Is the q3fill really fixed?

Report and discuss bugs in JK2MV here or suggest changes.
Post Reply
User avatar
C4N
Posts: 16
Joined: 12 Mar 2016, 11:42

Is the q3fill really fixed?

Post by C4N » 14 Mar 2016, 23:25

Today I was testing the q3fill exploit on a server and realized that it is not exactly fixed, I managed to mitigate it by using the sv_timeout to 40.

The thing is I could set that to 2 or 3, but most people just can't enter to the server, even if I load a huge map like expeditiion, nobody will be able to enter, because server kicks them out just before they enter.



On that video you can see that as I said, sv_timeout can be used as a workaround, but people needs to reconnect once every time the server changes the map just after loading the map on memmory. I have two ideas I want to share if it helps, one is to just limit the connections per Ip, something like "mv_simconnections" cvar would be awesome, and the other idea is to make the client to reconnect to the server automatically when it gets stuck on "Awaiting snapshot...", but the thing I don't like about this last is that only people with jk2mv gets the fix, so I think a serverside fix/workaround its better.

And of course, maybe I'm missing something, let me know if its my fault please. :?

As a side note: I fixed this exploit with iptables, but it would be nice to have a real fix on the serverside
Steam - RSI

You may found me somewhere with this nicknames:
(Cjs|Canseco|Ms)
Khan Katarn
Canseco.
C4N

User avatar
ouned
Administrator
Posts: 579
Joined: 23 Feb 2015, 13:03
Location: Gliese581c

Re: Is the q3fill really fixed?

Post by ouned » 15 Mar 2016, 11:49

ummm
looks like you are right

https://github.com/mvdevs/jk2mv/blob/b0 ... t.cpp#L305
missing return statement :/

EDIT:
strange that we didn't notice it to this point.
I definitely tested it :/

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 15 Mar 2016, 18:08

I remember testing it as well. Weird. ^^

And by the way, we do indeed have a limit of 3 people with the same IP connecting at the same time, but we seem to have forgotten a return-statement (as ouned pointed out). Thanks for the info, I am going to test this myself when I have the time.

User avatar
ouned
Administrator
Posts: 579
Joined: 23 Feb 2015, 13:03
Location: Gliese581c

Re: Is the q3fill really fixed?

Post by ouned » 15 Mar 2016, 18:10

checked the commit history if we possibly destroyed it at some later time after implementing it.
But thats not even the case

So the question now is: Why did it ever work? :lol:

thanks for pointing it out @C4N

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 15 Mar 2016, 18:15

You and I both failed at attacking ourselves? :o

User avatar
C4N
Posts: 16
Joined: 12 Mar 2016, 11:42

Re: Is the q3fill really fixed?

Post by C4N » 16 Mar 2016, 09:12

ouned wrote: thanks for pointing it out @C4N
No thanks needed, I want to help this project the best I can, in the other hand I have a deploy with 24 testing servers ready to be launched :lol: so I'm just making sure every single possible exploit is fixed
Steam - RSI

You may found me somewhere with this nicknames:
(Cjs|Canseco|Ms)
Khan Katarn
Canseco.
C4N

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 16 Mar 2016, 17:05

24 servers? I don't really like the idea of someone flooding the server list with "empty servers". It's just distracting new players and it makes the game appear a lot less active. Finding proper servers is turning difficult by that.

And unless you plan to host all servers from different IPs you are going to run into issues. I am not sure how many servers per IP Ravensoft's master accepts, but our own masterservers have a limit and 24 exceeds that limit by far!

User avatar
fau
Staff
Posts: 412
Joined: 16 Aug 2015, 01:01
Location: Warsaw / Poland
Contact:

Re: Is the q3fill really fixed?

Post by fau » 16 Mar 2016, 17:14

I'm not a big fan of all these empty servers with bots plaguing 1.04 server list. How often I've heard recently "wow, there are real people on this server" from new players. I think he had something like on-demand server creation in mind, am I correct?

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 16 Mar 2016, 17:23

How do you measure "demand"? Without polluting the list with empty servers for every gametype you would need some approach, that always offers one empty server and people joining the server can adjust the gametype (votes, first client becomes admin, ...). Once people join the server the system "spawns a new one" and removes old servers once empty. However that might be inconvenient for users to deal with, if you don't offer them a user interface for that. :/

Polluting the server list sounds like a bad idea though.

User avatar
fau
Staff
Posts: 412
Joined: 16 Aug 2015, 01:01
Location: Warsaw / Poland
Contact:

Re: Is the q3fill really fixed?

Post by fau » 16 Mar 2016, 17:26

Exactly as you described. I have nothing to add :-)

User avatar
C4N
Posts: 16
Joined: 12 Mar 2016, 11:42

Re: Is the q3fill really fixed?

Post by C4N » 16 Mar 2016, 18:05

Daggolin wrote:24 servers? I don't really like the idea of someone flooding the server list with "empty servers". It's just distracting new players and it makes the game appear a lot less active. Finding proper servers is turning difficult by that.

And unless you plan to host all servers from different IPs you are going to run into issues. I am not sure how many servers per IP Ravensoft's master accepts, but our own masterservers have a limit and 24 exceeds that limit by far!
Well, this is something I was thinking about, so I think now that its a better idea to host a server with a proper voting system.
fau wrote:I'm not a big fan of all these empty servers with bots plaguing 1.04 server list. How often I've heard recently "wow, there are real people on this server" from new players. I think he had something like on-demand server creation in mind, am I correct?
I don't like bots too, my idea comes from a 1.03 player (me), that just can't see any good servers to play with, but as said, I'm reconstructing my idea from scratch just from a "multiple servers idea" to a "few servers with a proper voting system".
Daggolin wrote:How do you measure "demand"? Without polluting the list with empty servers for every gametype you would need some approach, that always offers one empty server and people joining the server can adjust the gametype (votes, first client becomes admin, ...). Once people join the server the system "spawns a new one" and removes old servers once empty. However that might be inconvenient for users to deal with, if you don't offer them a user interface for that. :/

Polluting the server list sounds like a bad idea though.
Precisely this, one of the stages of what I'm doing involves a web panel, my current idea is to make a web voting system where IPs from people conected on the server are allowed to enter and vote for certain things like load a mod or start a TFFA match with specific values.

From what I have understood, It is not a good idea to host too many servers, right?
Steam - RSI

You may found me somewhere with this nicknames:
(Cjs|Canseco|Ms)
Khan Katarn
Canseco.
C4N

Kameleon
Administrator
Posts: 315
Joined: 07 Jun 2015, 08:36

Re: Is the q3fill really fixed?

Post by Kameleon » 16 Mar 2016, 19:14

There are already too many servers as it is, compared to the amount of players left, and there are often so many bots on servers that newcomers think there are no real players at all

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 16 Mar 2016, 19:54

If people can create a server on a web panel on demand, which cleans itself up after it gets empty again I think it's a great idea for people to play "forgotten mods". Not everyone who feels the urge to play Jedi Master or ForceMod has the ability to host a server. If they can request a temporary server it could turn out quite nice. I only fear that with a web panel not many people will make use of that "offer" and some people might try to abuse the system. So you might want to secure your system. And maybe talk about the concept / outcome with some of us in private to evaluate, how secure your system is. :/

User avatar
fau
Staff
Posts: 412
Joined: 16 Aug 2015, 01:01
Location: Warsaw / Poland
Contact:

Re: Is the q3fill really fixed?

Post by fau » 16 Mar 2016, 20:49

That sounds like a great idea, I would suggest Movie Battles and Hydroball for 1.04. When it comes to regular servers, we need quality not quantity atm.

User avatar
ouned
Administrator
Posts: 579
Joined: 23 Feb 2015, 13:03
Location: Gliese581c

Re: Is the q3fill really fixed?

Post by ouned » 16 Mar 2016, 21:01

the webpanel idea is awesome.
You could even use jk2mv autodownloads so that there is nothing required but jk2mv

User avatar
Daggolin
Administrator
Posts: 786
Joined: 23 Feb 2015, 13:05

Re: Is the q3fill really fixed?

Post by Daggolin » 16 Mar 2016, 21:23

Ouned is right, if properly set up mods like MovieBattles can simply be downloaded from the server. :)

I still fear that a web-panel might not get that much attention, but who knows. If it's promoted on here and some other places it might get used. I like the idea and if you are working on such a thing I would really like to give this a try. And if happens to be that popular, that people use a dozen servers at once and it exceeds the master limits I am sure we can increase the maximum on the community masters. Reaching that point would be a huge success already. ^^

Other than that I can only agree to fau, quality servers over quantity.

One thing I've wanted for a long time, was to make custom gametypes as stand alone mods for servers to run. As far as I know fau and I both created some "custom gametypes". Maybe some of us could work on "new gametypes" if someone comes up with good ideas. (Just a general thought on offering a greater variety of gametypes on jk2 :P)

User avatar
ouned
Administrator
Posts: 579
Joined: 23 Feb 2015, 13:03
Location: Gliese581c

Re: Is the q3fill really fixed?

Post by ouned » 16 Mar 2016, 21:43


User avatar
fau
Staff
Posts: 412
Joined: 16 Aug 2015, 01:01
Location: Warsaw / Poland
Contact:

Re: Is the q3fill really fixed?

Post by fau » 16 Mar 2016, 23:20

As we are on the topic of quality servers, I would like to mention something that QuakeWorld (Quake 1 multiplayer) community has, as a curiosity (it's way above our scope). They maintain a network of proxy servers with excellent routing and it's integrated into their client(s). From player perspective you just download ezquake client, join to NA server from EU and play on ping 80. Or join South American server and play on ping 100. You don't need to configure anything or even be aware of it. And it's all done by community effort, QW lost corporate backing in 1997 ;-)

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest

Created by Matti from StylesFactory.pl and Warlords of Draenor (modified by jk2.info)
Powered by phpBB® Forum Software © phpBB Limited
GZIP: On
 

 

cron