So lately a few people (and... servers, sadly) have been intent on keeping other servers down. One of these issues involves Ebenezer's socket count - when it goes over 1500, the system will break as it'll start ignoring (i.e. not accepting) any backlogged connections.

This means nobody else can connect until these connections are accepted, which it won't do because new connections won't trigger the FD_ACCEPT event/flag (until the backlogged ones are accepted).

So the fix? Easy really, just accept and close these excess connections so that the cycle can resume properly.

1. # 0044424C    8D45 FC         LEA EAX,[EBP-4]
   
2. # 0044424F    89D9            MOV ECX,EBX
   
3. # 00444251    50              PUSH EAX
   
4. # 00444252    8D45 C0         LEA EAX,[EBP-40]
   
5. # 00444255    50              PUSH EAX
   
6. # 00444256    C745 FC 10000000 MOV DWORD PTR SS:[EBP-4],10
   
7. # 0044425D    FF76 04         PUSH DWORD PTR DS:[ESI+4]
   
8. # 00444260    FF15 A0A36800   CALL DWORD PTR DS:[68A3A0]
   
9. # 00444266    50              PUSH EAX
   
10. # 00444267    FF15 B8A36800   CALL DWORD PTR DS:[68A3B8]
    
11. # 0044426D  ^ EB 9F           JMP SHORT 0044420E
    
12. # 0044426F    90              NOP
    
13. # 00444270    90              NOP
    
14. # 00444271    90              NOP
    
15. # 00444272    90              NOP
    
16. # 00444273    90              NOP
    
17. # 00444274    90              NOP
    

复制代码

Although this will mean they don't break the server, it does mean they can still use up all of your sockets. You'll want to enforce your own limits on connections. You will still need to block access to these connections (but once they're disconnected, your server will be fine).

If you're not using Vista/Win7/Server 2008, wipfw can be very helpful in limiting connections per IP (i.e. a rule such as add allow tcp from any to me 15001 setup limit src-addr #, where # is the number of connections per source address [IP] allowed, and 15001 is your game server port).

If you are, however, I will probably write something up that you can use very soon. For the moment though, I find currports useful in identifying (and closing) spammed connections, especially with its filter support, i.e. a filter of include:local:tcp:15001 (where 15001 is your game server port), and Windows Firewall (yes! It IS actually very useful :P) in blocking them. I find Peerblock/Peerguardian somewhat useful, but considerably less efficient on newer operating systems. Windows Firewall is sufficient.

Don't let them take you down.

So lately a few people (and... servers, sadly) have been intent on keeping other servers down. One of these issues involves Ebenezer's socket count - when it goes over 1500, the system will break as it'll start ignoring (i.e. not accepting) any backlogged connections.

This means nobody else can connect until these connections are accepted, which it won't do because new connections won't trigger the FD_ACCEPT event/flag (until the backlogged ones are accepted).

So the fix? Easy really, just accept and close these excess connections so that the cycle can resume properly.

1. # 0044424C    8D45 FC         LEA EAX,[EBP-4]
   
2. # 0044424F    89D9            MOV ECX,EBX
   
3. # 00444251    50              PUSH EAX
   
4. # 00444252    8D45 C0         LEA EAX,[EBP-40]
   
5. # 00444255    50              PUSH EAX
   
6. # 00444256    C745 FC 10000000 MOV DWORD PTR SS:[EBP-4],10
   
7. # 0044425D    FF76 04         PUSH DWORD PTR DS:[ESI+4]
   
8. # 00444260    FF15 A0A36800   CALL DWORD PTR DS:[68A3A0]
   
9. # 00444266    50              PUSH EAX
   
10. # 00444267    FF15 B8A36800   CALL DWORD PTR DS:[68A3B8]
    
11. # 0044426D  ^ EB 9F           JMP SHORT 0044420E
    
12. # 0044426F    90              NOP
    
13. # 00444270    90              NOP
    
14. # 00444271    90              NOP
    
15. # 00444272    90              NOP
    
16. # 00444273    90              NOP
    
17. # 00444274    90              NOP
    

复制代码

Although this will mean they don't break the server, it does mean they can still use up all of your sockets. You'll want to enforce your own limits on connections. You will still need to block access to these connections (but once they're disconnected, your server will be fine).

If you're not using Vista/Win7/Server 2008, wipfw can be very helpful in limiting connections per IP (i.e. a rule such as add allow tcp from any to me 15001 setup limit src-addr #, where # is the number of connections per source address [IP] allowed, and 15001 is your game server port).

If you are, however, I will probably write something up that you can use very soon. For the moment though, I find currports useful in identifying (and closing) spammed connections, especially with its filter support, i.e. a filter of include:local:tcp:15001 (where 15001 is your game server port), and Windows Firewall (yes! It IS actually very useful :P) in blocking them. I find Peerblock/Peerguardian somewhat useful, but considerably less efficient on newer operating systems. Windows Firewall is sufficient.

Don't let them take you down.