From 0d5fef7f5c33fd4176b27c79d9cef7512801f471 Mon Sep 17 00:00:00 2001
From: Thilo Schulz <arny@ats.s.bawue.de>
Date: Wed, 27 Apr 2011 16:03:35 +0000
Subject: - Harden the client and server protocol against UDP spoofing attacks.
 This will defend ioquake3 against
 http://aluigi.altervista.org/papers/q3noclient.txt (#3041) - Retains full
 compatibility to the old but unsecure protocol between clients and servers -
 Harden the connection process against DoS attacks, possibly connected to UDP
 spoofing

---
 src/server/server.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/server/server.h')

diff --git a/src/server/server.h b/src/server/server.h
index 0475f0b9..697d8a30 100644
--- a/src/server/server.h
+++ b/src/server/server.h
@@ -196,7 +196,7 @@ typedef struct client_s {
 #endif
 
 	int				oldServerTime;
-	qboolean			csUpdated[MAX_CONFIGSTRINGS+1];	
+	qboolean		csUpdated[MAX_CONFIGSTRINGS+1];	
 } client_t;
 
 //=============================================================================
@@ -205,7 +205,11 @@ typedef struct client_s {
 // MAX_CHALLENGES is made large to prevent a denial
 // of service attack that could cycle all of them
 // out before legitimate users connected
-#define	MAX_CHALLENGES	1024
+#define	MAX_CHALLENGES	2048
+// Allow a certain amount of challenges to have the same IP address
+// to make it a bit harder to DOS one single IP address from connecting
+// while not allowing a single ip to grab all challenge resources
+#define MAX_CHALLENGES_MULTI (MAX_CHALLENGES / 2)
 
 #define	AUTHORIZE_TIMEOUT	5000
 
-- 
cgit