add netchan processing limits

4 files changed, 54 insertions, 11 deletions

diff --git a/NorthstarDedicatedTest/logging.cpp b/NorthstarDedicatedTest/logging.cpp
index f94a878f..55627fb2 100644
--- a/NorthstarDedicatedTest/logging.cpp
+++ b/NorthstarDedicatedTest/logging.cpp
@@ -3,6 +3,7 @@
 #include "sourceconsole.h"
 #include "spdlog/sinks/basic_file_sink.h"
 #include "hookutils.h"
+#include "gameutils.h"
 #include <iomanip>
 #include <sstream>
 
diff --git a/NorthstarDedicatedTest/scriptmainmenupromos.cpp b/NorthstarDedicatedTest/scriptmainmenupromos.cpp
index fcee9643..6f64e622 100644
--- a/NorthstarDedicatedTest/scriptmainmenupromos.cpp
+++ b/NorthstarDedicatedTest/scriptmainmenupromos.cpp
@@ -96,11 +96,6 @@ SQRESULT SQ_GetCustomMainMenuPromoData(void* sqvm)
 			break;
 		}
 
-		{
-			ClientSq_pushstring(sqvm, g_MasterServerManager->m_MainMenuPromoData.smallButton1Text.c_str(), -1);
-			break;
-		}
-
 		case eMainMenuPromoDataProperty::smallButton1Url:
 		{
 			ClientSq_pushstring(sqvm, g_MasterServerManager->m_MainMenuPromoData.smallButton1Url.c_str(), -1);
@@ -120,11 +115,6 @@ SQRESULT SQ_GetCustomMainMenuPromoData(void* sqvm)
 			break;
 		}
 
-		{
-			ClientSq_pushstring(sqvm, g_MasterServerManager->m_MainMenuPromoData.smallButton2Text.c_str(), -1);
-			break;
-		}
-
 		case eMainMenuPromoDataProperty::smallButton2Url:
 		{
 			ClientSq_pushstring(sqvm, g_MasterServerManager->m_MainMenuPromoData.smallButton2Url.c_str(), -1);
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index ad9670a7..7042e9c1 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -28,6 +28,9 @@ CBaseClient__DisconnectType CBaseClient__Disconnect;
 typedef char(*CGameClient__ExecuteStringCommandType)(void* self, uint32_t unknown, const char* pCommandString);
 CGameClient__ExecuteStringCommandType CGameClient__ExecuteStringCommand;
 
+typedef char(*__fastcall CNetChan___ProcessMessagesType)(void* self, void* buf);
+CNetChan___ProcessMessagesType CNetChan___ProcessMessages;
+
 // global vars
 ServerAuthenticationManager* g_ServerAuthenticationManager;
 
@@ -36,6 +39,8 @@ ConVar* Cvar_ns_erase_auth_info;
 ConVar* CVar_ns_auth_allow_insecure;
 ConVar* CVar_ns_auth_allow_insecure_write;
 ConVar* CVar_sv_quota_stringcmdspersecond;
+ConVar* Cvar_net_chan_limit_mode;
+ConVar* Cvar_net_chan_limit_msec_per_sec;
 
 void ServerAuthenticationManager::StartPlayerAuthServer()
 {
@@ -282,7 +287,7 @@ char CGameClient__ExecuteStringCommandHook(void* self, uint32_t unknown, const c
 	{
 		// note: this isn't super perfect, legit clients can trigger it in lobby, mostly good enough tho imo
 		// https://github.com/perilouswithadollarsign/cstrike15_src/blob/f82112a2388b841d72cb62ca48ab1846dfcc11c8/engine/sv_client.cpp#L1513
-		if (Plat_FloatTime() - g_ServerAuthenticationManager->m_additionalPlayerData[self].lastClientCommandQuotaStart >= 1.0f)
+		if (Plat_FloatTime() - g_ServerAuthenticationManager->m_additionalPlayerData[self].lastClientCommandQuotaStart >= 1.0)
 		{
 			// reset quota
 			g_ServerAuthenticationManager->m_additionalPlayerData[self].lastClientCommandQuotaStart = Plat_FloatTime();
@@ -302,6 +307,46 @@ char CGameClient__ExecuteStringCommandHook(void* self, uint32_t unknown, const c
 	return CGameClient__ExecuteStringCommand(self, unknown, pCommandString);
 }
 
+char __fastcall CNetChan___ProcessMessagesHook(void* self, void* buf)
+{
+	double startTime = Plat_FloatTime();
+	char ret = CNetChan___ProcessMessages(self, buf);
+	
+	// check processing limit
+	if (Cvar_net_chan_limit_mode->m_nValue != 0)
+	{
+		// player that sent the message
+		void* sender = *(void**)((char*)self + 368);
+
+		// if no sender, return
+		// relatively certain this is fine?
+		if (!sender || !g_ServerAuthenticationManager->m_additionalPlayerData.count(sender))
+			return ret;
+
+		// reset every second
+		if (startTime - g_ServerAuthenticationManager->m_additionalPlayerData[sender].lastNetChanProcessingLimitStart >= 1.0 || g_ServerAuthenticationManager->m_additionalPlayerData[sender].lastNetChanProcessingLimitStart == -1.0)
+		{
+			g_ServerAuthenticationManager->m_additionalPlayerData[sender].lastNetChanProcessingLimitStart = startTime;
+			g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime = 0.0;
+		}
+
+		g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime += (Plat_FloatTime() * 1000) - (startTime * 1000);
+		if (g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime >= Cvar_net_chan_limit_msec_per_sec->m_nValue)
+		{
+			spdlog::warn("Client {} hit netchan processing limit with {}ms of processing time this second (max is {})", (char*)sender + 0x16, g_ServerAuthenticationManager->m_additionalPlayerData[sender].netChanProcessingLimitTime, Cvar_net_chan_limit_msec_per_sec->m_nValue);
+			
+			// mode 1 = kick, mode 2 = log without kicking
+			if (Cvar_net_chan_limit_mode->m_nValue == 1)
+			{
+				CBaseClient__Disconnect(sender, 1, "Exceeded net channel processing limit");
+				return false;
+			}
+		}
+	}
+
+	return ret;
+}
+
 void InitialiseServerAuthentication(HMODULE baseAddress)
 {
 	g_ServerAuthenticationManager = new ServerAuthenticationManager;
@@ -311,6 +356,9 @@ void InitialiseServerAuthentication(HMODULE baseAddress)
 	CVar_ns_auth_allow_insecure_write = RegisterConVar("ns_auth_allow_insecure_write", "0", FCVAR_GAMEDLL, "Whether the pdata of unauthenticated clients will be written to disk when changed");
 	// literally just stolen from a fix valve used in csgo
 	CVar_sv_quota_stringcmdspersecond = RegisterConVar("sv_quota_stringcmdspersecond", "60", FCVAR_GAMEDLL, "How many string commands per second clients are allowed to submit, 0 to disallow all string commands");
+	// https://blog.counter-strike.net/index.php/2019/07/24922/ but different because idk how to check what current tick number is
+	Cvar_net_chan_limit_mode = RegisterConVar("net_chan_limit_mode", "0", FCVAR_GAMEDLL, "The mode for netchan processing limits: 0 = none, 1 = kick, 2 = log");
+	Cvar_net_chan_limit_msec_per_sec = RegisterConVar("net_chan_limit_msec_per_sec", "0", FCVAR_GAMEDLL, "Netchannel processing is limited to so many milliseconds, abort connection if exceeding budget");
 	Cvar_ns_player_auth_port = RegisterConVar("ns_player_auth_port", "8081", FCVAR_GAMEDLL, "");
 
 	HookEnabler hook;
@@ -319,6 +367,7 @@ void InitialiseServerAuthentication(HMODULE baseAddress)
 	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x100F80, &CBaseClient__ActivatePlayerHook, reinterpret_cast<LPVOID*>(&CBaseClient__ActivatePlayer));
 	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1012C0, &CBaseClient__DisconnectHook, reinterpret_cast<LPVOID*>(&CBaseClient__Disconnect));
 	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1022E0, &CGameClient__ExecuteStringCommandHook, reinterpret_cast<LPVOID*>(&CGameClient__ExecuteStringCommand));
+	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2140A0, &CNetChan___ProcessMessagesHook, reinterpret_cast<LPVOID*>(&CNetChan___ProcessMessages));
 
 	// patch to disable kicking based on incorrect serverfilter in connectclient, since we repurpose it for use as an auth token
 	{
diff --git a/NorthstarDedicatedTest/serverauthentication.h b/NorthstarDedicatedTest/serverauthentication.h
index 7979d2fe..02429f48 100644
--- a/NorthstarDedicatedTest/serverauthentication.h
+++ b/NorthstarDedicatedTest/serverauthentication.h
@@ -21,6 +21,9 @@ struct AdditionalPlayerData
 
 	double lastClientCommandQuotaStart = 0;
 	int numClientCommandsInQuota = 0;
+
+	double lastNetChanProcessingLimitStart = -1.0;
+	double netChanProcessingLimitTime = 0;
 };
 
 class ServerAuthenticationManager