Team Fortress 2 Source Code as on 22/4/2020
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

139 lines
4.3 KiB

//========= Copyright Valve Corporation, All rights reserved. ============//
//
// Purpose: Handles all the functions for implementing remote access to the engine
//
//=============================================================================//
#include "sv_ipratelimit.h"
#include "filesystem.h"
#include "sv_log.h"
static ConVar sv_logblocks("sv_logblocks", "0", 0, "If true when log when a query is blocked (can cause very large log files)");
//-----------------------------------------------------------------------------
// Purpose: Constructor
//-----------------------------------------------------------------------------
CIPRateLimit::CIPRateLimit(ConVar *maxSec, ConVar *maxWindow, ConVar *maxSecGlobal)
: m_IPTree( 0, START_TREE_SIZE, LessIP),
m_maxSec( maxSec ),
m_maxWindow( maxWindow ),
m_maxSecGlobal( maxSecGlobal )
{
m_iGlobalCount = 0;
m_lLastTime = -1;
m_flFlushTime = 0;
}
//-----------------------------------------------------------------------------
// Purpose: Destructor
//-----------------------------------------------------------------------------
CIPRateLimit::~CIPRateLimit()
{
}
//-----------------------------------------------------------------------------
// Purpose: sort func for rb tree
//-----------------------------------------------------------------------------
bool CIPRateLimit::LessIP( const struct CIPRateLimit::iprate_s &lhs, const struct CIPRateLimit::iprate_s &rhs )
{
return ( lhs.ip < rhs.ip );
}
//-----------------------------------------------------------------------------
// Purpose: return false and potentially log a warning if this IP has exceeded limits
//-----------------------------------------------------------------------------
bool CIPRateLimit::CheckIP( netadr_t adr )
{
bool ret = CheckIPInternal(adr);
if ( !ret && sv_logblocks.GetBool() == true )
{
g_Log.Printf("Traffic from %s was blocked for exceeding rate limits\n", adr.ToString() );
}
return ret;
}
//-----------------------------------------------------------------------------
// Purpose: return false if this IP has exceeded limits
//-----------------------------------------------------------------------------
bool CIPRateLimit::CheckIPInternal( netadr_t adr )
{
// check the global count first in case we are being spammed
m_iGlobalCount++;
long curTime = (long)Plat_FloatTime();
if( (curTime - m_lLastTime) > m_maxWindow->GetFloat() )
{
m_lLastTime = curTime;
m_iGlobalCount = 1;
}
float query_rate = static_cast<float>( m_iGlobalCount ) / m_maxWindow->GetFloat(); // add one so the bottom is never zero
if( m_maxSecGlobal->GetFloat() > FLT_EPSILON && query_rate > m_maxSecGlobal->GetFloat() )
{
return false;
}
// check the per ip rate (do this first, so one person dosing doesn't add to the global max rate
ip_t clientIP;
memcpy( &clientIP, adr.ip, sizeof(ip_t) );
if( m_IPTree.Count() > MAX_TREE_SIZE && curTime > ( m_flFlushTime + FLUSH_TIMEOUT/4 ) ) // if we have stored too many items
{
m_flFlushTime = curTime;
ip_t tmp = m_IPTree.LastInorder(); // we step BACKWARD's through the tree
int i = m_IPTree.FirstInorder();
while( (m_IPTree.Count() > (2*MAX_TREE_SIZE)/3) && i < m_IPTree.MaxElement() ) // trim 1/3 the entries from the tree and only traverse the max nodes
{
if ( !m_IPTree.IsValidIndex( tmp ) )
break;
if ( (curTime - m_IPTree[ tmp ].lastTime) > FLUSH_TIMEOUT &&
m_IPTree[ tmp ].ip != clientIP )
{
ip_t removeIPT = tmp;
tmp = m_IPTree.PrevInorder( tmp );
m_IPTree.RemoveAt( removeIPT );
continue;
}
i++;
tmp = m_IPTree.PrevInorder( tmp );
}
}
// now find the entry and check if its within our rate limits
struct iprate_s findEntry = { clientIP };
ip_t entry = m_IPTree.Find( findEntry );
if( m_IPTree.IsValidIndex( entry ) )
{
m_IPTree[ entry ].count++; // a new hit
if( (curTime - m_IPTree[ entry ].lastTime) > m_maxWindow->GetFloat() )
{
m_IPTree[ entry ].lastTime = curTime;
m_IPTree[ entry ].count = 1;
}
else
{
float flQueryRate = static_cast<float>( m_IPTree[ entry ].count) / m_maxWindow->GetFloat(); // add one so the bottom is never zero
if( flQueryRate > m_maxSec->GetFloat() )
{
return false;
}
}
}
else
{
// not found, insert this new guy
struct iprate_s newEntry;
newEntry.count = 1;
newEntry.lastTime = curTime;
newEntry.ip = clientIP;
m_IPTree.Insert( newEntry );
}
return true;
}