Some proposed updates using the patch from ioquake3 are in my home directory on alioth: <http://alioth.debian.org/~smcv/>. Patch for review: <http://anonscm.debian.org/gitweb/?p=pkg-games/openarena.git;a=commitdiff;h=caeb284533211bb0f76872279106a49306290168>
Markus, if you install devscripts and debian-keyring, you should be able to download the packages from Alioth with dget, and verify the signatures on them by running dscverify on the .changes file (they're signed with my GPG key, which is in the Debian keyring). URLs: i386: dget http://alioth.debian.org/~smcv/openarena_0.8.5-5+squeeze2~try1_i386.changes amd64 and source: dget http://alioth.debian.org/~smcv/openarena_0.8.5-5+squeeze2~try1_amd64.changes Verified on i386 to lock out rapid getstatus requests after an initial "burst" of 10; if I'm reading the implementation correctly, after the initial "burst" they limit getstatus to 1 per second per IP address or 10 per second across all addresses, and rcon to 1 per second. One getstatus per second should be about 1 KB/sec outbound. On 25/03/12 19:09, Florian Weimer wrote: > So the problem seems to be traffic amplification by a factor or 250. > (around 2000 bytes in, 500,000 bytes out). Is this correct? According to wireshark, using various commands on an unconfigured squeeze "listen server" (1 player in the game, playing on the server machine) has these amplification factors (I'm counting the size of the IP packet, so excluding Ethernet headers): command in/bytes out/bytes amp. -------------------------------------- getstatus 41 802 20x (more on a config'd server?) getinfo 39 172 4.4x rcon 36 73 2x getchallenge 44 61 < 2x connect 39 71 < 2x (minimal connect message) The ioquake3 patch rate-limits getstatus because it has the largest amplification (and the most scope for more amplification on a more elaborately-configured server), and rcon (because its first argument is a password to remote-control the game if that feature is enabled, and we don't want to make it trivial to brute-force). I'd be surprised to get a factor of 250: a minimal getstatus command seems to be 41 bytes including IP headers, so 2000 bytes of input would get you about 49 commands, which means each response would have to be 10204 bytes, nearly 10K, to provide that much output... One of the ioquake3 developers noted in January that getinfo should have rate-limiting too, but it's a considerably smaller amplification - getinfo returns a small number of whitelisted variables, whereas getstatus returns a set of variables that the server admin can configure, AIUI - so nothing has been done about this by ioquake3 upstream yet. Regards, S -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
