-DNET_FLOODCONTROL_PARANOID

diff --git a/netconn.c b/netconn.c
index aa8bf94aeef06c1447d8fc62d5fd1c74fcb96596..d7f07f7e6ff00bdf30fd2fbbeb588faf8524bcab 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -2538,6 +2538,16 @@ static qboolean NetConn_PreventFlood(lhnetaddress_t *peeraddress, server_floodad
                        break;
                }
        }
+#ifdef NET_FLOODCONTROL_PARANOID
+       // no flood slot left? better be paranoid
+       // note that typical reflection attacks do not hit this, as this
+       // DDoS attacks are typically targeted at few IPs
+       if (realtime < floodlist[bestfloodslotnum].lasttime + floodtime)
+       {
+               //Con_Printf("Flood slots exhausted!\n");
+               return true;
+       }
+#endif
        // begin a new timeout on this address
        floodlist[bestfloodslotnum].address = noportpeeraddress;
        floodlist[bestfloodslotnum].lasttime = realtime;