Limit the amount and data size of incoming packets #3733
Conversation
|
Would it maybe be useful to change this to have just have a task per connection on the netty thread every second setting the counter to 0? I think calling the currentTimeMillis method and checking for seconds elapsed for every packet is a waste of time. |
|
As you can see we dont get the millis every packet, we check for the millis every 2000th packet Normally a client send 20-60 packets per second so this should not have any Performance impact at all Edit: If you would set the limit to 1000 in the config every 1000th packet would be checked |
|
Oh, I somehow missed that part of the logic. My bad. |
|
I saw that in 1 fork they also check the packet size in bytes, maybe it will be a good idea? Does it check every possible connection from player? Pretty nice idea for the counter. |
i dont think a data size check is needed |
What if you have many large packets under the limit? |
Too large packets are causing kicks by bungee or spigot already. |
That depends, but I guess we talk about the thing when pakets are received earlier on bungee than spigot. |
if the packet exceeds the protocol limits we throw an exception on bungee side, if we do not read the packet the minecraft server throws the exception |
I mean the packets that are handled on bukkit, I suppose it's possible to lag it before it even reaches the spigot. |
i dont get your point |
I think it's possible to mass spam packets, the netty thread on bungeecord will be lagged it even reaches the spigot. |
how can you mass spam if there is a packet limit? |
Spam under the packet limit with massive packets, I was more worried without the limiter. |
thats not a bungeecord issue but this pr should mitigate that |
Wouldn't an external plugin be better just for this? |
Too much resources for the plugin I think.
I think it would be really nice to limit bytes too and maybe avoid checking instances of handler every packet. |
checking for the handler should make no performace decrease at all |
|
If it can be avoided I think it's good to not do that or check it just once. What do you think about the byte limiter? |
|
unnecessary the packet amount limit is enought Edit: pardon its not |
|
Also we dont know the lenght of the packet if its compressed, we would need to read the lenght of every compressed packet. I think thats not worth |
Incoming compressed packet? |
|
Yes |
I don't know about such packets, but if I do it in MinecraftDecoder the bytes are already read. |
|
Ah yes we decompress them anyway. But this would have no benefits for bungee. |
Won't it be good idea to avoid spam with big packets? |
big packets are not a problem i guess |
Packets that are too large will simply be cancelled by disconnecting to that connection by the backend itself |
But you need the protection on the backend too and you need to listen there for every packet and check the size there too. |
|
@md-5 what do you think about a packet amount limitation? |
|
If the Vanilla server can handle it, why not Bungee? |
Weird question, also I don't think that vanilla server can handle huge amount of packets. |
The vanilla server also has a packet limiter that is kicking the player. This is the vanilla packet limiter btw EDIT: its disabled by default (i thought its not) If you want to we could also disable it by default but i think its not a bad idea to use a default value like 2000, it should protect against packet spam and should not false flag. |
Outfluencer
changed the title
|
I'll add a second check, to check for the decompressed size of incoming packets soon. |
|
I will heavily test the default values of 2048 max packets per second and 33554432 bytes (33MB) max data per second. |
Log the packets sent by the player on kick Ensure packet releasing by moving the checks inside the try final for releasing. Changed default values
|
the default limits are now 4096 packet per second and 33554432 bytes per second (33,5mb/s) I did a test on a hardcore pvp network for about 8 hours The results where that there was a maximum amount of packets of 2737 per second. (probably a lagging player with autoclicker) but the vanilla client should never exeed these value @md-5 in my tests this fixed the issue we talked about. |
|
Thanks |
It is possible to make netty threads lag by spamming a massive amount of packets.
And you can make players time out with it.
I am not sure if i should say how specifically you can achieve that, publicly.
A simple packet limiter should mitigate those attacks.
A vanilla client should never exeed the default value of 2000 packets per second, but we can disguss about this if any concerns