From ced5eeebb02ac9db5ed6dc63c6880f8400add356 Mon Sep 17 00:00:00 2001
From: SupremeMortal <6178101+SupremeMortal@users.noreply.github.com>
Date: Wed, 24 Jul 2024 15:27:47 +0100
Subject: [PATCH] Kick existing connection out if a new one connects from the
 same IP and port.

This is only active for cookie enabled connections as it could become an attack vector with spoofed packets.
---
 .../netty/channel/raknet/RakServerChannel.java             | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/transport-raknet/src/main/java/org/cloudburstmc/netty/channel/raknet/RakServerChannel.java b/transport-raknet/src/main/java/org/cloudburstmc/netty/channel/raknet/RakServerChannel.java
index bdb7c7c..1b40471 100644
--- a/transport-raknet/src/main/java/org/cloudburstmc/netty/channel/raknet/RakServerChannel.java
+++ b/transport-raknet/src/main/java/org/cloudburstmc/netty/channel/raknet/RakServerChannel.java
@@ -71,7 +71,12 @@ public RakServerChannel(DatagramChannel channel, Consumer<RakChannel> childConsu
      * @return RakChildChannel instance of new channel.
      */
     public RakChildChannel createChildChannel(InetSocketAddress address, long clientGuid, int protocolVersion, int mtu) {
-        if (this.childChannelMap.containsKey(address)) {
+        RakChildChannel existingChannel = this.childChannelMap.get(address);
+        if (this.config().getSendCookie() && existingChannel != null) {
+            // We know this player is coming from this IP address due to the cookie, so we can safely close the existing channel.
+            existingChannel.close();
+        } else if (existingChannel != null) {
+            // Could be spoofed, so we don't close the existing channel.
             return null;
         }