search

Nan1t / NanoLimbo

The lightweight, high performance Minecraft limbo server
https://www.spigotmc.org/resources/86198/
GNU General Public License v3.0
262 stars 54 forks source link

[Feature] Packet Rate Limit #70

Closed Potothingi closed 6 months ago

Potothingi commented 1 year ago

I think something like Paper's packet rate limit will be needed to mitigate network attacks against limbo.

Potothingi commented 1 year ago

Malicious users who send packet spam should be kicked out.

Nan1t commented 1 year ago

Check it out in the new version. But this feature is not completely tested yet.

Potothingi commented 1 year ago

Info) Paper's default allows 500 packets per 7 seconds. https://github.com/PaperMC/Paper/blob/master/patches/server/0701-Add-packet-limiter-config.patch https://github.com/Spottedleaf/PacketLimiter

Issue: https://github.com/Nan1t/NanoLimbo/blob/5615ec23217627b9a2fda3a0d762805a4b290f30/src/main/resources/settings.yml#L125 'packetSize: 1024' is too small.

Potothingi commented 1 year ago

https://github.com/Nan1t/NanoLimbo/blob/ff84c8f564f1d511bc96a56bd8c21af5e2bb3520/src/main/java/ua/nanit/limbo/connection/pipeline/ChannelTrafficHandler.java#L46-L66

Isn't the count reset if packets come in more than once per second?

Nan1t commented 1 year ago

packetSize: 1024' is too small

You can increase it as you wish. By default it's unlimited. And can you provide example of valid income packet that potentially will be more than 1024 bytes?

Isn't the count reset if packets come in more than once per second?

Yes, this implementation counts data per sec. If next packed received after that period we're starting from zero. If you want to increase this period, I can move it to settings.

Potothingi commented 1 year ago

packetSize: 1024' is too small

You can increase it as you wish. By default it's unlimited. And can you provide example of valid income packet that potentially will be more than 1024 bytes?

This happens when I try to connect with version 1.20.1 or 1.20.2.

[INFO]: Closed /127.0.0.1:14773 due too large packet size (1193 bytes)

Isn't the count reset if packets come in more than once per second?

Yes, this implementation counts data per sec. If next packed received after that period we're starting from zero. If you want to increase this period, I can move it to settings.

I think the count should be reset periodically even if packets keep coming. Otherwise, false positives will occur.