From 981cc86eae7c2be743588916404548a916f44c93 Mon Sep 17 00:00:00 2001
From: Rudolf Polzer <divVerent@xonotic.org>
Date: Thu, 20 Jun 2013 19:42:31 +0200
Subject: [PATCH] -DNET_FLOODCONTROL_PARANOID

---
 netconn.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/netconn.c b/netconn.c
index aa8bf94a..d7f07f7e 100755
--- a/netconn.c
+++ b/netconn.c
@@ -2538,6 +2538,16 @@ static qboolean NetConn_PreventFlood(lhnetaddress_t *peeraddress, server_floodad
 			break;
 		}
 	}
+#ifdef NET_FLOODCONTROL_PARANOID
+	// no flood slot left? better be paranoid
+	// note that typical reflection attacks do not hit this, as this
+	// DDoS attacks are typically targeted at few IPs
+	if (realtime < floodlist[bestfloodslotnum].lasttime + floodtime)
+	{
+		//Con_Printf("Flood slots exhausted!\n");
+		return true;
+	}
+#endif
 	// begin a new timeout on this address
 	floodlist[bestfloodslotnum].address = noportpeeraddress;
 	floodlist[bestfloodslotnum].lasttime = realtime;
-- 
2.39.2