Net anti-spam protection. #2245
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I think you're conflating the net library's responsibility as a mechanism for data transfer across the network and as a firewall against potentially malicious attacks. In any case, why would it be built-in? This could be an addon. (I could also see the defaults breaking lots of addons...) |
|
I understand your comment, I made this pull request to improve net security for developers who don't think or know how to make a “cooldown”. I totally agree that it's the developer's responsibility to secure his net, but unfortunately I see a lot of addons with no real protection against this “threat”. |
robotboy655
added
the
Enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
After browsing through some addons on steam or online shops/downloads I could see that some developers don't protect their net against spam.
I'm well aware that the majority of developers have protected their nets against spam, which is why I'm proposing to deactivate this protection vis-à-vis a convar (activated as standard).
The algorithm I've set up only works on the SERVER side, since the CLIENT doesn't need any real protection against spam.
I've been able to test with inline addons and my code doesn't break the addons.
Function changed
net.Incoming
In this function I set up a cooldown to display a message if a lot of nets have been sent in a short time, i.e. 0.5 seconds (Customizable by a convar).
I've created two new tables, net.ReceiversConfigTime (for more information, see net.Receive) and net.ReceiversProtectionSpam, and we're going to take a look at the net.ReceiversProtectionSpam table. In this table we'll have this structure:
Example (Print) :
We're going to emit a (simple) timer that deletes the table value if the cooldown is exceeded. I'm aware that if the player disconnects, his table will still be there, but I don't know if we're allowed to create hooks (PlayerDisconnected) in this file, so I'd rather not do it and let others have their say.
net.Receive
In the net.Receive modification I've just added an argument (iTime: which can be a float/int) that just changes the cooldown of the specific net.
The net.ReceiversConfigTime table will be used to modify this value.
ConVar
sv_net_time(Float ; Default : 0.5) : The time in seconds between each net message a player can send.sv_net_protect(Int --> Boolean ; Default : 1 (true)) : Whether or not to protect the net messages from spam.Documentation (Wiki)
net.Receive
Preview :
Modify net cooldown. Cooldown uses Global.CurTime