Raised This Month: $12 Target: $400
 3% 

[Linux] Source Query Proxy: DDoS Protection - Kernel redirection!


Post New Thread Reply   
 
Thread Tools Display Modes
spumer
Senior Member
Join Date: Aug 2011
Old 04-17-2020 , 13:45   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #61

Quote:
Originally Posted by insanedude View Post
Thanks.
Waiting for some documentation as I'm struggling to make it work.

Python 3.7 (pip 18.1) installed. However, /etc/sqproxy doesn't exist. I'd assume we need to manually create it.
That's fine. Created those.
I saw this setting in the yaml file:

Code:
"# Automatically run eBPF redirection
  executable: 'python2'"
But why, since the requirement is "Python 3.7 or above"?
Do any additional changes need to be done on those files, except the IP binds and ports?

For example, does "network" within the dummy-game need to be configured?

On the "eBPF" part, I don't quite get the first point. Which should the target directory be? Can you give an example please?

PS. Running this on a test VM.. so i can break stuff and do some additional testing if needed
eBPF part has own documentation. And python2 or python3 is depends on bcc-tools installation way.
You can install bcc-tools as system package and it can be installed as for py2 or py3. Or you can manually build, and again for py2 or py3. This is why i add option to set executable.

Python3.7 it's requirement for sqproxy app, not for sqproxy eBPF part.

Please see config examples again, it's very simple. In common you only need set IP in global defaults and ports for each server in servers section.
__________________
spumer is offline
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 06-16-2020 , 17:22   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #62

It might be stupid question but is there any autolaunch feature or you need to type "sqproxy run" every time when you reboot Linux? Also, is there any way to stop sqproxy process? I've noticed that SW Game Description Override is not working if you run SQProxy, i just see default "Team Fortress" message in description info.
__________________
MAGNAT2645 is offline
spumer
Senior Member
Join Date: Aug 2011
Old 06-17-2020 , 03:47   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #63

Quote:
Originally Posted by MAGNAT2645 View Post
It might be stupid question but is there any autolaunch feature or you need to type "sqproxy run" every time when you reboot Linux? Also, is there any way to stop sqproxy process?
You can use any Autolunch method, e.g cron, use special key "@reboot" instead classic crontab schedule format to run after system reboot. You also can run it in short period and this will be ok cause SQProxy will check it currently running and exit if it's true.

To stop process you can just send SIGTERM or ctrl+c.
In my case i use `screen` to run SQProxy.


Quote:
I've noticed that SW Game Description Override is not working if you run SQProxy, i just see default "Team Fortress" message in description info.
Mmmm... looks like default message cached and all will be ok when cache updated (in 5 secs by default)
Current defaults you can see in example: https://github.com/spumer/source-que...obals.yaml#L18
__________________

Last edited by spumer; 06-17-2020 at 03:59.
spumer is offline
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 06-17-2020 , 04:10   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #64

The problem in my case is that i can't even log in via SSH (even FTP/SFTP is not working now, actually most of services are "running" but not working, i can't even upgrade/update packages).
It prints (via service ssh status):
Code:
server listening on 0.0.0.0 port 22
And there's no any running processes named "sqproxy"...
I'm still a noob in Linux systems and i don't know why this happened (after last reboot).

It might not even be because of SQProxy but this "listening on 0.0.0.0" scare me (i have default bind_ip):
Code:
bind_ip: '0.0.0.0'
__________________

Last edited by MAGNAT2645; 06-17-2020 at 04:52.
MAGNAT2645 is offline
spumer
Senior Member
Join Date: Aug 2011
Old 06-17-2020 , 12:00   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #65

0.0.0.0 mean listen on all available interfaces

I can't help you manage your host man, you can try mail to support or googling your problem. This thread about sqproxy.

Can I help you somehow?
__________________
spumer is offline
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 06-17-2020 , 13:16   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #66

I did some research and found out that now Ubuntu can't even
Code:
ping google.com
Just throws
Code:
Temporary failure in name resolution
Same thing for commands like apt-get update (upgrade etc. basically any commands for reading repositories)
Throws:
Code:
Temporary failure resolving ... (Repositories from /etc/apt/sources.list, basically security.ubuntu.com (Bionic dist) and mirror.corbina.net)
W: Some index files failed to download. They have been ignored, or old ones used instead.
And, using scp (wanted to send backup to other Ubuntu server and then reinstall OS on *this* server)
Code:
ssh: connect to host *HOST* port *PORT*: Network is unreachable
lost connection
So, i cant log in via SSH therefore can't use SFTP...

Might be something with DNS???
I've looked through a lot of problems with similar errors, but haven't found a solution yet.
So i will probably have to contact technical support but they may not answer because i have 1st level of administration, it means that i must do all things myself.

I just need some advice: can i somehow fix SFTP so i will be able to download all files and then reinstall OS?
__________________

Last edited by MAGNAT2645; 06-17-2020 at 13:42.
MAGNAT2645 is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 06-20-2020 , 11:29   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #67

@MAGNAT2645. This is totally off topic and you are still replying so let's end it quick. Given is a script I just made and tested to fix your config if that is what it is.

Assuming it is your DNS.
If ping 8.8.8.8 works then it is.
Maintain /etc/resolv.conf manually or script.

Code:
#!/bin/sh DIR="/etc/resolv.conf" DNS="8.8.8.8" echo BEFORE cat ${DIR} chattr -i ${DIR} mv ${DIR} ${DIR}.backup touch ${DIR} echo nameserver ${DNS} > ${DIR} chattr +i ${DIR} echo AFTER cat ${DIR}


Quote:
Originally Posted by MAGNAT2645 View Post
I did some research and found out that now Ubuntu can't even
Code:
ping google.com
Just throws
Code:
Temporary failure in name resolution
Same thing for commands like apt-get update (upgrade etc. basically any commands for reading repositories)
Throws:
Code:
Temporary failure resolving ... (Repositories from /etc/apt/sources.list, basically security.ubuntu.com (Bionic dist) and mirror.corbina.net)
W: Some index files failed to download. They have been ignored, or old ones used instead.
And, using scp (wanted to send backup to other Ubuntu server and then reinstall OS on *this* server)
Code:
ssh: connect to host *HOST* port *PORT*: Network is unreachable
lost connection
So, i cant log in via SSH therefore can't use SFTP...

Might be something with DNS???
I've looked through a lot of problems with similar errors, but haven't found a solution yet.
So i will probably have to contact technical support but they may not answer because i have 1st level of administration, it means that i must do all things myself.

I just need some advice: can i somehow fix SFTP so i will be able to download all files and then reinstall OS?
__________________
DJEarthQuake is offline
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 06-21-2020 , 13:09   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #68

Nah, that didn't help. I think better option is to reinstall OS but i need to somehow get backup archive from the server to avoid losing important information.

EDIT: The problem seems to have been fixed. Now I'm trying to find out the cause of the problem.
I very much hope this wasn't originally due to SQProxy ))
So the problem was: i somehow removed netplan idk how i just tried to update Python from 3.6.9 to newer version (because pip install throws an error)...
__________________

Last edited by MAGNAT2645; 06-22-2020 at 04:20.
MAGNAT2645 is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 06-25-2020 , 09:33   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #69

That is a question for the Ubuntu forums.
__________________
DJEarthQuake is offline
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 01-02-2021 , 05:39   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #70

I don't know what's wrong.
This is the output when running sqproxy from /etc/sqproxy/conf.d:
Code:
2021-01-02 12:57:54,147 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/00-globals.yaml
2021-01-02 12:57:54,156 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/01-tf2.yaml
2021-01-02 12:57:54,371 [INFO] [sqproxy] eBPF redirection enabled
2021-01-02 12:57:54,371 [INFO] [sqproxy] Wait all proxies to be ready ...
2021-01-02 12:57:54,373 [INFO] [TF2Server] Binding ... 
2021-01-02 12:57:54,381 [INFO] [TF2Server] Binding ... done!
2021-01-02 12:57:54,381 [INFO] [TF2Server] Listen for client requests ...
2021-01-02 12:57:54,408 [INFO] [sqproxy] Wait all proxies to be ready ... Done!
2021-01-02 12:57:54,408 [WARNING] [source_query_proxy.epbf] Wide interface is not supported yet. '0.0.0.0' will be interpreted like 'default interface'
2021-01-02 12:57:54,408 [INFO] [source_query_proxy.epbf] Run ['python3.7', 'redirect.py', '-p', '27015:27915']
Traceback (most recent call last):
  File "redirect.py", line 11, in <module>
    from bcc import BPF
ModuleNotFoundError: No module named 'bcc'
2021-01-02 12:57:54,527 [ERROR] [source_query_proxy.epbf] eBPF redirection exit with code 1
NoneType: None
Traceback (most recent call last):
  File "/usr/local/bin/sqproxy", line 11, in <module>
    sys.exit(sqproxy())
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/cli.py", line 14, in run
    run()
  File "/usr/local/lib/python3.7/dist-packages/pid/decorator.py", line 14, in decorator
    return func(*func_args, **func_kwargs)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/__main__.py", line 19, in run
    asyncio.run(_run_servers())
  File "/usr/lib/python3.7/asyncio/runners.py", line 43, in run
    return loop.run_until_complete(main)
  File "uvloop/loop.pyx", line 1456, in uvloop.loop.Loop.run_until_complete
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/__main__.py", line 48, in _run_servers
    await asyncio.gather(*futures)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/epbf.py", line 86, in run_ebpf_redirection
    raise RuntimeError
RuntimeError
From /etc/sqproxy/:
Code:
2021-01-02 13:29:07,323 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/00-globals.yaml
2021-01-02 13:29:07,330 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/01-tf2.yaml
2021-01-02 13:29:07,332 [INFO] [sqproxy.config] Found config: conf.d/00-globals.yaml
Traceback (most recent call last):
  File "/usr/local/bin/sqproxy", line 11, in <module>
    sys.exit(sqproxy())
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/cli.py", line 12, in run
    from .__main__ import run
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/__main__.py", line 8, in <module>
    from . import config
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/config.py", line 257, in <module>
    setup(settings)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/config.py", line 239, in setup
    merged_config_data = settings.get_merged_config_data()
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/config.py", line 132, in get_merged_config_data
    return load_configs(iter_config_files(self.confdir_0, self.confdir_1))
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/config.py", line 195, in load_configs
    raise ConfigurationError('eBPF already configured')
source_query_proxy.config.ConfigurationError: eBPF already configured
From /etc/ (and any other):
Code:
2021-01-02 13:30:19,115 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/00-globals.yaml
2021-01-02 13:30:19,124 [INFO] [sqproxy.config] Found config: /etc/sqproxy/conf.d/01-tf2.yaml
2021-01-02 13:30:19,128 [INFO] [sqproxy.config] Confdir not found: /etc/conf.d
2021-01-02 13:30:19,337 [INFO] [sqproxy] eBPF redirection enabled
2021-01-02 13:30:19,337 [INFO] [sqproxy] Wait all proxies to be ready ...
2021-01-02 13:30:19,338 [INFO] [TF2Server] Binding ... 
2021-01-02 13:30:19,349 [INFO] [TF2Server] Binding ... done!
2021-01-02 13:30:19,350 [INFO] [TF2Server] Listen for client requests ...
2021-01-02 13:30:19,371 [INFO] [sqproxy] Wait all proxies to be ready ... Done!
2021-01-02 13:30:19,372 [WARNING] [source_query_proxy.epbf] Wide interface is not supported yet. '0.0.0.0' will be interpreted like 'default interface'
2021-01-02 13:30:19,372 [INFO] [source_query_proxy.epbf] Run ['python3.7', 'redirect.py', '-p', '27015:27915']
Traceback (most recent call last):
  File "/usr/local/bin/sqproxy", line 11, in <module>
    sys.exit(sqproxy())
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/cli.py", line 14, in run
    run()
  File "/usr/local/lib/python3.7/dist-packages/pid/decorator.py", line 14, in decorator
    return func(*func_args, **func_kwargs)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/__main__.py", line 19, in run
    asyncio.run(_run_servers())
  File "/usr/lib/python3.7/asyncio/runners.py", line 43, in run
    return loop.run_until_complete(main)
  File "uvloop/loop.pyx", line 1456, in uvloop.loop.Loop.run_until_complete
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/__main__.py", line 48, in _run_servers
    await asyncio.gather(*futures)
  File "/usr/local/lib/python3.7/dist-packages/source_query_proxy/epbf.py", line 73, in run_ebpf_redirection
    process = await asyncio.create_subprocess_exec(*executable, *args, stdout=asyncio.subprocess.PIPE, cwd=cwd)
  File "/usr/lib/python3.7/asyncio/subprocess.py", line 217, in create_subprocess_exec
    stderr=stderr, **kwds)
  File "uvloop/loop.pyx", line 2749, in subprocess_exec
  File "uvloop/loop.pyx", line 2707, in __subprocess_run
  File "uvloop/handles/process.pyx", line 596, in uvloop.loop.UVProcessTransport.new
  File "uvloop/handles/process.pyx", line 98, in uvloop.loop.UVProcess._init
FileNotFoundError: [Errno 2] No such file or directory
Code:
Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-65-generic x86_64)
I have bpfcc-tools
Code:
bpfcc-tools is already the newest version (0.5.0-5ubuntu1).
Configs:
00-globals.yaml:
Code:
# Defaults for each server in `servers` section
# Any of these `values` can be overridden locally:
# in local `defaults` section
# in `servers` section
defaults:
  # True - defaults will be applied for each NEXT config file in conf.d directory
  # False - applied only for current file
  # conf.d/ files read sequentially by alphabetical order
  # we recommend start config names with sequential value: 00-globals.yaml, 01-game1.yaml, 02-game2.yaml
  global: True
  values:
    network:
      # False (default) - queries from `server_port` will be redirected to `bind_port`
      # only for auto-ebpf handling, for more info see `ebpf` section below
      # True - disable redirection (useful for just proxying and debug purposes)
      ebpf_no_redirect: false
    # How often update A2S_INFO data
    a2s_info_cache_lifetime: 5
    # How often update A2S_RULES data
    a2s_rules_cache_lifetime: 5
    # How often update A2S_PLAYERS data
    a2s_players_cache_lifetime: 3
    # How often change src port for queries to Real Game Server
    # Some games required that due integrated ddos protection
    # Without it sqporxy ip:port will be "banned" for queries
    src_query_port_lifetime: 10

    # False (default) - no action, A2S_RULES will work
    # True - don't update A2S_RULES cache
    # This will be helpful for HLDS servers which protocol is different
    # But be careful, you also need disable redirection for A2S_RULES packets
    # see the IS_QUERY_REQUEST_PACKET in https://github.com/spumer/source-query-proxy-kernel-module/blob/master/src-ebpf/utils.h
    # CS:GO also has broken A2S_RULES, but fix available at https://forums.alliedmods.net/showthread.php?t=236521
    no_a2s_rules: false


servers:


# Automatically run eBPF redirection
ebpf:
  # Download any release of SQProxy Kernel Module
  # And add path to `redirect.py`
  # https://github.com/spumer/source-query-proxy-kernel-module/releases
  enabled: True
  executable: 'python3.7'
  script_path: './src-ebpf/redirect.py'
01-tf2.yaml:
Code:
# Local defaults
# Empty. Only demonstrate file structure
defaults:

servers:
  TF2Server:
    network:
      # Real game server IP address
      server_ip: 'XXX.XXX.XXX.XXX'
      # IP address for listening incoming queries
      bind_ip: '0.0.0.0'
      # Real game server PORT (respect to server_ip)
      server_port: 27015
      # PORT for listening incoming queries (respect to bind_ip)
      bind_port: 27915
__________________
MAGNAT2645 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 01:22.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode