- Harden the client and server protocol against UDP spoofing attacks. This will defend ioquake3 against http://aluigi.altervista.org/papers/q3noclient.txt (#3041) - Retains full compatibility to the old but unsecure protocol between clients and servers - Harden the connection process against DoS attacks, possibly connected to UDP spoofing

author: Thilo Schulz <arny@ats.s.bawue.de> 2011-04-27 16:03:35 +0000
committer: Tim Angus <tim@ngus.net> 2013-01-09 17:07:53 +0000
commit: 0d5fef7f5c33fd4176b27c79d9cef7512801f471 (patch)
tree: 235166fccae70dcc97fca64b64a676a8e847a96e /src/server/server.h
parent: c4186224a16b1dc238775bbe9ff3af4362c7d5eb (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/server/server.h b/src/server/server.h
index 0475f0b9..697d8a30 100644
--- a/src/server/server.h
+++ b/src/server/server.h
@@ -196,7 +196,7 @@ typedef struct client_s {
 #endif
 
 	int				oldServerTime;
-	qboolean			csUpdated[MAX_CONFIGSTRINGS+1];	
+	qboolean		csUpdated[MAX_CONFIGSTRINGS+1];	
 } client_t;
 
 //=============================================================================
@@ -205,7 +205,11 @@ typedef struct client_s {
 // MAX_CHALLENGES is made large to prevent a denial
 // of service attack that could cycle all of them
 // out before legitimate users connected
-#define	MAX_CHALLENGES	1024
+#define	MAX_CHALLENGES	2048
+// Allow a certain amount of challenges to have the same IP address
+// to make it a bit harder to DOS one single IP address from connecting
+// while not allowing a single ip to grab all challenge resources
+#define MAX_CHALLENGES_MULTI (MAX_CHALLENGES / 2)
 
 #define	AUTHORIZE_TIMEOUT	5000
author	Thilo Schulz <arny@ats.s.bawue.de>	2011-04-27 16:03:35 +0000
committer	Tim Angus <tim@ngus.net>	2013-01-09 17:07:53 +0000
commit	0d5fef7f5c33fd4176b27c79d9cef7512801f471 (patch)
tree	235166fccae70dcc97fca64b64a676a8e847a96e /src/server/server.h
parent	c4186224a16b1dc238775bbe9ff3af4362c7d5eb (diff)