Rate limit getchallenge

author: Tim Angus <tim@ngus.net> 2013-06-10 20:30:48 +0100
committer: Tim Angus <tim@ngus.net> 2014-06-17 17:43:32 +0100
commit: fd7072f74ce183c840dd65d8983dfa159374c7c0 (patch)
tree: 1c7cbe5bdda98a8d752bac9460ed2ea8e30bb848 /src/server/sv_client.c
parent: 92844d4646be3fa958e5d9e1ce2ff4b282018b20 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/src/server/sv_client.c b/src/server/sv_client.c
index 6199c01f..a895879f 100644
--- a/src/server/sv_client.c
+++ b/src/server/sv_client.c
@@ -63,6 +63,20 @@ void SV_GetChallenge(netadr_t from)
 	char *gameName;
 	qboolean gameMismatch;
 
+	// Prevent using getchallenge as an amplifier
+	if ( SVC_RateLimitAddress( from, 10, 1000 ) ) {
+		Com_DPrintf( "SV_GetChallenge: rate limit from %s exceeded, dropping request\n",
+			NET_AdrToString( from ) );
+		return;
+	}
+
+	// Allow getchallenge to be DoSed relatively easily, but prevent
+	// excess outbound bandwidth usage when being flooded inbound
+	if ( SVC_RateLimit( &outboundLeakyBucket, 10, 100 ) ) {
+		Com_DPrintf( "SV_GetChallenge: rate limit exceeded, dropping request\n" );
+		return;
+	}
+
 	gameName = Cmd_Argv(2);
 
 	gameMismatch = !*gameName || strcmp(gameName, com_gamename->string) != 0;
author	Tim Angus <tim@ngus.net>	2013-06-10 20:30:48 +0100
committer	Tim Angus <tim@ngus.net>	2014-06-17 17:43:32 +0100
commit	fd7072f74ce183c840dd65d8983dfa159374c7c0 (patch)
tree	1c7cbe5bdda98a8d752bac9460ed2ea8e30bb848 /src/server/sv_client.c
parent	92844d4646be3fa958e5d9e1ce2ff4b282018b20 (diff)