Cast any offensive spell.
  4. Hold down the last target hotkey.
  5. Run towards your target, while still holding down the last target hotkey.
  6. After the spell fires, observe that your client is desynched and can no longer move.

Here's a packet log from one of these incidents:

from server: 0x77 length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 54 05 00 0b 51 00  w  b.    . T   Q
  00010  03
sending packet to client, length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 54 05 00 0b 51 00  w  b.    . T   Q
  00010  03
from client: 0xbf length=6
  00000  bf 00 06 00 24 7a                                 .   $z
[client 1] from client: extended 0x0024
sending packet to server, length=6
  00000  bf 00 06 00 24 7a                                 .   $z
from client: 0x02 length=7
  00000  02 80 06 00 00 00 00                               .
[client 1] walk seq_from_client=6 seq_to_server=6
sending packet to server, length=7
  00000  02 80 06 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 06 02                                          "
walk_ack seq_to_client=6 seq_from_server=6
sending packet to client, length=3
  00000  22 06 02                                          "
from client: 0x02 length=7
  00000  02 80 07 00 00 00 00                               .
[client 1] walk seq_from_client=7 seq_to_server=7
sending packet to server, length=7
  00000  02 80 07 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 07 02                                          "
walk_ack seq_to_client=7 seq_from_server=7
sending packet to client, length=3
  00000  22 07 02                                          "
from client: 0x02 length=7
  00000  02 80 08 00 00 00 00                               .
[client 1] walk seq_from_client=8 seq_to_server=8
sending packet to server, length=7
  00000  02 80 08 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 08 02                                          "
walk_ack seq_to_client=8 seq_from_server=8
sending packet to client, length=3
  00000  22 08 02                                          "
from client: 0x02 length=7
  00000  02 80 09 00 00 00 00                               .
[client 1] walk seq_from_client=9 seq_to_server=9
sending packet to server, length=7
  00000  02 80 09 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 09 02                                          "
walk_ack seq_to_client=9 seq_from_server=9
sending packet to client, length=3
  00000  22 09 02                                          "
from client: 0x02 length=7
  00000  02 80 0a 00 00 00 00                               .
[client 1] walk seq_from_client=10 seq_to_server=10
sending packet to server, length=7
  00000  02 80 0a 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 0a 02                                          "
walk_ack seq_to_client=10 seq_from_server=10
sending packet to client, length=3
  00000  22 0a 02                                          "
from client: 0x02 length=7
  00000  02 80 0b 00 00 00 00                               .
[client 1] walk seq_from_client=11 seq_to_server=11
sending packet to server, length=7
  00000  02 80 0b 00 00 00 00                               .
from server: 0x77 length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 53 05 00 0b 51 00  w  b.    . S   Q
  00010  03
sending packet to client, length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 53 05 00 0b 51 00  w  b.    . S   Q
  00010  03
from server: 0x22 length=3
  00000  22 0b 02                                          "
walk_ack seq_to_client=11 seq_from_server=11
sending packet to client, length=3
  00000  22 0b 02                                          "
from client: 0x02 length=7
  00000  02 80 0c 00 00 00 00                               .
[client 1] walk seq_from_client=12 seq_to_server=12
sending packet to server, length=7
  00000  02 80 0c 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 0c 02                                          "
walk_ack seq_to_client=12 seq_from_server=12
sending packet to client, length=3
  00000  22 0c 02                                          "
from client: 0x02 length=7
  00000  02 80 0d 00 00 00 00                               .
[client 1] walk seq_from_client=13 seq_to_server=13
sending packet to server, length=7
  00000  02 80 0d 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 0d 02                                          "
walk_ack seq_to_client=13 seq_from_server=13
sending packet to client, length=3
  00000  22 0d 02                                          "
from client: 0x02 length=7
  00000  02 80 0e 00 00 00 00                               .
[client 1] walk seq_from_client=14 seq_to_server=14
sending packet to server, length=7
  00000  02 80 0e 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 0e 02                                          "
walk_ack seq_to_client=14 seq_from_server=14
sending packet to client, length=3
  00000  22 0e 02                                          "
from client: 0x02 length=7
  00000  02 80 0f 00 00 00 00                               .
[client 1] walk seq_from_client=15 seq_to_server=15
sending packet to server, length=7
  00000  02 80 0f 00 00 00 00                               .
from server: 0x22 length=3
  00000  22 0f 02                                          "
walk_ack seq_to_client=15 seq_from_server=15
sending packet to client, length=3
  00000  22 0f 02                                          "
from client: 0x6c length=19
  00000  6c 00 00 e3 8f 95 00 00  10 62 2e 08 a6 08 53 00  l  ...    b. . S
  00010  05 03 0a
sending packet to server, length=19
  00000  6c 00 00 e3 8f 95 00 00  10 62 2e 08 a6 08 53 00  l  ...    b. . S
  00010  05 03 0a
from client: 0x34 length=10
  00000  34 ed ed ed ed 04 00 10  62 2e                    4....    b.
sending packet to server, length=10
  00000  34 ed ed ed ed 04 00 10  62 2e                    4....    b.
from client: 0x6c length=19
  00000  6c 00 00 e3 8f 95 01 00  00 00 00 ff ff ff ff 00  l  ...      ....
  00010  00 00 00
sending packet to server, length=19
  00000  6c 00 00 e3 8f 95 01 00  00 00 00 ff ff ff ff 00  l  ...      ....
  00010  00 00 00
from server: 0xaa length=5
  00000  aa 00 10 62 2e                                    .  b.
sending packet to client, length=5
  00000  aa 00 10 62 2e                                    .  b.
from server: 0x54 length=12
  00000  54 01 01 79 00 00 08 a6  08 53 00 05              T  y   .  S
sending packet to client, length=12
  00000  54 01 01 79 00 00 08 a6  08 53 00 05              T  y   .  S
from server: 0x20 length=19
  00000  20 00 03 61 04 01 90 00  83 ef 00 08 a9 08 5b 00     a  .  ..  . [
  00010  00 07 ff                                            .
sending packet to client, length=19
  00000  20 00 03 61 04 01 90 00  83 ef 00 08 a9 08 5b 00     a  .  ..  . [
  00010  00 07 ff                                            .
from server: 0xa2 length=9
  00000  a2 00 03 61 04 00 64 00  50                       .  a  d  P
sending packet to client, length=9
  00000  a2 00 03 61 04 00 64 00  50                       .  a  d  P
from server: 0xc0 length=36
  00000  c0 00 00 03 61 04 00 10  62 2e 37 9f 08 a9 08 5b  .   a    b.7. . [
  00010  ff 08 a6 08 53 05 07 00  00 00 00 01 00 00 00 00  . . S
  00020  00 00 00 00
sending packet to client, length=36
  00000  c0 00 00 03 61 04 00 10  62 2e 37 9f 08 a9 08 5b  .   a    b.7. . [
  00010  ff 08 a6 08 53 05 07 00  00 00 00 01 00 00 00 00  . . S
  00020  00 00 00 00
from server: 0x54 length=12
  00000  54 01 02 0a 00 00 08 a9  08 5b ff ff              T      .  [..
sending packet to client, length=12
  00000  54 01 02 0a 00 00 08 a9  08 5b ff ff              T      .  [..
from server: 0x11 length=43
  00000  11 00 2b 00 10 62 2e 73  65 6e 74 69 65 6e 74 20    +  b.s entient
  00010  76 69 6e 65 73 00 00 00  00 00 00 00 00 00 00 00  vines
  00020  00 00 00 00 00 00 11 00  64 00 00                          d
sending packet to client, length=43
  00000  11 00 2b 00 10 62 2e 73  65 6e 74 69 65 6e 74 20    +  b.s entient
  00010  76 69 6e 65 73 00 00 00  00 00 00 00 00 00 00 00  vines
  00020  00 00 00 00 00 00 11 00  64 00 00                          d
from client: 0x34 length=10
  00000  34 ed ed ed ed 04 00 10  62 2e                    4....    b.
sending packet to server, length=10
  00000  34 ed ed ed ed 04 00 10  62 2e                    4....    b.
from client: 0x02 length=7
  00000  02 80 00 00 00 00 00                               .
[client 1] walk seq_from_client=0 seq_to_server=16
sending packet to server, length=7
  00000  02 80 10 00 00 00 00                               .
from server: 0x25 length=21
  00000  25 40 ea 2c 75 0f 7a 00  00 61 00 62 00 60 00 41  %@.,u z   a b ` A
  00010  66 82 84 00 00                                    f..
sending packet to client, length=21
  00000  25 40 ea 2c 75 0f 7a 00  00 61 00 62 00 60 00 41  %@.,u z   a b ` A
  00010  66 82 84 00 00                                    f..
from server: 0x25 length=21
  00000  25 40 ea 2c 7a 0f 88 00  00 89 00 4c 00 66 00 41  %@.,z .   . L f A
  00010  66 82 84 00 00                                    f..
sending packet to client, length=21
  00000  25 40 ea 2c 7a 0f 88 00  00 89 00 4c 00 66 00 41  %@.,z .   . L f A
  00010  66 82 84 00 00                                    f..
from server: 0x11 length=43
  00000  11 00 2b 00 10 62 2e 73  65 6e 74 69 65 6e 74 20    +  b.s entient
  00010  76 69 6e 65 73 00 00 00  00 00 00 00 00 00 00 00  vines
  00020  00 00 00 00 00 00 11 00  64 00 00                          d
sending packet to client, length=43
  00000  11 00 2b 00 10 62 2e 73  65 6e 74 69 65 6e 74 20    +  b.s entient
  00010  76 69 6e 65 73 00 00 00  00 00 00 00 00 00 00 00  vines
  00020  00 00 00 00 00 00 11 00  64 00 00                          d
from client: 0x02 length=7
  00000  02 86 01 00 00 00 00                               .
[client 1] walk seq_from_client=1 seq_to_server=17
sending packet to server, length=7
  00000  02 86 11 00 00 00 00                               .
from client: 0x02 length=7
  00000  02 86 02 00 00 00 00                               .
[client 1] walk seq_from_client=2 seq_to_server=18
sending packet to server, length=7
  00000  02 86 12 00 00 00 00                               .
from client: 0x02 length=7
  00000  02 87 03 00 00 00 00                               .
[client 1] walk seq_from_client=3 seq_to_server=19
sending packet to server, length=7
  00000  02 87 13 00 00 00 00                               .
from server: 0x77 length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 53 05 03 0b 51 00  w  b.    . S   Q
  00010  03
sending packet to client, length=17
  00000  77 00 10 62 2e 03 0a 08  a6 08 53 05 03 0b 51 00  w  b.    . S   Q
  00010  03
from server: 0xf3 length=26
  00000  f3 00 01 00 44 7b 35 65  20 06 00 03 0a 03 0a 08  .   D{5e
  00010  a6 08 53 06 03 0b 51 00  00 00                    . S   Q
sending packet to client, length=26
  00000  f3 00 01 00 44 7b 35 65  20 06 00 03 0a 03 0a 08  .   D{5e
  00010  a6 08 53 06 03 0b 51 00  00 00                    . S   Q
from server: 0xaf length=13
  00000  af 00 10 62 2e 44 7b 35  65 00 00 00 00           .  b.D{5 e
sending packet to client, length=13
  00000  af 00 10 62 2e 44 7b 35  65 00 00 00 00           .  b.D{5 e
from server: 0xae length=110
  00000  ae 00 6e ff ff ff ff ff  ff 00 03 b2 00 03 45 4e  . n..... .  .  EN
  00010  55 00 53 79 73 74 65 6d  00 00 00 00 00 00 00 00  U System
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 59 00 6f 00 75 00 20  00 68 00 61 00 76 00 65   Y o u    h a v e
  00040  00 20 00 67 00 61 00 69  00 6e 00 65 00 64 00 20     g a i  n e d
  00050  00 61 00 20 00 6c 00 69  00 74 00 74 00 6c 00 65   a   l i  t t l e
  00060  00 20 00 66 00 61 00 6d  00 65 00 2e 00 00           f a m  e .
sending packet to client, length=110
  00000  ae 00 6e ff ff ff ff ff  ff 00 03 b2 00 03 45 4e  . n..... .  .  EN
  00010  55 00 53 79 73 74 65 6d  00 00 00 00 00 00 00 00  U System
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 59 00 6f 00 75 00 20  00 68 00 61 00 76 00 65   Y o u    h a v e
  00040  00 20 00 67 00 61 00 69  00 6e 00 65 00 64 00 20     g a i  n e d
  00050  00 61 00 20 00 6c 00 69  00 74 00 74 00 6c 00 65   a   l i  t t l e
  00060  00 20 00 66 00 61 00 6d  00 65 00 2e 00 00           f a m  e .
from server: 0xae length=112
  00000  ae 00 70 ff ff ff ff ff  ff 00 03 b2 00 03 45 4e  . p..... .  .  EN
  00010  55 00 53 79 73 74 65 6d  00 00 00 00 00 00 00 00  U System
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 59 00 6f 00 75 00 20  00 68 00 61 00 76 00 65   Y o u    h a v e
  00040  00 20 00 67 00 61 00 69  00 6e 00 65 00 64 00 20     g a i  n e d
  00050  00 61 00 20 00 6c 00 69  00 74 00 74 00 6c 00 65   a   l i  t t l e
  00060  00 20 00 6b 00 61 00 72  00 6d 00 61 00 2e 00 00     k a r  m a .
sending packet to client, length=112
  00000  ae 00 70 ff ff ff ff ff  ff 00 03 b2 00 03 45 4e  . p..... .  .  EN
  00010  55 00 53 79 73 74 65 6d  00 00 00 00 00 00 00 00  U System
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 59 00 6f 00 75 00 20  00 68 00 61 00 76 00 65   Y o u    h a v e
  00040  00 20 00 67 00 61 00 69  00 6e 00 65 00 64 00 20     g a i  n e d
  00050  00 61 00 20 00 6c 00 69  00 74 00 74 00 6c 00 65   a   l i  t t l e
  00060  00 20 00 6b 00 61 00 72  00 6d 00 61 00 2e 00 00     k a r  m a .
from server: 0x54 length=12
  00000  54 01 01 7d 00 00 08 a6  08 53 00 05              T  }   .  S
sending packet to client, length=12
  00000  54 01 01 7d 00 00 08 a6  08 53 00 05              T  }   .  S
from server: 0x54 length=12
  00000  54 01 01 7a 00 00 08 a6  08 53 00 05              T  z   .  S
sending packet to client, length=12
  00000  54 01 01 7a 00 00 08 a6  08 53 00 05              T  z   .  S
from server: 0x1d length=5
  00000  1d 00 10 62 2e                                       b.
sending packet to client, length=5
  00000  1d 00 10 62 2e                                       b.
from server: 0xae length=56
  00000  ae 00 38 00 10 62 2e 03  0a 00 00 75 00 03 45 4e  . 8  b.     u  EN
  00010  55 00 73 65 6e 74 69 65  6e 74 20 76 69 6e 65 73  U sentie nt vines
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 2d 00 36 00 30 00 00                            - 6 0
sending packet to client, length=56
  00000  ae 00 38 00 10 62 2e 03  0a 00 00 75 00 03 45 4e  . 8  b.     u  EN
  00010  55 00 73 65 6e 74 69 65  6e 74 20 76 69 6e 65 73  U sentie nt vines
  00020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
  00030  00 2d 00 36 00 30 00 00                            - 6 0
from client: 0xbf length=9
  00000  bf 00 09 00 0c 00 10 62  2e                       .      b .
[client 1] from client: extended 0x000c
sending packet to server, length=9
  00000  bf 00 09 00 0c 00 10 62  2e                       .      b .
from server: 0x25 length=21
  00000  25 44 7b 35 66 0e ed 00  00 4a 00 6d 00 56 00 44  %D{5f .   J m V D
  00010  7b 35 65 00 00                                    {5e
sending packet to client, length=21
  00000  25 44 7b 35 66 0e ed 00  00 4a 00 6d 00 56 00 44  %D{5f .   J m V D
  00010  7b 35 65 00 00                                    {5e
from server: 0xa2 length=9
  00000  a2 00 03 61 04 00 64 00  51                       .  a  d  Q
sending packet to client, length=9
  00000  a2 00 03 61 04 00 64 00  51                       .  a  d  Q
from server: 0xa2 length=9
  00000  a2 00 03 61 04 00 64 00  52                       .  a  d  R
sending packet to client, length=9
  00000  a2 00 03 61 04 00 64 00  52                       .  a  d  R
SJonesy commented 4 years ago

We don't trust the client here, my guess is it's part of uoproxy's multi-head support?

Here's just the walking packets:

[client 1] walk seq_from_client=6 seq_to_server=6
sending packet to server, length=7
  00000  02 80 06 00 00 00 00                               .
walk_ack seq_to_client=6 seq_from_server=6
sending packet to client, length=3
  00000  22 06 02                                          "
[client 1] walk seq_from_client=7 seq_to_server=7
sending packet to server, length=7
  00000  02 80 07 00 00 00 00                               .
walk_ack seq_to_client=7 seq_from_server=7
sending packet to client, length=3
  00000  22 07 02                                          "
[client 1] walk seq_from_client=8 seq_to_server=8
sending packet to server, length=7
  00000  02 80 08 00 00 00 00                               .
walk_ack seq_to_client=8 seq_from_server=8
sending packet to client, length=3
  00000  22 08 02                                          "
[client 1] walk seq_from_client=9 seq_to_server=9
sending packet to server, length=7
  00000  02 80 09 00 00 00 00                               .
walk_ack seq_to_client=9 seq_from_server=9
sending packet to client, length=3
  00000  22 09 02                                          "
[client 1] walk seq_from_client=10 seq_to_server=10
sending packet to server, length=7
  00000  02 80 0a 00 00 00 00                               .
walk_ack seq_to_client=10 seq_from_server=10
sending packet to client, length=3
  00000  22 0a 02                                          "
[client 1] walk seq_from_client=11 seq_to_server=11
sending packet to server, length=7
  00000  02 80 0b 00 00 00 00                               .
walk_ack seq_to_client=11 seq_from_server=11
sending packet to client, length=3
  00000  22 0b 02                                          "
[client 1] walk seq_from_client=12 seq_to_server=12
sending packet to server, length=7
  00000  02 80 0c 00 00 00 00                               .
walk_ack seq_to_client=12 seq_from_server=12
sending packet to client, length=3
  00000  22 0c 02                                          "
[client 1] walk seq_from_client=13 seq_to_server=13
sending packet to server, length=7
  00000  02 80 0d 00 00 00 00                               .
walk_ack seq_to_client=13 seq_from_server=13
sending packet to client, length=3
  00000  22 0d 02                                          "
[client 1] walk seq_from_client=14 seq_to_server=14
sending packet to server, length=7
  00000  02 80 0e 00 00 00 00                               .
walk_ack seq_to_client=14 seq_from_server=14
sending packet to client, length=3
  00000  22 0e 02                                          "
[client 1] walk seq_from_client=15 seq_to_server=15
sending packet to server, length=7
  00000  02 80 0f 00 00 00 00                               .
walk_ack seq_to_client=15 seq_from_server=15
sending packet to client, length=3
  00000  22 0f 02                                          "

[client 1] walk seq_from_client=0 seq_to_server=16
sending packet to server, length=7
  00000  02 80 10 00 00 00 00                               .
[client 1] walk seq_from_client=1 seq_to_server=17
sending packet to server, length=7
  00000  02 86 11 00 00 00 00                               .
[client 1] walk seq_from_client=2 seq_to_server=18
sending packet to server, length=7
  00000  02 86 12 00 00 00 00                               .
[client 1] walk seq_from_client=3 seq_to_server=19
sending packet to server, length=7
  00000  02 87 13 00 00 00 00                               .
SJonesy commented 4 years ago

After further investigation, I'm pretty much desyncing after every time I cast a targeted spell.

SJonesy commented 4 years ago

this hacky patch fixes it, but it will cause "cancel target" packets to fail..

$ git diff
diff --git a/src/CHandler.cxx b/src/CHandler.cxx
index f8af00d..793f28e 100644
--- a/src/CHandler.cxx
+++ b/src/CHandler.cxx
@@ -288,7 +288,10 @@ handle_target(LinkedServer &ls,
                                                        sizeof(world->packet_target),
                                                        ls);
     }
-
+
+    ls.connection->walk.seq_next = 0;
+    ls.connection->walk.queue_size = 0;
+
     return PacketAction::ACCEPT;
 }
SJonesy commented 4 years ago

This is a cleaner fix for it, but it still will cause desynchs sometimes such as for failed targets e.g. out-of-range teleports: https://github.com/SJonesy/uoproxy/commit/51f0d05bb11a21ca2f922f90c491fdfb27cb6d16