archive
/
tf2
mirror of https://github.com/sr2echa/TF2-Source-Code
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Team Fortress 2 Source Code as on 22/4/2020
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
1.4 GiB
Tree: df62d5da09
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'df62d5da09'
${ noResults }
tf2/tf2_src/engine/sv_ipratelimit.cpp

139 lines
4.3 KiB
Raw Normal View History

compressed some files
5 years ago
  1. //========= Copyright Valve Corporation, All rights reserved. ============//
  2. //
  3. // Purpose: Handles all the functions for implementing remote access to the engine
  4. //
  5. //=============================================================================//
  7. #include "sv_ipratelimit.h"
  8. #include "filesystem.h"
  9. #include "sv_log.h"
  11. static ConVar sv_logblocks("sv_logblocks", "0", 0, "If true when log when a query is blocked (can cause very large log files)");
  14. //-----------------------------------------------------------------------------
  15. // Purpose: Constructor
  16. //-----------------------------------------------------------------------------
  17. CIPRateLimit::CIPRateLimit(ConVar *maxSec, ConVar *maxWindow, ConVar *maxSecGlobal)
  18. : m_IPTree( 0, START_TREE_SIZE, LessIP),
  19. m_maxSec( maxSec ),
  20. m_maxWindow( maxWindow ),
  21. m_maxSecGlobal( maxSecGlobal )
  22. {
  23. m_iGlobalCount = 0;
  24. m_lLastTime = -1;
  25. m_flFlushTime = 0;
  26. }
  28. //-----------------------------------------------------------------------------
  29. // Purpose: Destructor
  30. //-----------------------------------------------------------------------------
  31. CIPRateLimit::~CIPRateLimit()
  32. {
  33. }
  35. //-----------------------------------------------------------------------------
  36. // Purpose: sort func for rb tree
  37. //-----------------------------------------------------------------------------
  38. bool CIPRateLimit::LessIP( const struct CIPRateLimit::iprate_s &lhs, const struct CIPRateLimit::iprate_s &rhs )
  39. {
  40. return ( lhs.ip < rhs.ip );
  41. }
  43. //-----------------------------------------------------------------------------
  44. // Purpose: return false and potentially log a warning if this IP has exceeded limits
  45. //-----------------------------------------------------------------------------
  46. bool CIPRateLimit::CheckIP( netadr_t adr )
  47. {
  48. bool ret = CheckIPInternal(adr);
  49. if ( !ret && sv_logblocks.GetBool() == true )
  50. {
  51. g_Log.Printf("Traffic from %s was blocked for exceeding rate limits\n", adr.ToString() );
  52. }
  53. return ret;
  54. }
  56. //-----------------------------------------------------------------------------
  57. // Purpose: return false if this IP has exceeded limits
  58. //-----------------------------------------------------------------------------
  59. bool CIPRateLimit::CheckIPInternal( netadr_t adr )
  60. {
  61. // check the global count first in case we are being spammed
  62. m_iGlobalCount++;
  63. long curTime = (long)Plat_FloatTime();
  65. if( (curTime - m_lLastTime) > m_maxWindow->GetFloat() )
  66. {
  67. m_lLastTime = curTime;
  68. m_iGlobalCount = 1;
  69. }
  71. float query_rate = static_cast<float>( m_iGlobalCount ) / m_maxWindow->GetFloat(); // add one so the bottom is never zero
  72. if( m_maxSecGlobal->GetFloat() > FLT_EPSILON && query_rate > m_maxSecGlobal->GetFloat() )
  73. {
  74. return false;
  75. }
  78. // check the per ip rate (do this first, so one person dosing doesn't add to the global max rate
  79. ip_t clientIP;
  80. memcpy( &clientIP, adr.ip, sizeof(ip_t) );
  82. if( m_IPTree.Count() > MAX_TREE_SIZE && curTime > ( m_flFlushTime + FLUSH_TIMEOUT/4 ) ) // if we have stored too many items
  83. {
  84. m_flFlushTime = curTime;
  85. ip_t tmp = m_IPTree.LastInorder(); // we step BACKWARD's through the tree
  86. int i = m_IPTree.FirstInorder();
  87. while( (m_IPTree.Count() > (2*MAX_TREE_SIZE)/3) && i < m_IPTree.MaxElement() ) // trim 1/3 the entries from the tree and only traverse the max nodes
  88. {
  89. if ( !m_IPTree.IsValidIndex( tmp ) )
  90. break;
  92. if ( (curTime - m_IPTree[ tmp ].lastTime) > FLUSH_TIMEOUT &&
  93. m_IPTree[ tmp ].ip != clientIP )
  94. {
  95. ip_t removeIPT = tmp;
  96. tmp = m_IPTree.PrevInorder( tmp );
  97. m_IPTree.RemoveAt( removeIPT );
  98. continue;
  99. }
  100. i++;
  101. tmp = m_IPTree.PrevInorder( tmp );
  102. }
  103. }
  105. // now find the entry and check if its within our rate limits
  106. struct iprate_s findEntry = { clientIP };
  107. ip_t entry = m_IPTree.Find( findEntry );
  109. if( m_IPTree.IsValidIndex( entry ) )
  110. {
  111. m_IPTree[ entry ].count++; // a new hit
  113. if( (curTime - m_IPTree[ entry ].lastTime) > m_maxWindow->GetFloat() )
  114. {
  115. m_IPTree[ entry ].lastTime = curTime;
  116. m_IPTree[ entry ].count = 1;
  117. }
  118. else
  119. {
  120. float flQueryRate = static_cast<float>( m_IPTree[ entry ].count) / m_maxWindow->GetFloat(); // add one so the bottom is never zero
  121. if( flQueryRate > m_maxSec->GetFloat() )
  122. {
  123. return false;
  124. }
  125. }
  126. }
  127. else
  128. {
  129. // not found, insert this new guy
  130. struct iprate_s newEntry;
  131. newEntry.count = 1;
  132. newEntry.lastTime = curTime;
  133. newEntry.ip = clientIP;
  134. m_IPTree.Insert( newEntry );
  135. }
  138. return true;
  139. }