I was trying to get into one of my servers. It was full. I tried a few times to grab the next seat available. Then I get a message: "Too many clicks. Wait 40 seconds"

Screw that! It's my damn server! I'm logging in with my admin password! Fine! BE like that! I'll go to one of my OTHER servers and check on that for now! First attempt: "Too many clicks, wait 1 minute." WHAT!?!?

NO deal! That's not okay! If I'm admin, and I'm accessing MY server, I want IN! Do I HAVE to go onto the server window, and BUMP someone who probably doesn't deserve it, to gain immediate access to my server? I sure as hell hope not!

I'm not just a SMALL amount annoyed that this "feature" is present. If it has to be, it has to be better!

I don't think that admins should count to the server population. If the server is full and they are needed, they are screwed =/

It's even better to lag out from a server, try to rejoin and get "username online", try again and get too many clicks. :Eyecrazy:

Quote from filur :

It's even better to lag out from a server, try to rejoin and get "username online", try again and get too many clicks. :Eyecrazy:

lol

sry bad post

i :bananadea when this happens

Yeah, these feature annoys the hell out of me. I vote take it out.

Quote from xapexcivicx :

I don't think that admins should count to the server population. If the server is full and they are needed, they are screwed =/

Guess this would need completely dynamic number of max connections, you could have 45 admins wanting to join a full server etc.

Sam (cool name), it's just a feature that prevents excessive data requests from the server. If you keep clicking it, it keeps asking for info from the server wich uses bandwidth. It has nothing to do with amount of players so you dont have to kick someone. Just dont click too much and be patient.

Quote :

"Too many clicks. Wait 40 seconds"

I've seen that message before but I think the purpose is actually to prevent too many server list refreshes/joins. To prevent a denial of service attack on the master server..

Quote from Becky Rose :

I've seen that message before but I think the purpose is actually to prevent too many server list refreshes/joins. To prevent a denial of service attack on the master server..

As I said, I think that if the feature has to be there, it has to be better. No server admins are going to be trying to crash either theirs OR the master server. Are they? And if they were, they're toast on S2, surely.

this feature isnt in the demo, then why is it on S2 servers?

Its a protection for the masterserver as well. It doesnt matter if you're a racer or an admin, if you click too much you'll get slapped for it.

Yep, I realise it's a "defence mechanism".. but I don't think it should apply to server admins. If they're desperate to get on their own server, I'm sure there's typically a very good reason. I don't think my home connection is exactly capable of a concerted DoS on anyone's connection, least of all the LFS master server. Accomodation should be made for admins trying to access their own servers, IMO.

I'm guessing that there is no way LFS is going to know your a server admin?

As ajp71 almost says, no part of the system knows you're an admin besides your server, which you need a masterserver connection to get on.

I think it does. The whole issue seems to revolve around the master server acting as an intermediary between me and my server. I'm submitting my request, along with my password, to the master server. The master server is then negotiating access with the game server.

I believe, therefore, that the master server is aware of my admin status when it receives a response from the game server. If it isn't, then it could be coded to be.

Quote from SamH :

I think it does. The whole issue seems to revolve around the master server acting as an intermediary between me and my server. I'm submitting my request, along with my password, to the master server. The master server is then negotiating access with the game server.

I believe, therefore, that the master server is aware of my admin status when it receives a response from the game server. If it isn't, then it could be coded to be.

I really doubt it, the entire admin system should work perfectly on a LAN without the master server too i'd guess, which would make it silly to put the actual password exchange/check in several places.

AFAIK the master server just provides you with an IP/port.

If all the master server is doing is providing me with an IP/port, then I don't think the DoS argument exactly stands, and I think the whole "protection" thing should be abandoned. Compared with the rest of the flow of data occuring around LFS, a request for an IP/port to a server is a seriously negligible exchange of data.

If it is, instead, the GAME server giving the "stop it you're killing me. Sit out for 40 seconds" order, rather than the master server, then bingo. My server knows who I am. It knows I'm the boss. It knows that, in MY case, a DoS is definitely not in progress.

[EDIT to add:]I'm extremely conscious of the fact that all I seem to be doing is bitching about one aspect of something I'm otherwise very much impressed by. It really has got my goat though. I don't like getting my wrist slapped for wanting on my own server.

Perhaps, to turn the thing around, if there was a queue system:

"Server full. Reserve seat? Yes/No"

Then, when a seat on the server becomes available, you're automatically given passage. If you've already joined another server, you forfeit the seat. If not, you're in. Now there's no DoS.

Quote from SamH :

If all the master server is doing is providing me with an IP/port, then I don't think the DoS argument exactly stands, and I think the whole "protection" thing should be abandoned. Compared with the rest of the flow of data occuring around LFS, a request for an IP/port to a server is a seriously negligible exchange of data.

Not if you're accepting 10,000 connections per second, just like a webserver can get completely bogged down from just replying/trying to reply with error messages to thousands of invalid requests, or a router getting confused from a few hundred thousand pings.

Quote from filur :

Not if you're accepting 10,000 connections per second, just like a webserver can get completely bogged down from just replying/trying to reply with error messages to thousands of invalid requests, or a router getting confused from a few hundred thousand pings.

Nope, I don't see it. The interaction is far from a fat packet air biscuit scenario. That's an entirely different kind of DoS. The one we're talking about is generated from within the LFS client itself. It's entirely managed within the LFS code. Different scenario entirely.

Quote from SamH :

Nope, I don't see it. The interaction is far from a fat packet air biscuit scenario. That's an entirely different kind of DoS. The one we're talking about is generated from within the LFS client itself. It's entirely managed within the LFS code. Different scenario entirely.

The first idea of how to bring the master server down would probably be to emulate how LFS talks to the master server, and repeat it alot, network activity is extremely simple to recreate.

I honestly think that if you wanted to DoS the master server, doing it by emulating repeated attempts to join a separate server in a list of online servers retrieved by the master server... is a rather obtuse way of going about it, and probably one of the least likely to have an effective impact. Beyond that, I wouldn't really like to start a discussion on what MIGHT be effective. You never know who might be listening

Sorry.. I don't disagree with you entirely. But it would have to be a profound number of clicks per second. My issue is with getting spanked for one click every 4 to 8 seconds. That's NOT a DoS.

Quote from SamH :

Sorry.. I don't disagree with you entirely. But it would have to be a profound number of clicks per second. My issue is with getting spanked for one click every 4 to 8 seconds. That's NOT a DoS.

Yeah the threshold seems absurdly low, but if the purpose is to prevent a DoS attack and with enough clicks the server just stops responding, i guess it's a solid system.

DoS isn't about stealing lots of continous bandwidth in kB/s, it's about generating so much activity that eventually all the server is doing is responding to bogus requests, occupying connection slots.