From: Rudolf Polzer <divVerent@xonotic.org>
Date: Thu, 20 Jun 2013 17:42:31 +0000 (+0200)
Subject: -DNET_FLOODCONTROL_PARANOID
X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=981cc86eae7c2be743588916404548a916f44c93;p=xonotic%2Fdarkplaces.git

-DNET_FLOODCONTROL_PARANOID
---

diff --git a/netconn.c b/netconn.c
index aa8bf94a..d7f07f7e 100755
--- a/netconn.c
+++ b/netconn.c
@@ -2538,6 +2538,16 @@ static qboolean NetConn_PreventFlood(lhnetaddress_t *peeraddress, server_floodad
 			break;
 		}
 	}
+#ifdef NET_FLOODCONTROL_PARANOID
+	// no flood slot left? better be paranoid
+	// note that typical reflection attacks do not hit this, as this
+	// DDoS attacks are typically targeted at few IPs
+	if (realtime < floodlist[bestfloodslotnum].lasttime + floodtime)
+	{
+		//Con_Printf("Flood slots exhausted!\n");
+		return true;
+	}
+#endif
 	// begin a new timeout on this address
 	floodlist[bestfloodslotnum].address = noportpeeraddress;
 	floodlist[bestfloodslotnum].lasttime = realtime;