reHLDS/rehlds
2
0
Fork 0
mirror of https://github.com/rehlds/rehlds.git synced 2025-01-29 06:58:03 +03:00
Code Issues Projects Releases Wiki Activity

Minor refactoring

Browse Source 
Added CVar sv_net_incoming_decompression_punish for ban
This commit is contained in:
s1lentq 2023-11-12 17:54:08 +07:00
parent 332c0e0323
commit 2d70bb5690
2 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -58,6 +58,7 @@ This means that plugins that do binary code analysis (Orpheu for example) probab
<li>sv_net_incoming_decompression <1|0> // When enabled server will decompress of incoming compressed file transfer payloads. Default: 1 <li>sv_net_incoming_decompression <1|0> // When enabled server will decompress of incoming compressed file transfer payloads. Default: 1
<li>sv_net_incoming_decompression_max_ratio <0|100> // Sets the max allowed ratio between compressed and uncompressed data for file transfer. (A ratio close to 90 indicates large uncompressed data with low entropy) Default: 80.0 <li>sv_net_incoming_decompression_max_ratio <0|100> // Sets the max allowed ratio between compressed and uncompressed data for file transfer. (A ratio close to 90 indicates large uncompressed data with low entropy) Default: 80.0
<li>sv_net_incoming_decompression_max_size <16|65536> // Sets the max allowed size for decompressed file transfer data. Default: 65536 bytes <li>sv_net_incoming_decompression_max_size <16|65536> // Sets the max allowed size for decompressed file transfer data. Default: 65536 bytes
<li>sv_net_incoming_decompression_punish // Time in minutes for which the player will be banned for malformed/abnormal bzip2 fragments (0 - Permanent, use a negative number for a kick). Default: -1
</ul> </ul>
</details> </details>

38
rehlds/engine/net_chan.cpp
View File

@ -40,6 +40,7 @@ cvar_t net_chokeloopback = { "net_chokeloop", "0", 0, 0.0f, nullptr};
cvar_t sv_net_incoming_decompression = { "sv_net_incoming_decompression", "1", 0, 1.0f, nullptr }; cvar_t sv_net_incoming_decompression = { "sv_net_incoming_decompression", "1", 0, 1.0f, nullptr };
cvar_t sv_net_incoming_decompression_max_ratio = { "sv_net_incoming_decompression_max_ratio", "75.0", 0, 75.0f, nullptr }; cvar_t sv_net_incoming_decompression_max_ratio = { "sv_net_incoming_decompression_max_ratio", "75.0", 0, 75.0f, nullptr };
cvar_t sv_net_incoming_decompression_max_size = { "sv_net_incoming_decompression_max_size", "65536", 0, 65536.0f, nullptr }; cvar_t sv_net_incoming_decompression_max_size = { "sv_net_incoming_decompression_max_size", "65536", 0, 65536.0f, nullptr };
cvar_t sv_net_incoming_decompression_punish = { "sv_net_incoming_decompression_punish", "-1", 0, -1.0f, NULL };
cvar_t sv_filetransfercompression = { "sv_filetransfercompression", "1", 0, 0.0f, nullptr}; cvar_t sv_filetransfercompression = { "sv_filetransfercompression", "1", 0, 0.0f, nullptr};
cvar_t sv_filetransfermaxsize = { "sv_filetransfermaxsize", "10485760", 0, 0.0f, nullptr}; cvar_t sv_filetransfermaxsize = { "sv_filetransfermaxsize", "10485760", 0, 0.0f, nullptr};
@ -1486,12 +1487,19 @@ qboolean Netchan_CopyNormalFragments(netchan_t *chan)
{ {
// Determine whether decompression of compressed data is allowed // Determine whether decompression of compressed data is allowed
#ifdef REHLDS_FIXES #ifdef REHLDS_FIXES
if (!sv_net_incoming_decompression.value && ((chan->player_slot - 1) == host_client - g_psvs.clients) && if (!sv_net_incoming_decompression.value)
// compressed data is expected only after requesting resource list
!host_client->m_sendrescount)
{ {
success = FALSE; if (chan->player_slot == 0)
Con_Printf("%s: Incoming compressed data disallowed from %s\n", __func__, host_client->name); {
Con_DPrintf("Incoming compressed data disallowed from\n");
return FALSE;
}
// compressed data is expected only after requesting resource list
else if (host_client->m_sendrescount)
{
Con_DPrintf("%s:Incoming compressed data disallowed from %s\n", NET_AdrToString(chan->remote_address), host_client->name);
return FALSE;
}
} }
#endif #endif
@ -1510,9 +1518,9 @@ qboolean Netchan_CopyNormalFragments(netchan_t *chan)
if (ratio >= sv_net_incoming_decompression_max_ratio.value) if (ratio >= sv_net_incoming_decompression_max_ratio.value)
{ {
if (chan->player_slot == 0) if (chan->player_slot == 0)
Con_Printf("%s: Incoming abnormal uncompressed size with ratio %.2f\n", __func__, ratio); Con_DPrintf("Incoming abnormal uncompressed size with ratio %.2f\n", ratio);
else else
Con_Printf("%s: Incoming abnormal uncompressed size with ratio %.2f from %s\n", __func__, ratio, g_psvs.clients[chan->player_slot - 1].name); Con_DPrintf("%s:Incoming abnormal uncompressed size with ratio %.2f from %s\n", NET_AdrToString(chan->remote_address), ratio, host_client->name);
success = FALSE; success = FALSE;
} }
@ -1530,9 +1538,21 @@ qboolean Netchan_CopyNormalFragments(netchan_t *chan)
} }
// Drop client if decompression was unsuccessful // Drop client if decompression was unsuccessful
if (!success && ((chan->player_slot - 1) == host_client - g_psvs.clients)) if (!success)
{ {
SV_DropClient(host_client, FALSE, "Malformed/abnormal compressed data"); if ((chan->player_slot - 1) == host_client - g_psvs.clients)
{
#ifdef REHLDS_FIXES
if (sv_net_incoming_decompression_punish.value >= 0)
{
Con_DPrintf("%s:Banned for malformed/abnormal bzip2 fragments from %s\n", NET_AdrToString(chan->remote_address), host_client->name);
Cbuf_AddText(va("addip %.1f %s\n", sv_net_incoming_decompression_punish.value, NET_BaseAdrToString(chan->remote_address)));
}
#endif
SV_DropClient(host_client, FALSE, "Malformed/abnormal compressed data");
}
SZ_Clear(&net_message); SZ_Clear(&net_message);
} }
} }