One more clarification: this proposal is only to change A2S_INFO, A2S_PLAYER, and A2S_INFO. There are other connectionless packets in Source engine protocols. We could update our own games to require that those be padded as well (and check the same environment variables). But it's totally separate code. (Not to mention other games!) So, any filtering will need to be smarter than just checking if the first 32-bits are ffffffff.
While I'm touching this code, I'm also hardening the challenge generation. From: csgo_servers@list.valvesoftware.com <csgo_servers@list.valvesoftware.com> Sent: Tuesday, November 17, 2020 10:29 AM To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers] RFC: Changes to the A2S_INFO protocol As John said, padding with zeros will be easier to mitigate (and less resource intensive) for providers, and it solves the reflection. Any word on the last bit of John's response regarding "abuse" of BGP/Anycasting to reply to source engine queries from the closest geographical location to the requester? It's one thing for hosts to use edge locations to mitigate attacks, allowing inbound filtering to be spread across multiple edge locations. But people are taking it a step further and intentionally sending a cached query response from those edge locations to benefit from players thinking their server has the lowest latency in the server browser. John! Good to hear from all old folks from years ago! TL/DR: New proposal: the server requires all 3 connectionless packets from clients to be at least 1200 bytes. I've gotten similar feedback from a few people now. The only reason to consider allowing a smaller packet with a challenge is to give the client a way to reduce the bandwidth sent when pinging a ton of servers. But doing this would impair the ability to filter out these packets further out, and it is also more complicated to implement. (I wasn't planning on changing the server browser in steamclient.dll to do it, I was just going to do the simple thing of padding the packet.) Given that it is 2020 The Year of Our Lord Gaben, probably the extra bandwidth needed to ping a bunch of servers is just not significant. Regarding 1200: although this technically maybe not OK according to RFCs from the mid 90's, being larger than the absurdly small minimum IPv4 MTU, I believe it is OK in practice in 2020 TYOOLG, especially since the minimum MTU for IPv6 is 1280. In the SDR protocol used by CSGO and Dota, clients always initiate their communication with a 1200 byte packet, and that has not caused any problems. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/
