This is an improved server rate limiter for incoming Out Of Bounds (Connectionless) packets.
The purpose of these patches is to mitigate spoofed IP OOB DOS attacks. This is achieved by two changes:
Fixing issue with original q3a rate limiter that was causing very high CPU usage when under such attack, up to the point of rendering server unusable.
Allowing "whitelisted" players (manually or players who have managed to fully connect in the past) to fully access OOB server protocol when server is under such attack.
There are 3 new cvars:
sv_autoWhitelist – Enable automatically adding connected players to whitelist
sv_maxOOBRate – Max. incoming OOB packet rate per second. 1000 is default and the upper limit.
sv_maxOOBRateIP – Max. incoming OOB packet rate per second for a single IP. 1 is default (but there is a burst 10 times as many).
Known issues:
Lack of whitelist.dat file access synchronization. Rudimentary version of this was implemented in jk2mv.
Concerns have been raised about storing IP in the whitelist.dat file being against the ACTA. If this is a problem, there is a cvar sv_autoWhitelist, or IP could be stored as its digest.
I can explain the attacks addressed by this PR and how they are mitigated in depth, on a private communication channel.
This is an improved server rate limiter for incoming Out Of Bounds (Connectionless) packets.
The purpose of these patches is to mitigate spoofed IP OOB DOS attacks. This is achieved by two changes:
There are 3 new cvars:
sv_autoWhitelist
– Enable automatically adding connected players to whitelistsv_maxOOBRate
– Max. incoming OOB packet rate per second. 1000 is default and the upper limit.sv_maxOOBRateIP
– Max. incoming OOB packet rate per second for a single IP. 1 is default (but there is a burst 10 times as many).Known issues:
sv_autoWhitelist
, or IP could be stored as its digest.I can explain the attacks addressed by this PR and how they are mitigated in depth, on a private communication channel.