- Harden the client and server protocol against UDP spoofing attacks. This will defend ioquake3 against http://aluigi.altervista.org/papers/q3noclient.txt (#3041)
- Retains full compatibility to the old but unsecure protocol between clients and servers - Harden the connection process against DoS attacks, possibly connected to UDP spoofing
This commit is contained in:
Thilo Schulz
parent
06d12f6085
commit
a5580d8974
11 changed files with 296 additions and 75 deletions
|
|
@ -188,7 +188,11 @@ typedef struct client_s {
|
|||
#endif
|
||||
|
||||
int oldServerTime;
|
||||
qboolean csUpdated[MAX_CONFIGSTRINGS+1];
|
||||
qboolean csUpdated[MAX_CONFIGSTRINGS+1];
|
||||
|
||||
#ifdef PROTOCOL_SUPPORT_OLD
|
||||
qboolean compat;
|
||||
#endif
|
||||
} client_t;
|
||||
|
||||
//=============================================================================
|
||||
|
|
@ -197,7 +201,11 @@ typedef struct client_s {
|
|||
// MAX_CHALLENGES is made large to prevent a denial
|
||||
// of service attack that could cycle all of them
|
||||
// out before legitimate users connected
|
||||
#define MAX_CHALLENGES 1024
|
||||
#define MAX_CHALLENGES 2048
|
||||
// Allow a certain amount of challenges to have the same IP address
|
||||
// to make it a bit harder to DOS one single IP address from connecting
|
||||
// while not allowing a single ip to grab all challenge resources
|
||||
#define MAX_CHALLENGES_MULTI (MAX_CHALLENGES / 2)
|
||||
|
||||
#define AUTHORIZE_TIMEOUT 5000
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue