master: add client rate limit config

numas13 · a1batross · commit df766ec3bd67 · 2025-05-25T15:34:38.000+05:00
diff --git a/master/config/default.toml b/master/config/default.toml
@@ -14,6 +14,11 @@
 # Minimal accepted server version
 #min-version = "0.19.2"
 
+# Set maximum allowed client requests from an IP address per second.
+#
+# Set 0 to disable.
+#client-rate-limit = 0
+
 [server.timeout]
 # Time in seconds while challenge is valid
 #challenge = 10
diff --git a/master/src/config.rs b/master/src/config.rs
@@ -94,6 +94,7 @@ pub struct ServerConfig {
     #[serde(deserialize_with = "deserialize_version")]
     pub min_version: Version,
     pub timeout: TimeoutConfig,
+    pub client_rate_limit: u32,
 }
 
 impl Default for ServerConfig {
@@ -104,6 +105,7 @@ impl Default for ServerConfig {
             max_servers_per_ip: DEFAULT_MAX_SERVERS_PER_IP,
             min_version: DEFAULT_SERVER_MIN_VERSION,
             timeout: Default::default(),
+            client_rate_limit: 0,
         }
     }
 }
diff --git a/master/src/hash_map.rs b/master/src/hash_map.rs
@@ -1,4 +1,9 @@
-use std::{borrow::Borrow, collections::hash_map::Entry, hash::Hash, ops::Deref};
+use std::{
+    borrow::Borrow,
+    collections::hash_map::Entry,
+    hash::Hash,
+    ops::{Deref, DerefMut},
+};
 
 use ahash::AHashMap;
 
@@ -24,6 +29,12 @@ impl<T> Timed<T> {
     }
 }
 
+impl<T: Default> Default for Timed<T> {
+    fn default() -> Self {
+        Self::new(T::default())
+    }
+}
+
 impl<T> Deref for Timed<T> {
     type Target = T;
 
@@ -32,6 +43,12 @@ impl<T> Deref for Timed<T> {
     }
 }
 
+impl<T> DerefMut for Timed<T> {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.value
+    }
+}
+
 impl<T> From<T> for Timed<T> {
     fn from(value: T) -> Self {
         Self::new(value)
@@ -85,29 +102,40 @@ impl<K: Eq + Hash, V> TimedHashMap<K, V> {
         self.cleanup();
     }
 
-    pub fn remove<Q>(&mut self, k: &Q) -> Option<V>
+    pub fn remove<Q>(&mut self, k: &Q) -> Option<Timed<V>>
     where
         K: Borrow<Q>,
         Q: Hash + Eq + ?Sized,
     {
         self.map.remove(k).and_then(|i| {
             if i.is_valid(RelativeTime::now(), self.timeout) {
-                Some(i.value)
+                Some(i)
             } else {
                 None
             }
         })
     }
 
     pub fn entry(&mut self, key: K) -> Entry<'_, K, Timed<V>> {
+        // not optimal but HashMap::entry API does not allow to replace
+        // an occupied entry with vacant
+        if let Some(v) = self.map.get(&key) {
+            // try to remove the requested outdated entry
+            if !v.is_valid(RelativeTime::now(), self.timeout) {
+                self.map.remove(&key);
+            }
+        } else {
+            // or try to remove other outdated entries
+            self.cleanup();
+        }
         self.map.entry(key)
     }
 
-    pub fn iter(&self) -> impl Iterator<Item = (&K, &V)> {
+    pub fn iter(&self) -> impl Iterator<Item = (&K, &Timed<V>)> {
         let now = RelativeTime::now();
         self.map.iter().filter_map(move |(k, i)| {
             if i.is_valid(now, self.timeout) {
-                Some((k, &i.value))
+                Some((k, i))
             } else {
                 None
             }
@@ -118,14 +146,14 @@ impl<K: Eq + Hash, V> TimedHashMap<K, V> {
         self.iter().map(|(k, _)| k)
     }
 
-    pub fn get<Q>(&self, k: &Q) -> Option<&V>
+    pub fn get<Q>(&self, k: &Q) -> Option<&Timed<V>>
     where
         K: Borrow<Q>,
         Q: Hash + Eq + ?Sized,
     {
         self.map.get(k).and_then(|i| {
             if i.is_valid(RelativeTime::now(), self.timeout) {
-                Some(&i.value)
+                Some(i)
             } else {
                 None
             }
diff --git a/master/src/master_server.rs b/master/src/master_server.rs
@@ -190,6 +190,7 @@ pub struct MasterServer<Addr: AddrExt> {
 
     update_addr: SocketAddr,
     update_gamedir: TimedHashMap<Addr, StrArr<GAMEDIR_MAX_SIZE>>,
+    client_rate_limit: TimedHashMap<Addr::Ip, u32>,
 
     blocklist: HashSet<Addr::Ip>,
 
@@ -218,6 +219,7 @@ impl<Addr: AddrExt> MasterServer<Addr> {
             rng: Rng::new(),
             update_addr,
             update_gamedir: TimedHashMap::new(5),
+            client_rate_limit: TimedHashMap::new(1),
             admin_challenges: TimedHashMap::new(timeout.challenge),
             admin_limit: TimedHashMap::new(timeout.admin),
             blocklist: Default::default(),
@@ -294,6 +296,7 @@ impl<Addr: AddrExt> MasterServer<Addr> {
         self.servers.clear();
         self.admin_challenges.clear();
         self.stats.clear();
+        self.client_rate_limit.clear();
     }
 
     fn handle_server_packet(&mut self, from: Addr, p: server::Packet) -> Result<(), Error> {
@@ -310,7 +313,7 @@ impl<Addr: AddrExt> MasterServer<Addr> {
             }
             server::Packet::ServerAdd(p) => {
                 let challenge = match self.challenges.get(&from) {
-                    Some(e) => e,
+                    Some(e) => e.value,
                     None => {
                         trace!("{}: Challenge does not exists", from);
                         return Ok(());
@@ -324,7 +327,7 @@ impl<Addr: AddrExt> MasterServer<Addr> {
                     );
                     return Ok(());
                 }
-                if p.challenge != *challenge {
+                if p.challenge != challenge {
                     warn!(
                         "{from}: Expected challenge {challenge} but received {}",
                         p.challenge
@@ -484,6 +487,15 @@ impl<Addr: AddrExt> MasterServer<Addr> {
     }
 
     fn handle_game_packet(&mut self, from: Addr, p: game::Packet) -> Result<(), Error> {
+        if self.cfg.server.client_rate_limit > 0 {
+            let counter = self.client_rate_limit.entry(*from.ip()).or_default();
+            counter.value = counter.value.saturating_add(1);
+            if counter.value > self.cfg.server.client_rate_limit {
+                trace!("{from}: client rate limit {}", counter.value);
+                return Ok(());
+            }
+        }
+
         trace!("{from}: recv {p:?}");
         match p {
             game::Packet::QueryServers(p) => {
@@ -608,15 +620,15 @@ impl<Addr: AddrExt> MasterServer<Addr> {
     fn add_server(&mut self, addr: Addr, server: ServerInfo) {
         match self.servers.entry(addr) {
             hash_map::Entry::Occupied(mut e) => {
-                trace!("{}: Updated GameServer", addr);
+                trace!("{}: game server update", addr);
                 e.insert(Timed::new(server));
             }
             hash_map::Entry::Vacant(_) => {
                 if self.count_servers(addr.ip()) >= self.cfg.server.max_servers_per_ip {
                     trace!("{}: max servers per ip", addr);
                     return;
                 }
-                trace!("{}: New GameServer", addr);
+                trace!("{}: game server add", addr);
                 self.servers.insert(addr, server);
             }
         }
diff --git a/master/src/time.rs b/master/src/time.rs
@@ -9,16 +9,28 @@ use std::{
 pub struct RelativeTime(u32);
 
 impl RelativeTime {
+    // 125ms units provide ~17 years of uptime without overflow
+    const MILLIS_PER_UNIT: u64 = 125;
+    const UNITS_PER_SEC: u64 = 1000 / Self::MILLIS_PER_UNIT; // 8
+
+    fn from_millis(ms: u64) -> Self {
+        Self((ms / Self::UNITS_PER_SEC) as u32)
+    }
+
+    fn as_millis(&self) -> u64 {
+        (self.0 as u64) * Self::UNITS_PER_SEC
+    }
+
     /// Returns current relative time.
     pub fn now() -> Self {
         static TIMER: OnceLock<Instant> = OnceLock::new();
-        Self(TIMER.get_or_init(Instant::now).elapsed().as_secs() as u32)
+        Self::from_millis(TIMER.get_or_init(Instant::now).elapsed().as_millis() as u64)
     }
 
     /// Returns the amount of time elapsed from another time to this one.
     ///
     /// Returns zero if `earlier` is later than this time.
     pub fn duration_since(&self, earlier: Self) -> Duration {
-        Duration::from_secs(self.0.saturating_sub(earlier.0) as u64)
+        Duration::from_millis(self.as_millis().saturating_sub(earlier.as_millis()))
     }
 }
diff --git a/master/tests/master.rs b/master/tests/master.rs
diff --git a/master/tests/server_add.rs b/master/tests/server_add.rs

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,7 @@ pub struct ServerConfig {`
`94`	`94`	`#[serde(deserialize_with = "deserialize_version")]`
`95`	`95`	`pub min_version: Version,`
`96`	`96`	`pub timeout: TimeoutConfig,`
	`97`	`+ pub client_rate_limit: u32,`
`97`	`98`	`}`
`98`	`99`
`99`	`100`	`impl Default for ServerConfig {`
`@@ -104,6 +105,7 @@ impl Default for ServerConfig {`
`104`	`105`	`max_servers_per_ip: DEFAULT_MAX_SERVERS_PER_IP,`
`105`	`106`	`min_version: DEFAULT_SERVER_MIN_VERSION,`
`106`	`107`	`timeout: Default::default(),`
	`108`	`+ client_rate_limit: 0,`
`107`	`109`	`}`
`108`	`110`	`}`
`109`	`111`	`}`