aboutsummaryrefslogtreecommitdiff
path: root/NorthstarDedicatedTest
diff options
context:
space:
mode:
authorBobTheBob <32057864+BobTheBob9@users.noreply.github.com>2021-12-24 23:30:42 +0000
committerBobTheBob <32057864+BobTheBob9@users.noreply.github.com>2021-12-24 23:30:42 +0000
commit88a2215c13b5af95584eb452cc3d6ed85ec14c44 (patch)
tree5d3ed6593cb167f71adcaf5626957656a032570d /NorthstarDedicatedTest
parent352952bd8b12ef0a5d66fa2dc5341a4d5777f9b7 (diff)
downloadNorthstarLauncher-88a2215c13b5af95584eb452cc3d6ed85ec14c44.tar.gz
NorthstarLauncher-88a2215c13b5af95584eb452cc3d6ed85ec14c44.zip
add connectionless ratelimit
Diffstat (limited to 'NorthstarDedicatedTest')
-rw-r--r--NorthstarDedicatedTest/serverauthentication.cpp49
-rw-r--r--NorthstarDedicatedTest/serverauthentication.h50
2 files changed, 98 insertions, 1 deletions
diff --git a/NorthstarDedicatedTest/serverauthentication.cpp b/NorthstarDedicatedTest/serverauthentication.cpp
index 0e82b5e0..ac4c4709 100644
--- a/NorthstarDedicatedTest/serverauthentication.cpp
+++ b/NorthstarDedicatedTest/serverauthentication.cpp
@@ -34,6 +34,9 @@ CNetChan___ProcessMessagesType CNetChan___ProcessMessages;
typedef char(*CBaseClient__SendServerInfoType)(void* self);
CBaseClient__SendServerInfoType CBaseClient__SendServerInfo;
+typedef bool(*ProcessConnectionlessPacketType)(void* a1, netpacket_t* packet);
+ProcessConnectionlessPacketType ProcessConnectionlessPacket;
+
// global vars
ServerAuthenticationManager* g_ServerAuthenticationManager;
@@ -44,6 +47,7 @@ ConVar* CVar_ns_auth_allow_insecure_write;
ConVar* CVar_sv_quota_stringcmdspersecond;
ConVar* Cvar_net_chan_limit_mode;
ConVar* Cvar_net_chan_limit_msec_per_sec;
+ConVar* Cvar_sv_querylimit_per_sec;
void ServerAuthenticationManager::StartPlayerAuthServer()
{
@@ -375,6 +379,49 @@ void CBaseClient__SendServerInfoHook(void* self)
CBaseClient__Disconnect(self, 1, "Overflowed CNetworkStringTableContainer::WriteBaselines, try restarting your client and reconnecting");
}
+bool ProcessConnectionlessPacketHook(void* a1, netpacket_t* packet)
+{
+ if (packet->adr.type == NA_IP)
+ {
+ // bad lookup: optimise later tm
+ UnconnectedPlayerSendData* sendData = nullptr;
+ for (UnconnectedPlayerSendData& foundSendData : g_ServerAuthenticationManager->m_unconnectedPlayerSendData)
+ {
+ if (!memcmp(packet->adr.ip, foundSendData.ip, 16))
+ {
+ sendData = &foundSendData;
+ break;
+ }
+ }
+
+ if (!sendData)
+ {
+ sendData = &g_ServerAuthenticationManager->m_unconnectedPlayerSendData.emplace_back();
+ memcpy(sendData->ip, packet->adr.ip, 16);
+ }
+
+ if (Plat_FloatTime() < sendData->timeoutEnd)
+ return false;
+
+ if (Plat_FloatTime() - sendData->lastQuotaStart >= 1.0)
+ {
+ sendData->lastQuotaStart = Plat_FloatTime();
+ sendData->packetCount = 0;
+ }
+
+ sendData->packetCount++;
+
+ if (sendData->packetCount >= Cvar_sv_querylimit_per_sec->m_nValue)
+ {
+ // timeout for a minute
+ sendData->timeoutEnd = Plat_FloatTime() + 60.0;
+ return false;
+ }
+ }
+
+ return ProcessConnectionlessPacket(a1, packet);
+}
+
void InitialiseServerAuthentication(HMODULE baseAddress)
{
g_ServerAuthenticationManager = new ServerAuthenticationManager;
@@ -388,6 +435,7 @@ void InitialiseServerAuthentication(HMODULE baseAddress)
Cvar_net_chan_limit_mode = RegisterConVar("net_chan_limit_mode", "0", FCVAR_GAMEDLL, "The mode for netchan processing limits: 0 = none, 1 = kick, 2 = log");
Cvar_net_chan_limit_msec_per_sec = RegisterConVar("net_chan_limit_msec_per_sec", "0", FCVAR_GAMEDLL, "Netchannel processing is limited to so many milliseconds, abort connection if exceeding budget");
Cvar_ns_player_auth_port = RegisterConVar("ns_player_auth_port", "8081", FCVAR_GAMEDLL, "");
+ Cvar_sv_querylimit_per_sec = RegisterConVar("sv_querylimit_per_sec", "15", FCVAR_GAMEDLL, "");
HookEnabler hook;
ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x114430, &CBaseServer__ConnectClientHook, reinterpret_cast<LPVOID*>(&CBaseServer__ConnectClient));
@@ -397,6 +445,7 @@ void InitialiseServerAuthentication(HMODULE baseAddress)
ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1022E0, &CGameClient__ExecuteStringCommandHook, reinterpret_cast<LPVOID*>(&CGameClient__ExecuteStringCommand));
ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2140A0, &CNetChan___ProcessMessagesHook, reinterpret_cast<LPVOID*>(&CNetChan___ProcessMessages));
ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x104FB0, &CBaseClient__SendServerInfoHook, reinterpret_cast<LPVOID*>(&CBaseClient__SendServerInfo));
+ ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x117800, &ProcessConnectionlessPacketHook, reinterpret_cast<LPVOID*>(&ProcessConnectionlessPacket));
// patch to disable kicking based on incorrect serverfilter in connectclient, since we repurpose it for use as an auth token
{
diff --git a/NorthstarDedicatedTest/serverauthentication.h b/NorthstarDedicatedTest/serverauthentication.h
index 02429f48..a8863b2f 100644
--- a/NorthstarDedicatedTest/serverauthentication.h
+++ b/NorthstarDedicatedTest/serverauthentication.h
@@ -19,13 +19,60 @@ struct AdditionalPlayerData
size_t pdataSize;
bool needPersistenceWriteOnLeave = true;
- double lastClientCommandQuotaStart = 0;
+ double lastClientCommandQuotaStart = -1.0;
int numClientCommandsInQuota = 0;
double lastNetChanProcessingLimitStart = -1.0;
double netChanProcessingLimitTime = 0;
};
+#pragma once
+typedef enum
+{
+ NA_NULL = 0,
+ NA_LOOPBACK,
+ NA_IP,
+} netadrtype_t;
+
+#pragma pack(push, 1)
+typedef struct netadr_s
+{
+ netadrtype_t type;
+ unsigned char ip[16]; // IPv6
+ // IPv4's 127.0.0.1 is [::ffff:127.0.0.1], that is:
+ // 00 00 00 00 00 00 00 00 00 00 FF FF 7F 00 00 01
+ unsigned short port;
+} netadr_t;
+#pragma pack(pop)
+
+#pragma pack(push, 1)
+typedef struct netpacket_s
+{
+ netadr_t adr; // sender address
+ //int source; // received source
+ char unk[10];
+ double received_time;
+ unsigned char* data; // pointer to raw packet data
+ void* message; // easy bitbuf data access // 'inpacket.message' etc etc (pointer)
+ char unk2[16];
+ int size;
+
+ //bf_read message; // easy bitbuf data access // 'inpacket.message' etc etc (pointer)
+ //int size; // size in bytes
+ //int wiresize; // size in bytes before decompression
+ //bool stream; // was send as stream
+ //struct netpacket_s* pNext; // for internal use, should be NULL in public
+} netpacket_t;
+#pragma pack(pop)
+
+struct UnconnectedPlayerSendData
+{
+ char ip[16];
+ double lastQuotaStart = 0.0;
+ int packetCount = 0;
+ double timeoutEnd = -1.0;
+};
+
class ServerAuthenticationManager
{
private:
@@ -35,6 +82,7 @@ public:
std::mutex m_authDataMutex;
std::unordered_map<std::string, AuthData> m_authData;
std::unordered_map<void*, AdditionalPlayerData> m_additionalPlayerData;
+ std::vector<UnconnectedPlayerSendData> m_unconnectedPlayerSendData;
bool m_runningPlayerAuthThread = false;
bool m_bNeedLocalAuthForNewgame = false;